OTL logfile created on: 24/04/2012 15:34:18 - Run 1 OTL by OldTimer - Version 3.2.41.0 Folder = C:\ Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 3.42 Gb Total Physical Memory | 2.35 Gb Available Physical Memory | 68.82% Memory free 6.83 Gb Paging File | 5.70 Gb Available in Paging File | 83.48% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 148.75 Gb Total Space | 118.21 Gb Free Space | 79.47% Space Free | Partition Type: NTFS Computer Name: ESPLEHS004 | User Name: kkaczor | NOT logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012/04/24 15:04:13 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\OTL.exe PRC - [2012/01/03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011/07/27 17:37:14 | 000,114,936 | ---- | M] (Centrix Networking Limited) -- C:\Program Files\Centrix Software\WorkSpace\iQ\Service\Centrix Service.exe PRC - [2011/07/01 17:50:03 | 000,081,920 | ---- | M] (Liquidware Labs, Inc.) -- C:\Program Files\Liquidware Labs\Connector ID\tntuidsvc.exe PRC - [2011/07/01 17:49:45 | 000,081,920 | ---- | M] (Liquidware Labs, Inc.) -- C:\Program Files\Liquidware Labs\Connector ID\tntupdsvc.exe PRC - [2011/07/01 17:46:59 | 000,630,784 | ---- | M] (Liquidware Labs, Inc.) -- C:\Program Files\Liquidware Labs\Connector ID\tntgrd.exe PRC - [2011/06/24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011/06/22 02:06:24 | 002,047,856 | ---- | M] (Juniper Networks, Inc.) -- C:\Program Files\Common Files\Juniper Networks\JamUI\Pulse.exe PRC - [2011/06/22 00:52:50 | 000,198,000 | ---- | M] (Juniper Networks, Inc.) -- C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe PRC - [2011/04/14 14:22:42 | 000,361,832 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe PRC - [2011/04/14 14:22:28 | 000,263,528 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Access Connections\AcSvc.exe PRC - [2011/04/14 14:22:26 | 000,124,264 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe PRC - [2011/04/01 22:04:48 | 002,153,808 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011/02/23 14:29:44 | 000,586,280 | R--- | M] (Ericsson AB) -- C:\Program Files\Mobile Broadband drivers\WMCore\mini_WMCore.exe PRC - [2011/01/12 17:05:00 | 000,185,664 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe PRC - [2011/01/12 17:05:00 | 000,161,088 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe PRC - [2011/01/12 17:05:00 | 000,120,128 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe PRC - [2011/01/12 17:05:00 | 000,075,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe PRC - [2010/11/20 06:17:48 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010/11/20 06:17:32 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rdpclip.exe PRC - [2010/11/17 19:26:48 | 005,068,096 | ---- | M] (McAfee Inc.) -- C:\Program Files\McAfee\DLP\Agent\fcagte.exe PRC - [2010/11/17 19:25:30 | 000,406,848 | ---- | M] (McAfee Inc.) -- C:\Program Files\McAfee\DLP\Agent\fcagswd.exe PRC - [2010/11/17 19:25:28 | 005,354,816 | ---- | M] (McAfee Inc.) -- C:\Program Files\McAfee\DLP\Agent\fcags.exe PRC - [2010/11/17 19:23:56 | 011,306,304 | ---- | M] (McAfee Inc.) -- C:\Program Files\McAfee\DLP\Agent\fcag.exe PRC - [2010/10/22 21:07:00 | 000,147,984 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe PRC - [2010/10/22 21:07:00 | 000,069,192 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe PRC - [2010/10/22 21:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe PRC - [2010/10/22 21:07:00 | 000,027,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe PRC - [2010/10/22 21:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe PRC - [2010/01/19 15:24:08 | 000,009,216 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe PRC - [2009/09/18 05:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CCM\CcmExec.exe PRC - [2009/09/18 05:00:00 | 000,367,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CCM\SMSCliUI.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012/03/23 18:19:47 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\075d9c27aa02085fef8983b5f5f85834\System.ServiceProcess.ni.dll MOD - [2012/03/23 18:19:29 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\eedf95f16a7e81ca43dd8accf11498a3\System.Data.ni.dll MOD - [2012/03/23 18:19:12 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll MOD - [2012/03/23 18:19:07 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll MOD - [2012/03/23 18:18:54 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll MOD - [2012/03/23 18:18:51 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll MOD - [2012/03/23 18:18:50 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll MOD - [2011/11/25 18:49:17 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\31fce331fded94dd06627603f6fe4562\Accessibility.ni.dll MOD - [2011/11/25 18:48:57 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll MOD - [2011/11/01 01:16:22 | 003,190,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll MOD - [2011/03/30 00:33:52 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll MOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2010/11/17 19:45:04 | 001,328,448 | ---- | M] () -- C:\Program Files\McAfee\DLP\Agent\fcagsec.dll MOD - [2010/11/17 18:31:10 | 000,007,680 | ---- | M] () -- C:\Program Files\McAfee\DLP\Agent\en\fcag.resources.dll MOD - [2010/11/04 19:58:16 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll MOD - [2010/11/04 19:58:10 | 000,626,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll MOD - [2010/11/04 19:58:10 | 000,385,024 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll MOD - [2010/11/04 19:58:06 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2010/11/04 19:58:06 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll MOD - [2010/10/20 16:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll MOD - [2007/04/18 20:30:46 | 000,471,040 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\ccme_base.dll MOD - [2007/04/18 20:30:46 | 000,393,216 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\cryptocme2.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2012/01/03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011/07/27 17:37:14 | 000,114,936 | ---- | M] (Centrix Networking Limited) [Auto | Running] -- C:\Program Files\Centrix Software\WorkSpace\iQ\Service\Centrix Service.exe -- (WorkSpace iQ Agent) SRV - [2011/07/01 17:50:03 | 000,081,920 | ---- | M] (Liquidware Labs, Inc.) [Auto | Running] -- C:\Program Files\Liquidware Labs\Connector ID\tntuidsvc.exe -- (tntuidsvc) SRV - [2011/07/01 17:49:45 | 000,081,920 | ---- | M] (Liquidware Labs, Inc.) [Auto | Running] -- C:\Program Files\Liquidware Labs\Connector ID\tntupdsvc.exe -- (tntupdsvc) SRV - [2011/07/01 17:46:59 | 000,630,784 | ---- | M] (Liquidware Labs, Inc.) [Auto | Running] -- C:\Program Files\Liquidware Labs\Connector ID\tntgrd.exe -- (tntgrd) SRV - [2011/06/22 00:52:50 | 000,198,000 | ---- | M] (Juniper Networks, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe -- (JuniperAccessService) SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2011/04/14 14:22:28 | 000,263,528 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\Lenovo\Access Connections\AcSvc.exe -- (AcSvc) SRV - [2011/04/14 14:22:26 | 000,124,264 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc) SRV - [2011/04/01 22:04:48 | 002,153,808 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper) SRV - [2011/02/23 14:29:44 | 000,586,280 | R--- | M] (Ericsson AB) [Auto | Running] -- C:\Program Files\Mobile Broadband drivers\WMCore\mini_WMCore.exe -- (WMCoreService) SRV - [2011/01/12 17:05:00 | 000,120,128 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework) SRV - [2010/11/17 19:25:28 | 005,354,816 | ---- | M] (McAfee Inc.) [Auto | Running] -- C:\Program Files\McAfee\DLP\Agent\fcags.exe -- (McAfeeDLPAgentService) SRV - [2010/10/22 21:07:00 | 000,147,984 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield) SRV - [2010/10/22 21:07:00 | 000,069,192 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp) SRV - [2010/10/22 21:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager) SRV - [2010/10/22 21:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe -- (McAfeeEngineService) SRV - [2010/01/19 15:24:08 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService) SRV - [2009/09/18 05:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\CCM\CcmExec.exe -- (CcmExec) SRV - [2009/09/18 05:00:00 | 000,246,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\CCM\TSManager.exe -- (smstsmgr) SRV - [2009/07/14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU) DRV - [2011/08/10 17:49:51 | 007,391,104 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwNx32.sys -- (NETwNx32) ___ Intel(R) DRV - [2011/08/10 17:49:42 | 000,075,264 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\risdxc86.sys -- (risdxc) DRV - [2011/08/10 17:49:30 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (MEI) Intel(R) DRV - [2011/08/10 17:49:19 | 000,269,824 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel(R) DRV - [2011/08/10 17:49:05 | 000,045,352 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt) DRV - [2011/08/10 17:48:56 | 001,281,152 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService) DRV - [2011/08/10 17:48:21 | 000,238,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1c6232.sys -- (e1cexpress) Intel(R) DRV - [2011/07/01 17:49:03 | 000,007,808 | ---- | M] (Liquidware Labs, Inc.) [Kernel | Auto | Running] -- C:\Program Files\Liquidware Labs\Connector ID\tntidnty.sys -- (tntidnty) DRV - [2011/04/19 18:32:34 | 000,408,944 | ---- | M] (Juniper Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jnprna6.sys -- (jnprna) DRV - [2011/02/14 04:04:30 | 000,038,608 | ---- | M] (Diskeeper Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\DKRtWrt.sys -- (DKRtWrt) DRV - [2011/02/08 11:13:48 | 000,238,632 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WwanUsbMp.sys -- (WwanUsbServ) DRV - [2011/01/24 11:37:08 | 000,024,064 | R--- | M] (Cisco Systems) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CipcCdp.sys -- (CipcCdp) DRV - [2010/12/01 17:02:30 | 000,087,592 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\l36wgps.sys -- (l36wgps) DRV - [2010/11/20 06:30:16 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010/11/20 06:30:16 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010/11/20 06:30:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010/11/20 06:30:14 | 000,077,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Synth3dVsc.sys -- (Synth3dVsc) DRV - [2010/11/20 04:24:42 | 000,112,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tsusbhub.sys -- (tsusbhub) DRV - [2010/11/20 04:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010/11/20 04:24:42 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD) DRV - [2010/11/20 04:21:16 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\terminpt.sys -- (terminpt) DRV - [2010/11/20 04:21:16 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2010/11/20 03:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010/11/20 03:14:50 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc) DRV - [2010/11/20 03:14:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010/11/20 03:14:42 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010/11/17 20:14:06 | 000,030,792 | ---- | M] (McAfee Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\hdlpnetf.sys -- (hdlpnetf) DRV - [2010/11/17 20:14:02 | 000,101,448 | ---- | M] (McAfee Inc.) [File_System | System | Running] -- C:\Windows\System32\drivers\hdlpflt.sys -- (hdlpflt) DRV - [2010/11/17 20:13:46 | 000,018,504 | ---- | M] (McAfee Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hdlpevnt.sys -- (hdlpevnt) DRV - [2010/11/17 20:13:42 | 000,024,136 | ---- | M] (McAfee Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hdlpdbk.sys -- (hdlpdbk) DRV - [2010/11/17 20:13:38 | 000,031,816 | ---- | M] (McAfee Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hdlpctrl.sys -- (hdlpctrl) DRV - [2010/10/31 17:43:08 | 000,413,768 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Mbm3Mdm.sys -- (Mbm3Mdm) DRV - [2010/10/31 17:43:08 | 000,396,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Mbm3DevMt.sys -- (Mbm3DevMt) Mobile Broadband Device Management Driver (WDM) DRV - [2010/10/31 17:43:08 | 000,361,032 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Mbm3CBus.sys -- (Mbm3CBus) F5521gw Mobile Broadband Device (WDM) DRV - [2010/10/31 17:43:08 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Mbm3mdfl.sys -- (Mbm3mdfl) DRV - [2010/10/22 21:07:00 | 000,344,712 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk) DRV - [2010/10/22 21:07:00 | 000,091,896 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk) DRV - [2010/10/22 21:07:00 | 000,076,024 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk) DRV - [2010/10/22 21:07:00 | 000,066,536 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet) DRV - [2010/10/22 21:07:00 | 000,064,208 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfetdik.sys -- (mfetdik) DRV - [2010/10/22 21:07:00 | 000,043,192 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk) DRV - [2010/06/16 14:44:38 | 000,120,432 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ApsX86.sys -- (Shockprf) DRV - [2010/06/16 14:44:38 | 000,020,592 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ApsHM86.sys -- (TPDIGIMN) DRV - [2010/04/28 04:09:42 | 000,036,776 | ---- | M] (Juniper Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jnprvamgr.sys -- (JnprVaMgr) DRV - [2010/04/28 04:09:42 | 000,025,456 | ---- | M] (Juniper Networks, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jnprva.sys -- (jnprva) DRV - [2010/04/06 01:36:20 | 000,224,424 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1k6232.sys -- (e1kexpress) Intel(R) DRV - [2010/02/23 20:25:34 | 000,026,152 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wwanussf.sys -- (ecnssndisfltr) DRV - [2010/02/23 20:25:32 | 000,023,592 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wwanuss.sys -- (ecnssndis) DRV - [2009/09/18 05:00:00 | 000,020,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\CCM\PrepDrv.sys -- (prepdrvr) DRV - [2009/09/02 19:02:46 | 000,048,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk) DRV - [2009/08/18 13:06:44 | 000,114,688 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnet.sys -- (ZTEusbnet) DRV - [2009/08/18 13:06:44 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zteusbvoice.sys -- (ZTEusbvoice) DRV - [2009/08/18 13:06:44 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - [2009/08/18 13:06:44 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - [2009/08/18 13:06:44 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - [2009/08/18 13:06:44 | 000,009,216 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter) DRV - [2009/07/14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial) DRV - [2009/07/14 01:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM) DRV - [2009/07/14 00:02:52 | 000,043,008 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1293311480-2731367121-107164596-9136\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://spweb IE - HKU\S-1-5-21-1293311480-2731367121-107164596-9136\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://spweb IE - HKU\S-1-5-21-1293311480-2731367121-107164596-9136\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1293311480-2731367121-107164596-9136\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1293311480-2731367121-107164596-9136\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\S-1-5-21-1293311480-2731367121-107164596-9136\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 10.*.*.*;62.239.*.*;www.ds-primark.co.uk;*.primark.local;dhs02031-iepr3;vpn.primark.*; IE - HKU\S-1-5-21-1293311480-2731367121-107164596-9136\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = dubproxy:8080 [color=#E56717]========== FireFox ==========[/color] FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) O1 HOSTS File: ([2012/03/02 18:06:03 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AcWin7Hlpr] C:\Program Files\Lenovo\Access Connections\AcTBenabler.exe (Lenovo) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [CentrixService] C:\Program Files\Centrix Software\WorkSpace\iQ\Service\centrix service.exe (Centrix Networking Limited) O4 - HKLM..\Run: [JunosPulse] C:\Program Files\Common Files\Juniper Networks\JamUI\Pulse.exe (Juniper Networks, Inc.) O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.) O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone) O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found O4 - HKU\S-1-5-20..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found O4 - HKU\S-1-5-21-1293311480-2731367121-107164596-9136..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\SQM present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = ***** PRIMARK SECURITY NOTICE ***** [2012/04/23 17:13:56 | 000,000,000 | ---D | M] O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LocalAccountTokenFilterPolicy = 1 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\SQM present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\SQM present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\SQM present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\SQM present O7 - HKU\S-1-5-21-1293311480-2731367121-107164596-9136\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKU\S-1-5-21-1293311480-2731367121-107164596-9136\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present O7 - HKU\S-1-5-21-1293311480-2731367121-107164596-9136\Software\Policies\Microsoft\Internet Explorer\SQM present O7 - HKU\S-1-5-21-1293311480-2731367121-107164596-9136\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1293311480-2731367121-107164596-9136\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-1293311480-2731367121-107164596-9136\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.200.21.100 10.100.20.100 10.100.16.100 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = primark.local O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{40599F44-4EB8-4360-9F02-5BFA75DD106E}: DhcpNameServer = 10.200.21.100 10.100.20.100 10.100.16.100 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{96A13D63-01C5-4F8D-A49D-1A77F2AA8074}: Domain = primark.local O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{96A13D63-01C5-4F8D-A49D-1A77F2AA8074}: NameServer = 10.100.20.100 10.200.21.100 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012/04/24 15:26:37 | 000,594,944 | ---- | C] (OldTimer Tools) -- C:\OTL.exe [2012/04/23 17:35:43 | 000,000,000 | ---D | C] -- C:\Users\kkaczor\AppData\Roaming\PeerNetworking [2012/04/23 17:20:18 | 000,000,000 | ---D | C] -- C:\Users\kkaczor\Desktop\ProcessMonitor [2012/04/23 17:15:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ATS [2012/04/23 17:15:21 | 003,002,976 | ---- | C] (Microsoft Corporation) -- C:\Users\kkaczor\Desktop\mpsreports_x86.exe [2012/04/17 17:31:05 | 000,000,000 | ---D | C] -- C:\Users\kkaczor\AppData\Roaming\FLEXnet [2012/04/17 17:19:09 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\mbam-setup-1.61.0.1400.exe [2012/04/17 17:11:08 | 000,000,000 | ---D | C] -- C:\Users\kkaczor\AppData\Roaming\Adobe [2012/04/17 17:09:54 | 000,000,000 | ---D | C] -- C:\Users\kkaczor\AppData\Roaming\Malwarebytes [2012/04/17 16:47:29 | 000,000,000 | ---D | C] -- C:\Users\kkaczor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis [2012/04/17 16:47:28 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2012/04/17 16:36:14 | 000,000,000 | ---D | C] -- C:\Users\kkaczor\AppData\Roaming\Vodafone [32 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012/04/24 15:35:21 | 001,048,576 | -HS- | M] () -- C:\Users\kkaczor\NTUSER.DAT [2012/04/24 15:31:16 | 000,869,194 | ---- | M] () -- C:\SecurityCheck.exe [2012/04/24 15:30:33 | 000,017,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/04/24 15:30:33 | 000,017,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/04/24 15:24:08 | 000,000,393 | ---- | M] () -- C:\Windows\SMSCFG.INI [2012/04/24 15:23:37 | 000,000,100 | ---- | M] () -- C:\Users\Public\Desktop\ARCC.url [2012/04/24 15:22:52 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2012/04/24 15:22:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/04/24 15:22:44 | 2750,332,928 | -HS- | M] () -- C:\hiberfil.sys [2012/04/24 15:19:56 | 000,302,592 | ---- | M] () -- C:\ww7k8xtn.exe [2012/04/24 15:04:13 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\OTL.exe [2012/04/23 17:41:02 | 001,618,240 | -H-- | M] () -- C:\Users\kkaczor\AppData\Local\IconCache.db [2012/04/23 17:36:46 | 005,981,072 | ---- | M] () -- C:\Users\kkaczor\Desktop\ESPLEHS004_MpsReports.cab [2012/04/23 17:35:43 | 000,033,134 | ---- | M] () -- C:\Users\kkaczor\AppData\Roaming\UserTile.png [2012/04/23 17:15:21 | 003,002,976 | ---- | M] (Microsoft Corporation) -- C:\Users\kkaczor\Desktop\mpsreports_x86.exe [2012/04/23 17:12:55 | 001,101,669 | ---- | M] () -- C:\Users\kkaczor\Desktop\ProcessMonitor.zip [2012/04/17 17:21:14 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/04/17 17:18:30 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\mbam-setup-1.61.0.1400.exe [2012/04/17 17:01:11 | 000,001,417 | ---- | M] () -- C:\Users\kkaczor\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2012/04/17 16:47:29 | 000,002,973 | ---- | M] () -- C:\Users\kkaczor\Desktop\HiJackThis.lnk [2012/04/17 16:45:57 | 001,402,880 | ---- | M] () -- C:\HiJackThis.msi [2012/04/17 16:36:33 | 000,039,064 | RHS- | M] () -- C:\Users\kkaczor\ntuser.pol [2012/04/17 16:36:17 | 000,087,848 | ---- | M] () -- C:\Users\kkaczor\AppData\Local\GDIPFONTCACHEV1.DAT [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012/04/04 10:16:39 | 000,781,370 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2012/04/04 10:16:39 | 000,666,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/04/04 10:16:39 | 000,126,060 | ---- | M] () -- C:\Windows\System32\perfc009.dat [32 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012/04/24 15:31:32 | 000,869,194 | ---- | C] () -- C:\SecurityCheck.exe [2012/04/24 15:26:34 | 000,302,592 | ---- | C] () -- C:\ww7k8xtn.exe [2012/04/23 17:36:46 | 005,981,072 | ---- | C] () -- C:\Users\kkaczor\Desktop\ESPLEHS004_MpsReports.cab [2012/04/23 17:35:43 | 000,033,134 | ---- | C] () -- C:\Users\kkaczor\AppData\Roaming\UserTile.png [2012/04/23 17:12:51 | 001,101,669 | ---- | C] () -- C:\Users\kkaczor\Desktop\ProcessMonitor.zip [2012/04/17 17:21:14 | 000,001,077 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/04/17 17:01:11 | 000,001,417 | ---- | C] () -- C:\Users\kkaczor\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2012/04/17 16:47:29 | 000,002,973 | ---- | C] () -- C:\Users\kkaczor\Desktop\HiJackThis.lnk [2012/04/17 16:46:51 | 001,402,880 | ---- | C] () -- C:\HiJackThis.msi [2012/04/17 16:36:17 | 000,087,848 | ---- | C] () -- C:\Users\kkaczor\AppData\Local\GDIPFONTCACHEV1.DAT [2011/09/16 12:24:03 | 001,618,240 | -H-- | C] () -- C:\Users\kkaczor\AppData\Local\IconCache.db [2011/08/18 10:49:14 | 000,030,028 | R--- | C] () -- C:\Windows\ConnectionProfiles.dat [2011/08/11 09:25:44 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI [2011/08/10 18:49:59 | 000,045,440 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2011/08/10 17:57:03 | 000,004,764 | ---- | C] () -- C:\Windows\System32\CcmFramework.ini [2011/08/10 17:48:57 | 000,030,893 | ---- | C] () -- C:\Windows\System32\drivers\Mixer.ini [2011/08/10 17:48:57 | 000,001,372 | ---- | C] () -- C:\Windows\System32\VoipUpdate.ini [2011/08/10 17:48:55 | 000,001,816 | ---- | C] () -- C:\Windows\System32\drivers\Altmixer.ini [2011/08/10 17:46:46 | 000,963,116 | ---- | C] () -- C:\Windows\System32\igkrng600.bin [2011/08/10 17:46:39 | 000,213,332 | ---- | C] () -- C:\Windows\System32\igfcg600m.bin [2011/08/10 17:46:39 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll [2011/08/10 17:46:30 | 000,145,804 | ---- | C] () -- C:\Windows\System32\igcompkrng600.bin [2011/08/10 17:46:26 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll [2011/08/10 17:46:25 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config [2011/08/02 16:02:11 | 000,000,393 | ---- | C] () -- C:\Windows\SMSCFG.INI [2011/03/10 17:33:21 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011/03/10 17:33:18 | 000,053,600 | ---- | C] () -- C:\Windows\System32\dosx.exe [2011/03/10 17:33:14 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe [2011/03/10 17:31:47 | 000,781,370 | ---- | C] () -- C:\Windows\System32\PerfStringBackup.INI [color=#E56717]========== LOP Check ==========[/color] [2011/09/16 10:49:51 | 000,000,000 | ---D | M] -- C:\Users\ddominguez\AppData\Roaming\Cisco [2012/02/23 13:14:41 | 000,000,000 | ---D | M] -- C:\Users\ddominguez\AppData\Roaming\Juniper Networks [2012/02/23 13:05:14 | 000,000,000 | ---D | M] -- C:\Users\ddominguez\AppData\Roaming\Vodafone [2012/02/23 12:59:28 | 000,000,000 | ---D | M] -- C:\Users\jcomaskey\AppData\Roaming\Vodafone [2012/04/23 17:35:43 | 000,000,000 | ---D | M] -- C:\Users\kkaczor\AppData\Roaming\PeerNetworking [2012/04/17 16:36:14 | 000,000,000 | ---D | M] -- C:\Users\kkaczor\AppData\Roaming\Vodafone [2012/02/23 13:28:20 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] < End of report >