Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

User cannot access Google [Closed]

Started by Brandon Jones , Oct 24 2012 01:58 PM

  • This topic is locked This topic is locked

#1
Brandon Jones
Posted 24 October 2012 - 01:58 PM

Brandon Jones

    Member

  • Member
  • PipPip
  • 57 posts
I have a user that reported that she was not able to visit Google. Also our antivirus will not install. Below is the OTL scan. The computer is a member of a domain, and I am logged in as a user that has administrative rights.


OTL logfile created on: 10/24/2012 3:53:21 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = \\hawk\d\csdsupp\D7\3rd Party Tools
Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.46 Gb Total Physical Memory | 2.73 Gb Available Physical Memory | 78.68% Memory free
6.93 Gb Paging File | 6.16 Gb Available in Paging File | 88.97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148.66 Gb Total Space | 117.72 Gb Free Space | 79.19% Space Free | Partition Type: NTFS

Computer Name: GDN13286 | User Name: brandonj | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/05 16:57:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- \\hawk\d\csdsupp\D7\3rd Party Tools\OTL.exe
PRC - [2012/09/11 02:51:17 | 000,302,160 | ---- | M] (Total Defense, Inc.) -- C:\Program Files\CA\TotalDefense\EndPointClient\EndpointProtection\ccschedulersvc.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 08:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/20 08:17:31 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rdpclip.exe
PRC - [2010/04/07 08:57:42 | 000,099,896 | ---- | M] (HP) -- C:\Windows\System32\HPSIsvc.exe


========== Modules (No Company Name) ==========

MOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 16:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe -- (UmxEngine)
SRV - File not found [Auto | Stopped] -- C:\Program Files\CA\SharedComponents\Agent\TDAgent.exe -- (TD Agent Service)
SRV - File not found [Auto | Stopped] -- C:\Program Files\CA\SharedComponents\AMS\win\x86\CAAMSvc.exe -- (CAAMSvc)
SRV - [2012/09/11 02:51:21 | 000,180,224 | ---- | M] (Total Defense, Inc.) [Auto | Stopped] -- C:\Program Files\CA\TotalDefense\EndPointClient\EndpointProtection\isafe.exe -- (isafe)
SRV - [2012/09/11 02:51:17 | 000,302,160 | ---- | M] (Total Defense, Inc.) [Auto | Running] -- C:\Program Files\CA\TotalDefense\EndPointClient\EndpointProtection\ccschedulersvc.exe -- (ccSchedulerSvc)
SRV - [2012/09/11 02:51:16 | 000,220,240 | ---- | M] (Total Defense, Inc.) [Auto | Stopped] -- C:\Program Files\CA\Entitlement\ccprovsp.exe -- (Total Defense Common Elevation Service)
SRV - [2011/12/08 14:09:13 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/06/12 12:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/04/07 08:57:42 | 000,099,896 | ---- | M] (HP) [Auto | Running] -- C:\Windows\System32\HPSIsvc.exe -- (HPSIService)
SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\brandonj\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2011/10/27 16:07:50 | 000,170,064 | ---- | M] (Total Defense) [File_System | Boot | Running] -- C:\Windows\System32\drivers\KmxAMRT.sys -- (KmxAMRT)
DRV - [2011/10/26 12:51:22 | 000,083,536 | ---- | M] (CA) [File_System | System | Running] -- C:\Windows\System32\drivers\KmxAgent.sys -- (KmxAgent)
DRV - [2011/09/06 22:03:36 | 000,331,344 | ---- | M] (CA) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KmxCfg.sys -- (KmxCfg)
DRV - [2010/11/20 08:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 08:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 08:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 08:30:12 | 000,077,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV - [2010/11/20 06:24:41 | 000,112,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 06:24:40 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/11/20 06:21:14 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\terminpt.sys -- (terminpt)
DRV - [2010/11/20 06:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 05:14:49 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/20 05:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 05:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/03/05 19:40:57 | 000,017,408 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mvusbews.sys -- (mvusbews)
DRV - [2009/12/30 11:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/07/13 18:02:52 | 000,164,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1k6032.sys -- (e1kexpress)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gdn.edu
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/04/25 09:47:50 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2012/10/24 15:42:26 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: Allow-LogonScript-NetbiosDisabled = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: MaxGPOScriptWait = 1800
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\VetRedir.dll (Total Defense, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\VetRedir.dll (Total Defense, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\VetRedir.dll (Total Defense, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 168.26.240.23 168.26.240.20
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = gdn.peachnet.edu
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{33F73D10-61D4-4B46-A4E7-5149ED46E466}: DhcpNameServer = 168.26.240.23 168.26.240.20
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/24 14:51:38 | 000,000,000 | ---D | C] -- C:\Users\brandonj\AppData\Roaming\Macromedia
[2012/10/24 14:43:20 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/10/24 14:43:19 | 000,000,000 | ---D | C] -- C:\Users\brandonj\AppData\Local\temp
[2012/10/24 14:32:09 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/10/24 14:32:09 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/10/24 14:32:09 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/10/24 14:31:55 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/10/24 14:31:44 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/10/24 11:49:48 | 000,000,000 | ---D | C] -- C:\Users\brandonj\Desktop\RK_Quarantine
[2012/10/24 11:41:24 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/10/23 18:00:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Defense for Business
[2012/10/23 17:33:21 | 000,000,000 | ---D | C] -- C:\Program Files\CA
[2012/10/23 17:16:00 | 000,027,192 | ---- | C] (VS Revo Group) -- C:\Windows\System32\drivers\revoflt.sys
[2012/10/23 17:16:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
[2012/10/23 17:15:59 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2012/10/23 14:45:08 | 000,000,000 | ---D | C] -- C:\Users\brandonj\AppData\Roaming\Malwarebytes
[2012/10/23 14:44:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/10/23 14:44:54 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/10/23 14:44:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/10/23 14:44:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/10/11 03:00:42 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/10/11 03:00:41 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/10/03 11:30:17 | 000,000,000 | ---D | C] -- \aimnetwork
[2012/09/27 03:00:32 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OxpsConverter.exe
[2012/09/25 19:19:56 | 000,000,000 | ---D | C] -- C:\Users\brandonj\AppData\Local\Adobe
[2012/09/25 19:19:55 | 000,000,000 | ---D | C] -- C:\Users\brandonj\AppData\Roaming\Adobe
[2012/09/25 19:19:53 | 000,000,000 | ---D | C] -- C:\Users\brandonj\AppData\Roaming\Apple Computer
[2012/09/25 19:19:46 | 000,000,000 | R--D | C] -- C:\Users\brandonj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/09/25 19:19:46 | 000,000,000 | R--D | C] -- C:\Users\brandonj\Searches
[2012/09/25 19:19:46 | 000,000,000 | R--D | C] -- C:\Users\brandonj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/09/25 19:19:46 | 000,000,000 | -H-D | C] -- C:\Users\brandonj\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/09/25 19:19:37 | 000,000,000 | ---D | C] -- C:\Users\brandonj\AppData\Roaming\Identities
[2012/09/25 19:19:36 | 000,000,000 | R--D | C] -- C:\Users\brandonj\Contacts
[2012/09/25 19:17:26 | 000,000,000 | ---D | C] -- C:\Users\brandonj\AppData\Local\VirtualStore
[2012/09/25 19:17:22 | 000,000,000 | -HSD | C] -- C:\Users\brandonj\AppData\Local\Temporary Internet Files
[2012/09/25 19:17:22 | 000,000,000 | -HSD | C] -- C:\Users\brandonj\Templates
[2012/09/25 19:17:22 | 000,000,000 | -HSD | C] -- C:\Users\brandonj\Start Menu
[2012/09/25 19:17:22 | 000,000,000 | -HSD | C] -- C:\Users\brandonj\SendTo
[2012/09/25 19:17:22 | 000,000,000 | -HSD | C] -- C:\Users\brandonj\Recent
[2012/09/25 19:17:22 | 000,000,000 | -HSD | C] -- C:\Users\brandonj\PrintHood
[2012/09/25 19:17:22 | 000,000,000 | -HSD | C] -- C:\Users\brandonj\NetHood
[2012/09/25 19:17:22 | 000,000,000 | -HSD | C] -- C:\Users\brandonj\Documents\My Videos
[2012/09/25 19:17:22 | 000,000,000 | -HSD | C] -- C:\Users\brandonj\Documents\My Pictures
[2012/09/25 19:17:22 | 000,000,000 | -HSD | C] -- C:\Users\brandonj\Documents\My Music
[2012/09/25 19:17:22 | 000,000,000 | -HSD | C] -- C:\Users\brandonj\My Documents
[2012/09/25 19:17:22 | 000,000,000 | -HSD | C] -- C:\Users\brandonj\Local Settings
[2012/09/25 19:17:22 | 000,000,000 | -HSD | C] -- C:\Users\brandonj\AppData\Local\History
[2012/09/25 19:17:22 | 000,000,000 | -HSD | C] -- C:\Users\brandonj\Cookies
[2012/09/25 19:17:22 | 000,000,000 | -HSD | C] -- C:\Users\brandonj\Application Data
[2012/09/25 19:17:22 | 000,000,000 | -HSD | C] -- C:\Users\brandonj\AppData\Local\Application Data
[2012/09/25 19:17:21 | 000,000,000 | --SD | C] -- C:\Users\brandonj\AppData\Roaming\Microsoft
[2012/09/25 19:17:21 | 000,000,000 | R--D | C] -- C:\Users\brandonj\Videos
[2012/09/25 19:17:21 | 000,000,000 | R--D | C] -- C:\Users\brandonj\Saved Games
[2012/09/25 19:17:21 | 000,000,000 | R--D | C] -- C:\Users\brandonj\Pictures
[2012/09/25 19:17:21 | 000,000,000 | R--D | C] -- C:\Users\brandonj\Music
[2012/09/25 19:17:21 | 000,000,000 | R--D | C] -- C:\Users\brandonj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/09/25 19:17:21 | 000,000,000 | R--D | C] -- C:\Users\brandonj\Links
[2012/09/25 19:17:21 | 000,000,000 | R--D | C] -- C:\Users\brandonj\Favorites
[2012/09/25 19:17:21 | 000,000,000 | R--D | C] -- C:\Users\brandonj\Downloads
[2012/09/25 19:17:21 | 000,000,000 | R--D | C] -- C:\Users\brandonj\Documents
[2012/09/25 19:17:21 | 000,000,000 | R--D | C] -- C:\Users\brandonj\Desktop
[2012/09/25 19:17:21 | 000,000,000 | R--D | C] -- C:\Users\brandonj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/09/25 19:17:21 | 000,000,000 | -H-D | C] -- C:\Users\brandonj\AppData
[2012/09/25 19:17:21 | 000,000,000 | ---D | C] -- C:\Users\brandonj\AppData\Roaming\Turning Technologies
[2012/09/25 19:17:21 | 000,000,000 | ---D | C] -- C:\Users\brandonj\AppData\Local\Microsoft Help
[2012/09/25 19:17:21 | 000,000,000 | ---D | C] -- C:\Users\brandonj\AppData\Local\Microsoft
[2012/09/25 19:17:21 | 000,000,000 | ---D | C] -- C:\Users\brandonj\AppData\Roaming\Media Center Programs
[2012/09/25 03:00:36 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/09/25 03:00:36 | 000,627,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/09/25 03:00:36 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/09/25 03:00:36 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/09/25 03:00:35 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

========== Files - Modified Within 30 Days ==========

[2012/10/24 15:54:50 | 000,012,272 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/24 15:54:50 | 000,012,272 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/24 15:51:44 | 000,660,068 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/10/24 15:51:44 | 000,120,996 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/10/24 15:49:45 | 000,538,941 | ---- | M] () -- C:\Users\brandonj\Desktop\AdwCleaner.exe
[2012/10/24 15:48:11 | 000,408,408 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/10/24 15:48:00 | 000,000,238 | ---- | M] () -- C:\Windows\tasks\Reboot Doit.job
[2012/10/24 15:47:59 | 000,000,272 | ---- | M] () -- C:\Windows\tasks\HS Audit GPO.job
[2012/10/24 15:47:56 | 000,000,228 | ---- | M] () -- C:\Windows\tasks\Reboot Check.job
[2012/10/24 15:47:53 | 000,000,428 | ---- | M] () -- C:\Windows\tasks\CATD r12 Update.job
[2012/10/24 15:47:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/24 15:47:27 | 2789,941,248 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/24 15:46:24 | 000,081,461 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k0
[2012/10/24 15:46:24 | 000,060,508 | ---- | M] () -- C:\Windows\System32\drivers\KmxAgent.asc
[2012/10/24 15:46:24 | 000,000,085 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k7
[2012/10/24 15:46:24 | 000,000,085 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k6
[2012/10/24 15:46:24 | 000,000,085 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k5
[2012/10/24 15:46:24 | 000,000,085 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k4
[2012/10/24 15:46:24 | 000,000,085 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k3
[2012/10/24 15:46:24 | 000,000,085 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k2
[2012/10/24 15:46:24 | 000,000,085 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k1
[2012/10/24 15:46:24 | 000,000,049 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k7
[2012/10/24 15:46:24 | 000,000,049 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k6
[2012/10/24 15:46:24 | 000,000,049 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k5
[2012/10/24 15:46:24 | 000,000,049 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k4
[2012/10/24 15:46:24 | 000,000,049 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k3
[2012/10/24 15:46:24 | 000,000,049 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k2
[2012/10/24 15:46:24 | 000,000,049 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k1
[2012/10/24 15:46:24 | 000,000,049 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k0
[2012/10/24 15:42:26 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/10/23 18:00:50 | 000,009,110 | ---- | M] () -- C:\Windows\System32\wpkg.xml
[2012/10/23 17:32:40 | 000,026,798 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/10/23 17:16:01 | 000,001,234 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2012/10/23 14:45:36 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/23 14:41:25 | 000,001,411 | ---- | M] () -- C:\Users\brandonj\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/10/23 14:40:38 | 000,053,248 | ---- | M] () -- C:\Windows\System32\zlib.dll
[2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/09/25 19:17:24 | 000,029,084 | RHS- | M] () -- C:\Users\brandonj\ntuser.pol

========== Files Created - No Company Name ==========

[2012/10/24 15:50:53 | 000,538,941 | ---- | C] () -- C:\Users\brandonj\Desktop\AdwCleaner.exe
[2012/10/24 15:25:59 | 000,000,238 | ---- | C] () -- C:\Windows\tasks\Reboot Doit.job
[2012/10/24 15:25:58 | 000,000,272 | ---- | C] () -- C:\Windows\tasks\HS Audit GPO.job
[2012/10/24 15:25:56 | 000,000,228 | ---- | C] () -- C:\Windows\tasks\Reboot Check.job
[2012/10/24 15:25:55 | 000,000,428 | ---- | C] () -- C:\Windows\tasks\CATD r12 Update.job
[2012/10/24 14:32:09 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/10/24 14:32:09 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/10/24 14:32:09 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/10/24 14:32:09 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/10/24 14:32:09 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/10/23 17:31:52 | 000,081,461 | ---- | C] () -- C:\Windows\System32\drivers\kmxcfg.u2k0
[2012/10/23 17:31:52 | 000,000,085 | ---- | C] () -- C:\Windows\System32\drivers\kmxcfg.u2k7
[2012/10/23 17:31:52 | 000,000,085 | ---- | C] () -- C:\Windows\System32\drivers\kmxcfg.u2k6
[2012/10/23 17:31:52 | 000,000,085 | ---- | C] () -- C:\Windows\System32\drivers\kmxcfg.u2k5
[2012/10/23 17:31:52 | 000,000,085 | ---- | C] () -- C:\Windows\System32\drivers\kmxcfg.u2k4
[2012/10/23 17:31:52 | 000,000,085 | ---- | C] () -- C:\Windows\System32\drivers\kmxcfg.u2k3
[2012/10/23 17:31:52 | 000,000,085 | ---- | C] () -- C:\Windows\System32\drivers\kmxcfg.u2k2
[2012/10/23 17:31:52 | 000,000,085 | ---- | C] () -- C:\Windows\System32\drivers\kmxcfg.u2k1
[2012/10/23 17:16:01 | 000,001,234 | ---- | C] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2012/10/23 14:44:55 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/23 14:41:25 | 000,001,411 | ---- | C] () -- C:\Users\brandonj\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/10/23 14:40:38 | 000,053,248 | ---- | C] () -- C:\Windows\System32\zlib.dll
[2012/10/15 05:06:47 | 000,001,547 | ---- | C] () -- C:\Users\Public\Desktop\ADP Self Service.lnk
[2012/09/25 19:19:47 | 000,001,417 | ---- | C] () -- C:\Users\brandonj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/09/25 19:17:24 | 000,029,084 | RHS- | C] () -- C:\Users\brandonj\ntuser.pol
[2012/09/25 19:17:21 | 000,000,290 | ---- | C] () -- C:\Users\brandonj\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/09/25 19:17:21 | 000,000,272 | ---- | C] () -- C:\Users\brandonj\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/09/25 17:26:25 | 001,872,368 | ---- | C] () -- C:\Windows\System32\gordon.scr
[2012/08/16 03:03:04 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2012/07/09 11:32:37 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2012/06/01 06:07:07 | 000,327,680 | ---- | C] () -- C:\Windows\System32\AdministrativeUnlock.dll
[2012/04/25 09:37:04 | 001,511,424 | ---- | C] () -- C:\Windows\System32\HP1100SM.EXE
[2012/04/25 09:37:04 | 000,147,456 | ---- | C] () -- C:\Windows\System32\HP1100LM.DLL
[2012/04/25 09:36:47 | 000,284,160 | ---- | C] () -- C:\Windows\System32\mvhlewsi.dll
[2012/04/25 09:36:41 | 000,081,920 | ---- | C] () -- C:\Windows\System32\mvusbews.dll
[2012/04/25 09:36:40 | 000,047,104 | ---- | C] () -- C:\Windows\System32\HP1100SMs.dll
[2012/04/25 09:33:45 | 000,026,798 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/03/15 12:54:44 | 000,562,056 | ---- | C] () -- \1112.temp
[2012/03/08 12:12:42 | 000,277,504 | ---- | C] () -- C:\Windows\System32\MySetup.exe
[2011/12/08 15:07:21 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/12/08 15:06:39 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

========== ZeroAccess Check ==========

[2009/07/14 00:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 21:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/05/10 03:08:43 | 000,000,000 | ---D | M] -- C:\Users\brandonj\AppData\Roaming\Turning Technologies

========== Purity Check ==========



< End of report >






  • 0

Advertisements

#2
Brandon Jones
Posted 24 October 2012 - 05:32 PM

Brandon Jones

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Please mark this closed. I am going to have to reimage the computer.
  • 0

#3
godawgs
Posted 25 October 2012 - 12:57 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Closed at the request of the original poster.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP