Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Unauthorized URL detected from Trend Micro [Solved]


  • This topic is locked This topic is locked

#16
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Do you use a router to connect to the internet?
  • 0

Advertisements


#17
kondayo

kondayo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Yes, but this warning occurs both at home and in the office network.
  • 0

#18
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi,

TrendMicro inform the URL that he block?

Yes, but this warning occurs both at home and in the office network.

This happen only in your computer?
  • 0

#19
kondayo

kondayo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
My computer (laptop) and only one other computer (also a laptop).
  • 0

#20
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
TrendMicro inform the URL that he block?

It's possible you connect the computer to another internet connection and see if this happens?

I think it's a false positive from Trend Micro.
  • 0

#21
kondayo

kondayo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
I've also tried at a 3rd location and still get the Trend Micro warning. Also, now after reinstalling, when I start internet explorer, it immediately jumps to another site, and will bypass the default home page that I've set.
  • 0

#22
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Only happens in Internet Explorer?

  • Run the OTL.exe. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad windows contains OTL.Txt. This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post him in your topic

  • 0

#23
kondayo

kondayo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
OTL logfile created on: 11/09/2012 11:13:07 AM - Run 2
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Documents and Settings\user.COMPANY\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.45 Gb Total Physical Memory | 2.92 Gb Available Physical Memory | 84.48% Memory free
5.29 Gb Paging File | 4.85 Gb Available in Paging File | 91.73% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 126.05 Gb Free Space | 84.57% Space Free | Partition Type: NTFS

Computer Name: Company | User Name: user| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/31 13:22:22 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user.COMPANY\Desktop\OTL(1).exe
PRC - [2009/11/05 15:42:04 | 000,435,584 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Client Server Security Agent\CNTAoSMgr.exe
PRC - [2009/10/08 12:35:52 | 000,943,400 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Client Server Security Agent\PccNTMon.exe
PRC - [2009/09/30 17:09:20 | 001,337,488 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Client Server Security Agent\TmListen.exe
PRC - [2009/09/30 17:07:10 | 001,299,752 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Client Server Security Agent\NTRtScan.exe
PRC - [2009/07/15 18:39:06 | 000,497,008 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe
PRC - [2009/07/15 18:37:18 | 000,689,416 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe
PRC - [2009/07/08 17:08:30 | 000,413,827 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2009/07/06 15:19:04 | 000,345,352 | ---- | M] () -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe
PRC - [2009/02/25 01:00:00 | 000,024,576 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\OA001Mon.exe
PRC - [2009/02/11 17:38:40 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/02/11 17:38:38 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/02/04 21:26:38 | 000,128,232 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2008/12/21 12:48:50 | 000,200,704 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2008/12/16 15:41:44 | 000,729,088 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\AESTFltr.exe
PRC - [2008/11/18 20:19:28 | 000,483,420 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2008/11/18 20:19:28 | 000,241,746 | ---- | M] (IDT, Inc.) -- c:\Program Files\IDT\DellXPM09B_6124v037\WDM\stacsv.exe
PRC - [2008/09/16 20:03:50 | 000,050,472 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2008/08/28 15:20:22 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2008/07/31 21:41:50 | 000,808,296 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
PRC - [2008/07/31 21:41:50 | 000,021,352 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
PRC - [2008/04/13 16:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/25 17:23:36 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe


========== Modules (No Company Name) ==========

MOD - [2009/07/06 15:19:04 | 000,345,352 | ---- | M] () -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe
MOD - [2008/10/24 18:00:32 | 000,143,360 | ---- | M] () -- C:\WINDOWS\system32\preflib.dll
MOD - [2008/10/24 18:00:12 | 000,753,664 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
MOD - [2008/04/13 16:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/04/13 16:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/09/11 09:20:55 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/08/31 19:55:47 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/29 18:26:36 | 000,013,160 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\615\g2aservice.exe -- (GoToAssist)
SRV - [2009/09/30 17:09:20 | 001,337,488 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Client Server Security Agent\TmListen.exe -- (tmlisten)
SRV - [2009/09/30 17:07:10 | 001,299,752 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Client Server Security Agent\NTRtScan.exe -- (ntrtscan)
SRV - [2009/07/15 18:39:06 | 000,497,008 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe -- (TmPfw)
SRV - [2009/07/15 18:37:18 | 000,689,416 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe -- (TmProxy)
SRV - [2009/07/06 15:19:04 | 000,345,352 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2009/02/11 17:38:40 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008/11/18 20:19:28 | 000,241,746 | ---- | M] (IDT, Inc.) [Auto | Running] -- c:\Program Files\IDT\DellXPM09B_6124v037\WDM\stacsv.exe -- (STacSV)
SRV - [2008/07/31 21:41:50 | 000,808,296 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe -- (Credential Vault Host Control Service)
SRV - [2008/07/31 21:41:50 | 000,021,352 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe -- (Credential Vault Host Storage)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Boot | Stopped] -- -- (cerc6)
DRV - [2011/07/12 10:44:10 | 000,262,416 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\Client Server Security Agent\TmXPFlt.sys -- (TmFilter)
DRV - [2011/07/12 10:43:58 | 000,036,624 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\Client Server Security Agent\tmpreflt.sys -- (TmPreFilter)
DRV - [2011/07/12 10:09:32 | 001,405,720 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\Client Server Security Agent\vsapiNT.sys -- (VSApiNt)
DRV - [2010/08/20 14:53:00 | 000,177,232 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2010/08/20 14:53:00 | 000,067,664 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2010/08/20 14:53:00 | 000,057,424 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2009/07/15 18:37:52 | 000,339,984 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TM_CFW.sys -- (tmcfw)
DRV - [2009/07/15 10:37:40 | 000,089,872 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2009/06/15 13:05:16 | 000,143,968 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV - [2009/05/28 10:48:20 | 000,134,144 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CtAudDrv.sys -- (CtAudDrv)
DRV - [2009/03/24 15:33:38 | 000,232,744 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SRS_PremiumSound_i386.sys -- (SRS_PremiumSound_Service)
DRV - [2009/03/09 01:06:00 | 000,280,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OA001Vid.sys -- (OA001Vid)
DRV - [2009/03/06 15:30:08 | 000,133,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OA001Ufd.sys -- (OA001Ufd)
DRV - [2008/11/18 20:19:28 | 001,392,819 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2008/10/24 18:00:30 | 001,287,552 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/08/27 11:37:18 | 000,112,128 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
DRV - [2008/07/31 21:39:26 | 000,032,808 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cvusbdrv.sys -- (cvusbdrv)
DRV - [2008/07/24 18:42:48 | 000,170,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/06/13 21:26:06 | 000,110,080 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2008/06/04 14:14:00 | 000,028,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbccid.sys -- (USBCCID)
DRV - [2008/06/04 14:14:00 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PBADRV.sys -- (PBADRV)
DRV - [2008/04/04 12:40:50 | 000,244,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1y5132.sys -- (e1yexpress)
DRV - [2007/06/08 01:00:02 | 000,148,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OA001Afx.sys -- (OA001Afx)
DRV - [2007/02/24 14:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-314226430-146184668-2267664028-1162\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://ca.msn.com"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\Client Server Security Agent\bho\1003\FirefoxExtension [2012/08/30 10:41:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/11 09:20:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/08/31 12:43:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user.COMPANY\Application Data\Mozilla\Extensions
[2012/08/31 12:49:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user.COMPANY\Application Data\Mozilla\Firefox\Profiles\yvo2quw0.default\extensions
[2012/08/31 12:43:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/11 09:20:56 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/09/11 09:20:53 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/09/11 09:20:53 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - homepage: http://www.google.com/
CHR - Extension: YouTube = C:\Documents and Settings\user.COMPANY\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\user.COMPANY\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Documents and Settings\user.COMPANY\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2008/04/13 16:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\Client Server Security Agent\bho\1003\TmIEPlg.dll (Trend Micro Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [OA001Mon] C:\WINDOWS\OA001Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [OE] C:\Program Files\Trend Micro\Client Server Security Agent\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-314226430-146184668-2267664028-1162\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} http://server/connec...uter/nshelp.dll (NSHelp Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {9BBB3919-F518-4D06-8209-299FC243FC44} https://company.com:...root/AtxEnc.cab (Encrypt Class)
O16 - DPF: {9DCD8EB7-E925-45C9-9321-8CA843FBEDCC} https://company.com:.../AtxConsole.cab (Security Server Management Console)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell....lSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = company.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5DD2FD1D-86C3-4B64-8EFB-570E69DDE634}: DhcpNameServer = 192.168.1.254 75.153.176.9
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\Client Server Security Agent\bho\1003\TmIEPlg.dll (Trend Micro Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\615\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\615\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/08/29 14:44:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/11 11:02:11 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user.COMPANY\Desktop\OTL(1).exe
[2012/09/06 09:33:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user.COMPANY\Local Settings\Application Data\Microsoft Help
[2012/08/31 13:39:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2012/08/31 13:35:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012/08/31 13:26:32 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/08/31 12:43:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user.COMPANY\My Documents\Downloads
[2012/08/31 12:43:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user.COMPANY\Local Settings\Application Data\Mozilla
[2012/08/31 12:43:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user.COMPANY\Application Data\Mozilla
[2012/08/31 12:43:15 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/08/31 12:43:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012/08/31 12:43:11 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/08/31 12:06:37 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/08/31 10:38:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user.COMPANY\Application Data\Malwarebytes
[2012/08/30 15:05:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user.COMPANY\Application Data\Xerox
[2012/08/30 14:27:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user.COMPANY\Local Settings\Application Data\Temp
[2012/08/30 14:27:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user.COMPANY\Local Settings\Application Data\Adobe
[2012/08/30 14:27:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user.COMPANY\Application Data\Adobe
[2012/08/30 14:25:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user.COMPANY\Application Data\Google
[2012/08/30 14:10:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
[2012/08/30 14:09:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user.COMPANY\Local Settings\Application Data\Google
[2012/08/30 14:09:31 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012/08/30 14:08:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012/08/30 14:08:55 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012/08/30 13:57:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user.COMPANY\Local Settings\Application Data\Identities
[2012/08/30 13:57:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user.COMPANY\Application Data\Windows Desktop Search
[2012/08/30 13:56:46 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2012/08/30 13:56:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2012/08/30 13:50:12 | 000,000,000 | --SD | C] -- C:\Documents and Settings\user.COMPANY\UserData
[2012/08/30 10:46:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2012/08/30 10:46:55 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2012/08/30 10:41:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Trend Micro Client-Server Security Agent
[2012/08/30 10:41:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\log
[2012/08/30 10:40:39 | 000,339,984 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\TM_CFW.sys
[2012/08/30 10:40:39 | 000,089,872 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmtdi.sys
[2012/08/30 10:40:37 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/08/30 10:39:53 | 000,000,000 | ---D | C] -- C:\Temp
[2012/08/30 10:37:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user.COMPANY\Application Data\Sun
[2012/08/30 10:32:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user.COMPANY\My Documents\My Videos
[2012/08/30 10:32:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user.COMPANY\Local Settings\Application Data\PowerDVD DX
[2012/08/30 10:31:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user.COMPANY\Application Data\Identities
[2012/08/30 10:31:53 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user.COMPANY\My Documents\My Pictures
[2012/08/30 10:31:53 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user.COMPANY\My Documents\My Music
[2012/08/30 10:31:50 | 000,000,000 | --SD | C] -- C:\Documents and Settings\user.COMPANY\Application Data\Microsoft
[2012/08/30 10:31:50 | 000,000,000 | --SD | C] -- C:\Documents and Settings\user.COMPANY\Cookies
[2012/08/30 10:31:50 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\user.COMPANY\SendTo
[2012/08/30 10:31:50 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\user.COMPANY\Recent
[2012/08/30 10:31:50 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\user.COMPANY\Application Data
[2012/08/30 10:31:50 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user.COMPANY\Start Menu\Programs\Startup
[2012/08/30 10:31:50 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user.COMPANY\Start Menu
[2012/08/30 10:31:50 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user.COMPANY\My Documents
[2012/08/30 10:31:50 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user.COMPANY\Favorites
[2012/08/30 10:31:50 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user.COMPANY\Start Menu\Programs\Accessories
[2012/08/30 10:31:50 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\user.COMPANY\Templates
[2012/08/30 10:31:50 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\user.COMPANY\PrintHood
[2012/08/30 10:31:50 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\user.COMPANY\NetHood
[2012/08/30 10:31:50 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\user.COMPANY\Local Settings
[2012/08/30 10:31:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user.COMPANY\Local Settings\Application Data\Microsoft
[2012/08/30 10:31:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user.COMPANY\Application Data\Macromedia
[2012/08/30 10:31:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user.COMPANY\Desktop
[2012/08/30 06:49:59 | 000,000,000 | ---D | C] -- C:\T4Internet
[2012/08/30 06:49:59 | 000,000,000 | ---D | C] -- C:\Sales
[2012/08/30 06:49:58 | 000,000,000 | ---D | C] -- C:\Process Costing
[2012/08/30 06:49:46 | 000,000,000 | ---D | C] -- C:\S
[2012/08/30 06:49:45 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/30 06:49:45 | 000,000,000 | ---D | C] -- C:\PT (Dry)
[2012/08/30 06:49:36 | 000,000,000 | ---D | C] -- C:\Payroll
[2012/08/30 06:49:31 | 000,000,000 | ---D | C] -- C:\Orders
[2012/08/30 06:49:12 | 000,000,000 | ---D | C] -- C:\Fresh
[2012/08/30 06:49:05 | 000,000,000 | ---D | C] -- C:\Jantek Bkup
[2012/08/30 06:49:00 | 000,000,000 | ---D | C] -- C:\Isn Si
[2012/08/30 06:48:44 | 000,000,000 | ---D | C] -- C:\GFS
[2012/08/30 06:48:43 | 000,000,000 | ---D | C] -- C:\Fu
[2012/08/30 06:48:04 | 000,000,000 | ---D | C] -- C:\Commercial Decal
[2012/08/30 06:48:02 | 000,000,000 | ---D | C] -- C:\Dai
[2012/08/30 06:47:16 | 000,000,000 | ---D | C] -- C:\Downloads
[2012/08/30 06:46:32 | 000,000,000 | R--D | C] -- C:\Confidential
[2012/08/30 06:46:32 | 000,000,000 | ---D | C] -- C:\As
[2012/08/30 06:46:16 | 000,000,000 | R--D | C] -- C:\Accountant 201110
[2012/08/29 21:29:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2012/08/29 21:27:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2012/08/29 21:27:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2012/08/29 21:27:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012/08/29 21:26:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2012/08/29 21:22:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2012/08/29 21:22:08 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/08/29 21:21:32 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012/08/29 19:34:53 | 000,000,000 | ---D | C] -- C:\companyWS28
[2012/08/29 19:21:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2012/08/29 19:17:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\SchCache
[2012/08/29 19:16:32 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows Small Business Server
[2012/08/29 19:03:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Dell Webcam
[2012/08/29 19:03:05 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[2012/08/29 19:02:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\RegisteredPackages
[2012/08/29 19:02:25 | 000,000,000 | ---D | C] -- C:\Program Files\Creative
[2012/08/29 19:02:07 | 000,000,000 | ---D | C] -- C:\Program Files\Dell Webcam
[2012/08/29 19:01:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Dell
[2012/08/29 19:01:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2012/08/29 19:00:30 | 000,000,000 | ---D | C] -- C:\Program Files\CyberLink
[2012/08/29 18:57:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Intel® Matrix Storage Manager
[2012/08/29 18:55:03 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/08/29 18:50:13 | 002,670,592 | ---- | C] (BCGSoft Ltd) -- C:\WINDOWS\System32\WLBCGCBPRO731.DLL
[2012/08/29 18:50:13 | 000,069,632 | ---- | C] (CACE Technologies) -- C:\WINDOWS\System32\bcmwlpkt.dll
[2012/08/29 18:50:13 | 000,033,664 | ---- | C] (CACE Technologies) -- C:\WINDOWS\System32\drivers\BCMWLNPF.SYS
[2012/08/29 18:46:36 | 000,000,000 | ---D | C] -- C:\Program Files\DellTPad
[2012/08/29 18:42:49 | 000,000,000 | ---D | C] -- C:\Program Files\SRS Labs
[2012/08/29 18:42:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SRS Labs
[2012/08/29 18:39:53 | 000,039,936 | ---- | C] (REDC) -- C:\WINDOWS\System32\drivers\rimmptsk.sys
[2012/08/29 18:37:21 | 000,168,960 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\System32\st326124.dll
[2012/08/29 18:33:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Lang
[2012/08/29 18:30:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2012/08/29 18:30:25 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\WINDOWS\System32\CSVer.dll
[2012/08/29 18:30:25 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2012/08/29 18:26:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2012/08/29 18:26:36 | 000,000,000 | ---D | C] -- C:\Program Files\Citrix
[2012/08/29 17:52:49 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/08/29 17:23:38 | 000,000,000 | ---D | C] -- C:\Intel
[2012/08/29 17:22:03 | 000,000,000 | ---D | C] -- C:\Program Files\Broadcom Corporation
[2012/08/29 17:21:56 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2012/08/29 17:21:55 | 008,106,074 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\System32\idtsg.cpl
[2012/08/29 17:21:55 | 002,916,352 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\System32\stlang.dll
[2012/08/29 17:21:53 | 001,392,819 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\System32\drivers\sthda.sys
[2012/08/29 17:21:53 | 000,454,754 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\System32\stacapi.dll
[2012/08/29 17:21:53 | 000,171,520 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\System32\st326159.dll
[2012/08/29 17:21:53 | 000,000,000 | ---D | C] -- C:\Program Files\IDT
[2012/08/29 17:21:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2012/08/29 17:21:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2012/08/29 17:21:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\BioAPIFFDB
[2012/08/29 17:20:48 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2012/08/29 17:20:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2012/08/29 17:20:17 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2012/08/29 14:50:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\vmm32
[2012/08/29 14:50:42 | 000,000,000 | ---D | C] -- C:\Program Files\Dell
[2012/08/29 14:49:58 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2012/08/29 14:49:19 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2012/08/29 14:46:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2012/08/29 14:46:56 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2012/08/29 14:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2012/08/29 14:45:37 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2012/08/29 14:45:37 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2012/08/29 14:45:37 | 000,029,184 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2012/08/29 14:45:13 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2012/08/29 14:44:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2012/08/29 14:44:57 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2012/08/29 14:44:57 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2012/08/29 14:44:49 | 000,000,000 | ---D | C] -- C:\DELL
[2012/08/29 14:44:09 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2012/08/29 14:44:09 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2012/08/29 14:44:03 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2012/08/29 14:43:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2012/08/29 14:43:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2012/08/29 14:43:37 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2012/08/29 14:43:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2012/08/29 14:43:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2012/08/29 14:43:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2012/08/29 14:43:26 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2012/08/29 14:43:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2012/08/29 14:43:06 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2012/08/29 14:43:04 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2012/08/29 14:42:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2012/08/29 14:42:55 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2012/08/29 14:42:42 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2012/08/29 14:42:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2012/08/29 14:42:40 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2012/08/29 14:42:39 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2012/08/29 14:42:36 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
[2012/08/29 14:42:33 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2012/08/29 14:42:05 | 000,000,000 | ---D | C] -- C:\Program Files\MSN
[2012/08/29 14:42:04 | 000,281,088 | ---- | C] (Cinematronics) -- C:\WINDOWS\System32\dllcache\pinball.exe
[2012/08/29 14:42:03 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2012/08/29 14:42:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2012/08/29 14:42:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2012/08/29 14:41:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2012/08/29 07:24:34 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2012/08/29 07:24:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2012/08/29 07:24:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2012/08/29 07:24:31 | 000,000,000 | R--D | C] -- C:\Program Files
[2012/08/29 07:24:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2012/08/29 07:24:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2012/08/29 07:24:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2012/08/29 07:24:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2012/08/29 07:23:44 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2012/08/29 07:18:22 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2012/08/29 07:18:22 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2012/08/29 07:18:22 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2012/08/29 07:18:22 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2012/08/29 07:18:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2012/08/29 07:18:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2012/08/29 07:18:22 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2012/08/29 07:18:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2012/08/29 07:18:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2012/08/29 07:18:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2012/08/29 07:18:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2012/08/29 07:18:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2012/08/29 07:18:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2012/08/29 07:18:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2012/08/29 07:18:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2012/08/29 07:18:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2012/08/29 07:18:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2012/08/29 07:18:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2012/08/29 07:18:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2012/08/29 07:18:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2012/08/29 07:18:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2012/08/29 07:18:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2012/08/29 07:18:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2012/08/29 07:18:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\pchealth
[2012/08/29 07:18:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2012/08/29 07:18:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2012/08/29 07:18:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\Network Diagnostic
[2012/08/29 07:18:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2012/08/29 07:18:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2012/08/29 07:18:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2012/08/29 07:18:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2012/08/29 07:18:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2012/08/29 07:18:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\L2Schemas
[2012/08/29 07:18:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2012/08/29 07:18:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2012/08/29 07:18:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2012/08/29 07:18:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2012/08/29 07:18:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2012/08/29 07:18:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2012/08/29 07:18:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2012/08/29 07:18:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2012/08/29 07:18:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2012/08/29 07:18:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2012/08/29 07:18:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\ehome
[2012/08/29 07:18:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2012/08/29 07:18:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2012/08/29 07:18:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2012/08/29 07:18:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2012/08/29 07:18:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\Dell
[2012/08/29 07:18:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2012/08/29 07:18:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2012/08/29 07:18:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2012/08/29 07:18:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2012/08/29 07:18:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2012/08/29 07:18:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2012/08/29 07:18:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2012/08/29 07:18:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2012/08/29 07:18:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2012/08/29 07:18:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2012/08/29 07:18:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2012/08/29 07:18:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2012/08/29 07:18:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2012/08/29 07:18:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2012/08/29 07:18:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2012/08/29 07:18:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2012/08/29 07:18:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2012/08/29 07:18:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[2012/08/18 17:57:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/08/15 11:30:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[38 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[37 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/11 11:19:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/11 10:26:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/09/11 10:02:00 | 000,014,814 | ---- | M] () -- C:\WINDOWS\cfgall.ini
[2012/09/11 09:10:44 | 000,433,712 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/09/11 09:10:44 | 000,072,012 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/09/11 09:07:50 | 000,002,539 | ---- | M] () -- C:\Documents and Settings\user.COMPANY\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook 2007.lnk
[2012/09/11 09:07:18 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/11 09:06:58 | 000,000,031 | ---- | M] () -- C:\tmuninst.ini
[2012/09/11 09:06:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/09/10 17:25:33 | 000,002,533 | ---- | M] () -- C:\Documents and Settings\user.COMPANY\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2012/08/31 14:22:12 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/08/31 13:41:22 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\user.COMPANY\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/08/31 13:22:22 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user.COMPANY\Desktop\OTL(1).exe
[2012/08/31 13:01:58 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/08/31 12:43:15 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\user.COMPANY\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/08/31 12:43:15 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/08/31 09:26:56 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\user.COMPANY\Desktop\Shortcut to Connect to Small Business Server.lnk
[2012/08/31 09:03:28 | 000,001,809 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/08/30 18:36:36 | 000,002,491 | ---- | M] () -- C:\Documents and Settings\user.COMPANY\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2007.lnk
[2012/08/30 14:10:03 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\user.COMPANY\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/08/30 14:09:21 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2012/08/30 13:56:55 | 000,001,787 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2012/08/30 12:02:32 | 000,138,848 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/08/30 10:31:58 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\user.COMPANY\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/08/30 07:43:28 | 000,000,213 | -HS- | M] () -- C:\boot.ini
[2012/08/29 19:19:50 | 000,012,514 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2012/08/29 19:02:46 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2012/08/29 18:46:37 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
[2012/08/29 17:22:16 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_cvusbdrv_01005.Wdf
[2012/08/29 17:22:15 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
[2012/08/29 14:47:48 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/08/29 14:46:47 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2012/08/29 14:45:57 | 000,000,290 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2012/08/29 14:44:45 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012/08/29 14:44:45 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2012/08/29 14:44:45 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2012/08/29 14:44:45 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2012/08/29 14:44:43 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2012/08/29 14:44:43 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2012/08/29 14:44:39 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2012/08/29 14:42:43 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/08/29 07:24:37 | 000,004,444 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[38 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[37 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/31 19:55:47 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/08/31 12:43:15 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\user.COMPANY\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/08/31 12:43:15 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/08/31 12:43:15 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/08/31 09:26:56 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\user.COMPANY\Desktop\Shortcut to Connect to Small Business Server.lnk
[2012/08/30 14:10:03 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/08/30 14:10:03 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\user.COMPANY\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/08/30 14:09:43 | 000,000,880 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/30 14:09:43 | 000,000,876 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/30 14:09:21 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2012/08/30 14:09:21 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2012/08/30 13:56:55 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2012/08/30 10:50:46 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/08/30 10:50:46 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/08/30 10:47:03 | 000,002,539 | ---- | C] () -- C:\Documents and Settings\user.COMPANY\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook 2007.lnk
[2012/08/30 10:47:03 | 000,002,533 | ---- | C] () -- C:\Documents and Settings\user.COMPANY\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2012/08/30 10:47:03 | 000,002,491 | ---- | C] () -- C:\Documents and Settings\user.COMPANY\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2007.lnk
[2012/08/30 10:43:49 | 000,014,814 | ---- | C] () -- C:\WINDOWS\cfgall.ini
[2012/08/30 10:41:30 | 000,177,232 | ---- | C] () -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2012/08/30 10:41:30 | 000,067,664 | ---- | C] () -- C:\WINDOWS\System32\drivers\tmactmon.sys
[2012/08/30 10:41:30 | 000,057,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\tmevtmgr.sys
[2012/08/30 10:40:06 | 000,000,031 | ---- | C] () -- C:\tmuninst.ini
[2012/08/30 10:31:58 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\user.COMPANY\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/08/30 10:31:56 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\user.COMPANY\Start Menu\Programs\Outlook Express.lnk
[2012/08/30 10:31:54 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\user.COMPANY\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/08/30 10:31:54 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\user.COMPANY\Start Menu\Programs\Internet Explorer.lnk
[2012/08/30 10:31:50 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\user.COMPANY\Start Menu\Programs\Remote Assistance.lnk
[2012/08/30 10:31:50 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\user.COMPANY\Start Menu\Programs\Windows Media Player.lnk
[2012/08/29 19:19:50 | 000,012,514 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2012/08/29 19:02:25 | 000,057,656 | ---- | C] () -- C:\WINDOWS\System32\drivers\FilterPC.bmp
[2012/08/29 19:02:25 | 000,024,995 | ---- | C] () -- C:\WINDOWS\System32\drivers\FilterPC.jpg
[2012/08/29 19:01:02 | 000,001,717 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\PowerDVD DX.lnk
[2012/08/29 18:50:13 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2012/08/29 18:50:13 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2012/08/29 18:50:13 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2012/08/29 18:50:13 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\vcredist_x86.bat
[2012/08/29 18:46:37 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
[2012/08/29 18:43:41 | 000,057,656 | ---- | C] () -- C:\WINDOWS\System32\drivers\OA001PC.bmp
[2012/08/29 18:43:41 | 000,022,951 | ---- | C] () -- C:\WINDOWS\System32\drivers\OA001PC.jpg
[2012/08/29 18:43:41 | 000,005,805 | ---- | C] () -- C:\WINDOWS\OA001.uns
[2012/08/29 18:42:54 | 000,232,744 | R--- | C] () -- C:\WINDOWS\System32\drivers\SRS_PremiumSound_i386.sys
[2012/08/29 18:33:48 | 001,991,464 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2012/08/29 18:33:48 | 000,432,400 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2012/08/29 18:33:48 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4964.dll
[2012/08/29 18:33:48 | 000,029,120 | ---- | C] () -- C:\WINDOWS\System32\igxpxs32.vp
[2012/08/29 18:33:48 | 000,002,096 | ---- | C] () -- C:\WINDOWS\System32\igxpxk32.vp
[2012/08/29 18:24:13 | 000,001,904 | ---- | C] () -- C:\WINDOWS\System32\SetupBD.din
[2012/08/29 18:24:10 | 000,002,900 | ---- | C] () -- C:\WINDOWS\System32\e1y5132.din
[2012/08/29 17:22:16 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_cvusbdrv_01005.Wdf
[2012/08/29 17:22:15 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
[2012/08/29 17:22:03 | 000,157,008 | ---- | C] () -- C:\WINDOWS\System32\brcmbsp.dll
[2012/08/29 17:21:55 | 000,080,368 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll
[2012/08/29 14:46:47 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2012/08/29 14:45:57 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/08/29 14:45:19 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2012/08/29 14:44:45 | 000,002,577 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/08/29 14:44:45 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2012/08/29 14:44:45 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2012/08/29 14:44:45 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2012/08/29 14:44:45 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2012/08/29 14:44:43 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2012/08/29 14:44:43 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2012/08/29 14:44:43 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2012/08/29 14:44:03 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2012/08/29 14:43:58 | 004,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2012/08/29 14:43:46 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2012/08/29 14:43:46 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2012/08/29 14:43:41 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2012/08/29 14:43:11 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msinfo.dll
[2012/08/29 14:42:44 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2012/08/29 14:42:43 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/08/29 14:42:40 | 000,001,986 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN.lnk
[2012/08/29 14:42:22 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2012/08/29 14:42:22 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2012/08/29 14:42:22 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2012/08/29 14:42:22 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2012/08/29 14:42:22 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2012/08/29 14:42:22 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2012/08/29 14:42:22 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2012/08/29 14:42:22 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2012/08/29 14:42:22 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2012/08/29 14:42:22 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2012/08/29 14:42:22 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2012/08/29 14:42:19 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2012/08/29 14:42:19 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2012/08/29 14:42:18 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2012/08/29 14:42:14 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2012/08/29 07:28:34 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2012/08/29 07:28:33 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2012/08/29 07:28:29 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2012/08/29 07:28:22 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2012/08/29 07:28:22 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2012/08/29 07:28:21 | 000,001,486 | ---- | C] () -- C:\WINDOWS\System32\noise.kor
[2012/08/29 07:28:20 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\korwbrkr.lex
[2012/08/29 07:28:20 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2012/08/29 07:28:20 | 000,002,060 | ---- | C] () -- C:\WINDOWS\System32\noise.jpn
[2012/08/29 07:28:14 | 000,211,938 | ---- | C] () -- C:\WINDOWS\System32\lcphrase.tbl
[2012/08/29 07:28:14 | 000,146,126 | ---- | C] () -- C:\WINDOWS\System32\array30.tab
[2012/08/29 07:28:14 | 000,110,566 | ---- | C] () -- C:\WINDOWS\System32\arphr.tbl
[2012/08/29 07:28:14 | 000,018,600 | ---- | C] () -- C:\WINDOWS\System32\arrayhw.tab
[2012/08/29 07:28:14 | 000,016,312 | ---- | C] () -- C:\WINDOWS\System32\arptr.tbl
[2012/08/29 07:28:13 | 000,116,285 | ---- | C] () -- C:\WINDOWS\System32\msdayi.tbl
[2012/08/29 07:28:13 | 000,044,370 | ---- | C] () -- C:\WINDOWS\System32\acode.tbl
[2012/08/29 07:28:13 | 000,044,370 | ---- | C] () -- C:\WINDOWS\System32\a234.tbl
[2012/08/29 07:28:13 | 000,043,242 | ---- | C] () -- C:\WINDOWS\System32\phoncode.tbl
[2012/08/29 07:28:13 | 000,024,114 | ---- | C] () -- C:\WINDOWS\System32\lcptr.tbl
[2012/08/29 07:28:13 | 000,004,071 | ---- | C] () -- C:\WINDOWS\System32\phon.tbl
[2012/08/29 07:28:13 | 000,002,714 | ---- | C] () -- C:\WINDOWS\System32\phonptr.tbl
[2012/08/29 07:28:13 | 000,001,460 | ---- | C] () -- C:\WINDOWS\System32\a15.tbl
[2012/08/29 07:28:13 | 000,000,700 | ---- | C] () -- C:\WINDOWS\System32\dayiptr.tbl
[2012/08/29 07:28:13 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\dayiphr.tbl
[2012/08/29 07:28:10 | 001,783,864 | ---- | C] () -- C:\WINDOWS\System32\WINPY.MB
[2012/08/29 07:28:10 | 001,564,868 | ---- | C] () -- C:\WINDOWS\System32\WINSP.MB
[2012/08/29 07:28:10 | 001,223,500 | ---- | C] () -- C:\WINDOWS\System32\WINZM.MB
[2012/08/29 07:28:07 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2012/08/29 07:28:07 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2012/08/29 07:24:37 | 000,004,444 | ---- | C] () -- C:\WINDOWS\System32\pid.PNF
[2012/08/29 07:24:36 | 000,001,809 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012/08/29 07:24:34 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/08/29 07:24:33 | 001,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd
[2012/08/29 07:24:32 | 000,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
[2012/08/29 07:24:32 | 000,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
[2012/08/29 07:24:32 | 000,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf
[2012/08/29 07:24:20 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2012/08/29 07:24:16 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2012/08/29 07:24:16 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2012/08/29 07:24:16 | 000,144,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2012/08/29 07:24:16 | 000,112,918 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2012/08/29 07:24:16 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2012/08/29 07:24:16 | 000,034,747 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2012/08/29 07:24:16 | 000,034,063 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2012/08/29 07:24:16 | 000,026,991 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2012/08/29 07:24:16 | 000,016,535 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2012/08/29 07:24:16 | 000,014,433 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2012/08/29 07:24:16 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2012/08/29 07:24:16 | 000,012,363 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2012/08/29 07:24:16 | 000,010,027 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2012/08/29 07:24:16 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2012/08/29 07:24:16 | 000,007,710 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2012/08/29 07:24:16 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2012/08/29 07:24:15 | 002,144,487 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2012/08/29 07:24:15 | 001,296,669 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP3.CAT
[2012/08/29 07:24:15 | 000,522,220 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2012/08/29 07:23:44 | 000,138,848 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/08/29 07:23:01 | 000,000,213 | -HS- | C] () -- C:\boot.ini
[2012/08/29 07:23:00 | 000,000,290 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf

========== LOP Check ==========

[2012/08/29 21:31:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ask
[2012/08/31 13:02:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/08/29 18:26:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2012/08/29 21:32:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Xerox
[2012/08/29 21:32:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\ICAClient
[2012/08/29 21:32:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Windows Desktop Search
[2012/08/30 13:57:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user.COMPANY\Application Data\Windows Desktop Search
[2012/08/30 15:05:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user.COMPANY\Application Data\Xerox

========== Purity Check ==========



< End of report >
  • 0

#24
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi,

Only happens in Internet Explorer?

Please reopen Posted Image on your desktop.
  • Under the Posted Image box at the bottom, paste in the following

    :OTL
    [2012/08/29 21:31:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ask
    
    :Files
    Ipconfig /flushdns /c
    
    :Commands
    [CREATERESTOREPOINT]
    [EMPTYTEMP]
    
  • Then click the Posted Image button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

NEXT:

Hold on the Windows + R on your keyboard. This will display the run dialogue box:

Type iexplore -extoff and press [ENTER]

Tell me if the Trend Micro still detects something.
  • 0

#25
kondayo

kondayo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Hi Whitehat,

OTL is freezing up when I run that fix. Doesn't seem to work. Any suggestions?
  • 0

Advertisements


#26
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi,

OTL is freezing up when I run that fix. Doesn't seem to work. Any suggestions?

Sorry about that. I changed the script, let's try again.

Only happens in Internet Explorer?

Please reopen Posted Image on your desktop.
  • Under the Posted Image box at the bottom, paste in the following

    :OTL
    [2012/08/29 21:31:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ask
    
    :Files
    Ipconfig /flushdns /c
    
    :Commands
    [CREATERESTOREPOINT]
    [REBOOT]
  • Then click the Posted Image button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

NEXT:

Hold on the Windows + R on your keyboard. This will display the run dialogue box:

Type iexplore -extoff and press [ENTER]

Tell me if the Trend Micro still detects something.
  • 0

#27
kondayo

kondayo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Here's the log. I tried your method to turn the extensions of in internet explorer but it didn't work, so I went in and manually turned off 3rd party extensions. Still seems to be jumping to that other site as soon as I launch internet explorer.

As for the Trend Micro issue, it may very well be a false positive as you've said. We're looking into it with Trend Micro.

========== OTL ==========
C:\Documents and Settings\All Users\Application Data\Ask\APN-Stub folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Ask folder moved successfully.
========== FILES ==========
< Ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\user.COMPANY\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\user.COMPANY\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.59.1 log created on 09172012_125113
  • 0

#28
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts

Here's the log. I tried your method to turn the extensions of in internet explorer but it didn't work, so I went in and manually turned off 3rd party extensions. Still seems to be jumping to that other site as soon as I launch internet explorer.

I have one more shoot.

Please, disable the Trend Micro antivirus (See instructions below) and run Internet Explorer. If everything run fine, IE will open the "other site". Tell me the URL (Link) of this website.

Instructions to disable the Trend Micro antivirus:
http://esupport.tren...us/1037114.aspx
  • 0

#29
kondayo

kondayo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
IE opens the site even when Trend Micro is not disabled.

This is the URL of the site IE keeps on opening:

http://ca.msn.com/?o...ak.facebook.com
  • 0

#30
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
As I suspected, it's a false positive. You don't need to worry about that.

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean

The following will implement some cleanup procedures as well as reset System Restore points:

Remove ComboFix

  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall (Notice the space between the "x" and "/") then click OK

    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled

Remove OTL

Run OTL and hit the Posted Image cleanup button. It will remove all the programmes we have used plus itself.

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version

SPRING CLEAN

To manually create a new Restore Point
  • (If you use Windows 7/Vista)
  • Go to Control Panel and select System
  • Select System
  • On the left select System Protection and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create

  • (If you use Windows XP)
  • Go to Start > All Programs > Acessories > System Tools > System Restore.
  • Select the option Create a restore point and click in Next.
  • Type in a name i.e. Clean
  • Select Create

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Posted Image Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place??

Keep safe.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP