Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Infected! "windows delayed write fail" warning popup [Sol

Started by jogibso1 , Jan 19 2012 11:34 AM

  • This topic is locked This topic is locked

#1
jogibso1
Posted 19 January 2012 - 11:34 AM

jogibso1

    Member

  • Member
  • PipPipPip
  • 135 posts
In addition to that, all of my files are hidden, and my system tray is giving warnings like the following:

"hard drive clusters are partly damaged. segment load failure"

and

"RAM memory reliability is extremely low. This problem may cause system failure"

and

"critical error"

and

"hard drive critical error. start a system diagnostics..." etc


I cant see any files whatsoever on my computer and am operating from another machine at the moment. This is similar to another problem I had a few months ago. I had to reinstall windows and start over, which makes me think that I have an infected external hard drive, perhaps.

however, I was somehow able to run an OTL from a jump drive by navigating around, and its pasted below.

****PLEASE NOTE: It gave me two outputs: one called OTL and another, also pasted below, called "extras"

OTL:


OTL logfile created on: 1/19/2012 12:11:30 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = E:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.98 Gb Total Physical Memory | 2.03 Gb Available Physical Memory | 68.01% Memory free
4.82 Gb Paging File | 4.09 Gb Available in Paging File | 84.88% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.87 Gb Total Space | 173.45 Gb Free Space | 74.48% Space Free | Partition Type: NTFS
Drive E: | 1.94 Gb Total Space | 0.46 Gb Free Space | 23.81% Space Free | Partition Type: FAT

Computer Name: NG00158029 | User Name: jeh46727 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/19 12:10:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
PRC - [2012/01/19 11:17:24 | 000,447,744 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\sJbtigWoqlpSK.exe
PRC - [2011/12/24 17:50:16 | 000,981,680 | -H-- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2011/07/20 15:14:31 | 000,145,936 | -H-- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2011/07/20 15:14:30 | 000,159,320 | -H-- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2011/03/18 14:06:37 | 000,209,760 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2011/03/18 14:06:36 | 000,057,152 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\scan32.exe
PRC - [2011/03/18 14:06:28 | 000,033,648 | -H-- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
PRC - [2010/12/14 17:22:37 | 000,075,608 | -H-- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Forefront Identity Manager\2010\Password Reset Client Service\PwdMgmtProxy.exe
PRC - [2010/10/15 15:05:00 | 000,185,664 | -H-- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2010/10/15 15:05:00 | 000,140,608 | -H-- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2010/10/15 15:05:00 | 000,120,128 | -H-- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2010/10/15 15:05:00 | 000,075,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe
PRC - [2010/09/27 11:35:58 | 002,093,322 | ---- | M] (Internet Security Systems, Inc.) -- C:\Program Files\ISS\Proventia Desktop\blackd.exe
PRC - [2010/09/27 11:35:58 | 001,274,122 | ---- | M] (Internet Security Systems, Inc.) -- C:\Program Files\ISS\Proventia Desktop\RapApp.exe
PRC - [2010/09/27 11:35:58 | 000,405,770 | ---- | M] (Internet Security Systems, Inc.) -- C:\Program Files\ISS\Proventia Desktop\vpatch.exe
PRC - [2010/09/07 23:05:34 | 000,254,034 | R--- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\STACSV.EXE
PRC - [2010/02/26 01:37:06 | 001,287,464 | ---- | M] (Altiris, Inc.) -- C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
PRC - [2010/02/26 01:37:00 | 000,173,352 | ---- | M] (Altiris, Inc.) -- C:\Program Files\Altiris\Altiris Agent\AeXAgentUIHost.exe
PRC - [2009/04/20 18:01:56 | 000,737,280 | RH-- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\AESTFLTR.EXE
PRC - [2009/03/27 18:10:56 | 000,014,336 | RH-- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
PRC - [2008/04/17 08:08:46 | 001,528,608 | -H-- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/14 04:42:16 | 000,389,120 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cmd.exe
PRC - [2007/03/07 15:41:18 | 001,437,696 | ---- | M] (Altiris) -- C:\Program Files\Altiris\Carbon Copy\Client.exe
PRC - [2007/03/07 15:41:18 | 000,724,992 | -H-- | M] (Altiris) -- C:\Program Files\Altiris\Carbon Copy\ShellKer.exe
PRC - [2007/03/07 15:18:58 | 000,049,152 | -H-- | M] (Altiris) -- C:\WINDOWS\system32\CCSRVC.exe
PRC - [2006/09/21 04:20:00 | 000,127,036 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005/07/15 16:48:33 | 000,479,232 | -H-- | M] (Google Inc.) -- C:\Program Files\Google\Gmail Notifier\gnotify.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/19 11:17:24 | 000,447,744 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\sJbtigWoqlpSK.exe
MOD - [2011/02/24 01:57:18 | 000,555,112 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nvShell.dll
MOD - [2010/10/15 15:05:00 | 000,065,536 | -H-- | M] () -- C:\Program Files\McAfee\Common Framework\boost_thread-vc80-mt-1_32.dll
MOD - [2010/09/27 11:35:56 | 000,065,536 | ---- | M] () -- C:\Program Files\ISS\Proventia Desktop\AV\ipsupd.dll
MOD - [2010/09/27 11:35:54 | 000,745,984 | ---- | M] () -- C:\Program Files\ISS\Proventia Desktop\libxml2.dll
MOD - [2010/09/27 11:35:54 | 000,147,968 | ---- | M] () -- C:\Program Files\ISS\Proventia Desktop\libxslt.dll
MOD - [2008/05/20 04:18:10 | 000,094,720 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2008/04/17 08:08:56 | 000,197,408 | ---- | M] () -- C:\WINDOWS\system32\vpnapi.dll
MOD - [2007/08/14 13:43:46 | 006,365,184 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2007/07/12 21:33:58 | 000,087,552 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll
MOD - [2007/07/12 11:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007/07/12 11:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll
MOD - [2007/04/18 19:30:46 | 000,471,040 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\ccme_base.dll
MOD - [2007/04/18 19:30:46 | 000,393,216 | -H-- | M] () -- C:\Program Files\McAfee\Common Framework\cryptocme2.dll
MOD - [2007/02/05 15:55:36 | 000,130,560 | ---- | M] () -- C:\Program Files\ISS\Proventia Desktop\AV\libfn.dll
MOD - [2002/01/14 14:49:00 | 000,045,056 | ---- | M] () -- C:\Program Files\ISS\Proventia Desktop\AV\avxdisk.dll
MOD - [2001/07/31 02:17:12 | 000,094,274 | ---- | M] () -- C:\WINDOWS\system32\HPBHEALR.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Unknown | Running] -- -- (VPatch)
SRV - File not found [Unknown | Running] -- -- (RapApp)
SRV - File not found [Unknown | Running] -- -- (BlackICE)
SRV - [2011/07/20 15:14:31 | 000,145,936 | -H-- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2011/07/20 15:14:30 | 000,159,320 | -H-- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/03/18 14:06:37 | 000,209,760 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2010/12/14 17:22:37 | 000,075,608 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Forefront Identity Manager\2010\Password Reset Client Service\PwdMgmtProxy.exe -- (FIMPasswordReset)
SRV - [2010/10/15 15:05:00 | 000,120,128 | -H-- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2010/09/07 23:05:34 | 000,254,034 | R--- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\STACSV.EXE -- (STacSV)
SRV - [2010/02/26 01:37:06 | 001,287,464 | ---- | M] (Altiris, Inc.) [Auto | Running] -- C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe -- (AeXNSClient)
SRV - [2010/01/15 07:49:20 | 000,227,232 | -H-- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/03/27 18:10:56 | 000,014,336 | RH-- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/04/17 08:08:46 | 001,528,608 | -H-- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2007/03/07 15:18:58 | 000,049,152 | -H-- | M] (Altiris) [Auto | Running] -- C:\WINDOWS\system32\CCSRVC.exe -- (CarbonCopy32)


========== Driver Services (SafeList) ==========

DRV - [2012/01/19 11:52:38 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/07/20 15:14:31 | 000,436,728 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/07/20 15:14:31 | 000,171,296 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011/07/20 15:14:31 | 000,116,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011/07/20 15:14:31 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2011/07/20 15:14:31 | 000,085,152 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011/07/20 15:14:31 | 000,058,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/09/27 11:35:58 | 000,050,163 | ---- | M] (Internet Security Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RapDrv.sys -- (rap)
DRV - [2010/09/27 11:35:56 | 000,205,938 | ---- | M] (Internet Security Systems, Inc.) [Kernel | Disabled | Running] -- C:\WINDOWS\system32\drivers\Blackcat.sys -- (black)
DRV - [2010/09/27 11:35:56 | 000,080,512 | ---- | M] (Internet Security Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\isskboep.sys -- (MakoNT)
DRV - [2010/09/07 23:05:34 | 001,643,715 | R--- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2010/04/05 23:35:56 | 000,168,616 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1k5132.sys -- (e1kexpress) Intel®
DRV - [2010/04/05 10:44:28 | 006,601,216 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®
DRV - [2010/02/25 14:19:12 | 000,016,768 | -H-- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2010/01/28 19:55:06 | 000,058,600 | RH-- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2009/12/03 06:57:48 | 000,045,984 | R--- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2009/11/20 19:15:18 | 000,137,728 | RH-- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV - [2009/11/20 19:15:16 | 000,058,880 | RH-- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nusb3hub.sys -- (nusb3hub)
DRV - [2009/09/17 12:54:14 | 000,041,088 | RH-- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2009/07/21 14:18:58 | 001,161,760 | RH-- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/20 14:05:16 | 000,049,152 | R--- | M] (RICOH Company, Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rismc32.sys -- (rismc32)
DRV - [2009/06/25 15:58:10 | 000,048,128 | R--- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009/04/20 19:13:34 | 000,113,664 | R--- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
DRV - [2008/10/11 14:56:00 | 000,045,056 | R--- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/07/29 14:41:36 | 000,038,400 | R--- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2008/07/23 10:31:38 | 000,044,800 | RH-- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2008/04/17 08:07:52 | 000,306,299 | -H-- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2008/03/29 16:36:28 | 000,125,328 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2007/03/07 15:22:54 | 000,009,216 | -H-- | M] (Altiris) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CCDevice.sys -- (CCDevice)
DRV - [2007/01/18 16:28:02 | 000,005,275 | -H-- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/09/21 04:20:00 | 000,094,460 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/09/21 04:20:00 | 000,088,476 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/09/21 04:20:00 | 000,087,004 | -H-- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/09/21 04:20:00 | 000,026,044 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/09/21 04:20:00 | 000,015,068 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/09/21 04:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/09/21 04:20:00 | 000,002,496 | -H-- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2006/07/24 00:00:04 | 000,022,016 | RH-- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2006/07/24 00:00:04 | 000,017,920 | RH-- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2006/03/17 07:35:24 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/03/17 07:34:46 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/01/26 10:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.state.va.us/cmsportal3
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://vofonline.org [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2011/10/25 11:11:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/23 10:51:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/10/25 13:15:52 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\jeh46727\Application Data\Mozilla\Extensions
[2011/10/25 13:11:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/23 10:51:16 | 000,121,816 | -H-- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/09/28 19:26:50 | 000,002,252 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/10 17:37:38 | 000,002,040 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/11/08 11:00:06 | 000,001,663 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 172.22.234.78 cov-rpb-nas002.cov.virginia.gov
O1 - Hosts: 10.192.32.76 COVSMICES-ANS01 COVSMICES-ANS01.vita.virginia.gov COVSMICES-ANS01.cov.virginia.gov # Altiris NS ***DO NOT REMOVE OR MODIFY***
O1 - Hosts: 10.192.32.77 COVSMICES-ANS03 COVSMICES-ANS03.vita.virginia.gov COVSMICES-ANS03.cov.virginia.gov # Altiris NS ***DO NOT REMOVE OR MODIFY***
O1 - Hosts: 10.192.32.78 COVSMICES-ANS04 COVSMICES-ANS04.vita.virginia.gov COVSMICES-ANS04.cov.virginia.gov # Altiris NS ***DO NOT REMOVE OR MODIFY***
O1 - Hosts: 10.192.32.79 COVSMICES-ANS05 COVSMICES-ANS05.vita.virginia.gov COVSMICES-ANS05.cov.virginia.gov # Altiris NS ***DO NOT REMOVE OR MODIFY***
O1 - Hosts: 10.192.32.80 COVSMICES-ANS06 COVSMICES-ANS06.vita.virginia.gov COVSMICES-ANS06.cov.virginia.gov # Altiris NS ***DO NOT REMOVE OR MODIFY***
O1 - Hosts: 10.192.32.45 COVSMICES-ANS07 COVSMICES-ANS07.vita.virginia.gov COVSMICES-ANS07.cov.virginia.gov # Altiris NS ***DO NOT REMOVE OR MODIFY***
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110720161443.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [AeXAgentLogon] C:\Program Files\Altiris\Altiris Agent\AeXAgentActivate.exe (Altiris, Inc.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [PasswordRegistration] C:\WINDOWS\system32\MsPwdRegistration.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [sJbtigWoqlpSK.exe] C:\Documents and Settings\All Users\Application Data\sJbtigWoqlpSK.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\SQM present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMSAppLogo5ChannelNotify = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPublishingWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoOnlinePrintsWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonType = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: MaxGPOScriptWait = 32000
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Persistence present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Home = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Fullscreen = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Tools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Print = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Edit = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Cut = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Copy = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Paste = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Encoding = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 181
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPublishingWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoOnlinePrintsWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowCpl = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 2 = wscui.cpl (Microsoft Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O15 - HKLM\..Trusted Domains: virginia.gov ([idmportal.cov] https in Local intranet)
O15 - HKCU\..Trusted Domains: virginia.gov ([]* in Local intranet)
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} Reg Error: Key error. (Macromedia Authorware Web Player Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = cov.virginia.gov
O20 - AppInit_DLLs: (AMINIT32.dll) -C:\WINDOWS\System32\AMInit32.dll (Altiris, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (MsPwdGina.dll) -C:\WINDOWS\System32\MsPwdGina.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/07/19 21:15:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{16dc5dee-ffcf-11e0-a1cb-183da27742a0}\Shell\AutoRun\command - "" = E:\Connect.exe
O33 - MountPoints2\{6b4e1eba-03bb-11e1-a1cc-183da27742a0}\Shell - "" = AutoRun
O33 - MountPoints2\{6b4e1eba-03bb-11e1-a1cc-183da27742a0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6b4e1eba-03bb-11e1-a1cc-183da27742a0}\Shell\AutoRun\command - "" = F:\HPLauncher.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\HPLauncher.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/19 12:06:58 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\jeh46727\Recent
[2012/01/19 11:52:38 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/01/18 16:22:19 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\jeh46727\Desktop\AEP Exports
[2012/01/18 15:01:31 | 000,000,000 | ---D | C] -- C:\logs
[2012/01/18 15:01:07 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/01/18 15:00:24 | 000,000,000 | -H-D | C] -- C:\Program Files\Microsoft Forefront Identity Manager
[2012/01/18 14:32:18 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\jeh46727\Local Settings\Application Data\join.me
[2012/01/18 11:42:22 | 000,000,000 | -H-D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2012/01/11 08:46:56 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\jeh46727\Local Settings\Application Data\Adobe
[2012/01/10 17:34:07 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\jeh46727\Application Data\Adobe
[2012/01/09 16:22:36 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\jeh46727\Local Settings\Application Data\Temp
[2012/01/09 16:20:31 | 000,000,000 | -H-D | C] -- C:\Program Files\Common Files\Adobe
[2012/01/09 16:20:31 | 000,000,000 | -H-D | C] -- C:\Program Files\Adobe
[2012/01/04 15:42:17 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Outlook Tools
[2012/01/04 15:42:10 | 000,000,000 | -H-D | C] -- C:\Program Files\MSECache
[2011/12/29 12:43:04 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2011/12/29 12:41:37 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\jeh46727\Local Settings\Application Data\Google
[2011/12/28 12:25:36 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\jeh46727\Desktop\new pics
[2011/12/21 17:09:11 | 000,000,000 | -H-D | C] -- C:\WINDOWS\SxsCaPendDel
[2011/12/21 11:41:36 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\jeh46727\Application Data\Malwarebytes
[2011/12/21 11:40:16 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/12/21 11:40:11 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/12/21 11:40:11 | 000,000,000 | -H-D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/20 15:03:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/19 12:15:00 | 000,000,400 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{6F1E465E-1806-426B-BBF8-D398F24871FE}.job
[2012/01/19 11:52:38 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/01/19 11:46:22 | 000,053,237 | -H-- | M] () -- C:\WINDOWS\System32\nvModes.001
[2012/01/19 11:46:20 | 000,053,237 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2012/01/19 11:46:02 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/19 11:45:48 | 000,000,886 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/19 11:43:21 | 000,002,048 | ---- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/19 11:17:24 | 000,447,744 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\sJbtigWoqlpSK.exe
[2012/01/19 10:53:21 | 704,565,792 | -H-- | M] () -- C:\Documents and Settings\jeh46727\Desktop\rocket aurora.psd
[2012/01/19 09:06:04 | 000,082,058 | -H-- | M] () -- C:\Documents and Settings\jeh46727\Desktop\2012-13_mountain cove.pdf
[2012/01/19 09:03:39 | 000,368,871 | -H-- | M] () -- C:\Documents and Settings\jeh46727\Desktop\POSTER.jpg
[2012/01/19 08:47:37 | 002,594,559 | -H-- | M] () -- C:\Documents and Settings\jeh46727\Desktop\POSTER.pdf
[2012/01/18 15:50:40 | 000,000,398 | ---- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{34110CE7-C3CF-46D7-8170-4C28C5194E2D}.job
[2012/01/18 14:39:32 | 000,000,028 | -H-- | M] () -- C:\WINDOWS\System32\wininet_dll.iss
[2012/01/18 14:39:31 | 000,000,028 | -H-- | M] () -- C:\WINDOWS\System32\urlmon_dll.iss
[2012/01/18 14:39:31 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\url_dll.iss
[2012/01/18 14:37:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\client.INI
[2012/01/18 14:32:24 | 000,000,914 | -H-- | M] () -- C:\Documents and Settings\jeh46727\Desktop\join.me.lnk
[2012/01/18 13:35:02 | 000,000,484 | -H-- | M] () -- C:\WINDOWS\tasks\Computer Account Inventory Update.job
[2012/01/18 13:30:06 | 000,126,569 | -H-- | M] () -- C:\Documents and Settings\jeh46727\Desktop\GISerror.pdf
[2012/01/18 12:07:24 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/01/18 11:42:40 | 000,444,596 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/18 11:42:40 | 000,072,306 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/18 10:55:21 | 000,002,206 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/18 10:10:06 | 002,252,288 | -H-- | M] () -- C:\Documents and Settings\jeh46727\Desktop\START.mxd
[2012/01/04 12:58:23 | 008,683,255 | -H-- | M] () -- C:\Documents and Settings\jeh46727\Desktop\Settlement+Map+FrCoVA.jpg
[2011/12/29 15:53:57 | 000,015,533 | -H-- | M] () -- C:\Documents and Settings\jeh46727\Desktop\PTO Leave Form.pdf
[2011/12/29 13:49:51 | 000,187,544 | -H-- | M] () -- C:\Documents and Settings\jeh46727\Desktop\aep.pdf
[2011/12/29 10:00:01 | 003,332,288 | -H-- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/29 09:59:42 | 000,000,028 | -H-- | M] () -- C:\WINDOWS\System32\ole32_dll.iss
[2011/12/29 09:59:42 | 000,000,028 | -H-- | M] () -- C:\WINDOWS\System32\crypt32_dll.iss
[2011/12/28 13:09:25 | 000,004,608 | -H-- | M] () -- C:\Documents and Settings\jeh46727\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/27 14:03:25 | 000,120,335 | ---- | M] () -- C:\WINDOWS\AeXCheckAltirisAgent.js
[2011/12/22 08:20:47 | 000,000,028 | -H-- | M] () -- C:\WINDOWS\System32\ntdll_dll.iss
[2011/12/22 08:20:47 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\shell32_dll.iss
[2011/12/21 11:19:25 | 000,001,464 | -H-- | M] () -- C:\Documents and Settings\jeh46727\Desktop\CLEAR MEMORY.lnk
[2011/12/21 08:41:11 | 000,000,028 | -H-- | M] () -- C:\WINDOWS\System32\comctl32_dll.iss
[2011/12/21 08:41:11 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\mswsock_dll.iss
[2011/12/20 15:18:29 | 000,000,028 | -H-- | M] () -- C:\WINDOWS\System32\rpcrt4_dll.iss
[2011/12/20 15:18:29 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\oleaut32_dll.iss
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/19 11:20:25 | 000,447,744 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\sJbtigWoqlpSK.exe
[2012/01/19 09:06:00 | 000,082,058 | -H-- | C] () -- C:\Documents and Settings\jeh46727\Desktop\2012-13_mountain cove.pdf
[2012/01/19 08:54:14 | 000,368,871 | -H-- | C] () -- C:\Documents and Settings\jeh46727\Desktop\POSTER.jpg
[2012/01/19 08:47:34 | 002,594,559 | -H-- | C] () -- C:\Documents and Settings\jeh46727\Desktop\POSTER.pdf
[2012/01/19 08:43:48 | 704,565,792 | -H-- | C] () -- C:\Documents and Settings\jeh46727\Desktop\rocket aurora.psd
[2012/01/18 14:37:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\client.INI
[2012/01/18 14:32:20 | 000,000,920 | -H-- | C] () -- C:\Documents and Settings\jeh46727\Start Menu\Programs\join.me.lnk
[2012/01/18 14:32:20 | 000,000,914 | -H-- | C] () -- C:\Documents and Settings\jeh46727\Desktop\join.me.lnk
[2012/01/18 13:30:04 | 000,126,569 | -H-- | C] () -- C:\Documents and Settings\jeh46727\Desktop\GISerror.pdf
[2012/01/04 12:58:22 | 008,683,255 | -H-- | C] () -- C:\Documents and Settings\jeh46727\Desktop\Settlement+Map+FrCoVA.jpg
[2011/12/29 13:49:50 | 000,187,544 | -H-- | C] () -- C:\Documents and Settings\jeh46727\Desktop\aep.pdf
[2011/12/29 12:41:46 | 000,000,890 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/29 12:41:46 | 000,000,886 | -H-- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/21 11:18:50 | 000,001,464 | -H-- | C] () -- C:\Documents and Settings\jeh46727\Desktop\CLEAR MEMORY.lnk
[2011/12/20 13:55:49 | 000,270,848 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sbe.dll
[2011/12/20 13:55:49 | 000,186,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\encdec.dll
[2011/11/04 11:30:34 | 003,907,640 | ---- | C] () -- C:\WINDOWS\System32\gsdll32.dll
[2011/11/03 08:04:13 | 000,004,608 | -H-- | C] () -- C:\Documents and Settings\jeh46727\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/31 14:33:45 | 000,002,528 | -H-- | C] () -- C:\Documents and Settings\jeh46727\Application Data\$_hpcst$.hpc
[2011/10/25 14:34:44 | 002,195,350 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2011/10/25 11:34:02 | 000,032,256 | -H-- | C] () -- C:\WINDOWS\System32\ntrights.exe
[2011/10/25 11:22:20 | 000,053,237 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2011/10/25 11:19:37 | 000,237,220 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/10/25 11:19:35 | 000,237,220 | -H-- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/10/25 11:19:35 | 000,000,001 | -H-- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/10/25 09:33:31 | 000,008,665 | -H-- | C] () -- C:\WINDOWS\dynamic.ini
[2011/07/20 16:54:18 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2011/07/20 15:10:43 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/07/20 15:06:38 | 000,204,800 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2011/07/20 15:06:38 | 000,192,512 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2011/07/20 15:06:38 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2011/07/20 15:06:38 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2011/07/20 15:06:37 | 000,200,704 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2011/07/20 15:06:37 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2011/07/20 01:03:15 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2011/07/20 01:03:10 | 000,444,596 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2011/07/20 01:03:10 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2011/07/20 01:03:10 | 000,072,306 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2011/07/20 01:03:10 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2011/07/20 01:03:08 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2011/07/20 01:03:08 | 000,004,463 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2011/07/20 01:03:05 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2011/07/20 01:02:57 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2011/07/20 01:02:57 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2011/07/20 01:02:40 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2011/07/20 01:02:36 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2011/07/19 21:31:40 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\HPB2550V.DLL
[2011/07/19 21:31:40 | 000,000,311 | ---- | C] () -- C:\WINDOWS\System32\HPB2550V.DAT
[2011/07/19 21:31:39 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2011/07/19 21:28:55 | 000,001,994 | -H-- | C] () -- C:\WINDOWS\System32\OEMINFO.ini
[2011/07/19 21:18:20 | 000,002,401 | ---- | C] () -- C:\WINDOWS\System32\drivers\AlKernel.sys
[2011/07/19 21:17:02 | 000,002,048 | ---- | C] () -- C:\WINDOWS\bootstat.dat
[2011/07/19 21:13:22 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/07/19 17:08:40 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/07/19 17:08:03 | 003,332,288 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/04/17 08:08:56 | 000,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2008/04/17 08:08:44 | 000,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2007/07/12 21:33:58 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2006/09/26 16:49:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/12 17:17:36 | 000,000,258 | -H-- | C] () -- C:\WINDOWS\AWSHKWV.ini
[1997/06/25 14:24:16 | 000,040,448 | -H-- | C] () -- C:\WINDOWS\System32\RegObj.dll

========== LOP Check ==========

[2011/10/26 07:38:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco Systems
[2011/11/02 20:15:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2011/10/25 11:42:39 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\ESRI
[2011/11/08 12:06:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\PlotSoft
[2011/11/02 20:16:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\jeh46727\Application Data\DAEMON Tools Lite
[2011/10/25 15:10:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\jeh46727\Application Data\DataEast
[2011/11/04 11:02:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\jeh46727\Application Data\EDrawings
[2011/12/08 13:30:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\jeh46727\Application Data\ESRI
[2011/11/02 20:04:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\jeh46727\Application Data\FreeBurner
[2011/11/02 20:43:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\jeh46727\Application Data\InterVideo
[2011/11/02 20:45:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\jeh46727\Application Data\Leadertech
[2011/10/31 10:08:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\jeh46727\Application Data\Softland
[2011/10/25 13:54:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\jeh46727\Application Data\VITA
[2012/01/18 13:35:02 | 000,000,484 | -H-- | M] () -- C:\WINDOWS\Tasks\Computer Account Inventory Update.job
[2012/01/18 15:50:40 | 000,000,398 | ---- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{34110CE7-C3CF-46D7-8170-4C28C5194E2D}.job
[2012/01/19 12:15:00 | 000,000,400 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{6F1E465E-1806-426B-BBF8-D398F24871FE}.job

========== Purity Check ==========



< End of report >








EXTRAS

OTL Extras logfile created on: 1/19/2012 12:11:30 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = E:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.98 Gb Total Physical Memory | 2.03 Gb Available Physical Memory | 68.01% Memory free
4.82 Gb Paging File | 4.09 Gb Available in Paging File | 84.88% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.87 Gb Total Space | 173.45 Gb Free Space | 74.48% Space Free | Partition Type: NTFS
Drive E: | 1.94 Gb Total Space | 0.46 Gb Free Space | 23.81% Space Free | Partition Type: FAT

Computer Name: NG00158029 | User Name: jeh46727 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 1
"DisableConfig" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 4

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications]
"AllowUserPrefMerge" = 1
"Enabled" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Altiris\AClient\Aclient.exe:*:Enabled:aclient.exe" = C:\Program Files\Altiris\AClient\Aclient.exe:*:Enabled:aclient.exe
"C:\Program Files\Altiris\AClient\AClntUsr.exe:*:Enabled:AclntUsr.exe" = C:\Program Files\Altiris\AClient\AClntUsr.exe:*:Enabled:AclntUsr.exe
"c:\Program Files\Network Associates\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service" = c:\Program Files\Network Associates\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service
"Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service" = Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts]
"AllowUserPrefMerge" = 1
"Enabled" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List]
"135:TCP:*:Enabled:RPC" = 135:TCP:*:Enabled:RPC
"135:UDP:*:Enabled:RPC" = 135:UDP:*:Enabled:RPC
"137:UDP:*:Enabled:WINS" = 137:UDP:*:Enabled:WINS
"138:UDP:*:Enabled:NetBIOS" = 138:UDP:*:Enabled:NetBIOS
"139:TCP:*:Enabled:NetBIOS" = 139:TCP:*:Enabled:NetBIOS
"139:UDP:*:Enabled:NetBIOS" = 139:UDP:*:Enabled:NetBIOS
"1433:TCP:*:Enabled:SMS site server to SQL server" = 1433:TCP:*:Enabled:SMS site server to SQL server
"1680:TCP:*:Enabled:CC" = 1680:TCP:*:Enabled:CC
"1723:TCP:*:Enabled:PPTP" = 1723:TCP:*:Enabled:PPTP
"1900:UDP:*:Enabled:UPnP Framework" = 1900:UDP:*:Enabled:UPnP Framework
"2701:TCP:*:Enabled:SMS Remote Control" = 2701:TCP:*:Enabled:SMS Remote Control
"2701:UDP:*:Enabled:SMS Remote Control" = 2701:UDP:*:Enabled:SMS Remote Control
"2702:TCP:*:Enabled:SMS Remote Control" = 2702:TCP:*:Enabled:SMS Remote Control
"2702:UDP:*:Enabled:SMS Remote Control" = 2702:UDP:*:Enabled:SMS Remote Control
"2703:TCP:*:Enabled:SMS Remote Chat" = 2703:TCP:*:Enabled:SMS Remote Chat
"2703:UDP:*:Enabled:SMS Remote Chat" = 2703:UDP:*:Enabled:SMS Remote Chat
"2704:TCP:*:Enabled:SMS Remote File Transfer" = 2704:TCP:*:Enabled:SMS Remote File Transfer
"2704:UDP:*:Enabled:SMS Remote File Transfer" = 2704:UDP:*:Enabled:SMS Remote File Transfer
"2869:TCP:*:Enabled:UPnP Framework" = 2869:TCP:*:Enabled:UPnP Framework
"3268:TCP:*:Enabled:Global Catalog LDAP" = 3268:TCP:*:Enabled:Global Catalog LDAP
"3269:TCP:*:Enabled:Global Catalog LDAP SSL" = 3269:TCP:*:Enabled:Global Catalog LDAP SSL
"3389:TCP:*:Enabled:Remote Desktop" = 3389:TCP:*:Enabled:Remote Desktop
"389:TCP:*:Enabled:LDAP" = 389:TCP:*:Enabled:LDAP
"389:UDP:*:Enabled:LDAP" = 389:UDP:*:Enabled:LDAP
"445:TCP:*:Enabled:Server Message Block(SMB)" = 445:TCP:*:Enabled:Server Message Block(SMB)
"53:TCP:*:Enabled:DNS" = 53:TCP:*:Enabled:DNS
"53:UDP:*:Enabled:DNS" = 53:UDP:*:Enabled:DNS
"636:TCP:*:Enabled:LDAP SSL" = 636:TCP:*:Enabled:LDAP SSL
"67:UDP:*:Enabled:DHCP" = 67:UDP:*:Enabled:DHCP
"80:TCP:*:Enabled:HTTP" = 80:TCP:*:Enabled:HTTP
"80:UDP:*:Enabled:HTTP" = 80:UDP:*:Enabled:HTTP
"88:TCP:*:Enabled:Kerberos" = 88:TCP:*:Enabled:Kerberos
"88:UDP:*:Enabled:Kerberos" = 88:UDP:*:Enabled:Kerberos

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\IcmpSettings]
"AllowOutboundDestinationUnreachable" = 0
"AllowOutboundSourceQuench" = 1
"AllowRedirect" = 0
"AllowInboundEchoRequest" = 1
"AllowInboundRouterRequest" = 0
"AllowOutboundTimeExceeded" = 0
"AllowOutboundParameterProblem" = 0
"AllowInboundTimestampRequest" = 0
"AllowInboundMaskRequest" = 0
"AllowOutboundPacketTooBig" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging]
"LogDroppedPackets" = 1
"LogSuccessfulConnections" = 0
"LogFilePath" = %SYSTEMROOT%\firewall_domain.log -- ()
"LogFileSize" = 4096

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings]
"Enabled" = 1
"RemoteAddresses" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint]
"Enabled" = 1
"RemoteAddresses" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop]
"Enabled" = 1
"RemoteAddresses" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\UPnPFramework]
"Enabled" = 1
"RemoteAddresses" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\AuthorizedApplications]
"AllowUserPrefMerge" = 1
"Enabled" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\AuthorizedApplications\List]
"c:\Program Files\Altiris\AClient\ACLIENT.EXE:*:Enabled:Aclient.exe" = c:\Program Files\Altiris\AClient\ACLIENT.EXE:*:Enabled:Aclient.exe
"c:\Program Files\Altiris\AClient\AClntUsr.EXE:*:Enabled:AclntUsr.exe" = c:\Program Files\Altiris\AClient\AClntUsr.EXE:*:Enabled:AclntUsr.exe
"c:\Program Files\Network Associates\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service" = c:\Program Files\Network Associates\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service
"Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service" = Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\GloballyOpenPorts]
"AllowUserPrefMerge" = 1
"Enabled" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\GloballyOpenPorts\List]
"135:TCP:*:Enabled:RPC" = 135:TCP:*:Enabled:RPC
"135:UDP:*:Enabled:RPC" = 135:UDP:*:Enabled:RPC
"137:UDP:*:Enabled:WINS" = 137:UDP:*:Enabled:WINS
"138:UDP:*:Enabled:NetBIOS" = 138:UDP:*:Enabled:NetBIOS
"139:TCP:*:Enabled:NetBIOS" = 139:TCP:*:Enabled:NetBIOS
"139:UDP:*:Enabled:NetBIOS" = 139:UDP:*:Enabled:NetBIOS
"1433:TCP:*:Enabled:SMS site server to SQL server" = 1433:TCP:*:Enabled:SMS site server to SQL server
"1680:TCP:*:Enabled:CC" = 1680:TCP:*:Enabled:CC
"1723:TCP:*:Enabled:PPTP" = 1723:TCP:*:Enabled:PPTP
"1900:UDP:*:Enabled:UPnP Framework" = 1900:UDP:*:Enabled:UPnP Framework
"2701:TCP:*:Enabled:SMS Remote Control" = 2701:TCP:*:Enabled:SMS Remote Control
"2701:UDP:*:Enabled:SMS Remote Control" = 2701:UDP:*:Enabled:SMS Remote Control
"2702:TCP:*:Enabled:SMS Remote Control" = 2702:TCP:*:Enabled:SMS Remote Control
"2702:UDP:*:Enabled:SMS Remote Control" = 2702:UDP:*:Enabled:SMS Remote Control
"2703:TCP:*:Enabled:SMS Remote Chat" = 2703:TCP:*:Enabled:SMS Remote Chat
"2703:UDP:*:Enabled:SMS Remote Chat" = 2703:UDP:*:Enabled:SMS Remote Chat
"2704:TCP:*:Enabled:SMS Remote File Transfer" = 2704:TCP:*:Enabled:SMS Remote File Transfer
"2704:UDP:*:Enabled:SMS Remote File Transfer" = 2704:UDP:*:Enabled:SMS Remote File Transfer
"2869:TCP:*:Enabled:UPnP Framework" = 2869:TCP:*:Enabled:UPnP Framework
"3268:TCP:*:Enabled:Global Catalog LDAP" = 3268:TCP:*:Enabled:Global Catalog LDAP
"3269:TCP:*:Enabled:Global Catalog LDAP SSL" = 3269:TCP:*:Enabled:Global Catalog LDAP SSL
"3389:TCP:*:Enabled:Remote Desktop" = 3389:TCP:*:Enabled:Remote Desktop
"389:TCP:*:Enabled:LDAP" = 389:TCP:*:Enabled:LDAP
"389:UDP:*:Enabled:LDAP" = 389:UDP:*:Enabled:LDAP
"445:TCP:*:Enabled:Server Message Block(SMB)" = 445:TCP:*:Enabled:Server Message Block(SMB)
"53:TCP:*:Enabled:DNS" = 53:TCP:*:Enabled:DNS
"53:UDP:*:Enabled:DNS" = 53:UDP:*:Enabled:DNS
"636:TCP:*:Enabled:LDAP SSL" = 636:TCP:*:Enabled:LDAP SSL
"67:UDP:*:Enabled:DHCP" = 67:UDP:*:Enabled:DHCP
"80:TCP:*:Enabled:HTTP" = 80:TCP:*:Enabled:HTTP
"80:UDP:*:Enabled:HTTP" = 80:UDP:*:Enabled:HTTP
"88:TCP:*:Enabled:Kerberos" = 88:TCP:*:Enabled:Kerberos
"88:UDP:*:Enabled:Kerberos" = 88:UDP:*:Enabled:Kerberos

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\IcmpSettings]
"AllowOutboundDestinationUnreachable" = 0
"AllowOutboundSourceQuench" = 1
"AllowRedirect" = 0
"AllowInboundEchoRequest" = 1
"AllowInboundRouterRequest" = 0
"AllowOutboundTimeExceeded" = 0
"AllowOutboundParameterProblem" = 0
"AllowInboundTimestampRequest" = 0
"AllowInboundMaskRequest" = 0
"AllowOutboundPacketTooBig" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Logging]
"LogDroppedPackets" = 1
"LogSuccessfulConnections" = 0
"LogFilePath" = %SYSTEMROOT%\Firewall_Standard.log -- ()
"LogFileSize" = 4096

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\RemoteAdminSettings]
"Enabled" = 1
"RemoteAddresses" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\FileAndPrint]
"Enabled" = 1
"RemoteAddresses" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\RemoteDesktop]
"Enabled" = 1
"RemoteAddresses" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\UPnPFramework]
"Enabled" = 1
"RemoteAddresses" =

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Altiris\AClient\AClntUsr.EXE" = C:\Program Files\Altiris\AClient\AClntUsr.EXE:*:Enabled:AClntUsr - AClient Interactive User Service
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio Data Module
"{0780E24D-7FA1-488C-85B7-EDDE11269030}" = Internet Explorer
"{0E19A83E-F53B-40CF-8C91-96F32D955E6A}" = LightScribe System Software 1.10.23.1
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD Plus
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 18
"{30A364D7-F907-474A-903F-8453E4882E57}" = Forefront Identity Manager Add-ins and Extensions
"{332454D8-73B0-4b4a-954C-D96089CD898A}" = Altiris Carbon Copy Solution Agent
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B834B54-EC4B-48E2-BFC6-03FF5DA06F62}" = Adobe Shockwave Player 11.5
"{3D052387-009E-46C9-AD4D-E682B7C92480}" = FileZilla
"{42442BC6-5A92-4BC2-9E0C-3D359D548A21}_is1" = Pazera Free MP4 to AVI Converter 1.5
"{48DB5914-8772-472D-B8DF-E2092BE598F6}" = Adobe Flash Player 10 ActiveX
"{4B2BF9C6-BC16-47CC-9BC7-393B94C5A958}" = Virginia IT Infrastructure Partnership Orientation Guides
"{5033400B-0977-45AB-94CE-CC135A8E1BBB}" = ArcGIS Desktop
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{59613E43-6489-4F70-9684-D71E702EAA8F}" = IE TLS Enable
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{828DF64F-7A21-4E36-92AF-528E3E7723E9}" = Altiris Agent VITA Partnership - VOF
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{8AA32561-D11D-480F-B1E4-2F88A3C0C1F8}" =
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{95120000-0038-0409-0000-0000000FF1CE}" = Time Zone Data Update Tool for Microsoft Office Outlook
"{95120000-0052-0409-0000-0000000FF1CE}" = Microsoft Office Visio Viewer 2007
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{99A23D83-E612-4F37-872D-7F5C88538C65}" = RealPlayer
"{A0A1EB01-A6FD-423A-8480-364055A7C961}" = Altiris Software Delivery Solution Agent
"{A0FB6327-E3A9-4BC4-9B91-E1DD0733E21D}" = Cisco Systems VPN Client 5.0.03.0530
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4D70AE6-8AE2-48FE-BE3A-CA0A47878453}" = CutePDF
"{A91F84C3-4B02-4F34-BDE9-1727050B3882}_is1" = XTools Pro 8.0
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio Audio Module
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio Copy Module
"{B4496BE1-295F-4A17-9856-FEA2C9AA1A47}" = McAfee Agent
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C65D81C3-3FC2-4B01-B515-7C6F805886BC}" = AutoDWG DWG to PDF Converter
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE15D1B6-19B6-4D4D-8F43-CF5D2C3356FF}" = McAfee VirusScan Enterprise
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1399216-81B2-457C-A0F7-73B9A2EF6902}" = PDFill PDF Editor with FREE Writer and FREE Tools
"{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}" = Google SketchUp 8
"{E031338C-839D-4EDD-9537-99B653C39D81}" = Autodesk MapGuide® Viewer ActiveX Control Release 6.5
"{E6622CD7-9B56-4C95-9A15-60D864F22E6A}" = Internet Security Systems' Proventia Desktop
"{E82BD2C7-58B6-4607-8C39-896B4680A289}" = Authorware Player
"{ED0EE09A-8540-4257-8ADE-F127D2FC3E11}" = Alternatiff
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F58C2269-23CC-40A6-891A-08790D49B5EB}" = Windows Media Player Enterprise Deployment
"{FB97C283-1F3C-42D4-AE01-ADC1DC12F774}" = Visual Basic for Applications ® Core
"{FC350782-8982-4BBE-B9BA-B474CCDC935A}" = Altiris Application Metering Agent
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Altiris Carbon Copy Solution Agent " = Altiris Carbon Copy Solution Agent 6.2
"ArcGIS Desktop" = ArcGIS Desktop
"Cisco Connect" = Cisco Connect
"doPDF 7 printer_is1" = doPDF 7.2 printer
"ExtractNow_is1" = ExtractNow
"ie8" = Windows Internet Explorer 8
"LSI Soft Modem" = LSI HDA Modem
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"numpy-py2.5" = Python 2.5 numpy-1.0.3
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PROPLUS" = Microsoft Office Professional Plus 2007
"Python 2.5 numpy-1.0.3" = Python 2.5 numpy-1.0.3
"Python 2.5.1" = Python 2.5.1
"ST6UNST #1" = Enhanced Shapefile Creator 2.0
"ST6UNST #2" = Enhanced Shapefile Creator 2.0 (C:\Program Files\Enhanced Shapefile Creator\)
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"JoinMe" = join.me

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/19/2012 12:31:27 PM | Computer Name = NG00158029 | Source = TrueVector Service | ID = 5003
Description = TrueVector driver: Driver install or load failure: LoadNTDeviceDriver.
Win32 error: The system cannot find the file specified.

Error - 1/19/2012 12:44:10 PM | Computer Name = NG00158029 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 1/19/2012 12:44:11 PM | Computer Name = NG00158029 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 1/19/2012 12:45:17 PM | Computer Name = NG00158029 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 1/19/2012 12:46:09 PM | Computer Name = NG00158029 | Source = UserInit | ID = 1000
Description = Could not execute the following script GP-OU-U-0000 OCS Enable Auto
Run.vbs. The system cannot find the file specified. .

Error - 1/19/2012 12:46:09 PM | Computer Name = NG00158029 | Source = UserInit | ID = 1000
Description = Could not execute the following script S1.cmd. The system cannot find
the file specified. .

Error - 1/19/2012 12:46:09 PM | Computer Name = NG00158029 | Source = UserInit | ID = 1000
Description = Could not execute the following script S1.cmd. The system cannot find
the file specified. .

Error - 1/19/2012 12:46:10 PM | Computer Name = NG00158029 | Source = UserInit | ID = 1000
Description = Could not execute the following script Get-Script.cmd. The system
cannot find the file specified. .

Error - 1/19/2012 12:46:10 PM | Computer Name = NG00158029 | Source = UserInit | ID = 1000
Description = Could not execute the following script Get-Ini.cmd. The system cannot
find the file specified. .

Error - 1/19/2012 12:46:10 PM | Computer Name = NG00158029 | Source = UserInit | ID = 1000
Description = Could not execute the following script GP-OU-U-B005 VOF All Users
Desktop Settings.vbs. The system cannot find the file specified. .

[ OSession Events ]
Error - 11/30/2011 3:40:17 PM | Computer Name = NG00158029 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11841
seconds with 480 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 1/19/2012 12:31:06 PM | Computer Name = NG00158029 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain COV due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 1/19/2012 12:31:20 PM | Computer Name = NG00158029 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 1/19/2012 12:31:21 PM | Computer Name = NG00158029 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 1/19/2012 12:31:45 PM | Computer Name = NG00158029 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 1/19/2012 12:37:30 PM | Computer Name = NG00158029 | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.

Error - 1/19/2012 12:43:58 PM | Computer Name = NG00158029 | Source = Srv | ID = 2000
Description = The server's call to a system service failed unexpectedly.

Error - 1/19/2012 12:43:58 PM | Computer Name = NG00158029 | Source = Srv | ID = 2000
Description = The server's call to a system service failed unexpectedly.

Error - 1/19/2012 12:44:08 PM | Computer Name = NG00158029 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 1/19/2012 12:44:08 PM | Computer Name = NG00158029 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 1/19/2012 12:44:10 PM | Computer Name = NG00158029 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain COV due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.


< End of report >
  • 0

Advertisements

#2
Essexboy
Posted 19 January 2012 - 12:18 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there lets get the files and folders back first

Run the following programme twice

Download RogueKiller to your desktop

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 2 and validate
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.

Second run

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 6 and validate
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.

THEN

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O4 - HKLM..\Run: [sJbtigWoqlpSK.exe] C:\Documents and Settings\All Users\Application Data\sJbtigWoqlpSK.exe ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPublishingWizard = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoOnlinePrintsWizard = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowCpl = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 2 = wscui.cpl (Microsoft Corporation)
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1

    :Files
    ipconfig /flushdns /c
    xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
    xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
    xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
    xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C

    :Commands
    [purity]
    [emptyflash]
    [emptyjava]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

FINALLY

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#3
jogibso1
Posted 19 January 2012 - 01:22 PM

jogibso1

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 135 posts
aswMBR.exe will not run. It downloads, but nothing happens when I double click. Will keep trying but here are the others two logs for now...



RogueKiller V6.2.4 [01/12/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: jeh46727 [Admin rights]
Mode: Shortcuts HJfix -- Date : 01/19/2012 13:48:20

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 3340 / Fail 0
Quick launch: Success 12 / Fail 0
Programs: Success 15581 / Fail 0
Start menu: Success 152 / Fail 0
User folder: Success 4583 / Fail 0
My documents: Success 3305 / Fail 0
My favorites: Success 17 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 29933 / Fail 0
Backup: [FOUND] Success 154 / Fail 1

Drives:
[C:] \Device\HarddiskVolume1 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped
[E:] \Device\Harddisk1\DP(1)0-0+8 -- 0x2 --> Restored
[S:] \Device\LanmanRedirector\;S:000000000007326c\172.22.234.78\vof_new_Depts_Shared -- 0x4 --> Skipped

¤¤¤ Infection : Rogue.FakeHDD ¤¤¤

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt












OTL logfile created on: 1/19/2012 2:02:37 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = E:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.98 Gb Total Physical Memory | 2.10 Gb Available Physical Memory | 70.48% Memory free
4.82 Gb Paging File | 4.09 Gb Available in Paging File | 84.79% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.87 Gb Total Space | 173.44 Gb Free Space | 74.48% Space Free | Partition Type: NTFS
Drive E: | 1.94 Gb Total Space | 0.46 Gb Free Space | 23.72% Space Free | Partition Type: FAT

Computer Name: NG00158029 | User Name: jeh46727 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/19 12:10:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
PRC - [2011/07/20 15:14:31 | 000,145,936 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2011/07/20 15:14:30 | 000,159,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2011/03/18 14:06:37 | 000,209,760 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2011/03/18 14:06:28 | 000,033,648 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
PRC - [2010/12/14 17:22:37 | 000,075,608 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Forefront Identity Manager\2010\Password Reset Client Service\PwdMgmtProxy.exe
PRC - [2010/10/15 15:05:00 | 000,185,664 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2010/10/15 15:05:00 | 000,140,608 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2010/10/15 15:05:00 | 000,120,128 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2010/10/15 15:05:00 | 000,075,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe
PRC - [2010/09/27 11:35:58 | 002,093,322 | ---- | M] (Internet Security Systems, Inc.) -- C:\Program Files\ISS\Proventia Desktop\blackd.exe
PRC - [2010/09/27 11:35:58 | 001,274,122 | ---- | M] (Internet Security Systems, Inc.) -- C:\Program Files\ISS\Proventia Desktop\RapApp.exe
PRC - [2010/09/27 11:35:58 | 000,405,770 | ---- | M] (Internet Security Systems, Inc.) -- C:\Program Files\ISS\Proventia Desktop\vpatch.exe
PRC - [2010/09/07 23:05:34 | 000,254,034 | R--- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\STACSV.EXE
PRC - [2010/02/26 01:37:06 | 001,287,464 | ---- | M] (Altiris, Inc.) -- C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
PRC - [2010/02/26 01:37:00 | 000,173,352 | ---- | M] (Altiris, Inc.) -- C:\Program Files\Altiris\Altiris Agent\AeXAgentUIHost.exe
PRC - [2010/02/23 11:58:10 | 000,385,133 | ---- | M] (Altiris) -- C:\Program Files\Altiris\Altiris Agent\Software Delivery\{01B54EB5-3679-4C73-9E10-E169D5A5EC59}\cache\AeXRunControl.exe
PRC - [2010/01/15 07:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/04/20 18:01:56 | 000,737,280 | R--- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\AESTFLTR.EXE
PRC - [2009/03/27 18:10:56 | 000,014,336 | R--- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
PRC - [2008/04/17 08:08:46 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/07 15:41:18 | 001,437,696 | ---- | M] (Altiris) -- C:\Program Files\Altiris\Carbon Copy\Client.exe
PRC - [2007/03/07 15:41:18 | 000,724,992 | ---- | M] (Altiris) -- C:\Program Files\Altiris\Carbon Copy\ShellKer.exe
PRC - [2007/03/07 15:18:58 | 000,049,152 | ---- | M] (Altiris) -- C:\WINDOWS\system32\CCSRVC.exe
PRC - [2006/09/21 04:20:00 | 000,127,036 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005/07/15 16:48:33 | 000,479,232 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Gmail Notifier\gnotify.exe


========== Modules (No Company Name) ==========

MOD - [2010/10/15 15:05:00 | 000,065,536 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\boost_thread-vc80-mt-1_32.dll
MOD - [2010/09/27 11:35:56 | 000,065,536 | ---- | M] () -- C:\Program Files\ISS\Proventia Desktop\AV\ipsupd.dll
MOD - [2010/09/27 11:35:54 | 000,745,984 | ---- | M] () -- C:\Program Files\ISS\Proventia Desktop\libxml2.dll
MOD - [2010/09/27 11:35:54 | 000,147,968 | ---- | M] () -- C:\Program Files\ISS\Proventia Desktop\libxslt.dll
MOD - [2008/05/20 04:18:10 | 000,094,720 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2008/04/17 08:08:56 | 000,197,408 | ---- | M] () -- C:\WINDOWS\system32\vpnapi.dll
MOD - [2007/08/14 13:43:46 | 006,365,184 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2007/07/12 21:33:58 | 000,087,552 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll
MOD - [2007/07/12 11:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007/07/12 11:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll
MOD - [2007/04/18 19:30:46 | 000,471,040 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\ccme_base.dll
MOD - [2007/04/18 19:30:46 | 000,393,216 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\cryptocme2.dll
MOD - [2007/02/05 15:55:36 | 000,130,560 | ---- | M] () -- C:\Program Files\ISS\Proventia Desktop\AV\libfn.dll
MOD - [2002/01/14 14:49:00 | 000,045,056 | ---- | M] () -- C:\Program Files\ISS\Proventia Desktop\AV\avxdisk.dll
MOD - [2001/07/31 02:17:12 | 000,094,274 | ---- | M] () -- C:\WINDOWS\system32\HPBHEALR.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Unknown | Running] -- -- (VPatch)
SRV - File not found [Unknown | Running] -- -- (RapApp)
SRV - File not found [Unknown | Running] -- -- (BlackICE)
SRV - [2011/07/20 15:14:31 | 000,145,936 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2011/07/20 15:14:30 | 000,159,320 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/03/18 14:06:37 | 000,209,760 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2010/12/14 17:22:37 | 000,075,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Forefront Identity Manager\2010\Password Reset Client Service\PwdMgmtProxy.exe -- (FIMPasswordReset)
SRV - [2010/10/15 15:05:00 | 000,120,128 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2010/09/07 23:05:34 | 000,254,034 | R--- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\STACSV.EXE -- (STacSV)
SRV - [2010/02/26 01:37:06 | 001,287,464 | ---- | M] (Altiris, Inc.) [Auto | Running] -- C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe -- (AeXNSClient)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/03/27 18:10:56 | 000,014,336 | R--- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/04/17 08:08:46 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2007/03/07 15:18:58 | 000,049,152 | ---- | M] (Altiris) [Auto | Running] -- C:\WINDOWS\system32\CCSRVC.exe -- (CarbonCopy32)


========== Driver Services (SafeList) ==========

DRV - [2012/01/19 11:52:38 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/07/20 15:14:31 | 000,436,728 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/07/20 15:14:31 | 000,171,296 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011/07/20 15:14:31 | 000,116,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011/07/20 15:14:31 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2011/07/20 15:14:31 | 000,085,152 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011/07/20 15:14:31 | 000,058,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/09/27 11:35:58 | 000,050,163 | ---- | M] (Internet Security Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RapDrv.sys -- (rap)
DRV - [2010/09/27 11:35:56 | 000,205,938 | ---- | M] (Internet Security Systems, Inc.) [Kernel | Disabled | Running] -- C:\WINDOWS\system32\drivers\Blackcat.sys -- (black)
DRV - [2010/09/27 11:35:56 | 000,080,512 | ---- | M] (Internet Security Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\isskboep.sys -- (MakoNT)
DRV - [2010/09/07 23:05:34 | 001,643,715 | R--- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2010/04/05 23:35:56 | 000,168,616 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1k5132.sys -- (e1kexpress) Intel®
DRV - [2010/04/05 10:44:28 | 006,601,216 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®
DRV - [2010/02/25 14:19:12 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2010/01/28 19:55:06 | 000,058,600 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2009/12/03 06:57:48 | 000,045,984 | R--- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2009/11/20 19:15:18 | 000,137,728 | R--- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV - [2009/11/20 19:15:16 | 000,058,880 | R--- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nusb3hub.sys -- (nusb3hub)
DRV - [2009/09/17 12:54:14 | 000,041,088 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2009/07/21 14:18:58 | 001,161,760 | R--- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/20 14:05:16 | 000,049,152 | R--- | M] (RICOH Company, Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rismc32.sys -- (rismc32)
DRV - [2009/06/25 15:58:10 | 000,048,128 | R--- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009/04/20 19:13:34 | 000,113,664 | R--- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
DRV - [2008/10/11 14:56:00 | 000,045,056 | R--- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/07/29 14:41:36 | 000,038,400 | R--- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2008/07/23 10:31:38 | 000,044,800 | R--- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2008/04/17 08:07:52 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2008/03/29 16:36:28 | 000,125,328 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2007/03/07 15:22:54 | 000,009,216 | ---- | M] (Altiris) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CCDevice.sys -- (CCDevice)
DRV - [2007/01/18 16:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/09/21 04:20:00 | 000,094,460 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/09/21 04:20:00 | 000,088,476 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/09/21 04:20:00 | 000,087,004 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/09/21 04:20:00 | 000,026,044 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/09/21 04:20:00 | 000,015,068 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/09/21 04:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/09/21 04:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2006/07/24 00:00:04 | 000,022,016 | R--- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2006/07/24 00:00:04 | 000,017,920 | R--- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2006/03/17 07:35:24 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/03/17 07:34:46 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/01/26 10:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.state.va.us/cmsportal3
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://vofonline.org [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2011/10/25 11:11:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/23 10:51:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/10/25 13:15:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\jeh46727\Application Data\Mozilla\Extensions
[2011/10/25 13:11:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/23 10:51:16 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/09/28 19:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/10 17:37:38 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/11/08 11:00:06 | 000,001,663 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 172.22.234.78 cov-rpb-nas002.cov.virginia.gov
O1 - Hosts: 10.192.32.76 COVSMICES-ANS01 COVSMICES-ANS01.vita.virginia.gov COVSMICES-ANS01.cov.virginia.gov # Altiris NS ***DO NOT REMOVE OR MODIFY***
O1 - Hosts: 10.192.32.77 COVSMICES-ANS03 COVSMICES-ANS03.vita.virginia.gov COVSMICES-ANS03.cov.virginia.gov # Altiris NS ***DO NOT REMOVE OR MODIFY***
O1 - Hosts: 10.192.32.78 COVSMICES-ANS04 COVSMICES-ANS04.vita.virginia.gov COVSMICES-ANS04.cov.virginia.gov # Altiris NS ***DO NOT REMOVE OR MODIFY***
O1 - Hosts: 10.192.32.79 COVSMICES-ANS05 COVSMICES-ANS05.vita.virginia.gov COVSMICES-ANS05.cov.virginia.gov # Altiris NS ***DO NOT REMOVE OR MODIFY***
O1 - Hosts: 10.192.32.80 COVSMICES-ANS06 COVSMICES-ANS06.vita.virginia.gov COVSMICES-ANS06.cov.virginia.gov # Altiris NS ***DO NOT REMOVE OR MODIFY***
O1 - Hosts: 10.192.32.45 COVSMICES-ANS07 COVSMICES-ANS07.vita.virginia.gov COVSMICES-ANS07.cov.virginia.gov # Altiris NS ***DO NOT REMOVE OR MODIFY***
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110720161443.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [AeXAgentLogon] C:\Program Files\Altiris\Altiris Agent\AeXAgentActivate.exe (Altiris, Inc.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [PasswordRegistration] C:\WINDOWS\system32\MsPwdRegistration.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\SQM present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMSAppLogo5ChannelNotify = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPublishingWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoOnlinePrintsWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonType = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: MaxGPOScriptWait = 32000
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Persistence present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Home = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Fullscreen = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Tools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Print = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Edit = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Cut = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Copy = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Paste = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Encoding = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 181
O15 - HKLM\..Trusted Domains: virginia.gov ([idmportal.cov] https in Local intranet)
O15 - HKCU\..Trusted Domains: virginia.gov ([]* in Local intranet)
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} Reg Error: Key error. (Macromedia Authorware Web Player Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = cov.virginia.gov
O20 - AppInit_DLLs: (AMINIT32.dll) -C:\WINDOWS\System32\AMInit32.dll (Altiris, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (MsPwdGina.dll) -C:\WINDOWS\System32\MsPwdGina.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/07/19 21:15:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{16dc5dee-ffcf-11e0-a1cb-183da27742a0}\Shell\AutoRun\command - "" = E:\Connect.exe
O33 - MountPoints2\{6b4e1eba-03bb-11e1-a1cc-183da27742a0}\Shell - "" = AutoRun
O33 - MountPoints2\{6b4e1eba-03bb-11e1-a1cc-183da27742a0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6b4e1eba-03bb-11e1-a1cc-183da27742a0}\Shell\AutoRun\command - "" = F:\HPLauncher.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\HPLauncher.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/19 13:27:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jeh46727\Desktop\RK_Quarantine
[2012/01/19 13:19:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\jeh46727\Recent
[2012/01/19 12:40:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jeh46727\Start Menu\Programs\System Check
[2012/01/19 11:52:38 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/01/18 16:22:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jeh46727\Desktop\AEP Exports
[2012/01/18 15:01:31 | 000,000,000 | ---D | C] -- C:\logs
[2012/01/18 15:01:07 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/01/18 15:00:24 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Forefront Identity Manager
[2012/01/18 14:32:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jeh46727\Local Settings\Application Data\join.me
[2012/01/18 11:42:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2012/01/11 08:46:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jeh46727\Local Settings\Application Data\Adobe
[2012/01/10 17:34:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jeh46727\Application Data\Adobe
[2012/01/09 16:22:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jeh46727\Local Settings\Application Data\Temp
[2012/01/09 16:20:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012/01/09 16:20:31 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012/01/04 15:42:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Outlook Tools
[2012/01/04 15:42:10 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2011/12/29 12:43:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2011/12/29 12:41:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jeh46727\Local Settings\Application Data\Google
[2011/12/28 12:25:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jeh46727\Desktop\new pics
[2011/12/21 17:09:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2011/12/21 11:41:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jeh46727\Application Data\Malwarebytes
[2011/12/21 11:40:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/12/21 11:40:11 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/12/21 11:40:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/20 15:03:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/19 14:05:00 | 000,000,400 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{6F1E465E-1806-426B-BBF8-D398F24871FE}.job
[2012/01/19 14:01:01 | 000,053,237 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2012/01/19 14:00:24 | 000,053,237 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2012/01/19 14:00:12 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/19 13:59:33 | 000,002,048 | ---- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/19 13:47:19 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/19 13:36:18 | 000,000,484 | ---- | M] () -- C:\WINDOWS\tasks\Computer Account Inventory Update.job
[2012/01/19 13:28:32 | 000,111,872 | ---- | M] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2012/01/19 12:40:55 | 000,000,853 | ---- | M] () -- C:\Documents and Settings\jeh46727\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/01/19 12:40:55 | 000,000,835 | ---- | M] () -- C:\Documents and Settings\jeh46727\Desktop\System Check.lnk
[2012/01/19 12:40:46 | 000,353,536 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SKJPtWREyBGTHO.exe
[2012/01/19 11:52:38 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/01/19 10:53:21 | 704,565,792 | ---- | M] () -- C:\Documents and Settings\jeh46727\Desktop\rocket aurora.psd
[2012/01/19 09:06:04 | 000,082,058 | ---- | M] () -- C:\Documents and Settings\jeh46727\Desktop\2012-13_mountain cove.pdf
[2012/01/19 09:03:39 | 000,368,871 | ---- | M] () -- C:\Documents and Settings\jeh46727\Desktop\POSTER.jpg
[2012/01/19 08:47:37 | 002,594,559 | ---- | M] () -- C:\Documents and Settings\jeh46727\Desktop\POSTER.pdf
[2012/01/18 15:50:40 | 000,000,398 | ---- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{34110CE7-C3CF-46D7-8170-4C28C5194E2D}.job
[2012/01/18 15:00:16 | 000,001,763 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\COV Account Center.lnk
[2012/01/18 14:56:43 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/18 14:41:50 | 000,000,898 | ---- | M] () -- C:\Documents and Settings\jeh46727\Application Data\Microsoft\Internet Explorer\Quick Launch\ArcMap.lnk
[2012/01/18 14:39:32 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\wininet_dll.iss
[2012/01/18 14:39:31 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\urlmon_dll.iss
[2012/01/18 14:39:31 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\url_dll.iss
[2012/01/18 14:37:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\client.INI
[2012/01/18 14:32:24 | 000,000,914 | ---- | M] () -- C:\Documents and Settings\jeh46727\Desktop\join.me.lnk
[2012/01/18 13:30:06 | 000,126,569 | ---- | M] () -- C:\Documents and Settings\jeh46727\Desktop\GISerror.pdf
[2012/01/18 13:29:38 | 000,002,347 | ---- | M] () -- C:\Documents and Settings\jeh46727\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2012/01/18 12:07:24 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/01/18 11:42:40 | 000,444,596 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/18 11:42:40 | 000,072,306 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/18 10:55:21 | 000,002,206 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/18 10:10:06 | 002,252,288 | ---- | M] () -- C:\Documents and Settings\jeh46727\Desktop\START.mxd
[2012/01/17 15:08:39 | 000,002,431 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VPN Client.lnk
[2012/01/09 16:21:13 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2012/01/04 12:58:23 | 008,683,255 | ---- | M] () -- C:\Documents and Settings\jeh46727\Desktop\Settlement+Map+FrCoVA.jpg
[2011/12/29 15:53:57 | 000,015,533 | ---- | M] () -- C:\Documents and Settings\jeh46727\Desktop\PTO Leave Form.pdf
[2011/12/29 13:49:51 | 000,187,544 | ---- | M] () -- C:\Documents and Settings\jeh46727\Desktop\aep.pdf
[2011/12/29 12:43:05 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/12/29 10:00:01 | 003,332,288 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/29 09:59:42 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\ole32_dll.iss
[2011/12/29 09:59:42 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\crypt32_dll.iss
[2011/12/28 13:09:25 | 000,004,608 | -H-- | M] () -- C:\Documents and Settings\jeh46727\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/27 14:03:25 | 000,120,335 | ---- | M] () -- C:\WINDOWS\AeXCheckAltirisAgent.js
[2011/12/22 08:20:47 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\shell32_dll.iss
[2011/12/22 08:20:47 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\ntdll_dll.iss
[2011/12/21 11:19:25 | 000,001,464 | ---- | M] () -- C:\Documents and Settings\jeh46727\Desktop\CLEAR MEMORY.lnk
[2011/12/21 08:41:11 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\mswsock_dll.iss
[2011/12/21 08:41:11 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\comctl32_dll.iss
[2011/12/20 15:18:29 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\rpcrt4_dll.iss
[2011/12/20 15:18:29 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\oleaut32_dll.iss
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/19 13:28:58 | 000,002,431 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VPN Client.lnk
[2012/01/19 13:28:58 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2012/01/19 13:28:58 | 000,001,763 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\COV Account Center.lnk
[2012/01/19 13:28:58 | 000,001,762 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google SketchUp 8.lnk
[2012/01/19 13:28:58 | 000,001,619 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2012/01/19 13:28:58 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/19 13:28:58 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Winamp.lnk
[2012/01/19 13:28:57 | 000,002,353 | ---- | C] () -- C:\Documents and Settings\jeh46727\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office PowerPoint 2007.lnk
[2012/01/19 13:28:57 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\jeh46727\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2012/01/19 13:28:57 | 000,002,337 | ---- | C] () -- C:\Documents and Settings\jeh46727\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2007.lnk
[2012/01/19 13:28:57 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2012/01/19 13:28:57 | 000,001,525 | ---- | C] () -- C:\Documents and Settings\jeh46727\Application Data\Microsoft\Internet Explorer\Quick Launch\Notepad.lnk
[2012/01/19 13:28:57 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\jeh46727\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/01/19 13:28:57 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\jeh46727\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/01/19 13:28:57 | 000,000,603 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AutoDWG DWG2PDF Converter.lnk
[2012/01/19 13:28:57 | 000,000,496 | ---- | C] () -- C:\Documents and Settings\jeh46727\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to ProposedEasements.lnk
[2012/01/19 13:28:57 | 000,000,491 | ---- | C] () -- C:\Documents and Settings\jeh46727\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to START.mxd.lnk
[2012/01/19 13:28:57 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\jeh46727\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/01/19 13:28:56 | 000,001,611 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/01/19 13:28:56 | 000,001,504 | ---- | C] () -- C:\Documents and Settings\jeh46727\Application Data\Microsoft\Internet Explorer\Quick Launch\Calculator.lnk
[2012/01/19 13:28:56 | 000,000,898 | ---- | C] () -- C:\Documents and Settings\jeh46727\Application Data\Microsoft\Internet Explorer\Quick Launch\ArcMap.lnk
[2012/01/19 13:28:56 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\jeh46727\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/01/19 13:28:56 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2012/01/19 13:28:50 | 000,002,359 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft ActiveSync.lnk
[2012/01/19 13:28:48 | 000,001,810 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Cisco Connect.lnk
[2012/01/19 13:28:46 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2012/01/19 13:27:58 | 000,111,872 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2012/01/19 12:40:55 | 000,000,853 | ---- | C] () -- C:\Documents and Settings\jeh46727\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/01/19 12:40:55 | 000,000,835 | ---- | C] () -- C:\Documents and Settings\jeh46727\Desktop\System Check.lnk
[2012/01/19 12:40:46 | 000,353,536 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\SKJPtWREyBGTHO.exe
[2012/01/19 09:06:00 | 000,082,058 | ---- | C] () -- C:\Documents and Settings\jeh46727\Desktop\2012-13_mountain cove.pdf
[2012/01/19 08:54:14 | 000,368,871 | ---- | C] () -- C:\Documents and Settings\jeh46727\Desktop\POSTER.jpg
[2012/01/19 08:47:34 | 002,594,559 | ---- | C] () -- C:\Documents and Settings\jeh46727\Desktop\POSTER.pdf
[2012/01/19 08:43:48 | 704,565,792 | ---- | C] () -- C:\Documents and Settings\jeh46727\Desktop\rocket aurora.psd
[2012/01/18 14:37:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\client.INI
[2012/01/18 14:32:20 | 000,000,920 | ---- | C] () -- C:\Documents and Settings\jeh46727\Start Menu\Programs\join.me.lnk
[2012/01/18 14:32:20 | 000,000,914 | ---- | C] () -- C:\Documents and Settings\jeh46727\Desktop\join.me.lnk
[2012/01/18 13:30:04 | 000,126,569 | ---- | C] () -- C:\Documents and Settings\jeh46727\Desktop\GISerror.pdf
[2012/01/04 12:58:22 | 008,683,255 | ---- | C] () -- C:\Documents and Settings\jeh46727\Desktop\Settlement+Map+FrCoVA.jpg
[2011/12/29 13:49:50 | 000,187,544 | ---- | C] () -- C:\Documents and Settings\jeh46727\Desktop\aep.pdf
[2011/12/29 12:41:46 | 000,000,890 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/29 12:41:46 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/21 11:18:50 | 000,001,464 | ---- | C] () -- C:\Documents and Settings\jeh46727\Desktop\CLEAR MEMORY.lnk
[2011/11/04 11:30:34 | 003,907,640 | ---- | C] () -- C:\WINDOWS\System32\gsdll32.dll
[2011/11/03 08:04:13 | 000,004,608 | -H-- | C] () -- C:\Documents and Settings\jeh46727\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/31 14:33:45 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\jeh46727\Application Data\$_hpcst$.hpc
[2011/10/25 14:34:44 | 002,195,350 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2011/10/25 11:34:02 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\ntrights.exe
[2011/10/25 11:22:20 | 000,053,237 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2011/10/25 11:19:37 | 000,237,220 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/10/25 11:19:35 | 000,237,220 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/10/25 11:19:35 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/10/25 09:33:31 | 000,008,665 | -H-- | C] () -- C:\WINDOWS\dynamic.ini
[2011/07/20 16:54:18 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2011/07/20 15:10:43 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/07/20 15:06:38 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2011/07/20 15:06:38 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2011/07/20 15:06:38 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2011/07/20 15:06:38 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2011/07/20 15:06:37 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2011/07/20 15:06:37 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2011/07/20 01:03:15 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2011/07/20 01:03:10 | 000,444,596 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2011/07/20 01:03:10 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2011/07/20 01:03:10 | 000,072,306 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2011/07/20 01:03:10 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2011/07/20 01:03:08 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2011/07/20 01:03:08 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2011/07/20 01:03:05 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2011/07/20 01:02:57 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2011/07/20 01:02:57 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2011/07/20 01:02:40 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2011/07/20 01:02:36 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2011/07/19 21:31:40 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\HPB2550V.DLL
[2011/07/19 21:31:40 | 000,000,311 | ---- | C] () -- C:\WINDOWS\System32\HPB2550V.DAT
[2011/07/19 21:31:39 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2011/07/19 21:28:55 | 000,001,994 | -H-- | C] () -- C:\WINDOWS\System32\OEMINFO.ini
[2011/07/19 21:18:20 | 000,002,401 | ---- | C] () -- C:\WINDOWS\System32\drivers\AlKernel.sys
[2011/07/19 21:17:02 | 000,002,048 | ---- | C] () -- C:\WINDOWS\bootstat.dat
[2011/07/19 21:13:22 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/07/19 17:08:40 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/07/19 17:08:03 | 003,332,288 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/04/17 08:08:56 | 000,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2008/04/17 08:08:44 | 000,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2007/07/12 21:33:58 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2006/09/26 16:49:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/12 17:17:36 | 000,000,258 | -H-- | C] () -- C:\WINDOWS\AWSHKWV.ini
[1997/06/25 14:24:16 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\RegObj.dll

========== LOP Check ==========

[2011/10/26 07:38:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco Systems
[2011/11/02 20:15:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2011/10/25 11:42:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESRI
[2011/11/08 12:06:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlotSoft
[2011/11/02 20:16:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jeh46727\Application Data\DAEMON Tools Lite
[2011/10/25 15:10:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jeh46727\Application Data\DataEast
[2011/11/04 11:02:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jeh46727\Application Data\EDrawings
[2011/12/08 13:30:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jeh46727\Application Data\ESRI
[2011/11/02 20:04:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jeh46727\Application Data\FreeBurner
[2011/11/02 20:43:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jeh46727\Application Data\InterVideo
[2011/11/02 20:45:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jeh46727\Application Data\Leadertech
[2011/10/31 10:08:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jeh46727\Application Data\Softland
[2011/10/25 13:54:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jeh46727\Application Data\VITA
[2012/01/19 13:36:18 | 000,000,484 | ---- | M] () -- C:\WINDOWS\Tasks\Computer Account Inventory Update.job
[2012/01/18 15:50:40 | 000,000,398 | ---- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{34110CE7-C3CF-46D7-8170-4C28C5194E2D}.job
[2012/01/19 14:05:00 | 000,000,400 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{6F1E465E-1806-426B-BBF8-D398F24871FE}.job

========== Purity Check ==========



< End of report >
  • 0

#4
Essexboy
Posted 19 January 2012 - 01:23 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK that is a clue

Do the following:
Start -> Run
type diskmgmt.msc
Click "OK"

Disk Management will open.

Click and hold the right side of the Disk Management Window and drag it to the right until you can see all the columns.

Take a screen Shot of the Disk Management Window and attach the screen shot to your reply.
  • 0

#5
jogibso1
Posted 19 January 2012 - 01:29 PM

jogibso1

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 135 posts
ok here it is

Attached Thumbnails

  • diskmgt.JPG

  • 0

#6
Essexboy
Posted 19 January 2012 - 01:41 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK first I will try the new version of TDSSKiller as I have had one success with that - If it fails we will need to work outside of windows

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
  • 0

#7
jogibso1
Posted 19 January 2012 - 02:11 PM

jogibso1

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 135 posts
14:43:47.0062 3420 TDSS rootkit removing tool 2.7.6.0 Jan 19 2012 13:09:04
14:43:47.0453 3420 ============================================================
14:43:47.0453 3420 Current date / time: 2012/01/19 14:43:47.0453
14:43:47.0453 3420 SystemInfo:
14:43:47.0453 3420
14:43:47.0453 3420 OS Version: 5.1.2600 ServicePack: 3.0
14:43:47.0453 3420 Product type: Workstation
14:43:47.0453 3420 ComputerName: NG00158029
14:43:47.0453 3420 UserName: jeh46727
14:43:47.0453 3420 Windows directory: C:\WINDOWS
14:43:47.0453 3420 System windows directory: C:\WINDOWS
14:43:47.0453 3420 Processor architecture: Intel x86
14:43:47.0453 3420 Number of processors: 4
14:43:47.0453 3420 Page size: 0x1000
14:43:47.0453 3420 Boot type: Normal boot
14:43:47.0453 3420 ============================================================
14:43:48.0937 3420 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
14:43:48.0937 3420 Drive \Device\Harddisk1\DR9 - Size: 0x7BF80000 (1.94 Gb), SectorSize: 0x200, Cylinders: 0xFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:43:48.0968 3420 Initialize success
14:45:34.0031 3256 ============================================================
14:45:34.0031 3256 Scan started
14:45:34.0031 3256 Mode: Manual; SigCheck; TDLFS;
14:45:34.0031 3256 ============================================================
14:45:34.0265 3256 Abiosdsk - ok
14:45:34.0328 3256 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
14:45:35.0593 3256 abp480n5 - ok
14:45:35.0703 3256 Accelerometer (558a0039f0ef634397e1f61055504478) C:\WINDOWS\system32\DRIVERS\Accelerometer.sys
14:45:35.0781 3256 Accelerometer ( UnsignedFile.Multi.Generic ) - warning
14:45:35.0781 3256 Accelerometer - detected UnsignedFile.Multi.Generic (1)
14:45:35.0828 3256 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:45:35.0906 3256 ACPI - ok
14:45:35.0937 3256 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
14:45:36.0031 3256 ACPIEC - ok
14:45:36.0046 3256 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
14:45:36.0171 3256 adpu160m - ok
14:45:36.0265 3256 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
14:45:36.0343 3256 aec - ok
14:45:36.0390 3256 AESTAud (822d53766d57c90c437536232ece9023) C:\WINDOWS\system32\drivers\AESTAud.sys
14:45:36.0453 3256 AESTAud ( UnsignedFile.Multi.Generic ) - warning
14:45:36.0453 3256 AESTAud - detected UnsignedFile.Multi.Generic (1)
14:45:36.0484 3256 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
14:45:36.0578 3256 AFD - ok
14:45:36.0640 3256 AgereSoftModem (07758c2196a62f207f77556311e7459a) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
14:45:36.0781 3256 AgereSoftModem - ok
14:45:36.0890 3256 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
14:45:36.0968 3256 agp440 - ok
14:45:36.0984 3256 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
14:45:37.0046 3256 agpCPQ - ok
14:45:37.0062 3256 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
14:45:37.0140 3256 Aha154x - ok
14:45:37.0140 3256 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
14:45:37.0265 3256 aic78u2 - ok
14:45:37.0281 3256 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
14:45:37.0375 3256 aic78xx - ok
14:45:37.0390 3256 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
14:45:37.0500 3256 AliIde - ok
14:45:37.0515 3256 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
14:45:37.0593 3256 alim1541 - ok
14:45:37.0625 3256 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
14:45:37.0718 3256 amdagp - ok
14:45:37.0812 3256 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
14:45:37.0875 3256 amsint - ok
14:45:37.0921 3256 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
14:45:38.0000 3256 Arp1394 - ok
14:45:38.0015 3256 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
14:45:38.0156 3256 asc - ok
14:45:38.0171 3256 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
14:45:38.0250 3256 asc3350p - ok
14:45:38.0265 3256 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
14:45:38.0390 3256 asc3550 - ok
14:45:38.0453 3256 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:45:38.0531 3256 AsyncMac - ok
14:45:38.0625 3256 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
14:45:38.0687 3256 atapi - ok
14:45:38.0703 3256 Atdisk - ok
14:45:38.0718 3256 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:45:38.0812 3256 Atmarpc - ok
14:45:38.0828 3256 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
14:45:38.0906 3256 audstub - ok
14:45:38.0906 3256 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
14:45:39.0000 3256 Beep - ok
14:45:39.0046 3256 black (a0d62e5f0999678ede84dc22757edce9) C:\WINDOWS\system32\drivers\BlackCat.sys
14:45:39.0109 3256 black ( UnsignedFile.Multi.Generic ) - warning
14:45:39.0109 3256 black - detected UnsignedFile.Multi.Generic (1)
14:45:39.0109 3256 Suspicious service (NoAccess): BlackICE
14:45:39.0156 3256 BTWUSB (581ca1a9b6f8cba92e3bc8460c14faab) C:\WINDOWS\system32\Drivers\btwusb.sys
14:45:39.0234 3256 BTWUSB - ok
14:45:39.0343 3256 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
14:45:39.0421 3256 cbidf - ok
14:45:39.0437 3256 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
14:45:39.0500 3256 cbidf2k - ok
14:45:39.0531 3256 CCDevice (2d9cc7b50258d0e936b27e95f7485f45) C:\WINDOWS\system32\drivers\CCDevice.sys
14:45:39.0625 3256 CCDevice ( UnsignedFile.Multi.Generic ) - warning
14:45:39.0625 3256 CCDevice - detected UnsignedFile.Multi.Generic (1)
14:45:39.0640 3256 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
14:45:39.0718 3256 cd20xrnt - ok
14:45:39.0750 3256 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
14:45:39.0828 3256 Cdaudio - ok
14:45:39.0843 3256 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
14:45:39.0906 3256 Cdfs - ok
14:45:39.0937 3256 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:45:40.0015 3256 Cdrom - ok
14:45:40.0031 3256 Changer - ok
14:45:40.0046 3256 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
14:45:40.0109 3256 CmBatt - ok
14:45:40.0218 3256 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
14:45:40.0296 3256 CmdIde - ok
14:45:40.0312 3256 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
14:45:40.0375 3256 Compbatt - ok
14:45:40.0390 3256 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
14:45:40.0468 3256 Cpqarray - ok
14:45:40.0500 3256 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
14:45:40.0562 3256 CVirtA - ok
14:45:40.0609 3256 CVPNDRVA (57310c245810b26e378de9e6b22db598) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
14:45:40.0656 3256 CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning
14:45:40.0656 3256 CVPNDRVA - detected UnsignedFile.Multi.Generic (1)
14:45:40.0671 3256 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
14:45:40.0750 3256 dac2w2k - ok
14:45:40.0750 3256 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
14:45:40.0859 3256 dac960nt - ok
14:45:40.0890 3256 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
14:45:40.0968 3256 Disk - ok
14:45:40.0984 3256 DLABOIOM (795278665264c0b13bebbd29ae86b412) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
14:45:41.0046 3256 DLABOIOM ( UnsignedFile.Multi.Generic ) - warning
14:45:41.0046 3256 DLABOIOM - detected UnsignedFile.Multi.Generic (1)
14:45:41.0125 3256 DLACDBHM (7581407a6a3c56860ae31e6e423fe824) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
14:45:41.0156 3256 DLACDBHM ( UnsignedFile.Multi.Generic ) - warning
14:45:41.0156 3256 DLACDBHM - detected UnsignedFile.Multi.Generic (1)
14:45:41.0171 3256 DLADResN (5ca787a303418595294bed9b46dadfdb) C:\WINDOWS\system32\DLA\DLADResN.SYS
14:45:41.0234 3256 DLADResN ( UnsignedFile.Multi.Generic ) - warning
14:45:41.0234 3256 DLADResN - detected UnsignedFile.Multi.Generic (1)
14:45:41.0234 3256 DLAIFS_M (b84498f23d7a9eef825a1a6123bc5854) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
14:45:41.0296 3256 DLAIFS_M ( UnsignedFile.Multi.Generic ) - warning
14:45:41.0296 3256 DLAIFS_M - detected UnsignedFile.Multi.Generic (1)
14:45:41.0296 3256 DLAOPIOM (97eca0ddbe0330e6bb4c79bccfebf3e4) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
14:45:41.0359 3256 DLAOPIOM ( UnsignedFile.Multi.Generic ) - warning
14:45:41.0359 3256 DLAOPIOM - detected UnsignedFile.Multi.Generic (1)
14:45:41.0359 3256 DLAPoolM (571d7ec728ec65a0ee7ea7e618d56a36) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
14:45:41.0406 3256 DLAPoolM ( UnsignedFile.Multi.Generic ) - warning
14:45:41.0406 3256 DLAPoolM - detected UnsignedFile.Multi.Generic (1)
14:45:41.0406 3256 DLARTL_N (693dfd92d41a3d270053cd97834e4960) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
14:45:41.0453 3256 DLARTL_N ( UnsignedFile.Multi.Generic ) - warning
14:45:41.0453 3256 DLARTL_N - detected UnsignedFile.Multi.Generic (1)
14:45:41.0468 3256 DLAUDFAM (248eb7b4554408a741fd6734c55a36c2) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
14:45:41.0531 3256 DLAUDFAM ( UnsignedFile.Multi.Generic ) - warning
14:45:41.0531 3256 DLAUDFAM - detected UnsignedFile.Multi.Generic (1)
14:45:41.0531 3256 DLAUDF_M (1cfabded94431a56cfdbd783b2457e7b) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
14:45:41.0578 3256 DLAUDF_M ( UnsignedFile.Multi.Generic ) - warning
14:45:41.0578 3256 DLAUDF_M - detected UnsignedFile.Multi.Generic (1)
14:45:41.0640 3256 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
14:45:41.0734 3256 dmboot - ok
14:45:41.0843 3256 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
14:45:41.0906 3256 dmio - ok
14:45:41.0937 3256 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
14:45:42.0031 3256 dmload - ok
14:45:42.0046 3256 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
14:45:42.0125 3256 DMusic - ok
14:45:42.0171 3256 DNE (86d52c32a308f84bbc626bff7c1fb710) C:\WINDOWS\system32\DRIVERS\dne2000.sys
14:45:42.0250 3256 DNE - ok
14:45:42.0281 3256 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
14:45:42.0359 3256 dpti2o - ok
14:45:42.0390 3256 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
14:45:42.0468 3256 drmkaud - ok
14:45:42.0500 3256 DRVMCDB (d626b0037e3585c12520f1e5cd67dfde) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
14:45:42.0562 3256 DRVMCDB ( UnsignedFile.Multi.Generic ) - warning
14:45:42.0562 3256 DRVMCDB - detected UnsignedFile.Multi.Generic (1)
14:45:42.0625 3256 DRVNDDM (2aeee1600d0f14ba535f90a1f4411b54) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
14:45:42.0703 3256 DRVNDDM ( UnsignedFile.Multi.Generic ) - warning
14:45:42.0703 3256 DRVNDDM - detected UnsignedFile.Multi.Generic (1)
14:45:42.0750 3256 e1kexpress (8bed3dbbb13d2c8e1c1c9decec309826) C:\WINDOWS\system32\DRIVERS\e1k5132.sys
14:45:43.0687 3256 e1kexpress - ok
14:45:43.0828 3256 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
14:45:43.0906 3256 Fastfat - ok
14:45:43.0921 3256 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
14:45:44.0000 3256 Fdc - ok
14:45:44.0046 3256 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
14:45:44.0125 3256 Fips - ok
14:45:44.0140 3256 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
14:45:44.0218 3256 Flpydisk - ok
14:45:44.0250 3256 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
14:45:44.0328 3256 FltMgr - ok
14:45:44.0343 3256 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:45:44.0406 3256 Fs_Rec - ok
14:45:44.0421 3256 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:45:44.0515 3256 Ftdisk - ok
14:45:44.0640 3256 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:45:44.0703 3256 Gpc - ok
14:45:44.0750 3256 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
14:45:44.0765 3256 HDAudBus ( UnsignedFile.Multi.Generic ) - warning
14:45:44.0765 3256 HDAudBus - detected UnsignedFile.Multi.Generic (1)
14:45:44.0765 3256 HECI (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\WINDOWS\system32\DRIVERS\HECI.sys
14:45:44.0875 3256 HECI - ok
14:45:44.0906 3256 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:45:44.0984 3256 HidUsb - ok
14:45:45.0031 3256 hpdskflt (5953c0952e4dd2b25b9adef05ab0285c) C:\WINDOWS\system32\DRIVERS\hpdskflt.sys
14:45:45.0078 3256 hpdskflt ( UnsignedFile.Multi.Generic ) - warning
14:45:45.0078 3256 hpdskflt - detected UnsignedFile.Multi.Generic (1)
14:45:45.0093 3256 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
14:45:45.0203 3256 hpn - ok
14:45:45.0312 3256 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys
14:45:45.0390 3256 HpqKbFiltr - ok
14:45:45.0421 3256 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
14:45:45.0468 3256 HTTP - ok
14:45:45.0500 3256 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
14:45:45.0562 3256 i2omgmt - ok
14:45:45.0593 3256 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
14:45:45.0671 3256 i2omp - ok
14:45:45.0703 3256 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:45:45.0781 3256 i8042prt - ok
14:45:45.0906 3256 IFXTPM (91c5e9f49f32110ced27e2f902fad607) C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
14:45:46.0015 3256 IFXTPM - ok
14:45:46.0046 3256 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
14:45:46.0109 3256 Imapi - ok
14:45:46.0125 3256 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
14:45:46.0250 3256 ini910u - ok
14:45:46.0265 3256 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
14:45:46.0328 3256 IntelIde - ok
14:45:46.0343 3256 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:45:46.0406 3256 intelppm - ok
14:45:46.0453 3256 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
14:45:46.0531 3256 Ip6Fw - ok
14:45:46.0656 3256 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:45:46.0734 3256 IpFilterDriver - ok
14:45:46.0765 3256 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:45:46.0828 3256 IpInIp - ok
14:45:46.0859 3256 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:45:46.0937 3256 IpNat - ok
14:45:46.0953 3256 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:45:47.0031 3256 IPSec - ok
14:45:47.0062 3256 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
14:45:47.0125 3256 IRENUM - ok
14:45:47.0218 3256 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:45:47.0296 3256 isapnp - ok
14:45:47.0328 3256 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:45:47.0406 3256 Kbdclass - ok
14:45:47.0453 3256 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
14:45:47.0515 3256 kmixer - ok
14:45:47.0531 3256 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
14:45:47.0609 3256 KSecDD - ok
14:45:47.0609 3256 lbrtfdc - ok
14:45:47.0671 3256 MakoNT (dffaaa01a8c2ee03778a758420c7e78e) C:\WINDOWS\system32\drivers\isskboep.sys
14:45:47.0765 3256 MakoNT ( UnsignedFile.Multi.Generic ) - warning
14:45:47.0765 3256 MakoNT - detected UnsignedFile.Multi.Generic (1)
14:45:47.0812 3256 mfeapfk (c0d975d64c1af8057f2d75b1297a6979) C:\WINDOWS\system32\drivers\mfeapfk.sys
14:45:47.0828 3256 mfeapfk - ok
14:45:47.0921 3256 mfeavfk (c169326049a8a03d5f905b34f5a65f8c) C:\WINDOWS\system32\drivers\mfeavfk.sys
14:45:47.0921 3256 mfeavfk - ok
14:45:47.0937 3256 mfeavfk01 - ok
14:45:47.0953 3256 mfebopk (50b0253b2484a306a20d8695c5ae5858) C:\WINDOWS\system32\drivers\mfebopk.sys
14:45:47.0968 3256 mfebopk - ok
14:45:47.0984 3256 mfehidk (188b40866db2ab8ef262febc65291687) C:\WINDOWS\system32\drivers\mfehidk.sys
14:45:48.0093 3256 mfehidk - ok
14:45:48.0140 3256 mferkdet (c1b30af2e18e69bf8ceb39b33f32d3c1) C:\WINDOWS\system32\drivers\mferkdet.sys
14:45:48.0187 3256 mferkdet - ok
14:45:48.0218 3256 mfetdi2k (97ef4ca122ddda4781ff557e65dfb262) C:\WINDOWS\system32\drivers\mfetdi2k.sys
14:45:48.0265 3256 mfetdi2k - ok
14:45:48.0312 3256 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
14:45:48.0390 3256 mnmdd - ok
14:45:48.0437 3256 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
14:45:48.0500 3256 Modem - ok
14:45:48.0593 3256 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:45:48.0671 3256 Mouclass - ok
14:45:48.0703 3256 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:45:48.0796 3256 mouhid - ok
14:45:48.0828 3256 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
14:45:48.0906 3256 MountMgr - ok
14:45:48.0921 3256 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
14:45:49.0046 3256 mraid35x - ok
14:45:49.0062 3256 MRxDAV (e3f17e1ea5256709d4e97ef0da04b3c9) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:45:49.0187 3256 MRxDAV - ok
14:45:49.0312 3256 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:45:49.0453 3256 MRxSmb - ok
14:45:49.0500 3256 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
14:45:49.0578 3256 Msfs - ok
14:45:49.0593 3256 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:45:49.0671 3256 MSKSSRV - ok
14:45:49.0687 3256 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:45:49.0750 3256 MSPCLOCK - ok
14:45:49.0765 3256 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
14:45:49.0828 3256 MSPQM - ok
14:45:49.0937 3256 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:45:50.0015 3256 mssmbios - ok
14:45:50.0062 3256 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
14:45:50.0125 3256 Mup - ok
14:45:50.0187 3256 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
14:45:50.0265 3256 NDIS - ok
14:45:50.0296 3256 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:45:50.0343 3256 NdisTapi - ok
14:45:50.0359 3256 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:45:50.0437 3256 Ndisuio - ok
14:45:50.0515 3256 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:45:50.0593 3256 NdisWan - ok
14:45:50.0593 3256 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
14:45:50.0671 3256 NDProxy - ok
14:45:50.0687 3256 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
14:45:50.0765 3256 NetBIOS - ok
14:45:50.0781 3256 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
14:45:50.0875 3256 NetBT - ok
14:45:51.0046 3256 NETw5x32 (e0e8dfcd98bdbe8468f0202a64541222) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
14:45:51.0312 3256 NETw5x32 - ok
14:45:51.0406 3256 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
14:45:51.0500 3256 NIC1394 - ok
14:45:51.0546 3256 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
14:45:51.0625 3256 Npfs - ok
14:45:51.0656 3256 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
14:45:51.0765 3256 Ntfs - ok
14:45:51.0812 3256 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
14:45:51.0875 3256 Null - ok
14:45:51.0921 3256 nusb3hub (68c890ddb21028cb1ea5551b47b29e1b) C:\WINDOWS\system32\DRIVERS\nusb3hub.sys
14:45:52.0015 3256 nusb3hub - ok
14:45:52.0093 3256 nusb3xhc (2cf970c1a9e05d3b91039c2dd4471c0e) C:\WINDOWS\system32\DRIVERS\nusb3xhc.sys
14:45:52.0234 3256 nusb3xhc - ok
14:45:52.0421 3256 nv (391f3380f1ab0611d29f3d355307d9d3) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
14:45:52.0859 3256 nv - ok
14:45:52.0968 3256 NVHDA (2d2b7b3ad297c659efa1d02852ca9860) C:\WINDOWS\system32\drivers\nvhda32.sys
14:45:53.0031 3256 NVHDA - ok
14:45:53.0062 3256 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:45:53.0156 3256 NwlnkFlt - ok
14:45:53.0171 3256 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:45:53.0265 3256 NwlnkFwd - ok
14:45:53.0296 3256 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
14:45:53.0375 3256 ohci1394 - ok
14:45:53.0390 3256 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
14:45:53.0468 3256 Parport - ok
14:45:53.0546 3256 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
14:45:53.0640 3256 PartMgr - ok
14:45:53.0687 3256 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
14:45:53.0765 3256 ParVdm - ok
14:45:53.0765 3256 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
14:45:53.0843 3256 PCI - ok
14:45:53.0843 3256 PCIDump - ok
14:45:53.0875 3256 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
14:45:53.0937 3256 PCIIde - ok
14:45:53.0953 3256 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
14:45:54.0015 3256 Pcmcia - ok
14:45:54.0031 3256 PDCOMP - ok
14:45:54.0046 3256 PDFRAME - ok
14:45:54.0046 3256 PDRELI - ok
14:45:54.0046 3256 PDRFRAME - ok
14:45:54.0062 3256 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
14:45:54.0187 3256 perc2 - ok
14:45:54.0203 3256 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
14:45:54.0281 3256 perc2hib - ok
14:45:54.0343 3256 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:45:54.0421 3256 PptpMiniport - ok
14:45:54.0421 3256 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
14:45:54.0500 3256 PSched - ok
14:45:54.0500 3256 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:45:54.0609 3256 Ptilink - ok
14:45:54.0718 3256 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
14:45:54.0781 3256 PxHelp20 - ok
14:45:54.0796 3256 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
14:45:54.0890 3256 ql1080 - ok
14:45:54.0906 3256 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
14:45:54.0984 3256 Ql10wnt - ok
14:45:55.0000 3256 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
14:45:55.0093 3256 ql12160 - ok
14:45:55.0093 3256 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
14:45:55.0171 3256 ql1240 - ok
14:45:55.0187 3256 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
14:45:55.0250 3256 ql1280 - ok
14:45:55.0296 3256 rap (b82a399376ead113ed4c0d4df721e7b5) C:\WINDOWS\system32\drivers\RapDrv.sys
14:45:55.0343 3256 rap ( UnsignedFile.Multi.Generic ) - warning
14:45:55.0343 3256 rap - detected UnsignedFile.Multi.Generic (1)
14:45:55.0343 3256 Suspicious service (NoAccess): RapApp
14:45:55.0437 3256 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:45:55.0515 3256 RasAcd - ok
14:45:55.0546 3256 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:45:55.0640 3256 Rasl2tp - ok
14:45:55.0640 3256 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:45:55.0718 3256 RasPppoe - ok
14:45:55.0750 3256 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
14:45:55.0828 3256 Raspti - ok
14:45:55.0843 3256 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:45:55.0921 3256 Rdbss - ok
14:45:55.0937 3256 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:45:56.0015 3256 RDPCDD - ok
14:45:56.0031 3256 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:45:56.0093 3256 rdpdr - ok
14:45:56.0218 3256 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
14:45:56.0343 3256 RDPWD - ok
14:45:56.0390 3256 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
14:45:56.0453 3256 redbook - ok
14:45:56.0500 3256 rimmptsk (df672613fbbcd58c38bb0bc2694bcfb0) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
14:45:56.0593 3256 rimmptsk ( UnsignedFile.Multi.Generic ) - warning
14:45:56.0593 3256 rimmptsk - detected UnsignedFile.Multi.Generic (1)
14:45:56.0609 3256 rimsptsk (d7e09bc852684a7b1fc0f74fe090d45a) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
14:45:56.0687 3256 rimsptsk ( UnsignedFile.Multi.Generic ) - warning
14:45:56.0687 3256 rimsptsk - detected UnsignedFile.Multi.Generic (1)
14:45:56.0703 3256 rismc32 (470fc46e2989f6606043c1c5365b15fd) C:\WINDOWS\system32\DRIVERS\rismc32.sys
14:45:56.0812 3256 rismc32 - ok
14:45:56.0875 3256 rismxdp (b0a7494a9ba7909efac64e05d3f160db) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
14:45:56.0968 3256 rismxdp ( UnsignedFile.Multi.Generic ) - warning
14:45:56.0968 3256 rismxdp - detected UnsignedFile.Multi.Generic (1)
14:45:57.0015 3256 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
14:45:57.0078 3256 sdbus - ok
14:45:57.0109 3256 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:45:57.0171 3256 Secdrv - ok
14:45:57.0203 3256 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
14:45:57.0281 3256 Serial - ok
14:45:57.0312 3256 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
14:45:57.0390 3256 Sfloppy - ok
14:45:57.0406 3256 Simbad - ok
14:45:57.0421 3256 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
14:45:57.0500 3256 sisagp - ok
14:45:57.0578 3256 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
14:45:57.0609 3256 Sparrow - ok
14:45:57.0640 3256 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
14:45:57.0843 3256 splitter - ok
14:45:57.0859 3256 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
14:45:57.0921 3256 sr - ok
14:45:57.0937 3256 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
14:45:58.0046 3256 Srv - ok
14:45:58.0125 3256 STHDA (c24c14d1463375c1c028848b12a70a5e) C:\WINDOWS\system32\drivers\sthda.sys
14:45:58.0250 3256 STHDA ( UnsignedFile.Multi.Generic ) - warning
14:45:58.0250 3256 STHDA - detected UnsignedFile.Multi.Generic (1)
14:45:58.0281 3256 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
14:45:58.0359 3256 swenum - ok
14:45:58.0437 3256 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
14:45:58.0531 3256 swmidi - ok
14:45:58.0562 3256 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
14:45:58.0671 3256 symc810 - ok
14:45:58.0703 3256 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
14:45:58.0812 3256 symc8xx - ok
14:45:58.0828 3256 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
14:45:58.0921 3256 sym_hi - ok
14:45:58.0921 3256 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
14:45:59.0031 3256 sym_u3 - ok
14:45:59.0062 3256 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
14:45:59.0125 3256 sysaudio - ok
14:45:59.0156 3256 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:45:59.0234 3256 Tcpip - ok
14:45:59.0265 3256 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
14:45:59.0343 3256 TDPIPE - ok
14:45:59.0390 3256 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
14:45:59.0453 3256 TDTCP - ok
14:45:59.0484 3256 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
14:45:59.0546 3256 TermDD - ok
14:45:59.0593 3256 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
14:45:59.0687 3256 TosIde - ok
14:45:59.0718 3256 TrueSight (f69641efdb19acb4753b0155f7fdeed5) c:\windows\system32\drivers\TrueSight.sys
14:45:59.0828 3256 TrueSight ( UnsignedFile.Multi.Generic ) - warning
14:45:59.0828 3256 TrueSight - detected UnsignedFile.Multi.Generic (1)
14:45:59.0875 3256 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
14:45:59.0953 3256 Udfs - ok
14:46:00.0000 3256 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
14:46:00.0093 3256 ultra - ok
14:46:00.0203 3256 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
14:46:00.0312 3256 Update - ok
14:46:00.0390 3256 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:46:00.0484 3256 usbccgp - ok
14:46:00.0656 3256 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:46:00.0750 3256 usbehci - ok
14:46:00.0796 3256 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:46:00.0890 3256 usbhub - ok
14:46:00.0984 3256 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:46:01.0093 3256 usbscan - ok
14:46:01.0203 3256 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:46:01.0296 3256 USBSTOR - ok
14:46:01.0390 3256 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
14:46:01.0484 3256 usb_rndisx - ok
14:46:01.0640 3256 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
14:46:01.0734 3256 VgaSave - ok
14:46:01.0812 3256 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
14:46:01.0937 3256 viaagp - ok
14:46:02.0078 3256 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
14:46:02.0156 3256 ViaIde - ok
14:46:02.0187 3256 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
14:46:02.0296 3256 VolSnap - ok
14:46:02.0296 3256 Suspicious service (NoAccess): VPatch
14:46:02.0375 3256 vsdatant (27b3dd12a19eec50220df15b64913dda) C:\WINDOWS\system32\vsdatant.sys
14:46:02.0406 3256 vsdatant - ok
14:46:02.0468 3256 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:46:02.0562 3256 Wanarp - ok
14:46:02.0671 3256 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
14:46:02.0750 3256 Wdf01000 - ok
14:46:02.0765 3256 WDICA - ok
14:46:02.0828 3256 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
14:46:02.0921 3256 wdmaud - ok
14:46:03.0000 3256 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
14:46:03.0062 3256 WmiAcpi - ok
14:46:03.0156 3256 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
14:46:03.0203 3256 WpdUsb - ok
14:46:03.0250 3256 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:46:03.0296 3256 WudfPf - ok
14:46:03.0312 3256 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:46:03.0343 3256 WudfRd - ok
14:46:03.0406 3256 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
14:46:03.0437 3256 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
14:46:03.0437 3256 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
14:46:03.0468 3256 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
14:46:03.0468 3256 \Device\Harddisk0\DR0 - detected TDSS File System (1)
14:46:03.0468 3256 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR9
14:46:03.0656 3256 \Device\Harddisk1\DR9 - ok
14:46:03.0671 3256 Boot (0x1200) (19191113f6ab146babca12c0eca8d02f) \Device\Harddisk0\DR0\Partition0
14:46:03.0671 3256 \Device\Harddisk0\DR0\Partition0 - ok
14:46:03.0671 3256 Boot (0x1200) (9f11ac9ab90004e3f543e2002ee81d60) \Device\Harddisk1\DR9\Partition0
14:46:03.0671 3256 \Device\Harddisk1\DR9\Partition0 - ok
14:46:03.0671 3256 ============================================================
14:46:03.0671 3256 Scan finished
14:46:03.0671 3256 ============================================================
14:46:03.0812 4948 Detected object count: 27
14:46:03.0812 4948 Actual detected object count: 27
14:46:19.0390 4948 Accelerometer ( UnsignedFile.Multi.Generic ) - skipped by user
14:46:19.0390 4948 Accelerometer ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:46:19.0390 4948 AESTAud ( UnsignedFile.Multi.Generic ) - skipped by user
14:46:19.0390 4948 AESTAud ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:46:19.0390 4948 black ( UnsignedFile.Multi.Generic ) - skipped by user
14:46:19.0390 4948 black ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:46:19.0390 4948 CCDevice ( UnsignedFile.Multi.Generic ) - skipped by user
14:46:19.0390 4948 CCDevice ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:46:19.0406 4948 CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user
14:46:19.0406 4948 CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:46:19.0406 4948 DLABOIOM ( UnsignedFile.Multi.Generic ) - skipped by user
14:46:19.0406 4948 DLABOIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:46:19.0406 4948 DLACDBHM ( UnsignedFile.Multi.Generic ) - skipped by user
14:46:19.0406 4948 DLACDBHM ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:46:19.0421 4948 DLADResN ( UnsignedFile.Multi.Generic ) - skipped by user
14:46:19.0421 4948 DLADResN ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:46:19.0421 4948 DLAIFS_M ( UnsignedFile.Multi.Generic ) - skipped by user
14:46:19.0421 4948 DLAIFS_M ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:46:19.0421 4948 DLAOPIOM ( UnsignedFile.Multi.Generic ) - skipped by user
14:46:19.0421 4948 DLAOPIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:46:19.0437 4948 DLAPoolM ( UnsignedFile.Multi.Generic ) - skipped by user
14:46:19.0437 4948 DLAPoolM ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:46:19.0437 4948 DLARTL_N ( UnsignedFile.Multi.Generic ) - skipped by user
14:46:19.0437 4948 DLARTL_N ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:46:19.0437 4948 DLAUDFAM ( UnsignedFile.Multi.Generic ) - skipped by user
14:46:19.0437 4948 DLAUDFAM ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:46:19.0453 4948 DLAUDF_M ( UnsignedFile.Multi.Generic ) - skipped by user
14:46:19.0453 4948 DLAUDF_M ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:46:19.0453 4948 DRVMCDB ( UnsignedFile.Multi.Generic ) - skipped by user
14:46:19.0453 4948 DRVMCDB ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:46:19.0453 4948 DRVNDDM ( UnsignedFile.Multi.Generic ) - skipped by user
14:46:19.0453 4948 DRVNDDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:46:19.0468 4948 HDAudBus ( UnsignedFile.Multi.Generic ) - skipped by user
14:46:19.0468 4948 HDAudBus ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:46:19.0468 4948 hpdskflt ( UnsignedFile.Multi.Generic ) - skipped by user
14:46:19.0468 4948 hpdskflt ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:46:19.0468 4948 MakoNT ( UnsignedFile.Multi.Generic ) - skipped by user
14:46:19.0468 4948 MakoNT ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:46:19.0484 4948 rap ( UnsignedFile.Multi.Generic ) - skipped by user
14:46:19.0484 4948 rap ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:46:19.0484 4948 rimmptsk ( UnsignedFile.Multi.Generic ) - skipped by user
14:46:19.0484 4948 rimmptsk ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:46:19.0484 4948 rimsptsk ( UnsignedFile.Multi.Generic ) - skipped by user
14:46:19.0484 4948 rimsptsk ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:46:19.0500 4948 rismxdp ( UnsignedFile.Multi.Generic ) - skipped by user
14:46:19.0500 4948 rismxdp ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:46:19.0500 4948 STHDA ( UnsignedFile.Multi.Generic ) - skipped by user
14:46:19.0500 4948 STHDA ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:46:19.0500 4948 TrueSight ( UnsignedFile.Multi.Generic ) - skipped by user
14:46:19.0500 4948 TrueSight ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:46:19.0562 4948 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot
14:46:19.0562 4948 \Device\Harddisk0\DR0 - ok
14:46:19.0562 4948 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure
14:46:19.0562 4948 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
14:46:19.0562 4948 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
14:46:55.0406 3900 Deinitialize success
  • 0

#8
Essexboy
Posted 19 January 2012 - 02:18 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you now take another screenshot of disc management for me please
  • 0

#9
jogibso1
Posted 19 January 2012 - 02:23 PM

jogibso1

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 135 posts
ok

Attached Thumbnails

  • disc.JPG

  • 0

#10
Essexboy
Posted 19 January 2012 - 02:24 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK that either cured it or made it go invisible,,,, Could you run TDSSKiller one more time please
  • 0

Advertisements

#11
jogibso1
Posted 19 January 2012 - 02:35 PM

jogibso1

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 135 posts
15:31:59.0812 1552 TDSS rootkit removing tool 2.7.6.0 Jan 19 2012 13:09:04
15:32:00.0281 1552 ============================================================
15:32:00.0281 1552 Current date / time: 2012/01/19 15:32:00.0281
15:32:00.0281 1552 SystemInfo:
15:32:00.0281 1552
15:32:00.0281 1552 OS Version: 5.1.2600 ServicePack: 3.0
15:32:00.0281 1552 Product type: Workstation
15:32:00.0281 1552 ComputerName: NG00158029
15:32:00.0281 1552 UserName: jeh46727
15:32:00.0281 1552 Windows directory: C:\WINDOWS
15:32:00.0281 1552 System windows directory: C:\WINDOWS
15:32:00.0281 1552 Processor architecture: Intel x86
15:32:00.0281 1552 Number of processors: 4
15:32:00.0281 1552 Page size: 0x1000
15:32:00.0281 1552 Boot type: Normal boot
15:32:00.0281 1552 ============================================================
15:32:01.0843 1552 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
15:32:01.0921 1552 Initialize success
15:32:06.0859 2516 ============================================================
15:32:06.0859 2516 Scan started
15:32:06.0859 2516 Mode: Manual; SigCheck; TDLFS;
15:32:06.0859 2516 ============================================================
15:32:07.0312 2516 Abiosdsk - ok
15:32:07.0343 2516 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
15:32:08.0484 2516 abp480n5 - ok
15:32:08.0609 2516 Accelerometer (558a0039f0ef634397e1f61055504478) C:\WINDOWS\system32\DRIVERS\Accelerometer.sys
15:32:08.0687 2516 Accelerometer ( UnsignedFile.Multi.Generic ) - warning
15:32:08.0687 2516 Accelerometer - detected UnsignedFile.Multi.Generic (1)
15:32:08.0718 2516 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:32:08.0812 2516 ACPI - ok
15:32:08.0828 2516 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
15:32:08.0921 2516 ACPIEC - ok
15:32:08.0937 2516 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
15:32:09.0078 2516 adpu160m - ok
15:32:09.0171 2516 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
15:32:09.0265 2516 aec - ok
15:32:09.0296 2516 AESTAud (822d53766d57c90c437536232ece9023) C:\WINDOWS\system32\drivers\AESTAud.sys
15:32:09.0375 2516 AESTAud ( UnsignedFile.Multi.Generic ) - warning
15:32:09.0375 2516 AESTAud - detected UnsignedFile.Multi.Generic (1)
15:32:09.0421 2516 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
15:32:09.0562 2516 AFD - ok
15:32:09.0625 2516 AgereSoftModem (07758c2196a62f207f77556311e7459a) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
15:32:09.0750 2516 AgereSoftModem - ok
15:32:09.0859 2516 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
15:32:09.0937 2516 agp440 - ok
15:32:09.0953 2516 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
15:32:10.0015 2516 agpCPQ - ok
15:32:10.0031 2516 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
15:32:10.0109 2516 Aha154x - ok
15:32:10.0109 2516 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
15:32:10.0250 2516 aic78u2 - ok
15:32:10.0281 2516 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
15:32:10.0406 2516 aic78xx - ok
15:32:10.0437 2516 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
15:32:10.0546 2516 AliIde - ok
15:32:10.0546 2516 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
15:32:10.0625 2516 alim1541 - ok
15:32:10.0750 2516 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
15:32:10.0828 2516 amdagp - ok
15:32:10.0843 2516 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
15:32:10.0921 2516 amsint - ok
15:32:10.0953 2516 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
15:32:11.0015 2516 Arp1394 - ok
15:32:11.0046 2516 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
15:32:11.0203 2516 asc - ok
15:32:11.0218 2516 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
15:32:11.0312 2516 asc3350p - ok
15:32:11.0406 2516 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
15:32:11.0531 2516 asc3550 - ok
15:32:11.0578 2516 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:32:11.0671 2516 AsyncMac - ok
15:32:11.0671 2516 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
15:32:11.0750 2516 atapi - ok
15:32:11.0765 2516 Atdisk - ok
15:32:11.0781 2516 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:32:11.0875 2516 Atmarpc - ok
15:32:11.0906 2516 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
15:32:11.0984 2516 audstub - ok
15:32:12.0062 2516 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
15:32:12.0140 2516 Beep - ok
15:32:12.0265 2516 black (a0d62e5f0999678ede84dc22757edce9) C:\WINDOWS\system32\drivers\BlackCat.sys
15:32:12.0359 2516 black ( UnsignedFile.Multi.Generic ) - warning
15:32:12.0359 2516 black - detected UnsignedFile.Multi.Generic (1)
15:32:12.0359 2516 Suspicious service (NoAccess): BlackICE
15:32:12.0406 2516 BTWUSB (581ca1a9b6f8cba92e3bc8460c14faab) C:\WINDOWS\system32\Drivers\btwusb.sys
15:32:12.0500 2516 BTWUSB - ok
15:32:12.0531 2516 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
15:32:12.0609 2516 cbidf - ok
15:32:12.0625 2516 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
15:32:12.0687 2516 cbidf2k - ok
15:32:12.0718 2516 CCDevice (2d9cc7b50258d0e936b27e95f7485f45) C:\WINDOWS\system32\drivers\CCDevice.sys
15:32:12.0828 2516 CCDevice ( UnsignedFile.Multi.Generic ) - warning
15:32:12.0828 2516 CCDevice - detected UnsignedFile.Multi.Generic (1)
15:32:12.0906 2516 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
15:32:12.0984 2516 cd20xrnt - ok
15:32:13.0031 2516 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
15:32:13.0093 2516 Cdaudio - ok
15:32:13.0140 2516 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
15:32:13.0203 2516 Cdfs - ok
15:32:13.0234 2516 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:32:13.0312 2516 Cdrom - ok
15:32:13.0312 2516 Changer - ok
15:32:13.0343 2516 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
15:32:13.0406 2516 CmBatt - ok
15:32:13.0437 2516 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
15:32:13.0546 2516 CmdIde - ok
15:32:13.0546 2516 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
15:32:13.0625 2516 Compbatt - ok
15:32:13.0640 2516 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
15:32:13.0703 2516 Cpqarray - ok
15:32:13.0750 2516 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
15:32:13.0812 2516 CVirtA - ok
15:32:13.0921 2516 CVPNDRVA (57310c245810b26e378de9e6b22db598) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
15:32:14.0000 2516 CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning
15:32:14.0000 2516 CVPNDRVA - detected UnsignedFile.Multi.Generic (1)
15:32:14.0015 2516 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
15:32:14.0109 2516 dac2w2k - ok
15:32:14.0125 2516 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
15:32:14.0281 2516 dac960nt - ok
15:32:14.0359 2516 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
15:32:14.0421 2516 Disk - ok
15:32:14.0484 2516 DLABOIOM (795278665264c0b13bebbd29ae86b412) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
15:32:14.0562 2516 DLABOIOM ( UnsignedFile.Multi.Generic ) - warning
15:32:14.0562 2516 DLABOIOM - detected UnsignedFile.Multi.Generic (1)
15:32:14.0578 2516 DLACDBHM (7581407a6a3c56860ae31e6e423fe824) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
15:32:14.0625 2516 DLACDBHM ( UnsignedFile.Multi.Generic ) - warning
15:32:14.0625 2516 DLACDBHM - detected UnsignedFile.Multi.Generic (1)
15:32:14.0640 2516 DLADResN (5ca787a303418595294bed9b46dadfdb) C:\WINDOWS\system32\DLA\DLADResN.SYS
15:32:14.0687 2516 DLADResN ( UnsignedFile.Multi.Generic ) - warning
15:32:14.0687 2516 DLADResN - detected UnsignedFile.Multi.Generic (1)
15:32:14.0703 2516 DLAIFS_M (b84498f23d7a9eef825a1a6123bc5854) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
15:32:14.0781 2516 DLAIFS_M ( UnsignedFile.Multi.Generic ) - warning
15:32:14.0781 2516 DLAIFS_M - detected UnsignedFile.Multi.Generic (1)
15:32:14.0843 2516 DLAOPIOM (97eca0ddbe0330e6bb4c79bccfebf3e4) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
15:32:14.0906 2516 DLAOPIOM ( UnsignedFile.Multi.Generic ) - warning
15:32:14.0906 2516 DLAOPIOM - detected UnsignedFile.Multi.Generic (1)
15:32:14.0937 2516 DLAPoolM (571d7ec728ec65a0ee7ea7e618d56a36) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
15:32:15.0000 2516 DLAPoolM ( UnsignedFile.Multi.Generic ) - warning
15:32:15.0000 2516 DLAPoolM - detected UnsignedFile.Multi.Generic (1)
15:32:15.0031 2516 DLARTL_N (693dfd92d41a3d270053cd97834e4960) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
15:32:15.0093 2516 DLARTL_N ( UnsignedFile.Multi.Generic ) - warning
15:32:15.0093 2516 DLARTL_N - detected UnsignedFile.Multi.Generic (1)
15:32:15.0109 2516 DLAUDFAM (248eb7b4554408a741fd6734c55a36c2) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
15:32:15.0171 2516 DLAUDFAM ( UnsignedFile.Multi.Generic ) - warning
15:32:15.0171 2516 DLAUDFAM - detected UnsignedFile.Multi.Generic (1)
15:32:15.0171 2516 DLAUDF_M (1cfabded94431a56cfdbd783b2457e7b) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
15:32:15.0265 2516 DLAUDF_M ( UnsignedFile.Multi.Generic ) - warning
15:32:15.0265 2516 DLAUDF_M - detected UnsignedFile.Multi.Generic (1)
15:32:15.0375 2516 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
15:32:15.0484 2516 dmboot - ok
15:32:15.0546 2516 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
15:32:15.0609 2516 dmio - ok
15:32:15.0640 2516 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
15:32:15.0734 2516 dmload - ok
15:32:15.0750 2516 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
15:32:15.0828 2516 DMusic - ok
15:32:15.0859 2516 DNE (86d52c32a308f84bbc626bff7c1fb710) C:\WINDOWS\system32\DRIVERS\dne2000.sys
15:32:15.0875 2516 DNE - ok
15:32:15.0968 2516 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
15:32:16.0062 2516 dpti2o - ok
15:32:16.0093 2516 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
15:32:16.0156 2516 drmkaud - ok
15:32:16.0203 2516 DRVMCDB (d626b0037e3585c12520f1e5cd67dfde) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
15:32:16.0250 2516 DRVMCDB ( UnsignedFile.Multi.Generic ) - warning
15:32:16.0250 2516 DRVMCDB - detected UnsignedFile.Multi.Generic (1)
15:32:16.0265 2516 DRVNDDM (2aeee1600d0f14ba535f90a1f4411b54) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
15:32:16.0328 2516 DRVNDDM ( UnsignedFile.Multi.Generic ) - warning
15:32:16.0328 2516 DRVNDDM - detected UnsignedFile.Multi.Generic (1)
15:32:16.0375 2516 e1kexpress (8bed3dbbb13d2c8e1c1c9decec309826) C:\WINDOWS\system32\DRIVERS\e1k5132.sys
15:32:16.0687 2516 e1kexpress - ok
15:32:16.0812 2516 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
15:32:16.0890 2516 Fastfat - ok
15:32:16.0906 2516 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
15:32:16.0984 2516 Fdc - ok
15:32:17.0015 2516 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
15:32:17.0093 2516 Fips - ok
15:32:17.0125 2516 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
15:32:17.0203 2516 Flpydisk - ok
15:32:17.0234 2516 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
15:32:17.0296 2516 FltMgr - ok
15:32:17.0359 2516 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:32:17.0437 2516 Fs_Rec - ok
15:32:17.0484 2516 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:32:17.0562 2516 Ftdisk - ok
15:32:17.0609 2516 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:32:17.0687 2516 Gpc - ok
15:32:17.0734 2516 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:32:17.0734 2516 HDAudBus ( UnsignedFile.Multi.Generic ) - warning
15:32:17.0734 2516 HDAudBus - detected UnsignedFile.Multi.Generic (1)
15:32:17.0750 2516 HECI (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\WINDOWS\system32\DRIVERS\HECI.sys
15:32:17.0890 2516 HECI - ok
15:32:17.0984 2516 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:32:18.0062 2516 HidUsb - ok
15:32:18.0109 2516 hpdskflt (5953c0952e4dd2b25b9adef05ab0285c) C:\WINDOWS\system32\DRIVERS\hpdskflt.sys
15:32:18.0187 2516 hpdskflt ( UnsignedFile.Multi.Generic ) - warning
15:32:18.0187 2516 hpdskflt - detected UnsignedFile.Multi.Generic (1)
15:32:18.0218 2516 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
15:32:18.0328 2516 hpn - ok
15:32:18.0375 2516 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys
15:32:18.0500 2516 HpqKbFiltr - ok
15:32:18.0609 2516 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
15:32:18.0640 2516 HTTP - ok
15:32:18.0671 2516 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
15:32:18.0734 2516 i2omgmt - ok
15:32:18.0765 2516 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
15:32:18.0843 2516 i2omp - ok
15:32:18.0890 2516 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:32:18.0968 2516 i8042prt - ok
15:32:19.0015 2516 IFXTPM (91c5e9f49f32110ced27e2f902fad607) C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
15:32:19.0156 2516 IFXTPM - ok
15:32:19.0281 2516 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
15:32:19.0359 2516 Imapi - ok
15:32:19.0406 2516 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
15:32:19.0546 2516 ini910u - ok
15:32:19.0562 2516 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
15:32:19.0640 2516 IntelIde - ok
15:32:19.0671 2516 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:32:19.0734 2516 intelppm - ok
15:32:19.0765 2516 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
15:32:19.0843 2516 Ip6Fw - ok
15:32:19.0921 2516 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:32:20.0000 2516 IpFilterDriver - ok
15:32:20.0046 2516 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:32:20.0109 2516 IpInIp - ok
15:32:20.0125 2516 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:32:20.0218 2516 IpNat - ok
15:32:20.0250 2516 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:32:20.0328 2516 IPSec - ok
15:32:20.0343 2516 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
15:32:20.0421 2516 IRENUM - ok
15:32:20.0500 2516 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:32:20.0593 2516 isapnp - ok
15:32:20.0625 2516 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:32:20.0703 2516 Kbdclass - ok
15:32:20.0750 2516 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
15:32:20.0812 2516 kmixer - ok
15:32:20.0828 2516 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
15:32:20.0890 2516 KSecDD - ok
15:32:20.0906 2516 lbrtfdc - ok
15:32:20.0968 2516 MakoNT (dffaaa01a8c2ee03778a758420c7e78e) C:\WINDOWS\system32\drivers\isskboep.sys
15:32:21.0078 2516 MakoNT ( UnsignedFile.Multi.Generic ) - warning
15:32:21.0078 2516 MakoNT - detected UnsignedFile.Multi.Generic (1)
15:32:21.0171 2516 mfeapfk (c0d975d64c1af8057f2d75b1297a6979) C:\WINDOWS\system32\drivers\mfeapfk.sys
15:32:21.0234 2516 mfeapfk - ok
15:32:21.0296 2516 mfeavfk (c169326049a8a03d5f905b34f5a65f8c) C:\WINDOWS\system32\drivers\mfeavfk.sys
15:32:21.0375 2516 mfeavfk - ok
15:32:21.0390 2516 mfeavfk01 - ok
15:32:21.0421 2516 mfebopk (50b0253b2484a306a20d8695c5ae5858) C:\WINDOWS\system32\drivers\mfebopk.sys
15:32:21.0484 2516 mfebopk - ok
15:32:21.0515 2516 mfehidk (188b40866db2ab8ef262febc65291687) C:\WINDOWS\system32\drivers\mfehidk.sys
15:32:21.0640 2516 mfehidk - ok
15:32:21.0703 2516 mferkdet (c1b30af2e18e69bf8ceb39b33f32d3c1) C:\WINDOWS\system32\drivers\mferkdet.sys
15:32:21.0750 2516 mferkdet - ok
15:32:21.0765 2516 mfetdi2k (97ef4ca122ddda4781ff557e65dfb262) C:\WINDOWS\system32\drivers\mfetdi2k.sys
15:32:21.0828 2516 mfetdi2k - ok
15:32:21.0906 2516 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
15:32:22.0328 2516 mnmdd - ok
15:32:22.0375 2516 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
15:32:22.0437 2516 Modem - ok
15:32:22.0468 2516 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:32:22.0546 2516 Mouclass - ok
15:32:22.0578 2516 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:32:22.0671 2516 mouhid - ok
15:32:22.0703 2516 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
15:32:22.0781 2516 MountMgr - ok
15:32:22.0843 2516 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
15:32:22.0984 2516 mraid35x - ok
15:32:23.0015 2516 MRxDAV (e3f17e1ea5256709d4e97ef0da04b3c9) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:32:23.0125 2516 MRxDAV - ok
15:32:23.0171 2516 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:32:23.0343 2516 MRxSmb - ok
15:32:23.0437 2516 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
15:32:23.0531 2516 Msfs - ok
15:32:23.0562 2516 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:32:23.0640 2516 MSKSSRV - ok
15:32:23.0656 2516 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:32:23.0718 2516 MSPCLOCK - ok
15:32:23.0734 2516 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
15:32:23.0812 2516 MSPQM - ok
15:32:23.0843 2516 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:32:23.0921 2516 mssmbios - ok
15:32:23.0968 2516 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
15:32:24.0046 2516 Mup - ok
15:32:24.0171 2516 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
15:32:24.0234 2516 NDIS - ok
15:32:24.0281 2516 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:32:24.0328 2516 NdisTapi - ok
15:32:24.0343 2516 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:32:24.0421 2516 Ndisuio - ok
15:32:24.0453 2516 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:32:24.0531 2516 NdisWan - ok
15:32:24.0531 2516 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
15:32:24.0640 2516 NDProxy - ok
15:32:24.0671 2516 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
15:32:24.0750 2516 NetBIOS - ok
15:32:24.0812 2516 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
15:32:24.0890 2516 NetBT - ok
15:32:25.0062 2516 NETw5x32 (e0e8dfcd98bdbe8468f0202a64541222) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
15:32:25.0218 2516 NETw5x32 - ok
15:32:25.0312 2516 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
15:32:25.0406 2516 NIC1394 - ok
15:32:25.0484 2516 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
15:32:25.0546 2516 Npfs - ok
15:32:25.0578 2516 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
15:32:25.0687 2516 Ntfs - ok
15:32:25.0734 2516 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
15:32:25.0812 2516 Null - ok
15:32:25.0843 2516 nusb3hub (68c890ddb21028cb1ea5551b47b29e1b) C:\WINDOWS\system32\DRIVERS\nusb3hub.sys
15:32:25.0984 2516 nusb3hub - ok
15:32:26.0062 2516 nusb3xhc (2cf970c1a9e05d3b91039c2dd4471c0e) C:\WINDOWS\system32\DRIVERS\nusb3xhc.sys
15:32:26.0203 2516 nusb3xhc - ok
15:32:26.0406 2516 nv (391f3380f1ab0611d29f3d355307d9d3) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
15:32:26.0812 2516 nv - ok
15:32:26.0937 2516 NVHDA (2d2b7b3ad297c659efa1d02852ca9860) C:\WINDOWS\system32\drivers\nvhda32.sys
15:32:26.0984 2516 NVHDA - ok
15:32:27.0015 2516 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:32:27.0109 2516 NwlnkFlt - ok
15:32:27.0125 2516 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:32:27.0218 2516 NwlnkFwd - ok
15:32:27.0265 2516 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
15:32:27.0328 2516 ohci1394 - ok
15:32:27.0359 2516 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
15:32:27.0437 2516 Parport - ok
15:32:27.0515 2516 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
15:32:27.0593 2516 PartMgr - ok
15:32:27.0640 2516 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
15:32:27.0718 2516 ParVdm - ok
15:32:27.0734 2516 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
15:32:27.0796 2516 PCI - ok
15:32:27.0796 2516 PCIDump - ok
15:32:27.0828 2516 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
15:32:27.0890 2516 PCIIde - ok
15:32:27.0906 2516 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
15:32:27.0968 2516 Pcmcia - ok
15:32:27.0984 2516 PDCOMP - ok
15:32:28.0000 2516 PDFRAME - ok
15:32:28.0000 2516 PDRELI - ok
15:32:28.0000 2516 PDRFRAME - ok
15:32:28.0015 2516 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
15:32:28.0156 2516 perc2 - ok
15:32:28.0171 2516 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
15:32:28.0250 2516 perc2hib - ok
15:32:28.0312 2516 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:32:28.0375 2516 PptpMiniport - ok
15:32:28.0453 2516 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
15:32:28.0562 2516 PSched - ok
15:32:28.0562 2516 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:32:28.0671 2516 Ptilink - ok
15:32:28.0703 2516 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
15:32:28.0781 2516 PxHelp20 - ok
15:32:28.0796 2516 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
15:32:28.0890 2516 ql1080 - ok
15:32:28.0890 2516 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
15:32:28.0968 2516 Ql10wnt - ok
15:32:29.0000 2516 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
15:32:29.0093 2516 ql12160 - ok
15:32:29.0093 2516 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
15:32:29.0171 2516 ql1240 - ok
15:32:29.0171 2516 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
15:32:29.0250 2516 ql1280 - ok
15:32:29.0296 2516 rap (b82a399376ead113ed4c0d4df721e7b5) C:\WINDOWS\system32\drivers\RapDrv.sys
15:32:29.0359 2516 rap ( UnsignedFile.Multi.Generic ) - warning
15:32:29.0359 2516 rap - detected UnsignedFile.Multi.Generic (1)
15:32:29.0359 2516 Suspicious service (NoAccess): RapApp
15:32:29.0453 2516 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:32:29.0531 2516 RasAcd - ok
15:32:29.0562 2516 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:32:29.0640 2516 Rasl2tp - ok
15:32:29.0656 2516 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:32:29.0718 2516 RasPppoe - ok
15:32:29.0750 2516 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
15:32:29.0828 2516 Raspti - ok
15:32:29.0859 2516 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:32:29.0921 2516 Rdbss - ok
15:32:29.0937 2516 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:32:30.0015 2516 RDPCDD - ok
15:32:30.0093 2516 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:32:30.0171 2516 rdpdr - ok
15:32:30.0250 2516 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
15:32:30.0281 2516 RDPWD - ok
15:32:30.0328 2516 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
15:32:30.0390 2516 redbook - ok
15:32:30.0437 2516 rimmptsk (df672613fbbcd58c38bb0bc2694bcfb0) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
15:32:30.0562 2516 rimmptsk ( UnsignedFile.Multi.Generic ) - warning
15:32:30.0562 2516 rimmptsk - detected UnsignedFile.Multi.Generic (1)
15:32:30.0593 2516 rimsptsk (d7e09bc852684a7b1fc0f74fe090d45a) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
15:32:30.0703 2516 rimsptsk ( UnsignedFile.Multi.Generic ) - warning
15:32:30.0703 2516 rimsptsk - detected UnsignedFile.Multi.Generic (1)
15:32:30.0765 2516 rismc32 (470fc46e2989f6606043c1c5365b15fd) C:\WINDOWS\system32\DRIVERS\rismc32.sys
15:32:30.0906 2516 rismc32 - ok
15:32:30.0937 2516 rismxdp (b0a7494a9ba7909efac64e05d3f160db) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
15:32:31.0046 2516 rismxdp ( UnsignedFile.Multi.Generic ) - warning
15:32:31.0046 2516 rismxdp - detected UnsignedFile.Multi.Generic (1)
15:32:31.0109 2516 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
15:32:31.0171 2516 sdbus - ok
15:32:31.0281 2516 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:32:31.0375 2516 Secdrv - ok
15:32:31.0390 2516 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
15:32:31.0468 2516 Serial - ok
15:32:31.0515 2516 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
15:32:31.0593 2516 Sfloppy - ok
15:32:31.0593 2516 Simbad - ok
15:32:31.0625 2516 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
15:32:31.0703 2516 sisagp - ok
15:32:31.0718 2516 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
15:32:31.0781 2516 Sparrow - ok
15:32:31.0890 2516 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
15:32:31.0953 2516 splitter - ok
15:32:31.0968 2516 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
15:32:32.0031 2516 sr - ok
15:32:32.0062 2516 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
15:32:32.0203 2516 Srv - ok
15:32:32.0250 2516 STHDA (c24c14d1463375c1c028848b12a70a5e) C:\WINDOWS\system32\drivers\sthda.sys
15:32:32.0343 2516 STHDA ( UnsignedFile.Multi.Generic ) - warning
15:32:32.0343 2516 STHDA - detected UnsignedFile.Multi.Generic (1)
15:32:32.0453 2516 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
15:32:32.0531 2516 swenum - ok
15:32:32.0562 2516 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
15:32:32.0656 2516 swmidi - ok
15:32:32.0703 2516 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
15:32:32.0828 2516 symc810 - ok
15:32:32.0843 2516 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
15:32:32.0968 2516 symc8xx - ok
15:32:32.0984 2516 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
15:32:33.0062 2516 sym_hi - ok
15:32:33.0062 2516 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
15:32:33.0218 2516 sym_u3 - ok
15:32:33.0328 2516 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
15:32:33.0390 2516 sysaudio - ok
15:32:33.0421 2516 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:32:33.0515 2516 Tcpip - ok
15:32:33.0546 2516 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
15:32:33.0640 2516 TDPIPE - ok
15:32:33.0656 2516 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
15:32:33.0734 2516 TDTCP - ok
15:32:33.0765 2516 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
15:32:33.0843 2516 TermDD - ok
15:32:33.0875 2516 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
15:32:33.0953 2516 TosIde - ok
15:32:34.0000 2516 TrueSight (f69641efdb19acb4753b0155f7fdeed5) c:\windows\system32\drivers\TrueSight.sys
15:32:34.0093 2516 TrueSight ( UnsignedFile.Multi.Generic ) - warning
15:32:34.0093 2516 TrueSight - detected UnsignedFile.Multi.Generic (1)
15:32:34.0203 2516 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
15:32:34.0281 2516 Udfs - ok
15:32:34.0343 2516 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
15:32:34.0421 2516 ultra - ok
15:32:34.0453 2516 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
15:32:34.0562 2516 Update - ok
15:32:34.0593 2516 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:32:34.0671 2516 usbccgp - ok
15:32:34.0687 2516 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:32:34.0750 2516 usbehci - ok
15:32:34.0843 2516 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:32:34.0921 2516 usbhub - ok
15:32:34.0953 2516 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:32:35.0031 2516 usbscan - ok
15:32:35.0078 2516 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:32:35.0156 2516 USBSTOR - ok
15:32:35.0218 2516 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
15:32:35.0281 2516 usb_rndisx - ok
15:32:35.0296 2516 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
15:32:35.0375 2516 VgaSave - ok
15:32:35.0421 2516 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
15:32:35.0500 2516 viaagp - ok
15:32:35.0546 2516 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
15:32:35.0609 2516 ViaIde - ok
15:32:35.0625 2516 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
15:32:35.0703 2516 VolSnap - ok
15:32:35.0703 2516 Suspicious service (NoAccess): VPatch
15:32:35.0750 2516 vsdatant (27b3dd12a19eec50220df15b64913dda) C:\WINDOWS\system32\vsdatant.sys
15:32:35.0796 2516 vsdatant - ok
15:32:35.0812 2516 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:32:35.0890 2516 Wanarp - ok
15:32:35.0937 2516 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
15:32:36.0015 2516 Wdf01000 - ok
15:32:36.0031 2516 WDICA - ok
15:32:36.0109 2516 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
15:32:36.0187 2516 wdmaud - ok
15:32:36.0234 2516 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
15:32:36.0296 2516 WmiAcpi - ok
15:32:36.0328 2516 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
15:32:36.0375 2516 WpdUsb - ok
15:32:36.0406 2516 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:32:36.0468 2516 WudfPf - ok
15:32:36.0484 2516 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:32:36.0515 2516 WudfRd - ok
15:32:36.0562 2516 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
15:32:36.0703 2516 \Device\Harddisk0\DR0 - ok
15:32:36.0703 2516 Boot (0x1200) (19191113f6ab146babca12c0eca8d02f) \Device\Harddisk0\DR0\Partition0
15:32:36.0703 2516 \Device\Harddisk0\DR0\Partition0 - ok
15:32:36.0703 2516 ============================================================
15:32:36.0703 2516 Scan finished
15:32:36.0703 2516 ============================================================
15:32:36.0812 3608 Detected object count: 25
15:32:36.0812 3608 Actual detected object count: 25
15:32:59.0296 3608 Accelerometer ( UnsignedFile.Multi.Generic ) - skipped by user
15:32:59.0296 3608 Accelerometer ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:32:59.0296 3608 AESTAud ( UnsignedFile.Multi.Generic ) - skipped by user
15:32:59.0296 3608 AESTAud ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:32:59.0312 3608 black ( UnsignedFile.Multi.Generic ) - skipped by user
15:32:59.0312 3608 black ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:32:59.0312 3608 CCDevice ( UnsignedFile.Multi.Generic ) - skipped by user
15:32:59.0312 3608 CCDevice ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:32:59.0312 3608 CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user
15:32:59.0312 3608 CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:32:59.0328 3608 DLABOIOM ( UnsignedFile.Multi.Generic ) - skipped by user
15:32:59.0328 3608 DLABOIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:32:59.0328 3608 DLACDBHM ( UnsignedFile.Multi.Generic ) - skipped by user
15:32:59.0328 3608 DLACDBHM ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:32:59.0328 3608 DLADResN ( UnsignedFile.Multi.Generic ) - skipped by user
15:32:59.0328 3608 DLADResN ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:32:59.0343 3608 DLAIFS_M ( UnsignedFile.Multi.Generic ) - skipped by user
15:32:59.0343 3608 DLAIFS_M ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:32:59.0343 3608 DLAOPIOM ( UnsignedFile.Multi.Generic ) - skipped by user
15:32:59.0343 3608 DLAOPIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:32:59.0343 3608 DLAPoolM ( UnsignedFile.Multi.Generic ) - skipped by user
15:32:59.0343 3608 DLAPoolM ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:32:59.0359 3608 DLARTL_N ( UnsignedFile.Multi.Generic ) - skipped by user
15:32:59.0359 3608 DLARTL_N ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:32:59.0359 3608 DLAUDFAM ( UnsignedFile.Multi.Generic ) - skipped by user
15:32:59.0359 3608 DLAUDFAM ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:32:59.0359 3608 DLAUDF_M ( UnsignedFile.Multi.Generic ) - skipped by user
15:32:59.0359 3608 DLAUDF_M ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:32:59.0375 3608 DRVMCDB ( UnsignedFile.Multi.Generic ) - skipped by user
15:32:59.0375 3608 DRVMCDB ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:32:59.0375 3608 DRVNDDM ( UnsignedFile.Multi.Generic ) - skipped by user
15:32:59.0375 3608 DRVNDDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:32:59.0375 3608 HDAudBus ( UnsignedFile.Multi.Generic ) - skipped by user
15:32:59.0375 3608 HDAudBus ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:32:59.0390 3608 hpdskflt ( UnsignedFile.Multi.Generic ) - skipped by user
15:32:59.0390 3608 hpdskflt ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:32:59.0390 3608 MakoNT ( UnsignedFile.Multi.Generic ) - skipped by user
15:32:59.0390 3608 MakoNT ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:32:59.0390 3608 rap ( UnsignedFile.Multi.Generic ) - skipped by user
15:32:59.0390 3608 rap ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:32:59.0406 3608 rimmptsk ( UnsignedFile.Multi.Generic ) - skipped by user
15:32:59.0406 3608 rimmptsk ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:32:59.0406 3608 rimsptsk ( UnsignedFile.Multi.Generic ) - skipped by user
15:32:59.0406 3608 rimsptsk ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:32:59.0406 3608 rismxdp ( UnsignedFile.Multi.Generic ) - skipped by user
15:32:59.0406 3608 rismxdp ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:32:59.0421 3608 STHDA ( UnsignedFile.Multi.Generic ) - skipped by user
15:32:59.0421 3608 STHDA ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:32:59.0421 3608 TrueSight ( UnsignedFile.Multi.Generic ) - skipped by user
15:32:59.0421 3608 TrueSight ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:33:04.0906 0204 Deinitialize success
  • 0

#12
Essexboy
Posted 19 January 2012 - 04:05 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
What are your current problems ?

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#13
jogibso1
Posted 19 January 2012 - 04:57 PM

jogibso1

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 135 posts
none at the moment, will have to finish up tomorrow...stay tuned and THANK YOU SO MUCH
  • 0

#14
jogibso1
Posted 20 January 2012 - 07:41 AM

jogibso1

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 135 posts
it did freeze up on me briefly, possibly unrelated?
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.18.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
jeh46727 :: NG00158029 [administrator]

1/19/2012 4:19:02 PM
mbam-log-2012-01-19 (16-19-02).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 304752
Time elapsed: 58 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#15
Essexboy
Posted 20 January 2012 - 09:59 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
As a final check could you re-run aswMBR please
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP