Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Have a virus! Need help! OTL log posted below....

Started by KINNEY1978 , Jun 13 2011 03:03 PM

  • This topic is locked This topic is locked

#1
KINNEY1978
Posted 13 June 2011 - 03:03 PM

KINNEY1978

    Member

  • Member
  • PipPip
  • 62 posts
Hello,

I have a virus on my Dell laptop (Windows 7 operating system) and can't see to get rid of it. Random things are happening....no sound through the internet, internet redirecting, very very slow, etc.

I would appreciate the help greatly. Here are the OTL logs:

OTL logfile created on: 6/13/2011 4:58:22 PM - Run 1
OTL by OldTimer - Version 3.2.21.0 Folder = C:\Users\Jason.kinney\Desktop
Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 58.00% Memory free
7.00 Gb Paging File | 5.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 113.77 Gb Free Space | 76.33% Space Free | Partition Type: NTFS
Drive E: | 1.89 Gb Total Space | 1.20 Gb Free Space | 63.48% Space Free | Partition Type: FAT32
Drive X: | 1024.00 Gb Total Space | 0.16 Gb Free Space | 0.02% Space Free | Partition Type: NTFS
Drive Z: | 2048.00 Gb Total Space | 832.05 Gb Free Space | 40.63% Space Free | Partition Type: NTFS

Computer Name: LUCA9F39RM1 | User Name: jason.kinney | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/24 07:42:14 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Users\Jason.kinney\Desktop\OTL.exe
PRC - [2010/10/21 15:59:56 | 000,385,024 | ---- | M] (LANDesk Software, Inc. and its affiliates.) -- C:\Program Files\LANDesk\LDClient\softmon.exe
PRC - [2010/03/23 10:57:48 | 015,889,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
PRC - [2010/02/18 11:43:20 | 000,490,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/02/02 05:20:46 | 000,040,960 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
PRC - [2010/02/02 05:20:44 | 005,249,024 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
PRC - [2010/02/02 05:19:10 | 004,539,392 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
PRC - [2010/01/25 14:28:56 | 000,278,528 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2010/01/14 20:50:06 | 000,054,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2009/12/14 19:25:04 | 000,521,176 | ---- | M] (Avocent Corporation ) -- C:\Program Files\LANDesk\LDClient\Antivirus\AVService.exe
PRC - [2009/11/23 17:50:24 | 000,843,776 | ---- | M] (Avocent Corporation ) -- C:\Program Files\LANDesk\LDClient\Antivirus\LDAV.exe
PRC - [2009/11/23 16:26:04 | 000,321,024 | ---- | M] () -- C:\Program Files\LANDesk\LDClient\XDDClient.exe
PRC - [2009/11/23 16:19:16 | 000,195,072 | ---- | M] (Avocent Corporation ) -- C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe
PRC - [2009/11/23 16:05:00 | 000,182,272 | ---- | M] (Avocent Corporation ) -- C:\Program Files\LANDesk\LDClient\tmcsvc.exe
PRC - [2009/11/23 16:00:24 | 000,189,952 | ---- | M] (Avocent Corporation ) -- C:\Program Files\LANDesk\LDClient\LocalSch.EXE
PRC - [2009/11/23 15:45:46 | 000,495,616 | ---- | M] (Avocent Corporation ) -- C:\Program Files\LANDesk\LDClient\collector.exe
PRC - [2009/11/23 15:29:34 | 000,480,256 | ---- | M] (Avocent Corporation ) -- C:\Program Files\LANDesk\LDClient\issuser.exe
PRC - [2009/11/23 15:28:18 | 000,313,344 | ---- | M] (Avocent Corporation ) -- C:\Program Files\LANDesk\LDClient\rcgui.exe
PRC - [2009/11/23 13:59:36 | 000,086,016 | ---- | M] () -- C:\Program Files\LANDesk\LDClient\Antivirus\kavehost.exe
PRC - [2009/11/04 13:21:26 | 000,147,456 | ---- | M] (Avocent Corporation) -- C:\Program Files\LANDesk\Shared Files\residentAgent.exe
PRC - [2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/09/18 04:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CCM\CcmExec.exe
PRC - [2009/07/13 21:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 21:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sppsvc.exe
PRC - [2009/07/13 21:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009/07/08 17:08:30 | 000,413,827 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2009/06/15 17:05:56 | 000,611,624 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
PRC - [2009/03/03 09:38:52 | 000,056,680 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.exe
PRC - [2009/02/01 00:15:38 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2009/01/31 22:43:30 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2007/08/31 07:13:00 | 000,032,825 | ---- | M] (LANDesk Software Ltd.) -- C:\Windows\System32\cba\pds.exe


========== Modules (SafeList) ==========

MOD - [2011/02/24 07:42:14 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Users\Jason.kinney\Desktop\OTL.exe
MOD - [2009/07/13 21:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/13 21:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/13 21:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/13 21:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/13 21:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/13 21:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/13 21:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/13 21:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/10/21 15:59:56 | 000,385,024 | ---- | M] (LANDesk Software, Inc. and its affiliates.) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\softmon.exe -- (Softmon) LANDesk®
SRV - [2010/05/21 14:27:14 | 000,046,000 | ---- | M] (Microsoft) [Auto | Stopped] -- C:\Windows\System32\AbtSvcHost_.exe -- (AbtSvcHost)
SRV - [2010/04/30 16:07:58 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/02/02 05:20:46 | 000,040,960 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2009/12/14 19:25:04 | 000,521,176 | ---- | M] (Avocent Corporation ) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\antivirus\avservice.exe -- (LDAVService) LANDesk®
SRV - [2009/11/23 16:26:04 | 000,321,024 | ---- | M] () [Auto | Running] -- C:\Program Files\LANDesk\LDClient\xddclient.exe -- (LDXDD) LANDesk®
SRV - [2009/11/23 16:19:16 | 000,195,072 | ---- | M] (Avocent Corporation ) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe -- (LANDesk Policy Invoker)
SRV - [2009/11/23 16:05:00 | 000,182,272 | ---- | M] (Avocent Corporation ) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\tmcsvc.exe -- (LANDesk Targeted Multicast)
SRV - [2009/11/23 16:00:24 | 000,189,952 | ---- | M] (Avocent Corporation ) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\LocalSch.EXE -- (Intel Local Scheduler Service)
SRV - [2009/11/23 15:29:34 | 000,480,256 | ---- | M] (Avocent Corporation ) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\issuser.exe -- (ISSUSER)
SRV - [2009/11/04 13:21:26 | 000,147,456 | ---- | M] (Avocent Corporation) [Auto | Running] -- C:\Program Files\LANDesk\Shared Files\residentagent.exe -- (CBA8) LANDesk®
SRV - [2009/09/18 04:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\CCM\CcmExec.exe -- (CcmExec)
SRV - [2009/09/18 04:00:00 | 000,246,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\CCM\TSManager.exe -- (smstsmgr)
SRV - [2009/07/13 21:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/13 21:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 21:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/13 21:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 21:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 21:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 21:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 21:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 21:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 21:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/13 21:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/13 21:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 21:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 21:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 21:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/13 21:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/13 21:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009/06/15 17:05:56 | 000,611,624 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2009/03/03 09:38:52 | 000,056,680 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\System32\rpcnet.exe -- (Rpcnet) Remote Procedure Call (RPC)
SRV - [2007/08/31 07:13:00 | 000,032,825 | ---- | M] (LANDesk Software Ltd.) [Auto | Running] -- C:\Windows\System32\cba\pds.exe -- (Intel PDS)


========== Driver Services (SafeList) ==========

DRV - [2010/02/11 00:50:24 | 006,282,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2010/02/02 05:20:24 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2010/02/02 05:20:20 | 002,707,448 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2010/02/02 05:18:24 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2010/01/22 15:59:24 | 000,239,664 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2009/12/31 05:22:09 | 000,295,936 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2009/12/11 03:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/11/23 13:57:52 | 000,317,072 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2009/11/06 01:35:22 | 000,214,696 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1k6232.sys -- (e1kexpress) Intel®
DRV - [2009/09/22 21:19:31 | 000,055,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2009/09/22 21:18:08 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2009/09/22 21:18:07 | 000,165,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2009/09/18 04:00:00 | 000,020,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2009/07/13 21:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/13 21:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/13 21:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/13 21:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/13 21:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/13 21:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/13 21:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/13 21:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/13 21:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/13 21:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/13 21:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/13 21:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/13 21:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/13 21:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/13 21:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/13 21:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/13 21:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/13 21:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/13 21:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/13 21:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/13 21:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/13 21:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/13 21:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/13 21:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/13 21:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/13 21:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/13 21:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/13 21:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 21:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/13 21:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 21:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/13 21:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 21:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/13 21:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/13 21:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/13 21:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/13 21:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/13 21:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/13 21:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/13 21:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/13 21:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/13 20:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/13 20:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/13 20:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 19:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 19:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 19:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 19:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)
DRV - [2009/07/13 19:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 19:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2009/07/13 19:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/13 19:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 19:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 19:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 19:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/13 19:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/13 19:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/13 19:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 19:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 19:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 19:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/13 19:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 18:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 18:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 18:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 18:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 18:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 18:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 18:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 18:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 18:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/06/15 16:36:30 | 000,023,552 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV - [2009/06/15 13:05:16 | 000,143,968 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV - [2009/05/28 10:48:20 | 000,134,144 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CtAudDrv.sys -- (CtAudDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://my.saintleo.edu
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.saintleo.edu/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[2011/06/13 15:44:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jason.kinney\AppData\Roaming\mozilla\Extensions
[2011/06/13 15:44:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2010/05/12 14:59:11 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [LANDesk Antivirus] C:\Program Files\LANDesk\LDClient\antivirus\LDav.exe (Avocent Corporation )
O4 - HKLM..\RunOnce: [MSTEE.CxTransform] File not found
O4 - HKLM..\RunOnce: [MSTEE.Splitter] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: saintleo.edu ([informer] http in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://sslvpn.saint...SetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.30.178 172.16.30.124 172.16.100.96
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = saintleo.edu
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/13 16:58:02 | 000,577,024 | ---- | C] (OldTimer Tools) -- C:\Users\Jason.kinney\Desktop\OTL.exe
[2011/06/13 15:44:31 | 000,000,000 | ---D | C] -- C:\Users\Jason.kinney\AppData\Roaming\Mozilla
[2011/06/13 15:44:31 | 000,000,000 | ---D | C] -- C:\Users\Jason.kinney\AppData\Local\Mozilla
[2011/06/13 15:44:27 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/06/09 15:00:10 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/06/09 10:26:32 | 000,000,000 | ---D | C] -- C:\Users\Jason.kinney\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Restore
[2011/05/27 14:35:36 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/26 18:39:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint
[2011/05/26 16:16:36 | 000,000,000 | ---D | C] -- C:\ProgramData\RFA_Backups
[2011/05/26 16:16:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry First Aid
[2011/05/26 16:16:33 | 000,000,000 | ---D | C] -- C:\Program Files\RFA
[2011/05/26 16:12:40 | 000,000,000 | ---D | C] -- C:\Users\Jason.kinney\Documents\Registry First Aid Platinum 7.1.1.1733 + Serial
[2011/05/26 15:37:13 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/05/26 15:37:10 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/05/26 15:36:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/25 10:52:07 | 000,000,000 | ---D | C] -- C:\Users\Jason.kinney\Documents\Final Files for Scott
[2011/05/23 16:37:13 | 000,000,000 | ---D | C] -- C:\Users\Jason.kinney\Documents\Financial Aid
[2011/05/23 16:21:35 | 000,000,000 | ---D | C] -- C:\Users\Jason.kinney\Documents\First Set of Files
[2011/05/23 15:44:50 | 000,000,000 | ---D | C] -- C:\Users\Jason.kinney\Documents\Web Project Manager
[2011/05/21 08:35:55 | 000,000,000 | ---D | C] -- C:\Users\Jason.kinney\AppData\Roaming\Juniper Networks
[2011/05/19 15:14:02 | 000,000,000 | ---D | C] -- C:\Users\Jason.kinney\AppData\Local\Google
[2011/05/19 15:14:02 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011/05/18 10:59:29 | 000,000,000 | ---D | C] -- C:\Users\Jason.kinney\Documents\Honors Reports
[2010/02/11 00:14:52 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll

========== Files - Modified Within 30 Days ==========

[2011/06/13 16:57:10 | 000,049,347 | ---- | M] () -- C:\Windows\System32\hostcache.xml
[2011/06/13 16:56:08 | 000,621,578 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/13 16:56:08 | 000,105,704 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/13 16:55:34 | 000,000,461 | ---- | M] () -- C:\Windows\SMSCFG.ini
[2011/06/13 16:51:34 | 000,056,680 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.dll
[2011/06/13 16:51:34 | 000,017,920 | ---- | M] () -- C:\Windows\System32\rpcnetp.dll
[2011/06/13 16:50:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/13 16:50:47 | 2760,245,248 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/13 16:50:43 | 000,017,920 | ---- | M] () -- C:\Windows\System32\rpcnetp.exe
[2011/06/13 16:32:36 | 000,015,152 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/13 16:32:36 | 000,015,152 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/09 14:24:34 | 000,000,136 | ---- | M] () -- C:\ProgramData\~27516664r
[2011/06/09 14:24:34 | 000,000,112 | ---- | M] () -- C:\ProgramData\~27516664
[2011/06/09 14:24:28 | 000,000,328 | ---- | M] () -- C:\ProgramData\27516664
[2011/06/09 13:41:09 | 000,000,112 | ---- | M] () -- C:\ProgramData\~28827384
[2011/06/09 13:41:05 | 000,000,136 | ---- | M] () -- C:\ProgramData\~28827384r
[2011/06/09 10:26:30 | 000,000,344 | ---- | M] () -- C:\ProgramData\28827384
[2011/06/08 16:51:13 | 000,211,106 | ---- | M] () -- C:\Users\Jason.kinney\Documents\Kathryn's Tax refund request to Best Buy.pdf
[2011/06/08 16:47:10 | 000,018,505 | ---- | M] () -- C:\Users\Jason.kinney\Documents\Kathryn's Fax Cover for Best Buy.docx
[2011/06/08 16:30:15 | 000,077,361 | ---- | M] () -- C:\Users\Jason.kinney\Documents\2010 FL Sales Exepmt Certificate.pdf
[2011/06/08 16:02:19 | 000,052,441 | ---- | M] () -- C:\Users\Jason.kinney\Documents\MBA-533 Course Notes.docx
[2011/06/08 11:48:02 | 000,280,628 | ---- | M] () -- C:\Users\Jason.kinney\Documents\Week 4 Chapter Quiz (9,10,11,& 12).docx
[2011/06/06 14:48:02 | 000,041,327 | ---- | M] () -- C:\Users\Jason.kinney\Documents\Kathryn's Team Vacation & Conference Schedule (Updated 6-6-2011).docx
[2011/06/01 14:00:04 | 000,010,462 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011/05/31 17:04:18 | 000,021,278 | ---- | M] () -- C:\Users\Jason.kinney\Documents\Jason Kinney (Module 4 eSlip).docx
[2011/05/31 16:47:53 | 000,019,483 | ---- | M] () -- C:\Users\Jason.kinney\Documents\Jason Kinney (Module 3- In Class Assignment).docx
[2011/05/31 15:42:29 | 000,021,445 | ---- | M] () -- C:\Users\Jason.kinney\Documents\JasonHR.docx
[2011/05/25 13:40:00 | 000,013,864 | ---- | M] () -- C:\Users\Jason.kinney\Documents\INTRODUCTION.docx
[2011/05/24 19:14:10 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2011/05/24 16:11:28 | 000,020,424 | ---- | M] () -- C:\Users\Jason.kinney\Documents\Jason Kinney (Module 3 eSlip).docx
[2011/05/18 13:36:47 | 001,424,167 | ---- | M] () -- C:\Users\Jason.kinney\Documents\COL Admission Process Powerpoint Section.pptx
[2011/05/18 12:36:25 | 014,601,540 | ---- | M] () -- C:\Users\Jason.kinney\Documents\EC New Hire Training KM V3-b.pptx
[2011/05/17 14:34:44 | 000,021,219 | ---- | M] () -- C:\Users\Jason.kinney\Documents\Jason Kinney (Module 2 eSlip).docx
[2011/05/17 09:26:42 | 000,015,399 | ---- | M] () -- C:\Users\Jason.kinney\Documents\SWOT-Enrollment Financial Aid.docx
[2011/05/16 16:56:55 | 000,051,200 | ---- | M] () -- C:\Users\Jason.kinney\Documents\PerformanceEvaluation.doc
[2011/05/16 16:29:54 | 001,358,072 | ---- | M] () -- C:\Users\Jason.kinney\Documents\Human Resources for Health in Southeast Asia.pdf

========== Files Created - No Company Name ==========

[2011/06/09 14:24:34 | 000,000,136 | ---- | C] () -- C:\ProgramData\~27516664r
[2011/06/09 14:24:34 | 000,000,112 | ---- | C] () -- C:\ProgramData\~27516664
[2011/06/09 14:24:28 | 000,000,328 | ---- | C] () -- C:\ProgramData\27516664
[2011/06/09 10:28:46 | 000,000,136 | ---- | C] () -- C:\ProgramData\~28827384r
[2011/06/09 10:28:46 | 000,000,112 | ---- | C] () -- C:\ProgramData\~28827384
[2011/06/09 10:26:30 | 000,000,344 | ---- | C] () -- C:\ProgramData\28827384
[2011/06/08 16:51:13 | 000,211,106 | ---- | C] () -- C:\Users\Jason.kinney\Documents\Kathryn's Tax refund request to Best Buy.pdf
[2011/06/08 16:43:27 | 000,018,505 | ---- | C] () -- C:\Users\Jason.kinney\Documents\Kathryn's Fax Cover for Best Buy.docx
[2011/06/08 16:30:15 | 000,077,361 | ---- | C] () -- C:\Users\Jason.kinney\Documents\2010 FL Sales Exepmt Certificate.pdf
[2011/06/08 11:48:01 | 000,280,628 | ---- | C] () -- C:\Users\Jason.kinney\Documents\Week 4 Chapter Quiz (9,10,11,& 12).docx
[2011/06/06 13:53:10 | 000,041,327 | ---- | C] () -- C:\Users\Jason.kinney\Documents\Kathryn's Team Vacation & Conference Schedule (Updated 6-6-2011).docx
[2011/05/31 16:48:52 | 000,021,278 | ---- | C] () -- C:\Users\Jason.kinney\Documents\Jason Kinney (Module 4 eSlip).docx
[2011/05/31 16:47:53 | 000,019,483 | ---- | C] () -- C:\Users\Jason.kinney\Documents\Jason Kinney (Module 3- In Class Assignment).docx
[2011/05/26 15:37:13 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/05/26 15:37:13 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/05/25 13:36:55 | 000,013,864 | ---- | C] () -- C:\Users\Jason.kinney\Documents\INTRODUCTION.docx
[2011/05/25 11:05:41 | 000,021,445 | ---- | C] () -- C:\Users\Jason.kinney\Documents\JasonHR.docx
[2011/05/24 16:24:25 | 000,020,424 | ---- | C] () -- C:\Users\Jason.kinney\Documents\Jason Kinney (Module 3 eSlip).docx
[2011/05/18 13:36:47 | 001,424,167 | ---- | C] () -- C:\Users\Jason.kinney\Documents\COL Admission Process Powerpoint Section.pptx
[2011/05/18 12:36:24 | 014,601,540 | ---- | C] () -- C:\Users\Jason.kinney\Documents\EC New Hire Training KM V3-b.pptx
[2011/05/17 09:26:41 | 000,015,399 | ---- | C] () -- C:\Users\Jason.kinney\Documents\SWOT-Enrollment Financial Aid.docx
[2011/05/17 09:17:22 | 000,021,219 | ---- | C] () -- C:\Users\Jason.kinney\Documents\Jason Kinney (Module 2 eSlip).docx
[2011/05/16 16:56:54 | 000,051,200 | ---- | C] () -- C:\Users\Jason.kinney\Documents\PerformanceEvaluation.doc
[2011/05/16 16:29:54 | 001,358,072 | ---- | C] () -- C:\Users\Jason.kinney\Documents\Human Resources for Health in Southeast Asia.pdf
[2011/04/25 07:39:38 | 000,004,764 | ---- | C] () -- C:\Windows\System32\CcmFramework.ini
[2011/04/21 17:15:25 | 000,001,220 | ---- | C] () -- C:\Windows\ricdb.ini
[2011/04/21 16:57:00 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/04/21 16:06:20 | 000,000,461 | ---- | C] () -- C:\Windows\SMSCFG.ini
[2011/04/21 15:24:23 | 000,010,462 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/05/12 14:46:04 | 000,017,920 | ---- | C] () -- C:\Windows\System32\rpcnetp.dll
[2010/04/30 15:25:05 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2010/04/30 15:07:27 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2010/02/11 00:05:42 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/02/11 00:05:42 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2000/04/12 17:28:12 | 000,118,784 | ---- | C] () -- C:\Windows\System32\LFKODAK.DLL
[2000/04/12 17:24:10 | 000,338,944 | ---- | C] () -- C:\Windows\System32\LFFPX7.DLL
[1999/12/21 08:55:02 | 000,044,544 | ---- | C] () -- C:\Windows\System32\binder.dll
[1999/11/22 06:14:24 | 000,218,624 | ---- | C] () -- C:\Windows\System32\w019t32w.dll
[1998/09/30 13:08:46 | 000,107,520 | ---- | C] () -- C:\Windows\System32\w001t32w.dll
[1998/08/05 07:40:08 | 000,237,568 | ---- | C] () -- C:\Windows\System32\w048t32w.dll
[1998/07/21 12:59:50 | 000,223,232 | ---- | C] () -- C:\Windows\System32\w042t32w.dll
[1998/05/06 05:52:32 | 000,164,864 | ---- | C] () -- C:\Windows\System32\w033t32w.dll
[1997/12/05 08:34:12 | 000,254,464 | ---- | C] () -- C:\Windows\System32\g521t32w.dll
[1997/12/05 08:34:12 | 000,240,128 | ---- | C] () -- C:\Windows\System32\g610t32w.dll
[1997/12/05 08:34:12 | 000,236,544 | ---- | C] () -- C:\Windows\System32\g606t32w.dll
[1997/12/05 08:34:12 | 000,235,008 | ---- | C] () -- C:\Windows\System32\g615t32w.dll
[1997/12/05 08:34:12 | 000,185,856 | ---- | C] () -- C:\Windows\System32\w007t32w.dll
[1997/12/05 08:34:12 | 000,169,472 | ---- | C] () -- C:\Windows\System32\w037t32w.dll
[1997/12/05 08:34:12 | 000,138,240 | ---- | C] () -- C:\Windows\System32\w043t32w.dll
[1997/12/05 08:34:12 | 000,128,000 | ---- | C] () -- C:\Windows\System32\w046t32w.dll
[1997/12/05 08:34:12 | 000,123,904 | ---- | C] () -- C:\Windows\System32\g521f32w.dll
[1997/12/05 08:34:12 | 000,121,856 | ---- | C] () -- C:\Windows\System32\w020t32w.dll
[1997/12/05 08:34:12 | 000,105,984 | ---- | C] () -- C:\Windows\System32\w010t32w.dll
[1997/12/05 08:34:12 | 000,105,984 | ---- | C] () -- C:\Windows\System32\w008t32w.dll
[1997/12/05 08:34:12 | 000,105,984 | ---- | C] () -- C:\Windows\System32\g502f32w.dll
[1997/12/05 08:34:12 | 000,101,888 | ---- | C] () -- C:\Windows\System32\w015t32w.dll
[1997/12/05 08:34:12 | 000,099,840 | ---- | C] () -- C:\Windows\System32\w021t32w.dll
[1997/12/05 08:34:12 | 000,098,304 | ---- | C] () -- C:\Windows\System32\w040t32w.dll
[1997/12/05 08:34:12 | 000,097,280 | ---- | C] () -- C:\Windows\System32\w801t32w.dll
[1997/12/05 08:34:12 | 000,091,648 | ---- | C] () -- C:\Windows\System32\g610f32w.dll
[1997/12/05 08:34:12 | 000,090,112 | ---- | C] () -- C:\Windows\System32\w006t32w.dll
[1997/12/05 08:34:12 | 000,084,480 | ---- | C] () -- C:\Windows\System32\w770t32w.dll

========== LOP Check ==========

[2011/06/10 12:12:42 | 000,000,000 | ---D | M] -- C:\Users\Jason.kinney\AppData\Roaming\Juniper Networks
[2009/07/14 00:53:46 | 000,031,302 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >


OTL Extras logfile created on: 6/13/2011 4:58:23 PM - Run 1
OTL by OldTimer - Version 3.2.21.0 Folder = C:\Users\Jason.kinney\Desktop
Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 58.00% Memory free
7.00 Gb Paging File | 5.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 113.77 Gb Free Space | 76.33% Space Free | Partition Type: NTFS
Drive E: | 1.89 Gb Total Space | 1.20 Gb Free Space | 63.48% Space Free | Partition Type: FAT32
Drive X: | 1024.00 Gb Total Space | 0.16 Gb Free Space | 0.02% Space Free | Partition Type: NTFS
Drive Z: | 2048.00 Gb Total Space | 832.05 Gb Free Space | 40.63% Space Free | Partition Type: NTFS

Computer Name: LUCA9F39RM1 | User Name: jason.kinney | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
"PolicyVersion" = 513

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts]
"Enabled" = 1
"AllowUserPrefMerge" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List]
"135:TCP:*:enabled:SCCM" = 135:TCP:*:enabled:SCCM
"2701:TCP:*:enabled:SCCM" = 2701:TCP:*:enabled:SCCM
"2702:TCP:*:enabled:SCCM" = 2702:TCP:*:enabled:SCCM

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings]
"Enabled" = 1
"RemoteAddresses" = 172.16.30.107

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint]
"Enabled" = 1
"RemoteAddresses" = *

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop]
"Enabled" = 1
"RemoteAddresses" = *

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\FirewallRules]
"WMI-WINMGMT-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=%SystemRoot%\system32\svchost.exe|Svc=winmgmt|[email protected],-34254|[email protected],-34255|[email protected],-34251|Edge=FALSE|

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE 10.3
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{2609EDF1-34C4-4B03-B634-55F3B3BC4931}" = Configuration Manager Client
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{45734758-4041-4EA8-8E62-DE661FC3879C}" = LANDesk® Common Base Agent 8
"{4719A7A9-FD8A-4B9B-936C-78CE234C08F7}" = Type8000 TWAIN Driver Ver.4
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E8833A1-AF24-4CAE-82DF-CFE14C14B94D}" = LANDesk Advance Agent
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2010
"{90140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BAA3C56-1332-4E4D-B900-65155AD0516B}" = Singularity Index
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE 10.3
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dell Webcam Central" = Dell Webcam Central
"DW WLAN Card Utility" = DW WLAN Card Utility
"InstallShield_{9BAA3C56-1332-4E4D-B900-65155AD0516B}" = Singularity Index
"Juniper Network Connect 6.4.0" = Juniper Networks Network Connect 6.4.0
"LANDesk Antivirus" = LANDesk® Antivirus
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Office14.VISIO" = Microsoft Visio Standard 2010
"TVWiz" = Intel® TV Wizard

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/9/2011 3:07:03 PM | Computer Name = LUCA9F39RM1.saintleo.edu | Source = Microsoft-Windows-LoadPerf | ID = 3013
Description = Unable to update the performance counter strings defined for the 009
language ID. The first DWORD in the Data section contains the error code.

Error - 6/9/2011 3:07:03 PM | Computer Name = LUCA9F39RM1.saintleo.edu | Source = Microsoft-Windows-LoadPerf | ID = 3009
Description = Installing the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.

Error - 6/9/2011 3:09:12 PM | Computer Name = LUCA9F39RM1.saintleo.edu | Source = Microsoft-Windows-LoadPerf | ID = 3013
Description = Unable to update the performance counter strings defined for the 009
language ID. The first DWORD in the Data section contains the error code.

Error - 6/9/2011 3:09:12 PM | Computer Name = LUCA9F39RM1.saintleo.edu | Source = Microsoft-Windows-LoadPerf | ID = 3009
Description = Installing the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.

Error - 6/9/2011 3:41:04 PM | Computer Name = LUCA9F39RM1.saintleo.edu | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16385,
time stamp: 0x4a5bc69e Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x8dec8b55 Faulting process id:
0xe78 Faulting application start time: 0x01cc26dce7e1b81a Faulting application path:
C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: unknown Report
Id: 68e7e1bd-92d0-11e0-bdb5-0026b9ddf9ea

Error - 6/10/2011 7:57:03 AM | Computer Name = LUCA9F39RM1.saintleo.edu | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16385,
time stamp: 0x4a5bc69e Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x0000003e Faulting process id:
0x1220 Faulting application start time: 0x01cc275f9d2f5fd8 Faulting application path:
C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: unknown Report
Id: c0d2272d-9358-11e0-8c7a-0026b9ddf9ea

Error - 6/10/2011 8:00:02 AM | Computer Name = LUCA9F39RM1.saintleo.edu | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
of attribute "version" in element "assemblyIdentity" is invalid.

Error - 6/10/2011 11:40:54 AM | Computer Name = LUCA9F39RM1.saintleo.edu | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16385,
time stamp: 0x4a5bc69e Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x00450058 Faulting process id:
0x9d0 Faulting application start time: 0x01cc2771323caa01 Faulting application path:
C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: unknown Report
Id: 069c5e81-9378-11e0-8734-0026b9ddf9ea

Error - 6/13/2011 7:26:38 AM | Computer Name = LUCA9F39RM1.saintleo.edu | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16385,
time stamp: 0x4a5bc69e Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0xe55005e8 Faulting process id:
0x1210 Faulting application start time: 0x01cc29bc8ce644f3 Faulting application path:
C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: unknown Report
Id: 00386c78-95b0-11e0-bae7-0026b9ddf9ea

Error - 6/13/2011 3:34:22 PM | Computer Name = LUCA9F39RM1.saintleo.edu | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16385,
time stamp: 0x4a5bc69e Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x3dd233ff Faulting process id:
0x110c Faulting application start time: 0x01cc2a001bbc94de Faulting application path:
C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: unknown Report
Id: 2308335c-95f4-11e0-a7a3-0026b9ddf9ea

[ System Events ]
Error - 6/13/2011 4:29:35 PM | Computer Name = LUCA9F39RM1.saintleo.edu | Source = DCOM | ID = 10016
Description =

Error - 6/13/2011 4:29:40 PM | Computer Name = LUCA9F39RM1.saintleo.edu | Source = Service Control Manager | ID = 7000
Description = The MBAMProtector service failed to start due to the following error:
%%2

Error - 6/13/2011 4:29:40 PM | Computer Name = LUCA9F39RM1.saintleo.edu | Source = Service Control Manager | ID = 7001
Description = The MBAMService service depends on the MBAMProtector service which
failed to start because of the following error: %%2

Error - 6/13/2011 4:30:53 PM | Computer Name = LUCA9F39RM1.saintleo.edu | Source = Service Control Manager | ID = 7000
Description = The MBAMProtector service failed to start due to the following error:
%%2

Error - 6/13/2011 4:30:53 PM | Computer Name = LUCA9F39RM1.saintleo.edu | Source = Service Control Manager | ID = 7001
Description = The MBAMService service depends on the MBAMProtector service which
failed to start because of the following error: %%2

Error - 6/13/2011 4:51:28 PM | Computer Name = LUCA9F39RM1.saintleo.edu | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the AbtSvcHost
service to connect.

Error - 6/13/2011 4:51:28 PM | Computer Name = LUCA9F39RM1.saintleo.edu | Source = Service Control Manager | ID = 7000
Description = The AbtSvcHost service failed to start due to the following error:
%%1053

Error - 6/13/2011 4:52:53 PM | Computer Name = LUCA9F39RM1.saintleo.edu | Source = DCOM | ID = 10016
Description =

Error - 6/13/2011 4:55:42 PM | Computer Name = LUCA9F39RM1.saintleo.edu | Source = DCOM | ID = 10016
Description =

Error - 6/13/2011 4:56:44 PM | Computer Name = LUCA9F39RM1.saintleo.edu | Source = DCOM | ID = 10016
Description =


< End of report >

Edited by KINNEY1978, 13 June 2011 - 03:04 PM.

  • 0

Advertisements

#2
Homburg
Posted 14 June 2011 - 03:05 AM

Homburg

    Trusted Helper

  • Malware Removal
  • 665 posts
Hello KINNEY1978 and welcome to GeeksToGo :)

I'm Homburg and I'm going to help you fix your problem.

Please note that I'm currently in training and my posts have to be approved by an expert before I reply.

  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you
  • Please do not try to fix anything without being asked
  • I suggest you print or save any instructions I give you for easy reference. We may be using Safe mode and you will not always be able to access this thread.
  • I am currently reviewing your logs.

  • 0

#3
Homburg
Posted 14 June 2011 - 01:06 PM

Homburg

    Trusted Helper

  • Malware Removal
  • 665 posts
Hi,

I see that you have ran combofix, can you please post the log, this should be at C:\ComboFix.txt

Please do the following:


Step 1:

The version of OTL that you are using has been updated, please delete that from your desktop and download a new copy from here

Run OTLPosted Image
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
[2011/06/09 14:24:34 | 000,000,136 | ---- | M] () -- C:\ProgramData\~27516664r
[2011/06/09 14:24:34 | 000,000,112 | ---- | M] () -- C:\ProgramData\~27516664
[2011/06/09 14:24:28 | 000,000,328 | ---- | M] () -- C:\ProgramData\27516664
[2011/06/09 13:41:09 | 000,000,112 | ---- | M] () -- C:\ProgramData\~28827384
[2011/06/09 13:41:05 | 000,000,136 | ---- | M] () -- C:\ProgramData\~28827384r
[2011/06/09 10:26:30 | 000,000,344 | ---- | M] () -- C:\ProgramData\28827384

:Services

:Reg

:Files
C:\ProgramData\~27516664r
C:\ProgramData\~27516664
C:\ProgramData\27516664
C:\ProgramData\~28827384
C:\ProgramData\~28827384r
C:\ProgramData\28827384
ipconfig /flushdns /c

:Commands
[purity]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done and post the fix log
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.


Step 2:

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image


Step 3:

Please remember to post:
The OTL fix log
New OTL QuickScan log
The aswMBR scan log
The combofix.txt log

It will be easier if you post each log seperatly.

And finally, how is the PC running now? :)

Homburg
  • 0

#4
KINNEY1978
Posted 14 June 2011 - 03:27 PM

KINNEY1978

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
========== OTL ==========
C:\ProgramData\~27516664r moved successfully.
C:\ProgramData\~27516664 moved successfully.
C:\ProgramData\27516664 moved successfully.
C:\ProgramData\~28827384 moved successfully.
C:\ProgramData\~28827384r moved successfully.
C:\ProgramData\28827384 moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\ProgramData\~27516664r not found.
File\Folder C:\ProgramData\~27516664 not found.
File\Folder C:\ProgramData\27516664 not found.
File\Folder C:\ProgramData\~28827384 not found.
File\Folder C:\ProgramData\~28827384r not found.
File\Folder C:\ProgramData\28827384 not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Jason.kinney\Desktop\cmd.bat deleted successfully.
C:\Users\Jason.kinney\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default
->Flash cache emptied: 38784 bytes

User: Default - Copy

User: Default User
->Flash cache emptied: 0 bytes

User: Jason.kinney
->Flash cache emptied: 45950 bytes

User: jk
->Flash cache emptied: 38784 bytes

User: Public

User: UTS
->Flash cache emptied: 38784 bytes

Total Flash Files Cleaned = 0.00 mb



OTL by OldTimer - Version 3.2.24.0 log created on 06142011_171459
  • 0

#5
KINNEY1978
Posted 14 June 2011 - 03:29 PM

KINNEY1978

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
OTL logfile created on: 6/14/2011 5:23:00 PM - Run 2
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Users\Jason.kinney\Desktop
Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.43 Gb Total Physical Memory | 2.25 Gb Available Physical Memory | 65.77% Memory free
6.85 Gb Paging File | 5.63 Gb Available in Paging File | 82.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 113.74 Gb Free Space | 76.31% Space Free | Partition Type: NTFS

Computer Name: LUCA9F39RM1 | User Name: jason.kinney | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/14 17:14:31 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Jason.kinney\Desktop\OTL.exe
PRC - [2010/10/21 15:59:56 | 000,385,024 | ---- | M] (LANDesk Software, Inc. and its affiliates.) -- C:\Program Files\LANDesk\LDClient\softmon.exe
PRC - [2010/05/21 14:27:14 | 000,046,000 | ---- | M] (Microsoft) -- C:\Windows\System32\AbtSvcHost_.exe
PRC - [2010/02/02 05:20:46 | 000,040,960 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
PRC - [2010/02/02 05:20:44 | 005,249,024 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
PRC - [2010/02/02 05:19:10 | 004,539,392 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
PRC - [2010/01/25 14:28:56 | 000,278,528 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2010/01/14 20:50:06 | 000,054,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2009/12/14 19:25:04 | 000,521,176 | ---- | M] (Avocent Corporation ) -- C:\Program Files\LANDesk\LDClient\Antivirus\AVService.exe
PRC - [2009/11/23 17:50:24 | 000,843,776 | ---- | M] (Avocent Corporation ) -- C:\Program Files\LANDesk\LDClient\Antivirus\LDAV.exe
PRC - [2009/11/23 16:26:04 | 000,321,024 | ---- | M] () -- C:\Program Files\LANDesk\LDClient\XDDClient.exe
PRC - [2009/11/23 16:19:16 | 000,195,072 | ---- | M] (Avocent Corporation ) -- C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe
PRC - [2009/11/23 16:05:00 | 000,182,272 | ---- | M] (Avocent Corporation ) -- C:\Program Files\LANDesk\LDClient\tmcsvc.exe
PRC - [2009/11/23 16:00:24 | 000,189,952 | ---- | M] (Avocent Corporation ) -- C:\Program Files\LANDesk\LDClient\LocalSch.EXE
PRC - [2009/11/23 15:45:46 | 000,495,616 | ---- | M] (Avocent Corporation ) -- C:\Program Files\LANDesk\LDClient\collector.exe
PRC - [2009/11/23 15:29:34 | 000,480,256 | ---- | M] (Avocent Corporation ) -- C:\Program Files\LANDesk\LDClient\issuser.exe
PRC - [2009/11/23 15:28:18 | 000,313,344 | ---- | M] (Avocent Corporation ) -- C:\Program Files\LANDesk\LDClient\rcgui.exe
PRC - [2009/11/23 13:59:36 | 000,086,016 | ---- | M] () -- C:\Program Files\LANDesk\LDClient\Antivirus\kavehost.exe
PRC - [2009/11/04 13:21:26 | 000,147,456 | ---- | M] (Avocent Corporation) -- C:\Program Files\LANDesk\Shared Files\residentAgent.exe
PRC - [2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/09/18 04:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CCM\CcmExec.exe
PRC - [2009/07/13 21:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 21:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009/07/08 17:08:30 | 000,413,827 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2009/06/15 17:05:56 | 000,611,624 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
PRC - [2009/03/03 09:38:52 | 000,056,680 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.exe
PRC - [2009/02/01 00:15:38 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2009/01/31 22:43:30 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2007/08/31 07:13:00 | 000,032,825 | ---- | M] (LANDesk Software Ltd.) -- C:\Windows\System32\cba\pds.exe


========== Modules (SafeList) ==========

MOD - [2011/06/14 17:14:31 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Jason.kinney\Desktop\OTL.exe
MOD - [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/10/21 15:59:56 | 000,385,024 | ---- | M] (LANDesk Software, Inc. and its affiliates.) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\softmon.exe -- (Softmon) LANDesk®
SRV - [2010/05/21 14:27:14 | 000,046,000 | ---- | M] (Microsoft) [Auto | Running] -- C:\Windows\System32\AbtSvcHost_.exe -- (AbtSvcHost)
SRV - [2010/04/30 16:07:58 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/02/02 05:20:46 | 000,040,960 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2009/12/14 19:25:04 | 000,521,176 | ---- | M] (Avocent Corporation ) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\antivirus\avservice.exe -- (LDAVService) LANDesk®
SRV - [2009/11/23 16:26:04 | 000,321,024 | ---- | M] () [Auto | Running] -- C:\Program Files\LANDesk\LDClient\xddclient.exe -- (LDXDD) LANDesk®
SRV - [2009/11/23 16:19:16 | 000,195,072 | ---- | M] (Avocent Corporation ) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe -- (LANDesk Policy Invoker)
SRV - [2009/11/23 16:05:00 | 000,182,272 | ---- | M] (Avocent Corporation ) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\tmcsvc.exe -- (LANDesk Targeted Multicast)
SRV - [2009/11/23 16:00:24 | 000,189,952 | ---- | M] (Avocent Corporation ) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\LocalSch.EXE -- (Intel Local Scheduler Service)
SRV - [2009/11/23 15:29:34 | 000,480,256 | ---- | M] (Avocent Corporation ) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\issuser.exe -- (ISSUSER)
SRV - [2009/11/04 13:21:26 | 000,147,456 | ---- | M] (Avocent Corporation) [Auto | Running] -- C:\Program Files\LANDesk\Shared Files\residentagent.exe -- (CBA8) LANDesk®
SRV - [2009/09/18 04:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\CCM\CcmExec.exe -- (CcmExec)
SRV - [2009/09/18 04:00:00 | 000,246,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\CCM\TSManager.exe -- (smstsmgr)
SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/06/15 17:05:56 | 000,611,624 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2009/03/03 09:38:52 | 000,056,680 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\System32\rpcnet.exe -- (Rpcnet) Remote Procedure Call (RPC)
SRV - [2007/08/31 07:13:00 | 000,032,825 | ---- | M] (LANDesk Software Ltd.) [Auto | Running] -- C:\Windows\System32\cba\pds.exe -- (Intel PDS)


========== Driver Services (SafeList) ==========

DRV - [2010/02/02 05:20:24 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2010/02/02 05:18:24 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2010/01/22 15:59:24 | 000,239,664 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2009/12/31 05:22:09 | 000,295,936 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2009/11/23 13:57:52 | 000,317,072 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2009/11/06 01:35:22 | 000,214,696 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1k6232.sys -- (e1kexpress) Intel®
DRV - [2009/09/22 21:19:31 | 000,055,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2009/09/22 21:18:08 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2009/09/22 21:18:07 | 000,165,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2009/09/18 04:00:00 | 000,020,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2009/07/13 21:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 21:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 21:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 19:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 19:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 19:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/06/15 16:36:30 | 000,023,552 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV - [2009/06/15 13:05:16 | 000,143,968 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV - [2009/05/28 10:48:20 | 000,134,144 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CtAudDrv.sys -- (CtAudDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://my.saintleo.edu
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.saintleo.edu/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[2011/06/13 15:44:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jason.kinney\AppData\Roaming\mozilla\Extensions
[2011/06/13 15:44:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2010/05/12 14:59:11 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [LANDesk Antivirus] C:\Program Files\LANDesk\LDClient\antivirus\LDav.exe (Avocent Corporation )
O4 - HKLM..\RunOnce: [MSTEE.CxTransform] File not found
O4 - HKLM..\RunOnce: [MSTEE.Splitter] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: saintleo.edu ([informer] http in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://sslvpn.saint...SetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = saintleo.edu
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/14 17:14:26 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Jason.kinney\Desktop\OTL.exe
[2011/06/13 15:44:31 | 000,000,000 | ---D | C] -- C:\Users\Jason.kinney\AppData\Roaming\Mozilla
[2011/06/13 15:44:31 | 000,000,000 | ---D | C] -- C:\Users\Jason.kinney\AppData\Local\Mozilla
[2011/06/13 15:44:27 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/06/09 15:00:10 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/06/09 10:26:32 | 000,000,000 | ---D | C] -- C:\Users\Jason.kinney\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Restore
[2011/05/27 14:35:36 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/26 18:39:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint
[2011/05/26 16:16:36 | 000,000,000 | ---D | C] -- C:\ProgramData\RFA_Backups
[2011/05/26 16:16:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry First Aid
[2011/05/26 16:16:33 | 000,000,000 | ---D | C] -- C:\Program Files\RFA
[2011/05/26 16:12:40 | 000,000,000 | ---D | C] -- C:\Users\Jason.kinney\Documents\Registry First Aid Platinum 7.1.1.1733 + Serial
[2011/05/26 15:37:13 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/05/26 15:37:10 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/05/26 15:36:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/25 10:52:07 | 000,000,000 | ---D | C] -- C:\Users\Jason.kinney\Documents\Final Files for Scott
[2011/05/23 16:37:13 | 000,000,000 | ---D | C] -- C:\Users\Jason.kinney\Documents\Financial Aid
[2011/05/23 16:21:35 | 000,000,000 | ---D | C] -- C:\Users\Jason.kinney\Documents\First Set of Files
[2011/05/23 15:44:50 | 000,000,000 | ---D | C] -- C:\Users\Jason.kinney\Documents\Web Project Manager
[2011/05/21 08:35:55 | 000,000,000 | ---D | C] -- C:\Users\Jason.kinney\AppData\Roaming\Juniper Networks
[2011/05/19 15:14:02 | 000,000,000 | ---D | C] -- C:\Users\Jason.kinney\AppData\Local\Google
[2011/05/19 15:14:02 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011/05/18 10:59:29 | 000,000,000 | ---D | C] -- C:\Users\Jason.kinney\Documents\Honors Reports
[2010/02/11 00:14:52 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll

========== Files - Modified Within 30 Days ==========

[2011/06/14 17:24:32 | 000,621,578 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/14 17:24:32 | 000,105,704 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/14 17:23:43 | 000,049,099 | ---- | M] () -- C:\Windows\System32\hostcache.xml
[2011/06/14 17:23:15 | 000,015,152 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/14 17:23:15 | 000,015,152 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/14 17:16:48 | 000,000,461 | ---- | M] () -- C:\Windows\SMSCFG.ini
[2011/06/14 17:16:11 | 000,017,920 | ---- | M] () -- C:\Windows\System32\rpcnetp.exe
[2011/06/14 17:16:09 | 000,056,680 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.dll
[2011/06/14 17:15:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/14 17:15:51 | 2760,245,248 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/14 17:14:31 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Jason.kinney\Desktop\OTL.exe
[2011/06/13 16:51:34 | 000,017,920 | ---- | M] () -- C:\Windows\System32\rpcnetp.dll
[2011/06/08 16:51:13 | 000,211,106 | ---- | M] () -- C:\Users\Jason.kinney\Documents\Kathryn's Tax refund request to Best Buy.pdf
[2011/06/08 16:30:15 | 000,077,361 | ---- | M] () -- C:\Users\Jason.kinney\Documents\2010 FL Sales Exepmt Certificate.pdf
[2011/06/01 14:00:04 | 000,010,462 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011/05/16 16:29:54 | 001,358,072 | ---- | M] () -- C:\Users\Jason.kinney\Documents\Human Resources for Health in Southeast Asia.pdf

========== Files Created - No Company Name ==========

[2011/06/08 16:51:13 | 000,211,106 | ---- | C] () -- C:\Users\Jason.kinney\Documents\Kathryn's Tax refund request to Best Buy.pdf
[2011/06/08 16:30:15 | 000,077,361 | ---- | C] () -- C:\Users\Jason.kinney\Documents\2010 FL Sales Exepmt Certificate.pdf
[2011/05/26 15:37:13 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/05/26 15:37:13 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/05/16 16:29:54 | 001,358,072 | ---- | C] () -- C:\Users\Jason.kinney\Documents\Human Resources for Health in Southeast Asia.pdf
[2011/04/25 07:39:38 | 000,004,764 | ---- | C] () -- C:\Windows\System32\CcmFramework.ini
[2011/04/21 17:15:25 | 000,001,220 | ---- | C] () -- C:\Windows\ricdb.ini
[2011/04/21 16:57:00 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/04/21 16:06:20 | 000,000,461 | ---- | C] () -- C:\Windows\SMSCFG.ini
[2011/04/21 15:24:23 | 000,010,462 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/05/12 14:46:04 | 000,017,920 | ---- | C] () -- C:\Windows\System32\rpcnetp.dll
[2010/05/12 14:45:42 | 000,017,920 | ---- | C] () -- C:\Windows\System32\rpcnetp.exe
[2010/05/07 08:59:12 | 000,207,872 | ---- | C] () -- C:\Windows\System32\compname.exe
[2010/05/07 08:59:12 | 000,045,568 | ---- | C] () -- C:\Windows\System32\NETUSER.EXE
[2010/04/30 15:25:05 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2010/04/30 15:07:27 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2010/02/11 00:48:42 | 000,870,544 | ---- | C] () -- C:\Windows\System32\igkrng575.bin
[2010/02/11 00:48:42 | 000,127,896 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin
[2010/02/11 00:48:42 | 000,051,068 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin
[2010/02/11 00:12:08 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/02/11 00:05:42 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/02/11 00:05:42 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 000,408,424 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,621,578 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,105,704 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 20:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/13 19:15:05 | 000,668,160 | ---- | C] () -- C:\Windows\System32\autochk.exe
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2003/03/18 13:08:40 | 000,003,978 | ---- | C] () -- C:\Windows\System32\conv.dat
[2002/02/14 08:17:08 | 000,001,320 | ---- | C] () -- C:\Windows\System32\convfonts.dat
[2000/04/12 17:28:12 | 000,118,784 | ---- | C] () -- C:\Windows\System32\LFKODAK.DLL
[2000/04/12 17:24:10 | 000,338,944 | ---- | C] () -- C:\Windows\System32\LFFPX7.DLL
[1999/12/21 08:55:02 | 000,044,544 | ---- | C] () -- C:\Windows\System32\binder.dll
[1999/11/22 06:14:24 | 000,218,624 | ---- | C] () -- C:\Windows\System32\w019t32w.dll
[1998/09/30 13:08:46 | 000,107,520 | ---- | C] () -- C:\Windows\System32\w001t32w.dll
[1998/08/05 07:40:08 | 000,237,568 | ---- | C] () -- C:\Windows\System32\w048t32w.dll
[1998/07/21 12:59:50 | 000,223,232 | ---- | C] () -- C:\Windows\System32\w042t32w.dll
[1998/05/06 05:52:32 | 000,164,864 | ---- | C] () -- C:\Windows\System32\w033t32w.dll
[1997/12/05 08:34:12 | 000,254,464 | ---- | C] () -- C:\Windows\System32\g521t32w.dll
[1997/12/05 08:34:12 | 000,240,128 | ---- | C] () -- C:\Windows\System32\g610t32w.dll
[1997/12/05 08:34:12 | 000,236,544 | ---- | C] () -- C:\Windows\System32\g606t32w.dll
[1997/12/05 08:34:12 | 000,235,008 | ---- | C] () -- C:\Windows\System32\g615t32w.dll
[1997/12/05 08:34:12 | 000,185,856 | ---- | C] () -- C:\Windows\System32\w007t32w.dll
[1997/12/05 08:34:12 | 000,169,472 | ---- | C] () -- C:\Windows\System32\w037t32w.dll
[1997/12/05 08:34:12 | 000,138,240 | ---- | C] () -- C:\Windows\System32\w043t32w.dll
[1997/12/05 08:34:12 | 000,128,000 | ---- | C] () -- C:\Windows\System32\w046t32w.dll
[1997/12/05 08:34:12 | 000,123,904 | ---- | C] () -- C:\Windows\System32\g521f32w.dll
[1997/12/05 08:34:12 | 000,121,856 | ---- | C] () -- C:\Windows\System32\w020t32w.dll
[1997/12/05 08:34:12 | 000,105,984 | ---- | C] () -- C:\Windows\System32\w010t32w.dll
[1997/12/05 08:34:12 | 000,105,984 | ---- | C] () -- C:\Windows\System32\w008t32w.dll
[1997/12/05 08:34:12 | 000,105,984 | ---- | C] () -- C:\Windows\System32\g502f32w.dll
[1997/12/05 08:34:12 | 000,101,888 | ---- | C] () -- C:\Windows\System32\w015t32w.dll
[1997/12/05 08:34:12 | 000,099,840 | ---- | C] () -- C:\Windows\System32\w021t32w.dll
[1997/12/05 08:34:12 | 000,098,304 | ---- | C] () -- C:\Windows\System32\w040t32w.dll
[1997/12/05 08:34:12 | 000,097,280 | ---- | C] () -- C:\Windows\System32\w801t32w.dll
[1997/12/05 08:34:12 | 000,091,648 | ---- | C] () -- C:\Windows\System32\g610f32w.dll
[1997/12/05 08:34:12 | 000,090,112 | ---- | C] () -- C:\Windows\System32\w006t32w.dll
[1997/12/05 08:34:12 | 000,084,480 | ---- | C] () -- C:\Windows\System32\w770t32w.dll

========== LOP Check ==========

[2011/06/10 12:12:42 | 000,000,000 | ---D | M] -- C:\Users\Jason.kinney\AppData\Roaming\Juniper Networks
[2009/07/14 00:53:46 | 000,032,302 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

#6
KINNEY1978
Posted 14 June 2011 - 03:30 PM

KINNEY1978

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
aswMBR version 0.9.6.399 Copyright© 2011 AVAST Software
Run date: 2011-06-14 17:26:23
-----------------------------
17:26:23.220 OS Version: Windows 6.1.7600
17:26:23.220 Number of processors: 4 586 0x2502
17:26:23.220 ComputerName: LUCA9F39RM1 UserName:
17:26:25.014 Initialize success
17:26:28.228 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:26:28.228 Disk 0 Vendor: WDC_WD16 01.0 Size: 152627MB BusType: 8
17:26:28.243 Disk 0 MBR read successfully
17:26:28.259 Disk 0 MBR scan
17:26:28.259 Disk 0 Windows 7 default MBR code
17:26:28.259 Disk 0 scanning sectors +312576705
17:26:28.306 Disk 0 scanning C:\Windows\system32\drivers
17:26:31.956 Service scanning
17:26:33.656 Disk 0 trace - called modules:
17:26:33.656 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x870a81ed]<<
17:26:33.672 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86eae030]
17:26:33.672 3 CLASSPNP.SYS[8c9b759e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x863a7028]
17:26:33.672 \Driver\iaStorV[0x863de340] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x870a81ed
17:26:33.688 Scan finished successfully
17:27:11.065 Disk 0 MBR has been saved successfully to "C:\Users\Jason.kinney\Desktop\MBR.dat"
17:27:11.065 The log file has been saved successfully to "C:\Users\Jason.kinney\Desktop\aswMBR.txt"
  • 0

#7
KINNEY1978
Posted 14 June 2011 - 03:30 PM

KINNEY1978

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
ComboFix 11-06-09.01 - jason.kinney 06/09/2011 15:01:15.1.4 - x86 MINIMAL
Microsoft Windows 7 Enterprise 6.1.7600.0.1252.1.1033.18.3510.2940 [GMT -4:00]
Running from: c:\users\Jason.kinney\Desktop\ComboFix.exe
AV: LANDesk Antivirus client *Disabled/Updated* {DF122C4A-2ECB-7E3B-74FC-5564E495A6A1}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\UYhaQsSEGdkYay.exe
c:\windows\system32\drivers\npf.sys
c:\windows\system32\w020t32w.dll
c:\windows\system32\w021t32w.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2011-05-09 to 2011-06-09 )))))))))))))))))))))))))))))))
.
.
2011-06-09 19:04 . 2011-06-09 19:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-09 19:04 . 2011-06-09 19:04 -------- d-----w- c:\users\Default - Copy\AppData\Local\temp
2011-06-09 19:04 . 2011-06-09 19:08 -------- d-----w- c:\users\Jason.kinney\AppData\Local\temp
2011-06-09 19:04 . 2011-06-09 19:04 -------- d-----w- c:\users\UTS\AppData\Local\temp
2011-06-09 19:04 . 2011-06-09 19:04 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-06-09 14:32 . 2011-06-09 19:07 739678 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-05-31 16:57 . 2011-05-24 23:12 6962000 ---ha-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DCECBB8B-93D0-47AC-922B-CC0C19949000}\mpengine.dll
2011-05-27 20:46 . 2011-05-27 20:48 -------- d--h--w- c:\users\jk
2011-05-27 20:20 . 2011-05-27 20:20 -------- d--h--r- c:\users\Administrator\Virtual Machines
2011-05-27 18:35 . 2011-05-27 18:35 -------- d-----w- C:\_OTL
2011-05-26 22:39 . 2011-05-27 20:06 -------- d--h--w- c:\program files\Microsoft IntelliPoint
2011-05-26 20:16 . 2011-05-27 20:06 -------- d--h--w- c:\programdata\RFA_Backups
2011-05-26 20:16 . 2011-05-27 20:06 -------- d--h--w- c:\program files\RFA
2011-05-21 12:35 . 2011-05-27 20:06 -------- d--h--w- c:\users\Jason.kinney\AppData\Roaming\Juniper Networks
2011-05-19 19:14 . 2011-05-19 19:14 -------- d--h--w- c:\users\Jason.kinney\AppData\Local\Google
2011-05-19 19:14 . 2011-05-19 19:14 -------- d--h--w- c:\program files\Google
2011-05-11 15:39 . 2011-05-11 15:39 -------- d--h--w- c:\windows\Offline Address Books
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-09 19:06 . 2010-05-12 18:46 17920 ---ha-w- c:\windows\system32\rpcnetp.dll
2011-06-09 18:23 . 2010-05-12 18:45 17920 ---ha-w- c:\windows\system32\rpcnetp.exe
2011-06-09 11:09 . 2010-05-10 19:09 56680 ---ha-w- c:\windows\system32\rpcnet.dll
2011-05-29 13:11 . 2011-04-26 16:48 39984 ---ha-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-24 23:14 . 2010-04-30 19:21 222080 ---h--w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-02-02 5249024]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-02-11 175640]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-02-11 167448]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-01-25 278528]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-07-08 413827]
"LANDesk Antivirus"="c:\program files\LANDesk\LDClient\antivirus\LDav.exe" [2009-11-23 843776]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"MSTEE.CxTransform"="c:\program files\LANDesk\LDClient\softmon.exe" [2010-10-21 385024]
"MSTEE.Splitter"="c:\program files\LANDesk\LDClient\softmon.exe" [2010-10-21 385024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Taskman"=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 AbtSvcHost;AbtSvcHost;c:\windows\System32\AbtSvcHost_.exe [2010-05-21 46000]
R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [2009-05-28 134144]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-30 1343400]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 CBA8;LANDesk® Management Agent;c:\program files\LANDesk\Shared Files\residentagent.exe [2009-11-04 147456]
S2 LANDesk Policy Invoker;LANDesk Policy Invoker;c:\program files\LANDesk\LDClient\policy.client.invoker.exe [2009-11-23 195072]
S2 LANDesk Targeted Multicast;LANDesk Targeted Multicast;c:\program files\LANDesk\LDClient\tmcsvc.exe [2009-11-23 182272]
S2 LDAVService;LANDesk® Antivirus;c:\program files\LANDesk\LDClient\antivirus\avservice.exe [2009-12-14 521176]
S2 LDXDD;LANDesk® Extended device discovery service;c:\program files\LANDesk\LDClient\xddclient.exe [2009-11-23 321024]
S2 Softmon;LANDesk® Software Monitoring Service;c:\program files\LANDesk\LDClient\softmon.exe [2010-10-21 385024]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 143968]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [2009-11-06 214696]
.
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.saintleo.edu/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 172.16.30.178 172.16.30.124 172.16.100.96
.
Supplementary scan did not complete!
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-UYhaQsSEGdkYay - c:\programdata\UYhaQsSEGdkYay.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WUDFHost.exe
c:\program files\Dell\DW WLAN Card\WLTRYSVC.EXE
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Dell\DW WLAN Card\bcmwltry.exe
c:\program files\Juniper Networks\Common Files\dsNcService.exe
c:\program files\LANDesk\LDClient\localsch.exe
c:\windows\system32\CBA\pds.exe
c:\progra~1\LANDesk\LDClient\issuser.exe
c:\progra~1\LANDesk\LDClient\collector.exe
c:\windows\system32\conhost.exe
c:\windows\System32\rpcnet.exe
c:\windows\system32\CCM\CcmExec.exe
c:\windows\system32\msiexec.exe
c:\program files\LANDesk\LDClient\antivirus\kavehost.exe
c:\progra~1\LANDesk\LDClient\rcgui.exe
c:\windows\system32\conhost.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2011-06-09 15:12:12 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-09 19:12
ComboFix2.txt 2011-05-27 12:00
ComboFix3.txt 2011-05-26 21:02
ComboFix4.txt 2011-05-26 19:54
ComboFix5.txt 2011-06-09 19:00
.
.
Post-Run: 119,826,673,664 bytes free
.
- - End Of File - - 6C7497077998ECFF0AA283AC33A1F158
  • 0

#8
KINNEY1978
Posted 14 June 2011 - 03:33 PM

KINNEY1978

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts

And finally, how is the PC running now? :)



....Is still running the same, redirecting, etc. Absolutely no improvement as of yet.
  • 0

#9
Homburg
Posted 15 June 2011 - 12:48 PM

Homburg

    Trusted Helper

  • Malware Removal
  • 665 posts
Please do the following:


Step 1:

Run OTLPosted Image
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
[2011/06/09 10:26:32 | 000,000,000 | ---D | C] -- C:\Users\Jason.kinney\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Restore

:Services

:Reg

:Files
ipconfig /flushdns /c

:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done and post the fix log


Step 2:

Run OTLPosted Image
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    ataport.sys
    volsnap.sys
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any other settings. The scan wont take long.
  • Please post the OTL.txt log

Step 3:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.


Please remember to post:
OTL fix log
New OTL custom scan log
TDSSkiller scan

Homburg
  • 0

#10
KINNEY1978
Posted 17 June 2011 - 05:45 AM

KINNEY1978

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
Ok,

Followed your instructions. However, I was unable to locate the OTL fix log. Thought it would post to the desktop or C:\, but it did not. My apologies.

Here are the other logs:

OTL logfile created on: 6/17/2011 7:25:17 AM - Run 3
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Users\Jason.kinney\Desktop
Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.43 Gb Total Physical Memory | 2.03 Gb Available Physical Memory | 59.31% Memory free
6.85 Gb Paging File | 5.37 Gb Available in Paging File | 78.39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 118.03 Gb Free Space | 79.19% Space Free | Partition Type: NTFS
Drive X: | 1024.00 Gb Total Space | 31.19 Gb Free Space | 3.05% Space Free | Partition Type: NTFS
Drive Z: | 2048.00 Gb Total Space | 827.53 Gb Free Space | 40.41% Space Free | Partition Type: NTFS

Computer Name: LUCA9F39RM1 | User Name: jason.kinney | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/14 17:14:31 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Jason.kinney\Desktop\OTL.exe
PRC - [2010/10/21 15:59:56 | 000,385,024 | ---- | M] (LANDesk Software, Inc. and its affiliates.) -- C:\Program Files\LANDesk\LDClient\softmon.exe
PRC - [2010/03/23 10:57:48 | 015,889,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
PRC - [2010/02/18 11:43:20 | 000,490,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/02/02 05:20:46 | 000,040,960 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
PRC - [2010/02/02 05:20:44 | 005,249,024 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
PRC - [2010/02/02 05:19:10 | 004,539,392 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
PRC - [2010/01/25 14:28:56 | 000,278,528 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2010/01/14 20:50:06 | 000,054,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2009/12/14 19:25:04 | 000,521,176 | ---- | M] (Avocent Corporation ) -- C:\Program Files\LANDesk\LDClient\Antivirus\AVService.exe
PRC - [2009/11/23 17:50:24 | 000,843,776 | ---- | M] (Avocent Corporation ) -- C:\Program Files\LANDesk\LDClient\Antivirus\LDAV.exe
PRC - [2009/11/23 16:26:04 | 000,321,024 | ---- | M] () -- C:\Program Files\LANDesk\LDClient\XDDClient.exe
PRC - [2009/11/23 16:19:16 | 000,195,072 | ---- | M] (Avocent Corporation ) -- C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe
PRC - [2009/11/23 16:05:00 | 000,182,272 | ---- | M] (Avocent Corporation ) -- C:\Program Files\LANDesk\LDClient\tmcsvc.exe
PRC - [2009/11/23 16:00:24 | 000,189,952 | ---- | M] (Avocent Corporation ) -- C:\Program Files\LANDesk\LDClient\LocalSch.EXE
PRC - [2009/11/23 15:45:46 | 000,495,616 | ---- | M] (Avocent Corporation ) -- C:\Program Files\LANDesk\LDClient\collector.exe
PRC - [2009/11/23 15:29:34 | 000,480,256 | ---- | M] (Avocent Corporation ) -- C:\Program Files\LANDesk\LDClient\issuser.exe
PRC - [2009/11/23 15:28:18 | 000,313,344 | ---- | M] (Avocent Corporation ) -- C:\Program Files\LANDesk\LDClient\rcgui.exe
PRC - [2009/11/23 13:59:36 | 000,086,016 | ---- | M] () -- C:\Program Files\LANDesk\LDClient\Antivirus\kavehost.exe
PRC - [2009/11/04 13:21:26 | 000,147,456 | ---- | M] (Avocent Corporation) -- C:\Program Files\LANDesk\Shared Files\residentAgent.exe
PRC - [2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/09/18 04:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CCM\CcmExec.exe
PRC - [2009/07/13 21:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 21:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009/07/08 17:08:30 | 000,413,827 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2009/06/15 17:05:56 | 000,611,624 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
PRC - [2009/03/03 09:38:52 | 000,056,680 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.exe
PRC - [2009/02/01 00:15:38 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2009/01/31 22:43:30 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2007/08/31 07:13:00 | 000,032,825 | ---- | M] (LANDesk Software Ltd.) -- C:\Windows\System32\cba\pds.exe


========== Modules (SafeList) ==========

MOD - [2011/06/14 17:14:31 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Jason.kinney\Desktop\OTL.exe
MOD - [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/10/21 15:59:56 | 000,385,024 | ---- | M] (LANDesk Software, Inc. and its affiliates.) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\softmon.exe -- (Softmon) LANDesk®
SRV - [2010/05/21 14:27:14 | 000,046,000 | ---- | M] (Microsoft) [Auto | Stopped] -- C:\Windows\System32\AbtSvcHost_.exe -- (AbtSvcHost)
SRV - [2010/04/30 16:07:58 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/02/02 05:20:46 | 000,040,960 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2009/12/14 19:25:04 | 000,521,176 | ---- | M] (Avocent Corporation ) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\antivirus\avservice.exe -- (LDAVService) LANDesk®
SRV - [2009/11/23 16:26:04 | 000,321,024 | ---- | M] () [Auto | Running] -- C:\Program Files\LANDesk\LDClient\xddclient.exe -- (LDXDD) LANDesk®
SRV - [2009/11/23 16:19:16 | 000,195,072 | ---- | M] (Avocent Corporation ) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe -- (LANDesk Policy Invoker)
SRV - [2009/11/23 16:05:00 | 000,182,272 | ---- | M] (Avocent Corporation ) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\tmcsvc.exe -- (LANDesk Targeted Multicast)
SRV - [2009/11/23 16:00:24 | 000,189,952 | ---- | M] (Avocent Corporation ) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\LocalSch.EXE -- (Intel Local Scheduler Service)
SRV - [2009/11/23 15:29:34 | 000,480,256 | ---- | M] (Avocent Corporation ) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\issuser.exe -- (ISSUSER)
SRV - [2009/11/04 13:21:26 | 000,147,456 | ---- | M] (Avocent Corporation) [Auto | Running] -- C:\Program Files\LANDesk\Shared Files\residentagent.exe -- (CBA8) LANDesk®
SRV - [2009/09/18 04:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\CCM\CcmExec.exe -- (CcmExec)
SRV - [2009/09/18 04:00:00 | 000,246,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\CCM\TSManager.exe -- (smstsmgr)
SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/06/15 17:05:56 | 000,611,624 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2009/03/03 09:38:52 | 000,056,680 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\System32\rpcnet.exe -- (Rpcnet) Remote Procedure Call (RPC)
SRV - [2007/08/31 07:13:00 | 000,032,825 | ---- | M] (LANDesk Software Ltd.) [Auto | Running] -- C:\Windows\System32\cba\pds.exe -- (Intel PDS)


========== Driver Services (SafeList) ==========

DRV - [2010/02/02 05:20:24 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2010/02/02 05:18:24 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2010/01/22 15:59:24 | 000,239,664 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2009/12/31 05:22:09 | 000,295,936 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2009/11/23 13:57:52 | 000,317,072 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2009/11/06 01:35:22 | 000,214,696 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1k6232.sys -- (e1kexpress) Intel®
DRV - [2009/09/22 21:19:31 | 000,055,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2009/09/22 21:18:08 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2009/09/22 21:18:07 | 000,165,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2009/09/18 04:00:00 | 000,020,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2009/07/13 21:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 21:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 21:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 19:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 19:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 19:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/06/15 16:36:30 | 000,023,552 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV - [2009/06/15 13:05:16 | 000,143,968 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV - [2009/05/28 10:48:20 | 000,134,144 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CtAudDrv.sys -- (CtAudDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-20715126-1530779865-997863009-326732\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://my.saintleo.edu
IE - HKU\S-1-5-21-20715126-1530779865-997863009-326732\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.saintleo.edu/
IE - HKU\S-1-5-21-20715126-1530779865-997863009-326732\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[2011/06/13 15:44:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jason.kinney\AppData\Roaming\mozilla\Extensions
[2011/06/13 15:44:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2010/05/12 14:59:11 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [LANDesk Antivirus] C:\Program Files\LANDesk\LDClient\antivirus\LDav.exe (Avocent Corporation )
O4 - HKLM..\RunOnce: [MSTEE.CxTransform] File not found
O4 - HKLM..\RunOnce: [MSTEE.Splitter] File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-20715126-1530779865-997863009-326732\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-20715126-1530779865-997863009-326732\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-20715126-1530779865-997863009-326732\..Trusted Domains: saintleo.edu ([informer] http in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://sslvpn.saint...SetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.30.178 172.16.30.124 172.16.100.96
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = saintleo.edu
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


========== Files/Folders - Created Within 30 Days ==========

[2011/06/16 07:32:56 | 000,000,000 | ---D | C] -- C:\Windows\ms
[2011/06/14 17:26:01 | 000,581,120 | ---- | C] (AVAST Software) -- C:\Users\Jason.kinney\Desktop\aswMBR.exe
[2011/06/14 17:14:26 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Jason.kinney\Desktop\OTL.exe
[2011/06/13 15:44:31 | 000,000,000 | ---D | C] -- C:\Users\Jason.kinney\AppData\Roaming\Mozilla
[2011/06/13 15:44:31 | 000,000,000 | ---D | C] -- C:\Users\Jason.kinney\AppData\Local\Mozilla
[2011/06/13 15:44:27 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/06/09 15:00:10 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/05/27 14:35:36 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/26 18:39:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint
[2011/05/26 16:16:36 | 000,000,000 | ---D | C] -- C:\ProgramData\RFA_Backups
[2011/05/26 16:16:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry First Aid
[2011/05/26 16:16:33 | 000,000,000 | ---D | C] -- C:\Program Files\RFA
[2011/05/26 16:12:40 | 000,000,000 | ---D | C] -- C:\Users\Jason.kinney\Documents\Registry First Aid Platinum 7.1.1.1733 + Serial
[2011/05/26 15:37:13 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/05/26 15:37:10 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/05/26 15:36:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/25 10:52:07 | 000,000,000 | ---D | C] -- C:\Users\Jason.kinney\Documents\Final Files for Scott
[2011/05/23 16:37:13 | 000,000,000 | ---D | C] -- C:\Users\Jason.kinney\Documents\Financial Aid
[2011/05/23 16:21:35 | 000,000,000 | ---D | C] -- C:\Users\Jason.kinney\Documents\First Set of Files
[2011/05/23 15:44:50 | 000,000,000 | ---D | C] -- C:\Users\Jason.kinney\Documents\Web Project Manager
[2011/05/21 08:35:55 | 000,000,000 | ---D | C] -- C:\Users\Jason.kinney\AppData\Roaming\Juniper Networks
[2011/05/19 15:14:02 | 000,000,000 | ---D | C] -- C:\Users\Jason.kinney\AppData\Local\Google
[2011/05/19 15:14:02 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011/05/18 10:59:29 | 000,000,000 | ---D | C] -- C:\Users\Jason.kinney\Documents\Honors Reports
[2010/02/11 00:14:52 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll

========== Files - Modified Within 30 Days ==========

[2011/06/17 07:25:19 | 000,621,578 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/17 07:25:19 | 000,105,704 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/17 07:24:03 | 000,015,152 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/17 07:24:03 | 000,015,152 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/17 07:22:42 | 000,048,951 | ---- | M] () -- C:\Windows\System32\hostcache.xml
[2011/06/17 07:17:36 | 000,000,461 | ---- | M] () -- C:\Windows\SMSCFG.ini
[2011/06/17 07:17:10 | 000,017,920 | ---- | M] () -- C:\Windows\System32\rpcnetp.exe
[2011/06/17 07:17:07 | 000,056,680 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.dll
[2011/06/17 07:16:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/17 07:16:27 | 2760,245,248 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/16 07:33:46 | 000,004,764 | ---- | M] () -- C:\Windows\System32\CcmFramework.ini
[2011/06/16 07:33:46 | 000,000,621 | ---- | M] () -- C:\Windows\System32\CcmFramework.h
[2011/06/15 07:11:25 | 000,010,462 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011/06/14 17:26:07 | 000,581,120 | ---- | M] (AVAST Software) -- C:\Users\Jason.kinney\Desktop\aswMBR.exe
[2011/06/14 17:14:31 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Jason.kinney\Desktop\OTL.exe
[2011/06/13 16:51:34 | 000,017,920 | ---- | M] () -- C:\Windows\System32\rpcnetp.dll
[2011/06/08 16:51:13 | 000,211,106 | ---- | M] () -- C:\Users\Jason.kinney\Documents\Kathryn's Tax refund request to Best Buy.pdf
[2011/06/08 16:30:15 | 000,077,361 | ---- | M] () -- C:\Users\Jason.kinney\Documents\2010 FL Sales Exepmt Certificate.pdf

========== Files Created - No Company Name ==========

[2011/06/16 07:33:46 | 000,004,764 | ---- | C] () -- C:\Windows\System32\CcmFramework.ini
[2011/06/16 07:33:46 | 000,000,621 | ---- | C] () -- C:\Windows\System32\CcmFramework.h
[2011/06/08 16:51:13 | 000,211,106 | ---- | C] () -- C:\Users\Jason.kinney\Documents\Kathryn's Tax refund request to Best Buy.pdf
[2011/06/08 16:30:15 | 000,077,361 | ---- | C] () -- C:\Users\Jason.kinney\Documents\2010 FL Sales Exepmt Certificate.pdf
[2011/05/26 15:37:13 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/05/26 15:37:13 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/04/21 17:15:25 | 000,001,220 | ---- | C] () -- C:\Windows\ricdb.ini
[2011/04/21 16:57:00 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/04/21 16:06:20 | 000,000,461 | ---- | C] () -- C:\Windows\SMSCFG.ini
[2011/04/21 15:24:23 | 000,010,462 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/05/12 14:46:04 | 000,017,920 | ---- | C] () -- C:\Windows\System32\rpcnetp.dll
[2010/05/12 14:45:42 | 000,017,920 | ---- | C] () -- C:\Windows\System32\rpcnetp.exe
[2010/05/07 08:59:12 | 000,207,872 | ---- | C] () -- C:\Windows\System32\compname.exe
[2010/05/07 08:59:12 | 000,045,568 | ---- | C] () -- C:\Windows\System32\NETUSER.EXE
[2010/04/30 15:25:05 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2010/04/30 15:07:27 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2010/02/11 00:48:42 | 000,870,544 | ---- | C] () -- C:\Windows\System32\igkrng575.bin
[2010/02/11 00:48:42 | 000,127,896 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin
[2010/02/11 00:48:42 | 000,051,068 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin
[2010/02/11 00:12:08 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/02/11 00:05:42 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/02/11 00:05:42 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 000,408,424 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,621,578 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,105,704 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 20:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/13 19:15:05 | 000,668,160 | ---- | C] () -- C:\Windows\System32\autochk.exe
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2003/03/18 13:08:40 | 000,003,978 | ---- | C] () -- C:\Windows\System32\conv.dat
[2002/02/14 08:17:08 | 000,001,320 | ---- | C] () -- C:\Windows\System32\convfonts.dat
[2000/04/12 17:28:12 | 000,118,784 | ---- | C] () -- C:\Windows\System32\LFKODAK.DLL
[2000/04/12 17:24:10 | 000,338,944 | ---- | C] () -- C:\Windows\System32\LFFPX7.DLL
[1999/12/21 08:55:02 | 000,044,544 | ---- | C] () -- C:\Windows\System32\binder.dll
[1999/11/22 06:14:24 | 000,218,624 | ---- | C] () -- C:\Windows\System32\w019t32w.dll
[1998/09/30 13:08:46 | 000,107,520 | ---- | C] () -- C:\Windows\System32\w001t32w.dll
[1998/08/05 07:40:08 | 000,237,568 | ---- | C] () -- C:\Windows\System32\w048t32w.dll
[1998/07/21 12:59:50 | 000,223,232 | ---- | C] () -- C:\Windows\System32\w042t32w.dll
[1998/05/06 05:52:32 | 000,164,864 | ---- | C] () -- C:\Windows\System32\w033t32w.dll
[1997/12/05 08:34:12 | 000,254,464 | ---- | C] () -- C:\Windows\System32\g521t32w.dll
[1997/12/05 08:34:12 | 000,240,128 | ---- | C] () -- C:\Windows\System32\g610t32w.dll
[1997/12/05 08:34:12 | 000,236,544 | ---- | C] () -- C:\Windows\System32\g606t32w.dll
[1997/12/05 08:34:12 | 000,235,008 | ---- | C] () -- C:\Windows\System32\g615t32w.dll
[1997/12/05 08:34:12 | 000,185,856 | ---- | C] () -- C:\Windows\System32\w007t32w.dll
[1997/12/05 08:34:12 | 000,169,472 | ---- | C] () -- C:\Windows\System32\w037t32w.dll
[1997/12/05 08:34:12 | 000,138,240 | ---- | C] () -- C:\Windows\System32\w043t32w.dll
[1997/12/05 08:34:12 | 000,128,000 | ---- | C] () -- C:\Windows\System32\w046t32w.dll
[1997/12/05 08:34:12 | 000,123,904 | ---- | C] () -- C:\Windows\System32\g521f32w.dll
[1997/12/05 08:34:12 | 000,121,856 | ---- | C] () -- C:\Windows\System32\w020t32w.dll
[1997/12/05 08:34:12 | 000,105,984 | ---- | C] () -- C:\Windows\System32\w010t32w.dll
[1997/12/05 08:34:12 | 000,105,984 | ---- | C] () -- C:\Windows\System32\w008t32w.dll
[1997/12/05 08:34:12 | 000,105,984 | ---- | C] () -- C:\Windows\System32\g502f32w.dll
[1997/12/05 08:34:12 | 000,101,888 | ---- | C] () -- C:\Windows\System32\w015t32w.dll
[1997/12/05 08:34:12 | 000,099,840 | ---- | C] () -- C:\Windows\System32\w021t32w.dll
[1997/12/05 08:34:12 | 000,098,304 | ---- | C] () -- C:\Windows\System32\w040t32w.dll
[1997/12/05 08:34:12 | 000,097,280 | ---- | C] () -- C:\Windows\System32\w801t32w.dll
[1997/12/05 08:34:12 | 000,091,648 | ---- | C] () -- C:\Windows\System32\g610f32w.dll
[1997/12/05 08:34:12 | 000,090,112 | ---- | C] () -- C:\Windows\System32\w006t32w.dll
[1997/12/05 08:34:12 | 000,084,480 | ---- | C] () -- C:\Windows\System32\w770t32w.dll

========== LOP Check ==========

[2011/06/13 16:48:25 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Juniper Networks
[2011/06/10 12:12:42 | 000,000,000 | ---D | M] -- C:\Users\Jason.kinney\AppData\Roaming\Juniper Networks
[2011/06/16 07:31:15 | 000,032,560 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: ATAPORT.SYS >
[2009/07/13 21:26:15 | 000,133,200 | ---- | M] (Microsoft Corporation) MD5=BCA15585EFDDE7EBA8568BDFB75983A3 -- C:\Windows\System32\drivers\ataport.sys
[2009/07/13 21:26:15 | 000,133,200 | ---- | M] (Microsoft Corporation) MD5=BCA15585EFDDE7EBA8568BDFB75983A3 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\ataport.sys
[2009/07/13 21:26:15 | 000,133,200 | ---- | M] (Microsoft Corporation) MD5=BCA15585EFDDE7EBA8568BDFB75983A3 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\ataport.sys

< MD5 for: EXPLORER.EXE >
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: USERINIT.EXE >
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: VOLSNAP.SYS >
[2009/07/13 21:19:10 | 000,245,328 | ---- | M] (Microsoft Corporation) MD5=58DF9D2481A56EDDE167E51B334D44FD -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_x86_neutral_29364d30156a24ca\volsnap.sys
[2009/07/13 21:19:10 | 000,245,328 | ---- | M] (Microsoft Corporation) MD5=58DF9D2481A56EDDE167E51B334D44FD -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.1.7600.16385_none_158d0da45d68903e\volsnap.sys
[2009/07/13 21:19:10 | 000,245,328 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\drivers\volsnap.sys

< MD5 for: WINLOGON.EXE >
[2009/10/28 02:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009/10/28 02:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 01:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009/07/13 21:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2009/07/13 21:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2009/07/13 21:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2009/07/13 21:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/07/13 21:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/07/13 21:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2009/07/13 21:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2009/07/13 21:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2009/07/13 21:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/07/13 21:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/07/13 21:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation)

< End of report >


2011/06/17 07:30:42.0385 5572 TDSS rootkit removing tool 2.5.5.0 Jun 16 2011 15:25:15
2011/06/17 07:30:42.0775 5572 ================================================================================
2011/06/17 07:30:42.0775 5572 SystemInfo:
2011/06/17 07:30:42.0775 5572
2011/06/17 07:30:42.0775 5572 OS Version: 6.1.7600 ServicePack: 0.0
2011/06/17 07:30:42.0775 5572 Product type: Workstation
2011/06/17 07:30:42.0775 5572 ComputerName: LUCA9F39RM1
2011/06/17 07:30:42.0775 5572 UserName: jason.kinney
2011/06/17 07:30:42.0775 5572 Windows directory: C:\Windows
2011/06/17 07:30:42.0775 5572 System windows directory: C:\Windows
2011/06/17 07:30:42.0775 5572 Processor architecture: Intel x86
2011/06/17 07:30:42.0775 5572 Number of processors: 4
2011/06/17 07:30:42.0775 5572 Page size: 0x1000
2011/06/17 07:30:42.0775 5572 Boot type: Normal boot
2011/06/17 07:30:42.0775 5572 ================================================================================
2011/06/17 07:30:44.0575 5572 Initialize success
2011/06/17 07:30:53.0137 5088 ================================================================================
2011/06/17 07:30:53.0137 5088 Scan started
2011/06/17 07:30:53.0137 5088 Mode: Manual;
2011/06/17 07:30:53.0137 5088 ================================================================================
2011/06/17 07:30:54.0628 5088 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/06/17 07:30:54.0948 5088 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2011/06/17 07:30:54.0978 5088 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/06/17 07:30:55.0008 5088 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/06/17 07:30:55.0038 5088 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/06/17 07:30:55.0058 5088 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/06/17 07:30:55.0118 5088 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2011/06/17 07:30:55.0128 5088 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2011/06/17 07:30:55.0168 5088 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/06/17 07:30:55.0198 5088 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2011/06/17 07:30:55.0228 5088 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2011/06/17 07:30:55.0248 5088 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2011/06/17 07:30:55.0258 5088 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/06/17 07:30:55.0278 5088 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/06/17 07:30:55.0298 5088 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2011/06/17 07:30:55.0328 5088 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/06/17 07:30:55.0338 5088 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2011/06/17 07:30:55.0388 5088 ApfiltrService (11246b43e2fd8318ef5f45de3a74fbae) C:\Windows\system32\DRIVERS\Apfiltr.sys
2011/06/17 07:30:55.0438 5088 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2011/06/17 07:30:55.0478 5088 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/06/17 07:30:55.0488 5088 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/06/17 07:30:55.0538 5088 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/17 07:30:55.0578 5088 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2011/06/17 07:30:55.0618 5088 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/06/17 07:30:55.0648 5088 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/06/17 07:30:55.0678 5088 BCM42RLY (94f2dc372163d520d7b1dad78ae40b5e) C:\Windows\system32\drivers\BCM42RLY.sys
2011/06/17 07:30:55.0778 5088 BCM43XX (f689c5965cefad780a2948546703bd5d) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/06/17 07:30:55.0808 5088 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/06/17 07:30:55.0838 5088 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/06/17 07:30:55.0868 5088 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/17 07:30:55.0878 5088 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/06/17 07:30:55.0898 5088 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/06/17 07:30:55.0918 5088 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/06/17 07:30:55.0928 5088 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/06/17 07:30:55.0948 5088 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/06/17 07:30:55.0958 5088 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/06/17 07:30:55.0968 5088 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/06/17 07:30:56.0048 5088 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/17 07:30:56.0068 5088 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2011/06/17 07:30:56.0098 5088 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/06/17 07:30:56.0138 5088 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/06/17 07:30:56.0168 5088 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/06/17 07:30:56.0178 5088 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2011/06/17 07:30:56.0208 5088 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/06/17 07:30:56.0238 5088 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/06/17 07:30:56.0288 5088 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/06/17 07:30:56.0308 5088 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/06/17 07:30:56.0358 5088 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2011/06/17 07:30:56.0408 5088 CtAudDrv (0f538df1673e5216f3baacb6911d9d0f) C:\Windows\system32\Drivers\CtAudDrv.sys
2011/06/17 07:30:56.0438 5088 CtClsFlt (9a6ca307151505730dbfc91d97f01c7e) C:\Windows\system32\DRIVERS\CtClsFlt.sys
2011/06/17 07:30:56.0478 5088 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2011/06/17 07:30:56.0538 5088 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/06/17 07:30:56.0608 5088 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/06/17 07:30:56.0708 5088 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/06/17 07:30:56.0748 5088 dsNcAdpt (4823163c246868863d41a2f5ee06a21e) C:\Windows\system32\DRIVERS\dsNcAdpt.sys
2011/06/17 07:30:56.0858 5088 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/17 07:30:56.0928 5088 e1kexpress (034fa3a00fff4f68dd9f6d3793392274) C:\Windows\system32\DRIVERS\e1k6232.sys
2011/06/17 07:30:57.0038 5088 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/06/17 07:30:57.0188 5088 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/06/17 07:30:57.0208 5088 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2011/06/17 07:30:57.0298 5088 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/06/17 07:30:57.0318 5088 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/06/17 07:30:57.0368 5088 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/06/17 07:30:57.0428 5088 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/06/17 07:30:57.0448 5088 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/06/17 07:30:57.0478 5088 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/06/17 07:30:57.0548 5088 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/06/17 07:30:57.0588 5088 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/06/17 07:30:57.0618 5088 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/17 07:30:57.0718 5088 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2011/06/17 07:30:57.0748 5088 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/06/17 07:30:57.0768 5088 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/06/17 07:30:57.0898 5088 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2011/06/17 07:30:57.0938 5088 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/06/17 07:30:57.0948 5088 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/06/17 07:30:57.0968 5088 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/06/17 07:30:57.0978 5088 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/06/17 07:30:58.0028 5088 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2011/06/17 07:30:58.0048 5088 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/06/17 07:30:58.0088 5088 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2011/06/17 07:30:58.0108 5088 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2011/06/17 07:30:58.0158 5088 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/06/17 07:30:58.0208 5088 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/06/17 07:30:58.0368 5088 igfx (678b92645258162c9a81f3cc874cff43) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/06/17 07:30:58.0518 5088 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/06/17 07:30:58.0568 5088 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2011/06/17 07:30:58.0608 5088 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/06/17 07:30:58.0628 5088 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/06/17 07:30:58.0668 5088 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/06/17 07:30:58.0698 5088 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/06/17 07:30:58.0708 5088 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2011/06/17 07:30:58.0728 5088 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/06/17 07:30:58.0779 5088 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/06/17 07:30:58.0799 5088 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/06/17 07:30:58.0819 5088 KLIF (a11c971434468fa05815eec8228d63fd) C:\Windows\system32\DRIVERS\klif.sys
2011/06/17 07:30:58.0869 5088 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2011/06/17 07:30:58.0919 5088 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2011/06/17 07:30:58.0999 5088 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/06/17 07:30:59.0029 5088 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/06/17 07:30:59.0049 5088 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/06/17 07:30:59.0059 5088 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/06/17 07:30:59.0079 5088 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/06/17 07:30:59.0139 5088 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/06/17 07:30:59.0169 5088 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/06/17 07:30:59.0209 5088 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/06/17 07:30:59.0269 5088 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/06/17 07:30:59.0309 5088 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/06/17 07:30:59.0349 5088 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/06/17 07:30:59.0389 5088 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/06/17 07:30:59.0439 5088 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2011/06/17 07:30:59.0449 5088 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2011/06/17 07:30:59.0509 5088 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/06/17 07:30:59.0529 5088 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2011/06/17 07:30:59.0569 5088 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/06/17 07:30:59.0599 5088 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/06/17 07:30:59.0629 5088 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/06/17 07:30:59.0649 5088 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2011/06/17 07:30:59.0669 5088 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2011/06/17 07:30:59.0709 5088 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/06/17 07:30:59.0769 5088 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/06/17 07:30:59.0809 5088 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/06/17 07:30:59.0869 5088 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/06/17 07:30:59.0979 5088 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/06/17 07:31:00.0039 5088 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/06/17 07:31:00.0129 5088 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/06/17 07:31:00.0179 5088 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/06/17 07:31:00.0249 5088 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/06/17 07:31:00.0279 5088 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/06/17 07:31:00.0329 5088 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/06/17 07:31:00.0509 5088 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/06/17 07:31:00.0739 5088 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2011/06/17 07:31:00.0809 5088 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/06/17 07:31:00.0849 5088 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/06/17 07:31:00.0869 5088 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/06/17 07:31:00.0889 5088 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/06/17 07:31:00.0919 5088 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2011/06/17 07:31:00.0969 5088 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/06/17 07:31:00.0979 5088 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2011/06/17 07:31:01.0079 5088 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/06/17 07:31:01.0109 5088 NPF (c5f0202a00227aecb69e722c52385ffc) C:\Windows\system32\drivers\npf.sys
2011/06/17 07:31:01.0159 5088 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/06/17 07:31:01.0199 5088 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/06/17 07:31:01.0309 5088 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2011/06/17 07:31:01.0369 5088 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/06/17 07:31:01.0389 5088 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/06/17 07:31:01.0449 5088 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2011/06/17 07:31:01.0469 5088 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/06/17 07:31:01.0499 5088 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/06/17 07:31:01.0629 5088 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/06/17 07:31:01.0659 5088 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2011/06/17 07:31:01.0699 5088 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/06/17 07:31:01.0719 5088 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2011/06/17 07:31:01.0739 5088 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2011/06/17 07:31:01.0759 5088 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/06/17 07:31:01.0789 5088 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/06/17 07:31:01.0809 5088 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/06/17 07:31:01.0879 5088 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/06/17 07:31:01.0959 5088 prepdrvr (2a4514a9233d35a355f569ff8b8f6240) C:\Windows\system32\CCM\prepdrv.sys
2011/06/17 07:31:01.0979 5088 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/06/17 07:31:02.0009 5088 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/06/17 07:31:02.0039 5088 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys
2011/06/17 07:31:02.0099 5088 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/06/17 07:31:02.0139 5088 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/06/17 07:31:02.0179 5088 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/06/17 07:31:02.0189 5088 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/06/17 07:31:02.0229 5088 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/06/17 07:31:02.0249 5088 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/06/17 07:31:02.0269 5088 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/06/17 07:31:02.0289 5088 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/06/17 07:31:02.0299 5088 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2011/06/17 07:31:02.0319 5088 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/06/17 07:31:02.0349 5088 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/06/17 07:31:02.0379 5088 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2011/06/17 07:31:02.0409 5088 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/06/17 07:31:02.0449 5088 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/06/17 07:31:02.0479 5088 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2011/06/17 07:31:02.0509 5088 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2011/06/17 07:31:02.0569 5088 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/06/17 07:31:02.0599 5088 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/06/17 07:31:02.0629 5088 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/06/17 07:31:02.0679 5088 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2011/06/17 07:31:02.0759 5088 sdbus (aa826e35f6d28a8e5d1efeb337f24ba2) C:\Windows\system32\DRIVERS\sdbus.sys
2011/06/17 07:31:02.0809 5088 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/06/17 07:31:02.0859 5088 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/06/17 07:31:02.0869 5088 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/06/17 07:31:02.0909 5088 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/06/17 07:31:02.0969 5088 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/06/17 07:31:02.0989 5088 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/06/17 07:31:03.0009 5088 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/06/17 07:31:03.0029 5088 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/06/17 07:31:03.0049 5088 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2011/06/17 07:31:03.0079 5088 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/06/17 07:31:03.0099 5088 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/06/17 07:31:03.0140 5088 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/06/17 07:31:03.0200 5088 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/06/17 07:31:03.0260 5088 srv (50a83ca406c808bd35ac9141a0c7618f) C:\Windows\system32\DRIVERS\srv.sys
2011/06/17 07:31:03.0290 5088 srv2 (dce7e10feaabd4cae95948b3de5340bb) C:\Windows\system32\DRIVERS\srv2.sys
2011/06/17 07:31:03.0330 5088 srvnet (bd1433a32792fd0dc450479094fc435a) C:\Windows\system32\DRIVERS\srvnet.sys
2011/06/17 07:31:03.0370 5088 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/06/17 07:31:03.0390 5088 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/06/17 07:31:03.0410 5088 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2011/06/17 07:31:03.0430 5088 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/06/17 07:31:03.0500 5088 Tcpip (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\drivers\tcpip.sys
2011/06/17 07:31:03.0550 5088 TCPIP6 (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\DRIVERS\tcpip.sys
2011/06/17 07:31:03.0570 5088 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2011/06/17 07:31:03.0590 5088 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2011/06/17 07:31:03.0610 5088 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2011/06/17 07:31:03.0630 5088 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2011/06/17 07:31:03.0650 5088 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2011/06/17 07:31:03.0690 5088 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/17 07:31:03.0740 5088 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2011/06/17 07:31:03.0750 5088 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/06/17 07:31:03.0780 5088 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2011/06/17 07:31:03.0800 5088 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/06/17 07:31:03.0860 5088 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2011/06/17 07:31:03.0900 5088 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/06/17 07:31:03.0920 5088 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/06/17 07:31:03.0930 5088 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2011/06/17 07:31:03.0960 5088 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2011/06/17 07:31:03.0980 5088 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
2011/06/17 07:31:03.0990 5088 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2011/06/17 07:31:04.0010 5088 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/06/17 07:31:04.0040 5088 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/06/17 07:31:04.0050 5088 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/06/17 07:31:04.0140 5088 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\System32\Drivers\usbvideo.sys
2011/06/17 07:31:04.0170 5088 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/06/17 07:31:04.0200 5088 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/17 07:31:04.0210 5088 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/06/17 07:31:04.0230 5088 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/06/17 07:31:04.0250 5088 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2011/06/17 07:31:04.0260 5088 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/06/17 07:31:04.0280 5088 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2011/06/17 07:31:04.0290 5088 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2011/06/17 07:31:04.0310 5088 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/06/17 07:31:04.0340 5088 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/06/17 07:31:04.0360 5088 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/06/17 07:31:04.0380 5088 volsnap (7c28b63e4c9e5c3be7ffe53789593619) C:\Windows\system32\DRIVERS\volsnap.sys
2011/06/17 07:31:04.0380 5088 Suspicious file (Forged): C:\Windows\system32\DRIVERS\volsnap.sys. Real md5: 7c28b63e4c9e5c3be7ffe53789593619, Fake md5: 58df9d2481a56edde167e51b334d44fd
2011/06/17 07:31:04.0390 5088 volsnap - detected Rootkit.Win32.TDSS.tdl3 (0)
2011/06/17 07:31:04.0450 5088 vpcbus (33e74df34753fcaab06f6f2bdc8cabf5) C:\Windows\system32\DRIVERS\vpchbus.sys
2011/06/17 07:31:04.0520 5088 vpcnfltr (5f04362ceb5fb5901037e9d9eadd3760) C:\Windows\system32\DRIVERS\vpcnfltr.sys
2011/06/17 07:31:04.0560 5088 vpcusb (625088d6ee9ede977fd03cf18d1cd5c5) C:\Windows\system32\DRIVERS\vpcusb.sys
2011/06/17 07:31:04.0620 5088 vpcvmm (1023c696d42268e9071bb376dbec8396) C:\Windows\system32\drivers\vpcvmm.sys
2011/06/17 07:31:04.0670 5088 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/06/17 07:31:04.0700 5088 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/06/17 07:31:04.0750 5088 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/06/17 07:31:04.0780 5088 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/06/17 07:31:04.0810 5088 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/17 07:31:04.0820 5088 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/17 07:31:04.0850 5088 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/06/17 07:31:04.0880 5088 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/06/17 07:31:04.0940 5088 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/06/17 07:31:04.0960 5088 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/06/17 07:31:05.0080 5088 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUSB.sys
2011/06/17 07:31:05.0120 5088 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/06/17 07:31:05.0190 5088 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/06/17 07:31:05.0230 5088 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/06/17 07:31:05.0250 5088 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/06/17 07:31:05.0320 5088 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/06/17 07:31:05.0330 5088 ================================================================================
2011/06/17 07:31:05.0330 5088 Scan finished
2011/06/17 07:31:05.0330 5088 ================================================================================
2011/06/17 07:31:05.0340 2844 Detected object count: 1
2011/06/17 07:31:05.0340 2844 Actual detected object count: 1
2011/06/17 07:31:23.0044 2844 volsnap (7c28b63e4c9e5c3be7ffe53789593619) C:\Windows\system32\DRIVERS\volsnap.sys
2011/06/17 07:31:23.0044 2844 Suspicious file (Forged): C:\Windows\system32\DRIVERS\volsnap.sys. Real md5: 7c28b63e4c9e5c3be7ffe53789593619, Fake md5: 58df9d2481a56edde167e51b334d44fd
2011/06/17 07:31:23.0184 2844 Backup copy found, using it..
2011/06/17 07:31:23.0194 2844 C:\Windows\system32\DRIVERS\volsnap.sys - will be cured after reboot
2011/06/17 07:31:23.0194 2844 Rootkit.Win32.TDSS.tdl3(volsnap) - User select action: Cure
2011/06/17 07:32:53.0412 6040 Deinitialize success
  • 0

#11
Homburg
Posted 18 June 2011 - 07:34 AM

Homburg

    Trusted Helper

  • Malware Removal
  • 665 posts
Hi,

Now that we've removed your rootkit infection things should be improving.

Please do the following:


Step 1:

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediantly.


Step 2:

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Please remember to post the MalwareBytes scan log and the E_Set online scan log

Also, how is the PC running now?

Homburg
  • 0

#12
KINNEY1978
Posted 20 June 2011 - 08:01 AM

KINNEY1978

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
Hi,

I've got my audio back on the web and so far no redirects. Maybe fixed? :-)

Are there any powerhouse scans that I can run to make sure?

This is like the 3rd time that I've caught the Windows 7 Recovery virus.

How can I protect it from getting it again?


Here are the two logs that you requested:


Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6887

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

6/18/2011 10:08:46 AM
mbam-log-2011-06-18 (10-08-46).txt

Scan type: Full scan (C:\|)
Objects scanned: 289052
Time elapsed: 28 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# OnlineScanner.ocx=1.0.0.6526
# api_version=3.0.2
# EOSSerial=91ad9d046e33ef41b5045fe8e7bb36b8
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-06-18 03:33:07
# local_time=2011-06-18 11:33:07 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=5893 16776573 100 94 0 59952510 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=94852
# found=0
# cleaned=0
# scan_time=3468
  • 0

#13
Homburg
Posted 21 June 2011 - 01:52 PM

Homburg

    Trusted Helper

  • Malware Removal
  • 665 posts
Hello KINNEY1978,

Your PC is now clean :)

First we'll remove the tools that we've used then look at preventing getting infected again. It's important to remove the tools as it also removes the malware that we currently have quarantined.

Please do the following:

Follow these steps to uninstall Combofix
  • Click START then RUN
  • Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.


Next

Reset SR Points/Clean up with OTL:
  • Double-click OTL to start the program.
  • Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Commands
[ClearAllRestorePoints]
  • Return to OTL, right-click in the Custom Scans/Fixes window and choose Paste.
  • Then click the Run Fix button.
  • Let the program run unhindered. When finished click on OK and close the log that appears.
  • Note: I do not need to review the log produced.
  • Now close all other programs apart from OTL as this step will require a reboot.
  • On the OTL main screen, depress the CleanUp button.
  • Say Yes to the prompt and then allow the program to reboot your computer.

The above process will flush old System Restore Points and create a new clean one.


Next

Please delete aswMBR and any remaining logs from your desktop.


This is like the 3rd time that I've caught the Windows 7 Recovery virus.

How can I protect it from getting it again?

I have some recommendations here to help avoid getting infected again. The best advice would be to avoid peer to peer websites if you do use them as they are rife with malware. Also, if you mainly use Mozilla Firefox as a browser, use the Web of Trust add on. By also adding No Script would considerably improve the protection.


1. Protection Now that you are clean, to help protect your computer in the future I recommend that you download the following free programs:

SpywareBlaster to help prevent spyware from installing in the first place. It also consumes no system resources.
SpywareGuard to catch and block spyware before it can execute. It offers real time protection.
MalwareBytes to remove any malware that might slip the net and get through. I recommend that you run this at least once a week.

2. Windows Updates.

It is essential that you regularly check and install the latest Windows Updates. Vulnerabilities within Windows can leave your computer open to infection. Regular updates are released to fix these security vulnerabilities. I recommend that you set Windows to check, download and install your updates automatically.

Click Start
Select Control Panel
Click on Automatic (recommended)
Set the day and time for the update check. Set this to a time when your computer will normally be on and connected to the internet.
Click Apply then OK.

3. JAVA updates.
As with Windows, Java also needs to be regularly updated to fix security vulnerabilities. You can download the latest version of the Java Runtime Environment (JRE) from here. Download, install and reboot your computer. You also need to uininstall older versions of Java.

Click Start
Select Control Panel
Select Add or Remove Programs
Remove all Java updates except the latest one you have just installed.

4. Adobe updates.
You should ensure you use the latest Adobe Acrobat Reader and install any security updates that are released. Older versions are susceptible to attack. You can download the latest reader and updates from here.

5. Firewall and antivirus.
A firewall is essential to stop hackers infiltrating your computer. The following firewalls are free for personal use. Do not install more than one firewall.

Zone Alarm is an excellent free basic firewall which is very easy to use.
Online Armor is a more advanced firewall which includes a Host Intrusion Protection System (HIPS).
Comodo is a combined firewall and anti virus.

It is essential that you have an antivirus program installed on your computer. An Anti-Virus program protects your computer from many common viruses and trojans which can be deadly for your system. The following antivirus programs are free for personal use. Do not install more than one antivirus.

AVG
Avira Free
Avast


To learn more about how to protect yourself while on the internet you might like to read this GeeksToGo article. This covers some of the safety measures that I've included and also some more.

Happy surfing and stay safe :unsure:

Homburg.
  • 0

#14
Essexboy
Posted 28 June 2011 - 11:20 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP