Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Missing icons and loss of network [Solved]


  • This topic is locked This topic is locked

#1
Dustylady

Dustylady

    Member

  • Member
  • PipPipPip
  • 164 posts
This is a Dell computer that was originally infected sometime in December. At that time the icons vanished from the desktop, the start menu emptied, and the wallpaper cleared to black. Recently a bunch of unknown tools were tossed at the problem, and now the computer has lost connection to the network. One of them (probably Roguekiller) managed to get the desktop icons back, but the start menu remains empty. This is the state in which I received the computer, and I'm currently trying to locate log files for TDSSKiller and ComboFix. Right now there is no network connection and the recycle bin is corrupted and asks to be emptied.

The D drive is my USB flash that I've already put the Panda Vaccine on. I recently downloaded some tools and put them on the ailing computer with my flash drive, but have not run any of them, yet. I would greatly appreciate some help with this as removal of this type is waaay over my head. Hopefully this time next year I'll have passed GeekU and be helping remove this stuff! Posted Image







OTL logfile created on: 2/10/2012 1:00:48 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\IT\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.30 Gb Available Physical Memory | 65.35% Memory free
3.98 Gb Paging File | 3.13 Gb Available in Paging File | 78.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 134.32 Gb Total Space | 63.48 Gb Free Space | 47.26% Space Free | Partition Type: NTFS
Drive D: | 14.53 Gb Total Space | 8.27 Gb Free Space | 56.94% Space Free | Partition Type: FAT32

Computer Name: COMP2 | User Name: IT | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/09 14:50:02 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\IT\Desktop\OTL.exe
PRC - [2011/06/15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/10/20 17:41:22 | 000,067,904 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\NLSSRV32.EXE
PRC - [2010/04/14 04:01:34 | 000,015,656 | ---- | M] () -- C:\Program Files\Sage\SIM\Server\Sage.Sim.Server.WindowsService.exe
PRC - [2009/12/06 21:12:00 | 001,590,216 | ---- | M] (UltraVNC) -- C:\Program Files\ultravnc\winvnc.exe
PRC - [2009/10/22 13:48:58 | 000,435,488 | ---- | M] (Pervasive Software Inc.) -- C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe
PRC - [2009/04/21 14:37:16 | 002,010,147 | ---- | M] (Great Lakes Data Systems, Inc.) -- C:\Program Files\GLDS\UpgradeManager\UpgradeManagerSvc.exe
PRC - [2009/02/20 10:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe


========== Modules (No Company Name) ==========

MOD - [2010/12/23 09:01:48 | 000,139,776 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2010/10/26 17:28:06 | 000,278,928 | ---- | M] () -- C:\Program Files\Smart PDF Converter Pro\ExplorerExt.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/04/27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/10/20 17:41:22 | 000,067,904 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2010/09/27 16:42:18 | 004,180,576 | ---- | M] (SafeNet Inc.) [Auto | Stopped] -- C:\Windows\System32\hasplms.exe -- (hasplms)
SRV - [2010/05/14 11:18:49 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/04/14 04:01:34 | 000,015,656 | ---- | M] () [Auto | Running] -- C:\Program Files\Sage\SIM\Server\Sage.Sim.Server.WindowsService.exe -- (SageInstMgrServer)
SRV - [2010/04/07 20:04:58 | 000,107,816 | ---- | M] (Timberline Software Corp.) [Auto | Stopped] -- C:\Program Files\Common Files\Sage\LS1\ServiceHost\1.0\Sage.LS1.ServiceHost.exe -- (Sage.LS1.ServiceHost.1.0) Sage Service Host (v1.0)
SRV - [2010/03/03 17:07:26 | 000,210,944 | ---- | M] (Numara Software, Inc.) [Auto | Stopped] -- C:\Windows\TIREMOTE\TIRemoteService.exe -- (TIRmtSvc)
SRV - [2009/12/06 21:12:00 | 001,590,216 | ---- | M] (UltraVNC) [Auto | Running] -- C:\Program Files\UltraVNC\winvnc.exe -- (winvnc.exe)
SRV - [2009/12/03 12:40:23 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/07/13 20:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:14:41 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Auto | Running] -- C:\Windows\System32\hpn.dll -- (emupia)
SRV - [2009/04/21 14:37:16 | 002,010,147 | ---- | M] (Great Lakes Data Systems, Inc.) [Auto | Running] -- C:\Program Files\GLDS\UpgradeManager\UpgradeManagerSvc.exe -- (UpgradeManager)
SRV - [2009/02/20 10:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/05/31 15:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 15:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2005/09/23 06:01:16 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)


========== Driver Services (SafeList) ==========

DRV - [2011/04/27 14:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 12:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/11/23 12:13:10 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2010/11/20 07:30:17 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2010/11/20 07:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 07:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 07:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 05:50:38 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 04:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WINUSB)
DRV - [2010/11/20 04:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 04:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/09/27 16:42:24 | 000,356,864 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2010/09/27 16:42:16 | 000,238,208 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\akshasp.sys -- (akshasp)
DRV - [2010/09/27 16:42:14 | 000,588,800 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2010/09/27 16:42:14 | 000,016,384 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\aksusb.sys -- (aksusb)
DRV - [2010/09/27 16:42:12 | 000,046,336 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\akshhl.sys -- (akshhl)
DRV - [2009/08/05 05:48:28 | 000,273,448 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink ™
DRV - [2009/07/13 17:09:17 | 004,194,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/05/11 12:55:12 | 000,084,992 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\basp.sys -- (Blfp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\IT\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\IT\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\IT\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\IT\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/02 16:55:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/22 13:49:22 | 000,000,000 | ---D | M]

[2011/12/06 12:25:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\IT\AppData\Roaming\mozilla\Extensions
[2011/05/05 15:24:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\IT\AppData\Roaming\mozilla\Firefox\Profiles\d5wusoz7.default\extensions
[2011/12/06 09:13:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\IT\AppData\Roaming\mozilla\Firefox\Profiles\d5wusoz7.default\extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}
[2011/12/06 12:25:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/02 16:55:41 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/01/09 08:17:33 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/09 08:17:33 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/02/08 15:31:27 | 000,000,000 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\CommandBar present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: QuickLaunchEnabled = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 1 = aim.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 2 = icq.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 3 = msmsgs.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 4 = msnmsgr.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 5 = msnmsgs.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 6 = ypager.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 7 = yupdater.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 1
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\winrnr.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} https://site.cmbchin...oad/CMBEdit.cab (Edit Class)
O16 - DPF: {71D73A47-975F-11D1-AA77-00A0C98D86D4} http://shoretel/shor...oiceMessage.ocx (VoiceMessage Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FA6424B7-D971-11D1-9697-00A0C928D512} http://shoretel/shor...TwentyFour7.ocx (TwentyFour7 Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = OO.NET
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - Unable to open key or key not present!
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/12/17 12:06:36 | 000,000,706 | ---- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011/12/22 13:47:36 | 000,000,016 | -H-- | M] () - D:\AUTORUN.INF -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/10 12:55:14 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Users\IT\Desktop\aswMBR.exe
[2012/02/10 12:55:14 | 002,059,824 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\IT\Desktop\tdsskiller.exe
[2012/02/10 12:55:14 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\IT\Desktop\OTL.exe
[2012/02/10 12:55:13 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\IT\Desktop\mbam--setup-1.60.1.1000.exe
[2012/02/08 15:25:10 | 000,083,456 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\serial.sys
[2012/02/08 14:31:18 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/02/08 14:23:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartDraw VP
[2012/02/08 14:21:59 | 000,000,000 | ---D | C] -- C:\Users\IT\Desktop\RK_Quarantine
[2012/02/08 14:21:56 | 004,399,227 | ---- | C] (Swearware) -- C:\Users\IT\Desktop\ComboFix.exe
[2012/02/08 13:36:58 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/02/08 08:12:44 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/02/08 08:12:44 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/02/07 15:11:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/07 15:03:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/02/07 15:03:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/02/07 15:03:41 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/02/07 15:02:27 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/25 10:12:54 | 000,000,000 | ---D | C] -- C:\Users\IT\AppData\Local\Applications
[2012/01/24 10:49:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\1033
[2009/05/04 07:12:48 | 006,224,944 | ---- | C] (PKWARE, Inc. ) -- C:\Program Files\pkreader.exe

========== Files - Modified Within 30 Days ==========

[2012/02/10 13:00:54 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/10 13:00:54 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/10 12:53:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/10 12:53:18 | 1601,937,408 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/09 14:50:02 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\IT\Desktop\OTL.exe
[2012/02/09 14:47:02 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\IT\Desktop\mbam--setup-1.60.1.1000.exe
[2012/02/09 14:46:04 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Users\IT\Desktop\aswMBR.exe
[2012/02/09 14:45:08 | 002,059,824 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\IT\Desktop\tdsskiller.exe
[2012/02/09 14:44:40 | 004,399,227 | ---- | M] (Swearware) -- C:\Users\IT\Desktop\ComboFix.exe
[2012/02/08 15:31:27 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/02/08 14:22:35 | 000,722,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/08 14:22:35 | 000,145,030 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/08 14:14:42 | 001,202,688 | ---- | M] () -- C:\Users\IT\Desktop\RogueKiller.exe
[2012/02/08 13:51:39 | 277,389,603 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/02/08 12:25:55 | 005,492,736 | ---- | M] () -- C:\Users\IT\Desktop\Deadline_Manager.mdb
[2012/02/08 12:23:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-823518204-261903793-839522115-5150UA.job
[2012/02/08 08:56:17 | 000,000,158 | ---- | M] () -- C:\Windows\ricdb.ini
[2012/02/08 08:41:33 | 000,000,000 | -HS- | M] () -- C:\Windows\System32\dds_trash_log.cmd
[2012/02/08 08:14:20 | 000,002,679 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/02/08 06:23:00 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-823518204-261903793-839522115-5150Core1cc4ec8c6f8f671.job
[2012/02/07 17:17:28 | 000,002,198 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/02/07 17:02:25 | 172,953,600 | ---- | M] () -- C:\Users\IT\Desktop\Service Department_BE.mdb
[2012/02/07 10:21:40 | 003,271,124 | ---- | M] () -- C:\Users\IT\Desktop\International Property Maintenance Code.pdf
[2012/02/01 16:57:24 | 036,769,792 | ---- | M] () -- C:\Users\IT\Desktop\Service Department.mdb
[2012/02/01 10:31:01 | 000,002,447 | ---- | M] () -- C:\Users\IT\Desktop\s Quick Connect.lnk
[2012/02/01 10:29:28 | 000,072,080 | ---- | M] () -- C:\Users\IT\g2mdlhlpx.exe
[2012/01/23 15:36:05 | 000,000,284 | ---- | M] () -- C:\Users\IT\Desktop\repair.bat

========== Files Created - No Company Name ==========

[2012/02/08 14:23:16 | 000,002,419 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mobile Device Center.lnk
[2012/02/08 14:23:16 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2012/02/08 14:23:16 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/02/08 14:23:16 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2012/02/08 14:23:16 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2012/02/08 14:23:16 | 000,001,064 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinCable.lnk
[2012/02/08 14:23:15 | 000,002,781 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start Pervasive PSQL Workgroup Engine.lnk
[2012/02/08 14:23:14 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2012/02/08 14:23:12 | 000,002,030 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerDVD DX.lnk
[2012/02/08 14:23:11 | 000,001,899 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/02/08 14:23:11 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/02/08 14:23:10 | 000,002,507 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat 9 Standard.lnk
[2012/02/08 14:23:10 | 000,002,495 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crystal Reports XI Release 2 for Sage.lnk
[2012/02/08 14:23:10 | 000,002,465 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Distiller 9.lnk
[2012/02/08 14:23:10 | 000,002,069 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 3.4.lnk
[2012/02/08 14:23:10 | 000,001,979 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Help Documentation.lnk
[2012/02/08 14:23:10 | 000,000,972 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity 1.3 Beta.lnk
[2012/02/08 14:21:56 | 001,202,688 | ---- | C] () -- C:\Users\IT\Desktop\RogueKiller.exe
[2012/02/08 12:16:27 | 005,492,736 | ---- | C] () -- C:\Users\IT\Desktop\Deadline_Manager.mdb
[2012/02/07 15:03:42 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/02/07 15:03:42 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/02/07 15:03:42 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/02/07 15:03:42 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/02/07 15:03:42 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/02/07 10:20:08 | 003,271,124 | ---- | C] () -- C:\Users\IT\Desktop\International Property Maintenance Code.pdf
[2012/02/05 09:11:35 | 000,000,000 | -HS- | C] () -- C:\Windows\System32\dds_trash_log.cmd
[2012/02/01 16:44:27 | 036,769,792 | ---- | C] () -- C:\Users\IT\Desktop\Service Department.mdb
[2012/02/01 13:42:39 | 172,953,600 | ---- | C] () -- C:\Users\IT\Desktop\Service Department_BE.mdb
[2012/02/01 10:31:01 | 000,002,447 | ---- | C] () -- C:\Users\IT\Desktop\s Quick Connect.lnk
[2012/02/01 10:29:27 | 000,072,080 | ---- | C] () -- C:\Users\IT\g2mdlhlpx.exe
[2012/01/23 15:36:05 | 000,000,284 | ---- | C] () -- C:\Users\IT\Desktop\repair.bat
[2011/12/09 16:36:06 | 000,094,208 | ---- | C] () -- C:\Windows\TIRHService.exe
[2011/07/26 06:42:41 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/07/26 06:42:41 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/06/17 12:10:18 | 000,847,360 | ---- | C] () -- C:\Windows\System32\wodCertificate.dll
[2011/06/17 12:10:17 | 001,986,560 | ---- | C] () -- C:\Windows\System32\pvsdk.dll
[2011/04/28 14:36:59 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/04/08 12:03:13 | 000,000,530 | ---- | C] () -- C:\Windows\System32\tx151ic.ini
[2011/01/26 07:52:33 | 000,000,662 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011/01/06 10:28:51 | 000,000,315 | ---- | C] () -- C:\Windows\SoftWriting.ini
[2010/11/23 12:13:10 | 000,000,383 | ---- | C] () -- C:\Windows\System32\haspdos.sys
[2010/11/23 12:13:05 | 000,024,576 | ---- | C] () -- C:\Windows\System32\hdduinst.exe
[2010/11/23 12:13:04 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNWISE.EXE
[2010/08/05 12:37:23 | 000,000,000 | ---- | C] () -- C:\Windows\gllink32.INI
[2010/08/04 13:35:20 | 000,000,158 | ---- | C] () -- C:\Windows\ricdb.ini
[2010/07/27 07:45:55 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/02/23 12:37:10 | 000,000,795 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/01/12 11:52:54 | 000,155,648 | ---- | C] () -- C:\Windows\System32\ssleay32.dll
[2009/12/17 12:18:41 | 000,023,052 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2009/12/17 10:40:16 | 000,006,604 | R-S- | C] () -- C:\ProgramData\ntuser.pol
[2009/12/03 12:33:13 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2009/10/22 15:38:56 | 000,000,392 | ---- | C] () -- C:\Windows\System32\BTRDRVR.SYS
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 23:33:53 | 000,449,800 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 21:05:48 | 000,722,810 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,145,030 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/17 11:13:30 | 000,508,224 | ---- | C] () -- C:\Windows\System32\ICCProfiles.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2008/11/20 22:17:12 | 000,118,784 | ---- | C] () -- C:\Windows\System32\myodbc3i.exe
[2008/11/20 22:17:12 | 000,106,496 | ---- | C] () -- C:\Windows\System32\myodbc3m.exe
[2007/09/14 14:54:36 | 000,397,312 | ---- | C] () -- C:\Windows\System32\CMBEdit.dll
[2007/08/16 15:17:50 | 000,143,360 | ---- | C] () -- C:\Windows\System32\nsldap32v50.dll
[2006/11/29 01:30:00 | 000,000,530 | ---- | C] () -- C:\Windows\System32\tx13_ic.ini
[2006/10/04 18:32:20 | 000,479,232 | ---- | C] () -- C:\Windows\System32\pfpro.dll
[2006/08/15 09:00:00 | 000,454,656 | R--- | C] () -- C:\Windows\System32\PaintX.dll
[2005/12/21 18:57:04 | 000,024,576 | ---- | C] () -- C:\Windows\System32\nsldappr32v50.dll
[2005/12/21 18:54:34 | 000,040,960 | ---- | C] () -- C:\Windows\System32\nsldapssl32v50.dll
[2003/04/01 18:43:22 | 000,139,264 | ---- | C] () -- C:\Windows\System32\TripleDes.dll

========== LOP Check ==========

[2010/10/28 08:32:44 | 000,000,000 | ---D | M] -- C:\Users\IT\AppData\Roaming\Audacity
[2010/05/12 14:06:10 | 000,000,000 | ---D | M] -- C:\Users\IT\AppData\Roaming\BACS.exe
[2011/01/06 11:19:15 | 000,000,000 | ---D | M] -- C:\Users\IT\AppData\Roaming\Downloaded Installations
[2011/01/26 07:54:46 | 000,000,000 | ---D | M] -- C:\Users\IT\AppData\Roaming\Event 1
[2010/07/12 09:11:07 | 000,000,000 | ---D | M] -- C:\Users\IT\AppData\Roaming\KnowledgeTree
[2012/01/09 14:30:01 | 000,000,000 | ---D | M] -- C:\Users\IT\AppData\Roaming\Macro Recorder
[2011/01/06 11:33:03 | 000,000,000 | ---D | M] -- C:\Users\IT\AppData\Roaming\Nitro PDF
[2010/09/21 09:52:18 | 000,000,000 | ---D | M] -- C:\Users\IT\AppData\Roaming\PO Management
[2012/02/02 13:36:20 | 000,000,000 | ---D | M] -- C:\Users\IT\AppData\Roaming\ShoreWare Client
[2011/01/06 10:22:30 | 000,000,000 | ---D | M] -- C:\Users\IT\AppData\Roaming\Smart PDF Converter Pro
[2010/08/10 08:37:37 | 000,000,000 | ---D | M] -- C:\Users\IT\AppData\Roaming\SmartDraw
[2011/01/06 10:31:27 | 000,000,000 | ---D | M] -- C:\Users\IT\AppData\Roaming\SmartSoftOCRHelper
[2010/08/31 15:24:37 | 000,000,000 | ---D | M] -- C:\Users\IT\AppData\Roaming\SystemTools
[2011/01/26 08:08:06 | 000,000,000 | ---D | M] -- C:\Users\IT\AppData\Roaming\Timberline
[2011/05/04 10:18:38 | 000,000,000 | ---D | M] -- C:\Users\IT\AppData\Roaming\Track-It!
[2011/06/29 08:09:13 | 000,000,000 | ---D | M] -- C:\Users\IT\AppData\Roaming\webex
[2012/02/10 12:53:24 | 000,032,564 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:A4A25FD3

< End of report >







OTL Extras logfile created on: 2/10/2012 1:00:48 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\IT\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.30 Gb Available Physical Memory | 65.35% Memory free
3.98 Gb Paging File | 3.13 Gb Available in Paging File | 78.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 134.32 Gb Total Space | 63.48 Gb Free Space | 47.26% Space Free | Partition Type: NTFS
Drive D: | 14.53 Gb Total Space | 8.27 Gb Free Space | 56.94% Space Free | Partition Type: FAT32

Computer Name: COMP2 | User Name: IT | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.reg [@ = Regedit.Document] -- c:\Winnt\Regedit.exe %1

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Shoreline Communications\ShoreWare Client\ShoreTel.exe" = C:\Program Files\Shoreline Communications\ShoreWare Client\ShoreTel.exe:*:Enabled:ShoreTel.ShoreTel.App -- (ShoreTel Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0393B40D-D377-41D1-B8F1-F15E73942E21}" = PSC WebClient 10.2B
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE 10.3
"{0A3238D7-AB32-1030-B717-F3E3F18B4A8C}" = Pervasive PSQL v10 SP3 Workgroup (32-bit)
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{1389C6A4-4965-4AEC-9175-08B54A10FA48}" = Microsoft SQL Server 2005 Mobile [ENU] Developer Tools
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1CE0168E-6312-4756-BFA2-7482CB674384}" = FAS CE Reader
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{21461F67-7C02-407E-9DF2-EF1752F55142}" = Aatrix Forms for Sage Timberline Office
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{247147AE-8C17-4DF0-9465-83C52FF40822}" = FAS 500 Fixed Assets Server
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 17
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2E98C5B7-D64C-4D7E-BFC3-A7D078569F28}" = Broadcom NetXtreme-I Netlink Driver and Management Installer
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{35343FF7-939B-401A-87B3-FF90A5123D88}" = Microsoft XML Parser and SDK
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{40928C54-F8EE-420D-BD80-07F2F78CFB0D}" = MySQL Connector/ODBC 3.51
"{437AB8E0-FB69-4222-B280-A64F3DE22591}" = Microsoft Visual Studio 2005 Professional Edition - ENU
"{44D4AF75-6870-41F5-9181-662EA05507E1}" = Microsoft Document Explorer 2005
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{489F0C61-C7AA-45DA-819F-7ABA6E9A73B7}" = Setup1
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{55593B5C-7C45-4C70-ADFA-9CEE5EA6DE4C}" = ShoreTel Communicator
"{5CF6EEE9-86B1-3DB6-A07C-8F6C079C39BA}" = Google Talk Plugin
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{625386A4-B6B6-4911-A6E8-23189C3F2D15}" = Microsoft .NET Compact Framework 2.0
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C531060-84FB-4F96-8F33-29DF020632EB}" = Microsoft .NET Compact Framework 1.0 SP3 Developer
"{6DEF11C0-35FF-4160-A543-FDD336C4DAE5}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{731B0E4D-F4C7-450C-95B0-E1A3176B1C75}" = Dell Backup and Recovery Manager
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{78B75C6D-E53C-424C-BF83-4B63BD4A6682}" = Microsoft Device Emulator version 1.0 - ENU
"{7F2142CA-6DC2-4F55-8F41-A1C1BFE11BBD}" = Microsoft Lync Web App Plug-in
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86EF9EB6-DE10-4ABB-B221-D61972BB3C09}" = Collaboration Data Objects 1.2.1
"{8896ADF1-4CF6-4DFF-8F7C-D5920AA6ADEE}" = KnowledgeTree Office Add-in
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A2FFE1C-19E1-48D2-BE3A-70B17FCC4072}" = FAS 500 Asset Accounting Client
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{94FB0978-D094-40C7-91D7-834D39220D4A}" = Crystal Reports XI Release 2 for Sage
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96A5801E-727B-472D-BB21-4FD05739CDB0}" = Rent Manager Xi
"{99D02E0C-9D2D-456E-AA04-733B57F677CE}" = Report Writer for FAS
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9EDA3DD1-130D-4EE1-A3D2-5A3D795CC8C9}" = MFCLOC
"{A7FE99B6-E077-4F52-BC6A-E24C338F3C23}" = Crystal Reports XI Release 2 .NET 2005 Server
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-1033-F400-BA7E-000000000004}" = Adobe Acrobat 9 Standard - English, Français, Deutsch
"{AC76BA86-1033-F400-BA7E-000000000004}_945" = Adobe Acrobat 9.4.5 - CPSID_83708
"{AC76BA86-1033-F400-BA7E-000000000004}{AC76BA86-1033-F400-BA7E-000000000004}" = Adobe Acrobat 9 Standard - English, Français, Deutsch
"{B1A0943F-6FC0-41DD-81B8-BA6535578D96}" = LOANLEDGER
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B26F8176-711A-46D2-8D35-C4AB88F70A5F}" = FAS 500 Asset Inventory Client
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{C378651D-4F97-450E-9D33-8AF8C02FC287}" = Sage Timberline Office Accounting Client
"{CAEAD1E4-A15F-4249-A1B6-9D42080C7361}" = Adobe Photoshop Lightroom 3.4
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D1E91805-6812-47AD-AB94-47F87AE50B60}" = Sage Installation Manager SERVER programs
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE 10.3
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F91338D8-3EE8-4E13-AF2E-E3FA08AF0652}" = WebEx Event Manager for Internet Explorer
"Able2Extract Professional v5.0" = Able2Extract Professional v5.0
"ActiveTouchMeetingClient" = WebEx
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AutoHotkey" = AutoHotkey 1.0.48.05
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"HASP Device Drivers" = HASP Device Drivers
"HDMI" = Intel® Graphics Media Accelerator Driver
"Hyena" = Hyena
"InstallShield_{247147AE-8C17-4DF0-9465-83C52FF40822}" = FAS 500 Fixed Assets Server
"InstallShield_{8A2FFE1C-19E1-48D2-BE3A-70B17FCC4072}" = FAS 500 Asset Accounting Client
"InstallShield_{B26F8176-711A-46D2-8D35-C4AB88F70A5F}" = FAS 500 Asset Inventory Client
"Jenark - Access Property Management" = Jenark - Access Property Management
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Microsoft Document Explorer 2005" = Microsoft Document Explorer 2005
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Microsoft Visual Studio 2005 Professional Edition - ENU" = Microsoft Visual Studio 2005 Professional Edition - ENU
"Mozilla Firefox 10.0 (x86 en-US)" = Mozilla Firefox 10.0 (x86 en-US)
"MWSnap 3" = MWSnap 3
"Numara Track-It! Agent" = Numara Track-It! 9 Agent
"Office Connector" = Office Connector (Remove Only)
"Pervasive PSQL v10 SP3 Workgroup (32-bit)" = Pervasive PSQL v10 SP3 Workgroup (32-bit)
"PROHYBRIDR" = 2007 Microsoft Office system
"SimpleOCR 3.1" = SimpleOCR 3.1
"Smart PDF Converter Pro_is1" = Smart PDF Converter Pro 5.1.0.406
"SystemTools DumpSec" = SystemTools DumpSec
"TurboMeeting" = TurboMeeting
"TVWiz" = Intel® TV Wizard
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"WinCable Client 1.102.10.0" = WinCable Client 1.102.10.0
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.00 beta 3 (32-bit)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"5b717b7f9875b7bd" = Numara Track-It! Technician Client
"841a271928d00007" = MortgageAddOns
"cae94a2eefe1185d" = Macro Recorder
"GoToMeeting" = GoToMeeting 4.8.0.723
"JoinMe" = join.me

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/8/2012 6:02:10 PM | Computer Name = COMP2.OO.NET | Source = WcesComm | ID = 7
Description = Windows Mobile-based device failed to connect due to Fatal (0x80004005)
failure (see data for failure code).

Error - 2/8/2012 6:02:15 PM | Computer Name = COMP2.OO.NET | Source = WcesComm | ID = 7
Description = Windows Mobile-based device failed to connect due to Fatal (0x80004005)
failure (see data for failure code).

Error - 2/8/2012 6:02:21 PM | Computer Name = COMP2.OO.NET | Source = WcesComm | ID = 7
Description = Windows Mobile-based device failed to connect due to Fatal (0x80004005)
failure (see data for failure code).

Error - 2/8/2012 6:02:26 PM | Computer Name = COMP2.OO.NET | Source = WcesComm | ID = 7
Description = Windows Mobile-based device failed to connect due to Fatal (0x80004005)
failure (see data for failure code).

Error - 2/8/2012 6:02:31 PM | Computer Name = COMP2.OO.NET | Source = WcesComm | ID = 7
Description = Windows Mobile-based device failed to connect due to Fatal (0x80004005)
failure (see data for failure code).

Error - 2/8/2012 6:02:36 PM | Computer Name = COMP2.OO.NET | Source = WcesComm | ID = 7
Description = Windows Mobile-based device failed to connect due to Fatal (0x80004005)
failure (see data for failure code).

Error - 2/8/2012 6:02:41 PM | Computer Name = COMP2.OO.NET | Source = WcesComm | ID = 7
Description = Windows Mobile-based device failed to connect due to Fatal (0x80004005)
failure (see data for failure code).

Error - 2/8/2012 6:02:46 PM | Computer Name = COMP2.OO.NET | Source = WcesComm | ID = 7
Description = Windows Mobile-based device failed to connect due to Fatal (0x80004005)
failure (see data for failure code).

Error - 2/8/2012 6:02:51 PM | Computer Name = COMP2.OO.NET | Source = WcesComm | ID = 7
Description = Windows Mobile-based device failed to connect due to Fatal (0x80004005)
failure (see data for failure code).

Error - 2/8/2012 6:02:56 PM | Computer Name = COMP2.OO.NET | Source = WcesComm | ID = 7
Description = Windows Mobile-based device failed to connect due to Fatal (0x80004005)
failure (see data for failure code).

[ OSession Events ]
Error - 5/17/2010 4:03:00 PM | Computer Name = COMP2.OO.NET | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 202
seconds with 0 seconds of active time. This session ended with a crash.

Error - 6/1/2010 4:51:27 PM | Computer Name = COMP2.OO.NET | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4619
seconds with 0 seconds of active time. This session ended with a crash.

Error - 11/24/2010 7:16:29 AM | Computer Name = COMP2.OO.NET | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2500435
seconds with 17160 seconds of active time. This session ended with a crash.

Error - 12/16/2010 9:56:42 AM | Computer Name = COMP2.OO.NET | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8
seconds with 0 seconds of active time. This session ended with a crash.

Error - 4/1/2011 10:12:55 AM | Computer Name = COMP2.OO.NET | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 164026
seconds with 7980 seconds of active time. This session ended with a crash.

Error - 8/9/2011 2:43:35 PM | Computer Name = COMP2.OO.NET | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 621
seconds with 240 seconds of active time. This session ended with a crash.

Error - 8/12/2011 4:16:24 PM | Computer Name = COMP2.OO.NET | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4662
seconds with 1140 seconds of active time. This session ended with a crash.

Error - 12/19/2011 5:55:10 PM | Computer Name = COMP2.OO.NET | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 15209
seconds with 2460 seconds of active time. This session ended with a crash.

[ Sage Events ]
Error - 6/20/2011 1:02:26 PM | Computer Name = COMP2.OO.NET | Source = Sage Diagnostics | ID = 0
Description = Minidump created at: \\oc03\9.5\Accounting\Misc\Dumps\IA(fc0)-20110620-13021854.dmp

Error - 6/20/2011 1:02:26 PM | Computer Name = COMP2.OO.NET | Source = Sage Diagnostics | ID = 0
Description = Aborted. I/O Error. Pervasive status code 3112. Failure during receive
from the target server. Please refer to the Pervasive documentation for more information
on this status code

Error - 6/20/2011 1:02:28 PM | Computer Name = COMP2.OO.NET | Source = Sage Diagnostics | ID = 0
Description = End Information Assistant

Error - 6/20/2011 1:02:40 PM | Computer Name = COMP2.OO.NET | Source = Sage Diagnostics Exception | ID = 0
Description = An exception is being logged for diagnostic purposes. It is possible
for exceptions to be logged during the normal operation of the software. Exceptions
are included in increasing order of specificity. *********************************************

Exception
Source: Sage Entity Service Exception Message: An error occured while retrieving
the data for entity SecurityUser and operationSet GetSageUser in EntityService::GetEntityData

*********************************************

Exception
Source: Sage.Data.CRE.Provider Exception Message: I/O Error. Pervasive status code
170. . Please refer to the Pervasive documentation for more information on this
status code Exception Stack Trace: at Sage.Data.CRE.tsDbCommand.Execute(Int32&
recordsAffected) at Sage.Data.CRE.PervasiveAccessProvider.FillDataSet(IDbCommand
command) at Sage.Data.AOF.DataAccessProvider.GetDataSet(IDbCommand command)
at Sage.Data.AOF.DataAccessor.GetDataSet(String commandGroup, String commandName,
WorkingSet workingSet) at Sage.Data.AOF.DataAccessor.GetDataTable(String commandGroup,
String commandName, WorkingSet workingSet) at Sage.Data.AOF.DataAccessor.GetDataTable(String
commandName, WorkingSet workingSet) at Sage.Business.AOF.Internal.EntityServiceImpl.InternalGetEntity(String
entityName, String operationSetName, Hashtable parameters, WorkingSet sessionState,
Boolean readOnly, Boolean useLocks, Boolean ignoreEntityBuilders, Boolean schemaOnly,
String connectionType)

Error - 6/20/2011 5:23:48 PM | Computer Name = COMP2.OO.NET | Source = Sage Diagnostics | ID = 0
Description = Minidump created at: \\oc03\9.5\Accounting\Misc\Dumps\TS(2d4)-20110620-17232845.dmp

Error - 6/20/2011 5:23:48 PM | Computer Name = COMP2.OO.NET | Source = Sage Diagnostics | ID = 0
Description = Aborted. I/O Error. Pervasive status code 3110. The network layer is
not connected. Please refer to the Pervasive documentation for more information
on this status code

Error - 6/20/2011 5:23:55 PM | Computer Name = COMP2.OO.NET | Source = Sage Diagnostics | ID = 0
Description = End TS-Main

Error - 6/20/2011 5:24:04 PM | Computer Name = COMP2.OO.NET | Source = Sage Diagnostics Exception | ID = 0
Description = An exception is being logged for diagnostic purposes. It is possible
for exceptions to be logged during the normal operation of the software. Exceptions
are included in increasing order of specificity. *********************************************

Exception
Source: Sage Entity Service Exception Message: An error occured while retrieving
the data for entity SecurityUser and operationSet GetSageUser in EntityService::GetEntityData

*********************************************

Exception
Source: Sage.Data.CRE.Provider Exception Message: I/O Error. Pervasive status code
170. . Please refer to the Pervasive documentation for more information on this
status code Exception Stack Trace: at Sage.Data.CRE.tsDbCommand.Execute(Int32&
recordsAffected) at Sage.Data.CRE.PervasiveAccessProvider.FillDataSet(IDbCommand
command) at Sage.Data.AOF.DataAccessProvider.GetDataSet(IDbCommand command)
at Sage.Data.AOF.DataAccessor.GetDataSet(String commandGroup, String commandName,
WorkingSet workingSet) at Sage.Data.AOF.DataAccessor.GetDataTable(String commandGroup,
String commandName, WorkingSet workingSet) at Sage.Data.AOF.DataAccessor.GetDataTable(String
commandName, WorkingSet workingSet) at Sage.Business.AOF.Internal.EntityServiceImpl.InternalGetEntity(String
entityName, String operationSetName, Hashtable parameters, WorkingSet sessionState,
Boolean readOnly, Boolean useLocks, Boolean ignoreEntityBuilders, Boolean schemaOnly,
String connectionType)

Error - 1/31/2012 3:16:35 PM | Computer Name = COMP2.OO.NET | Source = Sage Diagnostics | ID = 0
Description = Minidump created at: \\oc03\9.5\Accounting\Misc\Dumps\TS(141c)-20120131-14163436.dmp

Error - 1/31/2012 3:16:35 PM | Computer Name = COMP2.OO.NET | Source = Sage Diagnostics | ID = 0
Description = Aborted. You cannot connect to the Pervasive database engine. Verify
that you have a Pervasive Database Engine set up at oc03. If not, refer to
the Technical System Reference guide for further information. This document is available
at \\oc03\9.5\Accounting\WinInst\Documents\TechnicalSystemReference.pdf [TS
2695]

[ System Events ]
Error - 2/10/2012 1:55:02 PM | Computer Name = COMP2.OO.NET | Source = Service Control Manager | ID = 7000
Description = The HTTP service failed to start due to the following error: %%22

Error - 2/10/2012 1:55:02 PM | Computer Name = COMP2.OO.NET | Source = Service Control Manager | ID = 7001
Description = The Function Discovery Provider Host service depends on the HTTP service
which failed to start because of the following error: %%22

Error - 2/10/2012 1:55:02 PM | Computer Name = COMP2.OO.NET | Source = Service Control Manager | ID = 7000
Description = The HTTP service failed to start due to the following error: %%22

Error - 2/10/2012 1:55:02 PM | Computer Name = COMP2.OO.NET | Source = Service Control Manager | ID = 7001
Description = The Function Discovery Provider Host service depends on the HTTP service
which failed to start because of the following error: %%22

Error - 2/10/2012 1:55:02 PM | Computer Name = COMP2.OO.NET | Source = Service Control Manager | ID = 7000
Description = The HTTP service failed to start due to the following error: %%22

Error - 2/10/2012 1:55:02 PM | Computer Name = COMP2.OO.NET | Source = Service Control Manager | ID = 7001
Description = The SSDP Discovery service depends on the HTTP service which failed
to start because of the following error: %%22

Error - 2/10/2012 1:55:51 PM | Computer Name = COMP2.OO.NET | Source = Service Control Manager | ID = 7000
Description = The MBAMProtector service failed to start due to the following error:
%%2

Error - 2/10/2012 1:55:51 PM | Computer Name = COMP2.OO.NET | Source = Service Control Manager | ID = 7001
Description = The MBAMService service depends on the MBAMProtector service which
failed to start because of the following error: %%2

Error - 2/10/2012 1:55:53 PM | Computer Name = COMP2.OO.NET | Source = Service Control Manager | ID = 7023
Description = The Windows Update service terminated with the following error: %%-2147014846

Error - 2/10/2012 2:03:39 PM | Computer Name = COMP2.OO.NET | Source = Service Control Manager | ID = 7023
Description = The Windows Update service terminated with the following error: %%-2147014846


< End of report >

Edited by Dustylady, 27 February 2012 - 08:12 AM.

  • 0

Advertisements


#2
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Hi, Dustylady! Posted ImageMy nick name is CompCav and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any questions or you are unsure about anything, just ask and I will help you out. :)

If you have resolved the issues you were originally experiencing, or have received help elsewhere, please let me know so that this topic can be closed.

I am currently still in training and my posts have to be approved by an expert so please expect a delay between my posts.

Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. One of the steps I will be asking you to do requires you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.

If you are ready to get started, please review and follow these guidelines so that we resolve your issues in a timely and effective manner:
  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
  • Please make sure to carefully read any instructions that I give you. Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. These instructions are not suitable for any other computer, even if the issues are fairly similar.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. However, the one thing that you should always do, is to make sure your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Just do a Copy/Paste of the entire contents of the log file inside your post and submit.
  • You must reply within four days failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic. PM me only if I have not responded to your last post in 2 days.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to ultimately reformat your hard drive and reinstall the operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Please have the software and storage media for backing up your data available.


Step 1.

Download OTL to your Desktop
or
If you still have OTL on your desktop go immediately to the following steps:

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select Scan All Users
  • Under File Scans File Age: Select 90 days from the drop down box.
  • Select Lop Check and Purity Check
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    C:\Windows\assembly\tmp\U\*.* /s
    C:\Program Files\Common Files\ComObjects\*.* /s
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open OTL.Txt .
  • Post the log


Step 2.

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
If it does not run rename aswMBR.exe to Iexplore.exe and try it again.

Step 3.

Please post:

OTL.txt
aswMBR log


Also please post any logs of tools that have been run before. Like RogueKiller files.



Give me any updates on issues with your computer
  • 0

#3
Dustylady

Dustylady

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts
CompCav, you brave soul, this should be a fun trip down the malware removal road. Posted Image I've no access to the sick computer on the weekends, so we'll both have extra time to ponder what we find.
  • 0

#4
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Pondering :bashhead:

More pondering :headscratch:

Deluxe pondering :headhurt:

:rofl:


CompCav
  • 0

#5
Dustylady

Dustylady

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts
Round #1 Posted Image



OTL logfile created on: 2/13/2012 9:44:36 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\IT\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.31 Gb Available Physical Memory | 65.81% Memory free
3.98 Gb Paging File | 3.17 Gb Available in Paging File | 79.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 134.32 Gb Total Space | 63.71 Gb Free Space | 47.43% Space Free | Partition Type: NTFS

Computer Name: COMP2 | User Name: IT | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2012/02/09 14:50:02 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\IT\Desktop\OTL.exe
PRC - [2011/06/15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/10/20 17:41:22 | 000,067,904 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\NLSSRV32.EXE
PRC - [2010/04/14 04:01:34 | 000,015,656 | ---- | M] () -- C:\Program Files\Sage\SIM\Server\Sage.Sim.Server.WindowsService.exe
PRC - [2009/12/06 21:12:00 | 001,590,216 | ---- | M] (UltraVNC) -- C:\Program Files\ultravnc\winvnc.exe
PRC - [2009/10/22 13:48:58 | 000,435,488 | ---- | M] (Pervasive Software Inc.) -- C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe
PRC - [2009/04/21 14:37:16 | 002,010,147 | ---- | M] (Great Lakes Data Systems, Inc.) -- C:\Program Files\GLDS\UpgradeManager\UpgradeManagerSvc.exe
PRC - [2009/02/20 10:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/04/27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/10/20 17:41:22 | 000,067,904 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2010/09/27 16:42:18 | 004,180,576 | ---- | M] (SafeNet Inc.) [Auto | Stopped] -- C:\Windows\System32\hasplms.exe -- (hasplms)
SRV - [2010/05/14 11:18:49 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/04/14 04:01:34 | 000,015,656 | ---- | M] () [Auto | Running] -- C:\Program Files\Sage\SIM\Server\Sage.Sim.Server.WindowsService.exe -- (SageInstMgrServer)
SRV - [2010/04/07 20:04:58 | 000,107,816 | ---- | M] (Timberline Software Corp.) [Auto | Stopped] -- C:\Program Files\Common Files\Sage\LS1\ServiceHost\1.0\Sage.LS1.ServiceHost.exe -- (Sage.LS1.ServiceHost.1.0) Sage Service Host (v1.0)
SRV - [2010/03/03 17:07:26 | 000,210,944 | ---- | M] (Numara Software, Inc.) [Auto | Stopped] -- C:\Windows\TIREMOTE\TIRemoteService.exe -- (TIRmtSvc)
SRV - [2009/12/06 21:12:00 | 001,590,216 | ---- | M] (UltraVNC) [Auto | Running] -- C:\Program Files\UltraVNC\winvnc.exe -- (winvnc.exe)
SRV - [2009/12/03 12:40:23 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/07/13 20:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:14:41 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Auto | Running] -- C:\Windows\System32\hpn.dll -- (emupia)
SRV - [2009/04/21 14:37:16 | 002,010,147 | ---- | M] (Great Lakes Data Systems, Inc.) [Auto | Running] -- C:\Program Files\GLDS\UpgradeManager\UpgradeManagerSvc.exe -- (UpgradeManager)
SRV - [2009/02/20 10:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/05/31 15:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 15:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2005/09/23 06:01:16 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)


========== Driver Services (SafeList) ==========

DRV - [2011/04/27 14:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 12:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/11/23 12:13:10 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2010/11/20 07:30:17 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2010/11/20 07:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 07:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 07:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 05:50:38 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 04:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WINUSB)
DRV - [2010/11/20 04:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 04:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/09/27 16:42:24 | 000,356,864 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2010/09/27 16:42:16 | 000,238,208 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\akshasp.sys -- (akshasp)
DRV - [2010/09/27 16:42:14 | 000,588,800 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2010/09/27 16:42:14 | 000,016,384 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\aksusb.sys -- (aksusb)
DRV - [2010/09/27 16:42:12 | 000,046,336 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\akshhl.sys -- (akshhl)
DRV - [2009/08/05 05:48:28 | 000,273,448 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink ™
DRV - [2009/07/13 17:09:17 | 004,194,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/05/11 12:55:12 | 000,084,992 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\basp.sys -- (Blfp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-823518204-261903793-839522115-5150\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1
IE - HKU\S-1-5-21-823518204-261903793-839522115-5150\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKU\S-1-5-21-823518204-261903793-839522115-5150\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-823518204-261903793-839522115-5150\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\IT\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\IT\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\IT\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\IT\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/02 16:55:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/22 13:49:22 | 000,000,000 | ---D | M]

[2011/12/06 12:25:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\IT\AppData\Roaming\mozilla\Extensions
[2011/05/05 15:24:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\IT\AppData\Roaming\mozilla\Firefox\Profiles\d5wusoz7.default\extensions
[2011/12/06 09:13:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\IT\AppData\Roaming\mozilla\Firefox\Profiles\d5wusoz7.default\extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}
[2011/12/06 12:25:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/02 16:55:41 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/01/09 08:17:33 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/09 08:17:33 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/02/08 15:31:27 | 000,000,000 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-823518204-261903793-839522115-5150\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-823518204-261903793-839522115-5150\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\CommandBar present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\S-1-5-21-823518204-261903793-839522115-5150\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-823518204-261903793-839522115-5150\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1
O7 - HKU\S-1-5-21-823518204-261903793-839522115-5150\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: QuickLaunchEnabled = 1
O7 - HKU\S-1-5-21-823518204-261903793-839522115-5150\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 1 = aim.exe
O7 - HKU\S-1-5-21-823518204-261903793-839522115-5150\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 2 = icq.exe
O7 - HKU\S-1-5-21-823518204-261903793-839522115-5150\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 3 = msmsgs.exe
O7 - HKU\S-1-5-21-823518204-261903793-839522115-5150\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 4 = msnmsgr.exe
O7 - HKU\S-1-5-21-823518204-261903793-839522115-5150\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 5 = msnmsgs.exe
O7 - HKU\S-1-5-21-823518204-261903793-839522115-5150\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 6 = ypager.exe
O7 - HKU\S-1-5-21-823518204-261903793-839522115-5150\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 7 = yupdater.exe
O7 - HKU\S-1-5-21-823518204-261903793-839522115-5150\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 1
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\winrnr.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} https://site.cmbchin...oad/CMBEdit.cab (Edit Class)
O16 - DPF: {71D73A47-975F-11D1-AA77-00A0C98D86D4} http://shoretel/shor...oiceMessage.ocx (VoiceMessage Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FA6424B7-D971-11D1-9697-00A0C928D512} http://shoretel/shor...TwentyFour7.ocx (TwentyFour7 Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = OO.NET
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - Unable to open key or key not present!
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/12/17 12:06:36 | 000,000,706 | ---- | M] () - C:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: emupia - C:\Windows\System32\hpn.dll (Oak Technology Inc.)
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2012/02/10 12:55:14 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Users\IT\Desktop\aswMBR.exe
[2012/02/10 12:55:14 | 002,059,824 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\IT\Desktop\tdsskiller.exe
[2012/02/10 12:55:14 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\IT\Desktop\OTL.exe
[2012/02/10 12:55:13 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\IT\Desktop\mbam--setup-1.60.1.1000.exe
[2012/02/08 15:25:10 | 000,083,456 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\serial.sys
[2012/02/08 14:31:18 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/02/08 14:23:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartDraw VP
[2012/02/08 14:21:59 | 000,000,000 | ---D | C] -- C:\Users\IT\Desktop\RK_Quarantine
[2012/02/08 14:21:56 | 004,399,227 | ---- | C] (Swearware) -- C:\Users\IT\Desktop\ComboFix.exe
[2012/02/08 13:36:58 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/02/08 08:12:44 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/02/08 08:12:44 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/02/07 15:11:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/07 15:03:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/02/07 15:03:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/02/07 15:03:41 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/02/07 15:02:27 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/25 10:12:54 | 000,000,000 | ---D | C] -- C:\Users\IT\AppData\Local\Applications
[2012/01/24 10:49:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\1033
[2012/01/09 14:30:01 | 000,000,000 | ---D | C] -- C:\Users\IT\AppData\Roaming\Macro Recorder
[2012/01/09 14:29:57 | 000,000,000 | ---D | C] -- C:\Users\IT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jitbit Macro Recorder
[2012/01/06 14:04:42 | 000,000,000 | ---D | C] -- C:\Users\IT\Desktop\Deadline Database
[2012/01/05 14:13:53 | 000,000,000 | ---D | C] -- C:\Users\IT\AppData\Local\join.me
[2012/01/04 12:29:15 | 000,000,000 | ---D | C] -- C:\Users\IT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft
[2012/01/04 08:56:49 | 000,000,000 | ---D | C] -- C:\Users\IT\Desktop\1098
[2011/12/21 09:24:33 | 023,048,192 | ---- | C] (Dynamic Interface Systems Corporation) -- C:\Users\IT\Desktop\ll300.exe
[2011/12/20 08:46:12 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2011/12/20 08:46:12 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2011/12/20 08:46:00 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2011/12/20 08:46:00 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2011/12/20 08:45:59 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2011/12/20 08:45:58 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2011/12/20 08:45:58 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2011/12/20 08:45:58 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2011/12/12 10:06:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2011/12/09 16:36:13 | 000,000,000 | ---D | C] -- C:\Windows\TIREMOTE
[2011/12/06 10:52:07 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2009/05/04 07:12:48 | 006,224,944 | ---- | C] (PKWARE, Inc. ) -- C:\Program Files\pkreader.exe

========== Files - Modified Within 90 Days ==========

[2012/02/13 09:40:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/13 09:40:48 | 1601,937,408 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/10 13:00:54 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/10 13:00:54 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/09 14:50:02 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\IT\Desktop\OTL.exe
[2012/02/09 14:47:02 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\IT\Desktop\mbam--setup-1.60.1.1000.exe
[2012/02/09 14:46:04 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Users\IT\Desktop\aswMBR.exe
[2012/02/09 14:45:08 | 002,059,824 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\IT\Desktop\tdsskiller.exe
[2012/02/09 14:44:40 | 004,399,227 | ---- | M] (Swearware) -- C:\Users\IT\Desktop\ComboFix.exe
[2012/02/08 15:31:27 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/02/08 14:22:35 | 000,722,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/08 14:22:35 | 000,145,030 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/08 14:14:42 | 001,202,688 | ---- | M] () -- C:\Users\IT\Desktop\RogueKiller.exe
[2012/02/08 13:51:39 | 277,389,603 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/02/08 12:25:55 | 005,492,736 | ---- | M] () -- C:\Users\IT\Desktop\Deadline_Manager.mdb
[2012/02/08 12:23:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-823518204-261903793-839522115-5150UA.job
[2012/02/08 08:56:17 | 000,000,158 | ---- | M] () -- C:\Windows\ricdb.ini
[2012/02/08 08:41:33 | 000,000,000 | -HS- | M] () -- C:\Windows\System32\dds_trash_log.cmd
[2012/02/08 08:14:20 | 000,002,679 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/02/08 06:23:00 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-823518204-261903793-839522115-5150Core1cc4ec8c6f8f671.job
[2012/02/07 17:17:28 | 000,002,198 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/02/07 17:02:25 | 172,953,600 | ---- | M] () -- C:\Users\IT\Desktop\Service Department_BE.mdb
[2012/02/07 10:21:40 | 003,271,124 | ---- | M] () -- C:\Users\IT\Desktop\International Property Maintenance Code.pdf
[2012/02/01 16:57:24 | 036,769,792 | ---- | M] () -- C:\Users\IT\Desktop\Service Department.mdb
[2012/02/01 10:31:01 | 000,002,447 | ---- | M] () -- C:\Users\IT\Desktop\s Quick Connect.lnk
[2012/02/01 10:29:28 | 000,072,080 | ---- | M] () -- C:\Users\IT\g2mdlhlpx.exe
[2012/01/31 07:44:05 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2012/01/23 15:36:05 | 000,000,284 | ---- | M] () -- C:\Users\IT\Desktop\repair.bat
[2012/01/09 14:29:57 | 000,000,326 | ---- | M] () -- C:\Users\IT\Desktop\Macro Recorder.appref-ms
[2012/01/06 16:49:05 | 000,157,696 | ---- | M] () -- C:\Users\IT\Desktop\ResidentInformation.adp
[2012/01/05 14:13:57 | 000,000,970 | ---- | M] () -- C:\Users\IT\Desktop\join.me.lnk
[2012/01/05 14:12:06 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/01/04 12:40:54 | 016,961,536 | ---- | M] () -- C:\Users\IT\Desktop\LL4000.mdb
[2012/01/03 15:50:03 | 000,001,574 | ---- | M] () -- C:\Users\IT\Desktop\MortgageAddOns.exe - Shortcut.lnk
[2011/12/30 09:58:14 | 000,001,089 | ---- | M] () -- C:\Users\IT\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2011/12/21 09:28:39 | 000,001,712 | ---- | M] () -- C:\Users\IT\Desktop\IT - Shortcut.lnk
[2011/12/21 09:26:43 | 023,048,192 | ---- | M] (Dynamic Interface Systems Corporation) -- C:\Users\IT\Desktop\ll300.exe
[2011/12/21 09:19:09 | 000,001,101 | ---- | M] () -- C:\Users\IT\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2011/12/20 12:09:00 | 000,449,800 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/09 16:36:05 | 000,094,208 | ---- | M] () -- C:\Windows\TIRHService.exe

========== Files Created - No Company Name ==========

[2012/02/08 14:23:16 | 000,002,419 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mobile Device Center.lnk
[2012/02/08 14:23:16 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2012/02/08 14:23:16 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/02/08 14:23:16 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2012/02/08 14:23:16 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2012/02/08 14:23:16 | 000,001,064 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinCable.lnk
[2012/02/08 14:23:15 | 000,002,781 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start Pervasive PSQL Workgroup Engine.lnk
[2012/02/08 14:23:14 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2012/02/08 14:23:12 | 000,002,030 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerDVD DX.lnk
[2012/02/08 14:23:11 | 000,001,899 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/02/08 14:23:11 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/02/08 14:23:10 | 000,002,507 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat 9 Standard.lnk
[2012/02/08 14:23:10 | 000,002,495 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crystal Reports XI Release 2 for Sage.lnk
[2012/02/08 14:23:10 | 000,002,465 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Distiller 9.lnk
[2012/02/08 14:23:10 | 000,002,069 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 3.4.lnk
[2012/02/08 14:23:10 | 000,001,979 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Help Documentation.lnk
[2012/02/08 14:23:10 | 000,000,972 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity 1.3 Beta.lnk
[2012/02/08 14:21:56 | 001,202,688 | ---- | C] () -- C:\Users\IT\Desktop\RogueKiller.exe
[2012/02/08 12:16:27 | 005,492,736 | ---- | C] () -- C:\Users\IT\Desktop\Deadline_Manager.mdb
[2012/02/07 15:03:42 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/02/07 15:03:42 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/02/07 15:03:42 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/02/07 15:03:42 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/02/07 15:03:42 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/02/07 10:20:08 | 003,271,124 | ---- | C] () -- C:\Users\IT\Desktop\International Property Maintenance Code.pdf
[2012/02/05 09:11:35 | 000,000,000 | -HS- | C] () -- C:\Windows\System32\dds_trash_log.cmd
[2012/02/01 16:44:27 | 036,769,792 | ---- | C] () -- C:\Users\IT\Desktop\Service Department.mdb
[2012/02/01 13:42:39 | 172,953,600 | ---- | C] () -- C:\Users\IT\Desktop\Service Department_BE.mdb
[2012/02/01 10:31:01 | 000,002,447 | ---- | C] () -- C:\Users\IT\Desktop\s Quick Connect.lnk
[2012/02/01 10:29:27 | 000,072,080 | ---- | C] () -- C:\Users\IT\g2mdlhlpx.exe
[2012/01/23 15:36:05 | 000,000,284 | ---- | C] () -- C:\Users\IT\Desktop\repair.bat
[2012/01/09 14:30:01 | 000,000,326 | ---- | C] () -- C:\Users\IT\Desktop\Macro Recorder.appref-ms
[2012/01/06 15:27:11 | 000,157,696 | ---- | C] () -- C:\Users\IT\Desktop\ResidentInformation.adp
[2012/01/05 14:13:54 | 000,000,978 | ---- | C] () -- C:\Users\IT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\join.me.lnk
[2012/01/05 14:13:54 | 000,000,970 | ---- | C] () -- C:\Users\IT\Desktop\join.me.lnk
[2012/01/04 08:47:39 | 016,961,536 | ---- | C] () -- C:\Users\IT\Desktop\LL4000.mdb
[2012/01/03 15:50:03 | 000,001,574 | ---- | C] () -- C:\Users\IT\Desktop\MortgageAddOns.exe - Shortcut.lnk
[2011/12/30 09:58:14 | 000,001,089 | ---- | C] () -- C:\Users\IT\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2011/12/21 15:35:14 | 000,001,896 | ---- | C] () -- C:\Users\IT\Desktop\IT.lnk
[2011/12/21 09:28:39 | 000,001,712 | ---- | C] () -- C:\Users\IT\Desktop\IT - Shortcut.lnk
[2011/12/09 16:36:06 | 000,094,208 | ---- | C] () -- C:\Windows\TIRHService.exe
[2011/12/06 12:25:09 | 000,001,106 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/12/06 10:52:04 | 277,389,603 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/07/26 06:42:41 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/07/26 06:42:41 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/06/17 12:10:18 | 000,847,360 | ---- | C] () -- C:\Windows\System32\wodCertificate.dll
[2011/06/17 12:10:17 | 001,986,560 | ---- | C] () -- C:\Windows\System32\pvsdk.dll
[2011/04/28 14:36:59 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/04/08 12:03:13 | 000,000,530 | ---- | C] () -- C:\Windows\System32\tx151ic.ini
[2011/01/26 07:52:33 | 000,000,662 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011/01/06 10:28:51 | 000,000,315 | ---- | C] () -- C:\Windows\SoftWriting.ini
[2010/11/23 12:13:10 | 000,000,383 | ---- | C] () -- C:\Windows\System32\haspdos.sys
[2010/11/23 12:13:05 | 000,024,576 | ---- | C] () -- C:\Windows\System32\hdduinst.exe
[2010/11/23 12:13:04 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNWISE.EXE
[2010/08/05 12:37:23 | 000,000,000 | ---- | C] () -- C:\Windows\gllink32.INI
[2010/08/04 13:35:20 | 000,000,158 | ---- | C] () -- C:\Windows\ricdb.ini
[2010/07/27 07:45:55 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/02/23 12:37:10 | 000,000,795 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/01/12 11:52:54 | 000,155,648 | ---- | C] () -- C:\Windows\System32\ssleay32.dll
[2009/12/17 12:18:41 | 000,023,052 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2009/12/17 10:40:16 | 000,006,604 | R-S- | C] () -- C:\ProgramData\ntuser.pol
[2009/12/03 12:33:13 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2009/10/22 15:38:56 | 000,000,392 | ---- | C] () -- C:\Windows\System32\BTRDRVR.SYS
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 23:33:53 | 000,449,800 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 21:05:48 | 000,722,810 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,145,030 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/17 11:13:30 | 000,508,224 | ---- | C] () -- C:\Windows\System32\ICCProfiles.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2008/11/20 22:17:12 | 000,118,784 | ---- | C] () -- C:\Windows\System32\myodbc3i.exe
[2008/11/20 22:17:12 | 000,106,496 | ---- | C] () -- C:\Windows\System32\myodbc3m.exe
[2007/09/14 14:54:36 | 000,397,312 | ---- | C] () -- C:\Windows\System32\CMBEdit.dll
[2007/08/16 15:17:50 | 000,143,360 | ---- | C] () -- C:\Windows\System32\nsldap32v50.dll
[2006/11/29 01:30:00 | 000,000,530 | ---- | C] () -- C:\Windows\System32\tx13_ic.ini
[2006/10/04 18:32:20 | 000,479,232 | ---- | C] () -- C:\Windows\System32\pfpro.dll
[2006/08/15 09:00:00 | 000,454,656 | R--- | C] () -- C:\Windows\System32\PaintX.dll
[2005/12/21 18:57:04 | 000,024,576 | ---- | C] () -- C:\Windows\System32\nsldappr32v50.dll
[2005/12/21 18:54:34 | 000,040,960 | ---- | C] () -- C:\Windows\System32\nsldapssl32v50.dll
[2003/04/01 18:43:22 | 000,139,264 | ---- | C] () -- C:\Windows\System32\TripleDes.dll

========== LOP Check ==========

[2010/10/28 08:32:44 | 000,000,000 | ---D | M] -- C:\Users\IT\AppData\Roaming\Audacity
[2010/05/12 14:06:10 | 000,000,000 | ---D | M] -- C:\Users\IT\AppData\Roaming\BACS.exe
[2011/01/06 11:19:15 | 000,000,000 | ---D | M] -- C:\Users\IT\AppData\Roaming\Downloaded Installations
[2011/01/26 07:54:46 | 000,000,000 | ---D | M] -- C:\Users\IT\AppData\Roaming\Event 1
[2010/07/12 09:11:07 | 000,000,000 | ---D | M] -- C:\Users\IT\AppData\Roaming\KnowledgeTree
[2012/01/09 14:30:01 | 000,000,000 | ---D | M] -- C:\Users\IT\AppData\Roaming\Macro Recorder
[2011/01/06 11:33:03 | 000,000,000 | ---D | M] -- C:\Users\IT\AppData\Roaming\Nitro PDF
[2010/09/21 09:52:18 | 000,000,000 | ---D | M] -- C:\Users\IT\AppData\Roaming\PO Management
[2012/02/02 13:36:20 | 000,000,000 | ---D | M] -- C:\Users\IT\AppData\Roaming\ShoreWare Client
[2011/01/06 10:22:30 | 000,000,000 | ---D | M] -- C:\Users\IT\AppData\Roaming\Smart PDF Converter Pro
[2010/08/10 08:37:37 | 000,000,000 | ---D | M] -- C:\Users\IT\AppData\Roaming\SmartDraw
[2011/01/06 10:31:27 | 000,000,000 | ---D | M] -- C:\Users\IT\AppData\Roaming\SmartSoftOCRHelper
[2010/08/31 15:24:37 | 000,000,000 | ---D | M] -- C:\Users\IT\AppData\Roaming\SystemTools
[2011/01/26 08:08:06 | 000,000,000 | ---D | M] -- C:\Users\IT\AppData\Roaming\Timberline
[2011/05/04 10:18:38 | 000,000,000 | ---D | M] -- C:\Users\IT\AppData\Roaming\Track-It!
[2011/06/29 08:09:13 | 000,000,000 | ---D | M] -- C:\Users\IT\AppData\Roaming\webex
[2012/02/13 09:40:56 | 000,032,564 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/03 00:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 00:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/10/28 01:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 00:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 07:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 07:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/13 20:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 2
"ImagePath" = system32\DRIVERS\netbios.sys -- [2009/07/13 18:53:54 | 000,036,352 | ---- | M] (Microsoft Corporation)
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 01 01 00 01 05 01 03 01 02 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 5
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters\Winsock]
"HelperDllName" = %SystemRoot%\System32\wshnetbs.dll -- [2009/07/13 20:16:20 | 000,010,752 | ---- | M] (Microsoft Corporation)
"MaxSockAddrLength" = 20
"MinSockAddrLength" = 20
"Mapping" = 02 00 00 00 03 00 00 00 11 00 00 00 05 00 00 00 00 00 00 00 11 00 00 00 02 00 00 00 00 00 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/02/02 16:55:38 | 000,834,800 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/02/02 16:55:38 | 000,834,800 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/02/02 16:55:38 | 000,834,800 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/02/02 16:55:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/02/02 16:55:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/02/02 16:55:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/03/30 11:29:36 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/03/30 11:29:36 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/03/30 11:29:36 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/03/30 11:29:38 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/03/30 11:29:38 | 000,748,336 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/02/02 16:55:38 | 000,834,800 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/02/02 16:55:38 | 000,834,800 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/02/02 16:55:38 | 000,834,800 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/02/02 16:55:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/02/02 16:55:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/02/02 16:55:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/03/30 11:29:36 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/03/30 11:29:36 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/03/30 11:29:36 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/03/30 11:29:38 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/03/30 11:29:38 | 000,748,336 | ---- | M] (Microsoft Corporation)

< C:\Windows\assembly\tmp\U\*.* /s >

< C:\Program Files\Common Files\ComObjects\*.* /s >

< %Temp%\smtmp\1\*.* >
[2009/07/13 23:46:35 | 000,001,282 | ---- | M] () -- C:\Users\IT\AppData\Local\Temp\smtmp\1\Default Programs.lnk
[2009/07/13 23:46:35 | 000,000,442 | -HS- | M] () -- C:\Users\IT\AppData\Local\Temp\smtmp\1\desktop.ini
[2009/07/13 23:37:43 | 000,001,266 | ---- | M] () -- C:\Users\IT\AppData\Local\Temp\smtmp\1\Windows Update.lnk

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >
[2011/05/18 08:25:03 | 000,002,039 | ---- | M] () -- C:\Users\IT\AppData\Local\Temp\smtmp\4\500 Asset Accounting.lnk
[2011/05/18 08:29:08 | 000,002,021 | ---- | M] () -- C:\Users\IT\AppData\Local\Temp\smtmp\4\500 Asset Inventory.lnk
[2010/11/30 13:26:36 | 000,000,981 | ---- | M] () -- C:\Users\IT\AppData\Local\Temp\smtmp\4\Malwarebytes' Anti-Malware.lnk
[2011/04/08 11:58:48 | 000,001,956 | ---- | M] () -- C:\Users\IT\AppData\Local\Temp\smtmp\4\Rent Manager.lnk

========== Alternate Data Streams ==========

@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:A4A25FD3

< End of report >





aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-13 09:52:50
-----------------------------
09:52:50.096 OS Version: Windows 6.1.7601 Service Pack 1
09:52:50.096 Number of processors: 2 586 0x170A
09:52:50.097 ComputerName: COMP2 UserName: IT
09:52:50.779 Initialize success
09:53:25.094 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
09:53:25.096 Disk 0 Vendor: SAMSUNG_HD161GJ 1AC01117 Size: 152587MB BusType: 3
09:53:25.112 Disk 0 MBR read successfully
09:53:25.115 Disk 0 MBR scan
09:53:25.119 Disk 0 Windows VISTA default MBR code
09:53:25.122 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
09:53:25.132 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 81920
09:53:25.148 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 137546 MB offset 30801920
09:53:25.154 Disk 0 scanning sectors +312497952
09:53:25.214 Disk 0 scanning C:\Windows\system32\drivers
09:53:31.855 Service scanning
09:53:32.558 Service .afd \? **LOCKED** 123
09:53:32.564 Service .dfsc \? **LOCKED** 123
09:53:32.570 Service .netbt \? **LOCKED** 123
09:53:32.576 Service .serial \? **LOCKED** 123
09:53:32.583 Service .tdx \? **LOCKED** 123
09:53:32.590 Service .vpcvmm \? **LOCKED** 123
09:53:32.661 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
09:53:33.262 Modules scanning
09:53:40.368 Disk 0 trace - called modules:
09:53:40.387 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll intelide.sys PCIIDEX.SYS atapi.sys
09:53:40.394 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85e23030]
09:53:40.401 3 CLASSPNP.SYS[891dd59e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8596b030]
09:53:40.407 Scan finished successfully
09:54:00.611 Disk 0 MBR has been saved successfully to "D:\AAAA tools\MBR.dat"
09:54:00.707 The log file has been saved successfully to "D:\AAAA tools\aswMBR.txt"

Edited by Dustylady, 27 February 2012 - 08:15 AM.

  • 0

#6
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Hi Dustylady,

Thank you for the logs!

Did you have any success finding the logs from the other tools that were run?

mbam for instance would have the log under the logs tab.

RogueKiller would be typically on the desktop as RKreport.txt

ComboFix normally is on C:\ as ComboFix.txt

TDSSKiller would be in the root directory C:\ as TDSSKiller.[Version]_[Date]_[Time]_[log].txt
  • 0

#7
Dustylady

Dustylady

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts
You could say I had TOO much success finding logs. MBAM, TDSSKiller and RogueKiller were all run repeatedly. I could not find a ComboFix log, there is a Qoobox folder, but nothing in quarantine.
Here are a couple MBAM logs that had items:


Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5214

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

12/16/2010 10:53:35 AM
mbam-log-2010-12-16 (10-53-35).txt

Scan type: Full scan (C:\|D:\|H:\|O:\|)
Objects scanned: 556284
Time elapsed: 2 hour(s), 9 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\RTHDBPL (Trojan.Downloader) -> Value: RTHDBPL -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 911122307

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

12/23/2011 10:33:24 AM
mbam-log-2011-12-23 (10-33-24).txt

Scan type: Quick scan
Objects scanned: 541690
Time elapsed: 41 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 4
Folders Infected: 1
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Explorer.exe (Trojan.Agent) -> Value: Explorer.exe -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
c:\Users\IT\AppData\Roaming\microsoft\Windows\start menu\Programs\win defrag (Rogue.WinDefrag) -> Quarantined and deleted successfully.

Files Infected:
c:\Users\IT\AppData\Roaming\microsoft\Windows\start menu\Programs\win defrag\win defrag.lnk (Rogue.WinDefrag) -> Quarantined and deleted successfully.
c:\Users\IT\AppData\Roaming\microsoft\Windows\start menu\Programs\win defrag\uninstall win defrag.lnk (Rogue.WinDefrag) -> Quarantined and deleted successfully.





Here's a few highlights of the TDSSKiller logs:


13:30:05.0965 3456 TDSS rootkit removing tool 2.6.16.0 Nov 7 2011 16:26:51
13:30:05.0982 3456 ============================================================
13:30:05.0982 3456 Current date / time: 2012/02/08 13:30:05.0982
13:30:05.0982 3456 SystemInfo:
13:30:05.0982 3456
13:30:05.0982 3456 OS Version: 6.1.7601 ServicePack: 1.0
13:30:05.0982 3456 Product type: Workstation
13:30:05.0982 3456 ComputerName: COMP2
13:30:05.0982 3456 UserName: IT
13:30:05.0982 3456 Windows directory: C:\Windows
13:30:05.0982 3456 System windows directory: C:\Windows
13:30:05.0982 3456 Processor architecture: Intel x86
13:30:05.0982 3456 Number of processors: 2
13:30:05.0982 3456 Page size: 0x1000
13:30:05.0982 3456 Boot type: Normal boot
13:30:05.0982 3456 ============================================================
13:30:07.0912 3456 Initialize success
13:30:10.0541 1644 ============================================================
13:30:10.0541 1644 Scan started
13:30:10.0541 1644 Mode: Manual;
13:30:10.0541 1644 ============================================================
13:30:11.0738 1644 .afd - ok
13:30:11.0767 1644 .dfsc - ok
13:30:11.0790 1644 .netbt - ok
13:30:11.0803 1644 .serial - ok
13:30:11.0809 1644 .tdx - ok
13:30:11.0823 1644 .vpcvmm - ok
13:30:11.0993 1644 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
13:30:12.0007 1644 1394ohci - ok
13:30:12.0074 1644 5689 - ok
13:30:12.0157 1644 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
13:30:12.0160 1644 ACPI - ok
13:30:12.0230 1644 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
13:30:12.0232 1644 AcpiPmi - ok
13:30:12.0337 1644 ADIHdAudAddService (9e5ae3da1956a7825cc5869be3350a96) C:\Windows\system32\drivers\ADIHdAud.sys
13:30:12.0351 1644 ADIHdAudAddService - ok
13:30:12.0425 1644 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
13:30:12.0430 1644 adp94xx - ok
13:30:12.0453 1644 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
13:30:12.0458 1644 adpahci - ok
13:30:12.0478 1644 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
13:30:12.0481 1644 adpu320 - ok
13:30:12.0531 1644 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
13:30:12.0532 1644 agp440 - ok
13:30:12.0556 1644 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
13:30:12.0557 1644 aic78xx - ok
13:30:12.0713 1644 aksfridge (11f424d02aea63a3a53445087072fdd0) C:\Windows\system32\DRIVERS\aksfridge.sys
13:30:12.0729 1644 aksfridge - ok
13:30:12.0788 1644 akshasp (64fc197d24a2b240598f29ce0a6660c0) C:\Windows\system32\DRIVERS\akshasp.sys
13:30:12.0805 1644 akshasp - ok
13:30:12.0835 1644 akshhl (147b61b81be1ffc38939ea47e5cfb51f) C:\Windows\system32\DRIVERS\akshhl.sys
13:30:12.0836 1644 akshhl - ok
13:30:12.0870 1644 aksusb (cce6c56f18d214de8d66f3f2a774cd5b) C:\Windows\system32\DRIVERS\aksusb.sys
13:30:12.0872 1644 aksusb - ok
13:30:12.0924 1644 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
13:30:12.0926 1644 aliide - ok
13:30:12.0945 1644 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
13:30:12.0946 1644 amdagp - ok
13:30:12.0965 1644 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
13:30:12.0967 1644 amdide - ok
13:30:13.0003 1644 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
13:30:13.0005 1644 AmdK8 - ok
13:30:13.0033 1644 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
13:30:13.0035 1644 AmdPPM - ok
13:30:13.0080 1644 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
13:30:13.0082 1644 amdsata - ok
13:30:13.0116 1644 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
13:30:13.0118 1644 amdsbs - ok
13:30:13.0133 1644 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
13:30:13.0134 1644 amdxata - ok
13:30:13.0190 1644 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
13:30:13.0202 1644 AppID - ok
13:30:13.0239 1644 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
13:30:13.0241 1644 arc - ok
13:30:13.0285 1644 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
13:30:13.0289 1644 arcsas - ok
13:30:13.0361 1644 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
13:30:13.0363 1644 AsyncMac - ok
13:30:13.0402 1644 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
13:30:13.0402 1644 atapi - ok
13:30:13.0520 1644 atikmdag (712d8a95e45b070114c5309ada7358ff) C:\Windows\system32\DRIVERS\atikmdag.sys
13:30:13.0571 1644 atikmdag - ok
13:30:13.0743 1644 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
13:30:13.0755 1644 b06bdrv - ok
13:30:13.0791 1644 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
13:30:13.0795 1644 b57nd60x - ok
13:30:13.0860 1644 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
13:30:13.0861 1644 Beep - ok
13:30:13.0920 1644 bfuxhybh (ad48d313e56f4cc7c67a6c0dd9047b03) C:\Windows\system32\drivers\bfuxhybh.sys
13:30:13.0952 1644 bfuxhybh - ok
13:30:13.0991 1644 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
13:30:14.0016 1644 blbdrive - ok
13:30:14.0055 1644 Blfp (d2f8d15f4852920e1f6b769e982414ad) C:\Windows\system32\DRIVERS\basp.sys
13:30:14.0063 1644 Blfp - ok
13:30:14.0126 1644 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
13:30:14.0134 1644 bowser - ok
13:30:14.0172 1644 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:30:14.0174 1644 BrFiltLo - ok
13:30:14.0213 1644 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:30:14.0214 1644 BrFiltUp - ok
13:30:14.0278 1644 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
13:30:14.0280 1644 BridgeMP - ok
13:30:14.0307 1644 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
13:30:14.0311 1644 Brserid - ok
13:30:14.0332 1644 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
13:30:14.0334 1644 BrSerWdm - ok
13:30:14.0351 1644 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:30:14.0352 1644 BrUsbMdm - ok
13:30:14.0368 1644 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
13:30:14.0369 1644 BrUsbSer - ok
13:30:14.0387 1644 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
13:30:14.0389 1644 BTHMODEM - ok
13:30:18.0254 1644 catchme - ok
13:30:18.0455 1644 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
13:30:18.0464 1644 cdfs - ok
13:30:18.0506 1644 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
13:30:18.0507 1644 circlass - ok
13:30:18.0588 1644 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
13:30:18.0591 1644 CLFS - ok
13:30:18.0758 1644 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
13:30:18.0767 1644 CmBatt - ok
13:30:18.0823 1644 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
13:30:18.0835 1644 cmdide - ok
13:30:18.0866 1644 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
13:30:18.0870 1644 CNG - ok
13:30:18.0910 1644 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
13:30:18.0911 1644 Compbatt - ok
13:30:18.0954 1644 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
13:30:18.0955 1644 CompositeBus - ok
13:30:18.0974 1644 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
13:30:18.0976 1644 crcdisk - ok
13:30:19.0027 1644 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
13:30:19.0032 1644 CSC - ok
13:30:19.0078 1644 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
13:30:19.0079 1644 discache - ok
13:30:19.0095 1644 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
13:30:19.0096 1644 Disk - ok
13:30:19.0143 1644 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
13:30:19.0144 1644 drmkaud - ok
13:30:19.0235 1644 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
13:30:19.0240 1644 DXGKrnl - ok
13:30:19.0540 1644 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
13:30:19.0576 1644 ebdrv - ok
13:30:19.0775 1644 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
13:30:19.0785 1644 elxstor - ok
13:30:19.0894 1644 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
13:30:19.0906 1644 ErrDev - ok
13:30:20.0021 1644 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
13:30:20.0034 1644 exfat - ok
13:30:20.0094 1644 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
13:30:20.0096 1644 fastfat - ok
13:30:20.0143 1644 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
13:30:20.0146 1644 fdc - ok
13:30:20.0222 1644 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
13:30:20.0223 1644 FileInfo - ok
13:30:20.0257 1644 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
13:30:20.0259 1644 Filetrace - ok
13:30:20.0295 1644 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
13:30:20.0296 1644 flpydisk - ok
13:30:20.0330 1644 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
13:30:20.0332 1644 FltMgr - ok
13:30:20.0367 1644 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
13:30:20.0411 1644 FsDepends - ok
13:30:20.0661 1644 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
13:30:20.0663 1644 fssfltr - ok
13:30:20.0711 1644 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
13:30:20.0712 1644 Fs_Rec - ok
13:30:20.0768 1644 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
13:30:20.0778 1644 fvevol - ok
13:30:20.0816 1644 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
13:30:20.0817 1644 gagp30kx - ok
13:30:20.0905 1644 Hardlock (995178a443b07fa9eeaea041d7b4b5ca) C:\Windows\system32\drivers\hardlock.sys
13:30:20.0912 1644 Hardlock - ok
13:30:20.0988 1644 Haspnt (2dd25f060dc9f79b5cdf33d90ed93669) C:\Windows\system32\drivers\Haspnt.sys
13:30:20.0990 1644 Haspnt - ok
13:30:21.0009 1644 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
13:30:21.0010 1644 hcw85cir - ok
13:30:21.0071 1644 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
13:30:21.0082 1644 HDAudBus - ok
13:30:21.0113 1644 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
13:30:21.0114 1644 HidBatt - ok
13:30:21.0173 1644 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
13:30:21.0175 1644 HidBth - ok
13:30:21.0198 1644 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
13:30:21.0200 1644 HidIr - ok
13:30:21.0231 1644 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
13:30:21.0232 1644 HidUsb - ok
13:30:21.0265 1644 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
13:30:21.0267 1644 HpSAMD - ok
13:30:21.0316 1644 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
13:30:21.0323 1644 HTTP - ok
13:30:21.0364 1644 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
13:30:21.0364 1644 hwpolicy - ok
13:30:21.0407 1644 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
13:30:21.0409 1644 i8042prt - ok
13:30:21.0484 1644 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
13:30:21.0488 1644 iaStorV - ok
13:30:21.0617 1644 igfx (1f50623259df354776df04c56504a2d7) C:\Windows\system32\DRIVERS\igdkmd32.sys
13:30:21.0742 1644 igfx - ok
13:30:21.0878 1644 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
13:30:21.0885 1644 iirsp - ok
13:30:21.0999 1644 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
13:30:22.0000 1644 intelide - ok
13:30:22.0114 1644 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
13:30:22.0126 1644 intelppm - ok
13:30:22.0174 1644 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:30:22.0176 1644 IpFilterDriver - ok
13:30:22.0217 1644 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
13:30:22.0219 1644 IPMIDRV - ok
13:30:22.0246 1644 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
13:30:22.0248 1644 IPNAT - ok
13:30:22.0268 1644 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
13:30:22.0269 1644 IRENUM - ok
13:30:22.0293 1644 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
13:30:22.0295 1644 isapnp - ok
13:30:22.0315 1644 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
13:30:22.0318 1644 iScsiPrt - ok
13:30:22.0383 1644 k57nd60x (62632763d9b2b7f92d2968d40406e7aa) C:\Windows\system32\DRIVERS\k57nd60x.sys
13:30:22.0385 1644 k57nd60x - ok
13:30:22.0418 1644 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
13:30:22.0419 1644 kbdclass - ok
13:30:22.0463 1644 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
13:30:22.0476 1644 kbdhid - ok
13:30:22.0531 1644 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
13:30:22.0532 1644 KSecDD - ok
13:30:22.0630 1644 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
13:30:22.0632 1644 KSecPkg - ok
13:30:22.0664 1644 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
13:30:22.0666 1644 lltdio - ok
13:30:22.0697 1644 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
13:30:22.0699 1644 LSI_FC - ok
13:30:22.0719 1644 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
13:30:22.0721 1644 LSI_SAS - ok
13:30:22.0765 1644 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:30:22.0767 1644 LSI_SAS2 - ok
13:30:22.0795 1644 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:30:22.0811 1644 LSI_SCSI - ok
13:30:22.0840 1644 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
13:30:22.0842 1644 luafv - ok
13:30:22.0876 1644 MBAMProtector - ok
13:30:22.0916 1644 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
13:30:22.0924 1644 megasas - ok
13:30:22.0950 1644 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
13:30:22.0953 1644 MegaSR - ok
13:30:22.0974 1644 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
13:30:22.0975 1644 Modem - ok
13:30:23.0005 1644 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
13:30:23.0006 1644 monitor - ok
13:30:23.0037 1644 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
13:30:23.0038 1644 mouclass - ok
13:30:23.0066 1644 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
13:30:23.0067 1644 mouhid - ok
13:30:23.0108 1644 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
13:30:23.0110 1644 mountmgr - ok
13:30:23.0194 1644 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
13:30:23.0232 1644 MpFilter - ok
13:30:23.0304 1644 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
13:30:23.0312 1644 mpio - ok
13:30:23.0460 1644 MpKsl54f959d6 (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C67EA321-B4AA-4906-B9BD-3E39BAB3FF3B}\MpKsl54f959d6.sys
13:30:23.0461 1644 MpKsl54f959d6 - ok
13:30:23.0557 1644 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
13:30:23.0558 1644 MpNWMon - ok
13:30:23.0654 1644 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
13:30:23.0655 1644 mpsdrv - ok
13:30:23.0724 1644 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
13:30:23.0726 1644 MRxDAV - ok
13:30:23.0773 1644 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:30:23.0775 1644 mrxsmb - ok
13:30:23.0850 1644 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:30:23.0853 1644 mrxsmb10 - ok
13:30:23.0880 1644 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:30:23.0882 1644 mrxsmb20 - ok
13:30:23.0916 1644 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
13:30:23.0918 1644 msahci - ok
13:30:23.0958 1644 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
13:30:23.0968 1644 msdsm - ok
13:30:24.0014 1644 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
13:30:24.0015 1644 Msfs - ok
13:30:24.0030 1644 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
13:30:24.0031 1644 mshidkmdf - ok
13:30:24.0048 1644 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
13:30:24.0049 1644 msisadrv - ok
13:30:24.0078 1644 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
13:30:24.0079 1644 MSKSSRV - ok
13:30:24.0135 1644 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
13:30:24.0136 1644 MSPCLOCK - ok
13:30:24.0146 1644 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
13:30:24.0147 1644 MSPQM - ok
13:30:24.0168 1644 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
13:30:24.0170 1644 MsRPC - ok
13:30:24.0193 1644 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
13:30:24.0193 1644 mssmbios - ok
13:30:24.0258 1644 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
13:30:24.0259 1644 MSTEE - ok
13:30:24.0327 1644 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
13:30:24.0329 1644 MTConfig - ok
13:30:24.0364 1644 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
13:30:24.0365 1644 Mup - ok
13:30:24.0396 1644 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
13:30:24.0400 1644 NativeWifiP - ok
13:30:24.0454 1644 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
13:30:24.0468 1644 NDIS - ok
13:30:24.0499 1644 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
13:30:24.0501 1644 NdisCap - ok
13:30:24.0531 1644 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
13:30:24.0533 1644 NdisTapi - ok
13:30:24.0570 1644 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
13:30:24.0572 1644 Ndisuio - ok
13:30:24.0670 1644 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
13:30:24.0682 1644 NdisWan - ok
13:30:24.0760 1644 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
13:30:24.0772 1644 NDProxy - ok
13:30:24.0858 1644 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
13:30:24.0878 1644 NetBIOS - ok
13:30:24.0914 1644 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
13:30:24.0916 1644 nfrd960 - ok
13:30:24.0975 1644 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
13:30:24.0976 1644 NisDrv - ok
13:30:25.0006 1644 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
13:30:25.0024 1644 Npfs - ok
13:30:25.0112 1644 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
13:30:25.0118 1644 nsiproxy - ok
13:30:25.0275 1644 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
13:30:25.0289 1644 Ntfs - ok
13:30:25.0317 1644 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
13:30:25.0318 1644 Null - ok
13:30:25.0384 1644 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
13:30:25.0397 1644 nvraid - ok
13:30:25.0435 1644 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
13:30:25.0438 1644 nvstor - ok
13:30:25.0474 1644 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
13:30:25.0476 1644 nv_agp - ok
13:30:25.0506 1644 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
13:30:25.0508 1644 ohci1394 - ok
13:30:25.0546 1644 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
13:30:25.0548 1644 Parport - ok
13:30:25.0602 1644 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
13:30:25.0603 1644 partmgr - ok
13:30:25.0674 1644 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
13:30:25.0690 1644 Parvdm - ok
13:30:25.0732 1644 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
13:30:25.0734 1644 pci - ok
13:30:25.0752 1644 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
13:30:25.0754 1644 pciide - ok
13:30:25.0775 1644 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
13:30:25.0779 1644 pcmcia - ok
13:30:25.0795 1644 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
13:30:25.0796 1644 pcw - ok
13:30:25.0828 1644 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
13:30:25.0835 1644 PEAUTH - ok
13:30:25.0902 1644 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
13:30:25.0904 1644 PptpMiniport - ok
13:30:25.0950 1644 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
13:30:25.0952 1644 Processor - ok
13:30:26.0045 1644 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
13:30:26.0053 1644 Psched - ok
13:30:26.0092 1644 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\Windows\system32\Drivers\PxHelp20.sys
13:30:26.0093 1644 PxHelp20 - ok
13:30:26.0142 1644 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
13:30:26.0158 1644 ql2300 - ok
13:30:26.0188 1644 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
13:30:26.0200 1644 ql40xx - ok
13:30:26.0224 1644 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
13:30:26.0225 1644 QWAVEdrv - ok
13:30:26.0287 1644 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
13:30:26.0288 1644 RasAcd - ok
13:30:26.0385 1644 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:30:26.0396 1644 RasAgileVpn - ok
13:30:26.0426 1644 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:30:26.0428 1644 Rasl2tp - ok
13:30:26.0458 1644 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
13:30:26.0460 1644 RasPppoe - ok
13:30:26.0473 1644 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
13:30:26.0474 1644 RasSstp - ok
13:30:26.0522 1644 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
13:30:26.0543 1644 rdbss - ok
13:30:26.0569 1644 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
13:30:26.0570 1644 rdpbus - ok
13:30:26.0660 1644 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:30:26.0671 1644 RDPCDD - ok
13:30:26.0719 1644 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
13:30:26.0721 1644 RDPDR - ok
13:30:26.0745 1644 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
13:30:26.0746 1644 RDPENCDD - ok
13:30:26.0763 1644 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
13:30:26.0764 1644 RDPREFMP - ok
13:30:26.0797 1644 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
13:30:26.0800 1644 RDPWD - ok
13:30:26.0877 1644 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
13:30:26.0879 1644 rdyboost - ok
13:30:26.0922 1644 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
13:30:26.0924 1644 rspndr - ok
13:30:26.0964 1644 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
13:30:26.0971 1644 s3cap - ok
13:30:27.0023 1644 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
13:30:27.0025 1644 sbp2port - ok
13:30:27.0076 1644 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
13:30:27.0077 1644 scfilter - ok
13:30:27.0136 1644 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
13:30:27.0137 1644 secdrv - ok
13:30:27.0164 1644 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
13:30:27.0166 1644 Serenum - ok
13:30:27.0204 1644 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
13:30:27.0205 1644 sermouse - ok
13:30:27.0270 1644 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
13:30:27.0272 1644 sffdisk - ok
13:30:27.0316 1644 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
13:30:27.0343 1644 sffp_mmc - ok
13:30:27.0454 1644 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
13:30:27.0469 1644 sffp_sd - ok
13:30:27.0530 1644 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
13:30:27.0531 1644 sfloppy - ok
13:30:27.0634 1644 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
13:30:27.0643 1644 sisagp - ok
13:30:27.0664 1644 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:30:27.0666 1644 SiSRaid2 - ok
13:30:27.0712 1644 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
13:30:27.0714 1644 SiSRaid4 - ok
13:30:27.0725 1644 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
13:30:27.0727 1644 Smb - ok
13:30:27.0755 1644 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
13:30:27.0756 1644 spldr - ok
13:30:27.0863 1644 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
13:30:27.0867 1644 srv - ok
13:30:27.0954 1644 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
13:30:27.0967 1644 srv2 - ok
13:30:27.0992 1644 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
13:30:27.0994 1644 srvnet - ok
13:30:28.0040 1644 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
13:30:28.0042 1644 stexstor - ok
13:30:28.0094 1644 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
13:30:28.0095 1644 storflt - ok
13:30:28.0130 1644 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
13:30:28.0132 1644 storvsc - ok
13:30:28.0150 1644 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
13:30:28.0151 1644 swenum - ok
13:30:28.0280 1644 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
13:30:28.0294 1644 Tcpip - ok
13:30:28.0321 1644 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
13:30:28.0329 1644 TCPIP6 - ok
13:30:28.0402 1644 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
13:30:28.0413 1644 tcpipreg - ok
13:30:28.0483 1644 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
13:30:28.0484 1644 TDPIPE - ok
13:30:28.0511 1644 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
13:30:28.0512 1644 TDTCP - ok
13:30:28.0581 1644 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
13:30:28.0609 1644 TermDD - ok
13:30:28.0749 1644 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:30:28.0760 1644 tssecsrv - ok
13:30:28.0915 1644 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
13:30:28.0917 1644 TsUsbFlt - ok
13:30:28.0972 1644 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
13:30:28.0988 1644 tunnel - ok
13:30:29.0037 1644 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
13:30:29.0038 1644 uagp35 - ok
13:30:29.0106 1644 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
13:30:29.0110 1644 udfs - ok
13:30:29.0193 1644 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
13:30:29.0195 1644 uliagpkx - ok
13:30:29.0253 1644 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
13:30:29.0254 1644 umbus - ok
13:30:29.0284 1644 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
13:30:29.0286 1644 UmPass - ok
13:30:29.0368 1644 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
13:30:29.0390 1644 usbccgp - ok
13:30:29.0419 1644 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
13:30:29.0421 1644 usbcir - ok
13:30:29.0471 1644 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
13:30:29.0497 1644 usbehci - ok
13:30:29.0639 1644 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
13:30:29.0642 1644 usbhub - ok
13:30:29.0678 1644 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
13:30:29.0680 1644 usbohci - ok
13:30:29.0715 1644 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
13:30:29.0717 1644 usbprint - ok
13:30:29.0774 1644 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\drivers\USBSTOR.SYS
13:30:29.0788 1644 USBSTOR - ok
13:30:29.0854 1644 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
13:30:29.0856 1644 usbuhci - ok
13:30:29.0932 1644 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\system32\Drivers\usbvideo.sys
13:30:29.0934 1644 usbvideo - ok
13:30:29.0977 1644 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
13:30:29.0980 1644 vdrvroot - ok
13:30:30.0043 1644 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
13:30:30.0045 1644 vga - ok
13:30:30.0069 1644 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
13:30:30.0070 1644 VgaSave - ok
13:30:30.0108 1644 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
13:30:30.0112 1644 vhdmp - ok
13:30:30.0148 1644 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
13:30:30.0149 1644 viaagp - ok
13:30:30.0204 1644 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
13:30:30.0207 1644 ViaC7 - ok
13:30:30.0245 1644 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
13:30:30.0249 1644 viaide - ok
13:30:30.0279 1644 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
13:30:30.0282 1644 vmbus - ok
13:30:30.0307 1644 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
13:30:30.0309 1644 VMBusHID - ok
13:30:30.0337 1644 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
13:30:30.0338 1644 volmgr - ok
13:30:30.0470 1644 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
13:30:30.0481 1644 volmgrx - ok
13:30:30.0557 1644 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
13:30:30.0598 1644 volsnap - ok
13:30:30.0692 1644 vpcbus (b26536add1d748cda104d856c979ae79) C:\Windows\system32\DRIVERS\vpchbus.sys
13:30:30.0719 1644 vpcbus - ok
13:30:30.0792 1644 vpcusb (5f4b55e91ce7e2523c9e1e0ece858869) C:\Windows\system32\DRIVERS\vpcusb.sys
13:30:30.0830 1644 vpcusb - ok
13:30:30.0896 1644 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
13:30:30.0918 1644 vsmraid - ok
13:30:30.0956 1644 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
13:30:30.0958 1644 vwifibus - ok
13:30:30.0998 1644 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
13:30:31.0005 1644 WacomPen - ok
13:30:31.0048 1644 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
13:30:31.0050 1644 WANARP - ok
13:30:31.0063 1644 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
13:30:31.0069 1644 Wanarpv6 - ok
13:30:31.0150 1644 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
13:30:31.0151 1644 Wd - ok
13:30:31.0206 1644 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
13:30:31.0214 1644 Wdf01000 - ok
13:30:31.0281 1644 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
13:30:31.0282 1644 WfpLwf - ok
13:30:31.0311 1644 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
13:30:31.0313 1644 WIMMount - ok
13:30:31.0411 1644 WINUSB (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
13:30:31.0420 1644 WINUSB - ok
13:30:31.0551 1644 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
13:30:31.0553 1644 WmiAcpi - ok
13:30:31.0652 1644 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
13:30:31.0653 1644 ws2ifsl - ok
13:30:31.0747 1644 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
13:30:31.0748 1644 WudfPf - ok
13:30:31.0776 1644 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:30:31.0778 1644 WUDFRd - ok
13:30:31.0817 1644 MBR (0x1B8) (6f9a1d528242bc09104b85e0becf5554) \Device\Harddisk0\DR0
13:30:31.0818 1644 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - infected
13:30:31.0818 1644 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.a (0)
13:30:31.0846 1644 Boot (0x1200) (15576ab3bbef52ebf0e7614e5b957224) \Device\Harddisk0\DR0\Partition0
13:30:31.0847 1644 \Device\Harddisk0\DR0\Partition0 - ok
13:30:31.0862 1644 Boot (0x1200) (6ab3f2df73ca4d0c35c038286ebf8b7f) \Device\Harddisk0\DR0\Partition1
13:30:31.0863 1644 \Device\Harddisk0\DR0\Partition1 - ok
13:30:31.0867 1644 ============================================================
13:30:31.0867 1644 Scan finished
13:30:31.0867 1644 ============================================================
13:30:31.0882 3560 Detected object count: 1
13:30:31.0882 3560 Actual detected object count: 1
13:30:39.0610 3560 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - will be cured on reboot
13:30:39.0611 3560 \Device\Harddisk0\DR0 - ok
13:30:39.0612 3560 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - User select action: Cure
13:32:02.0994 3452 Deinitialize success





13:36:27.0842 2416 ============================================================
13:36:27.0842 2416 Scan finished
13:36:27.0842 2416 ============================================================
13:36:27.0855 2328 Detected object count: 2
13:36:27.0855 2328 Actual detected object count: 2
13:36:58.0688 2328 C:\Windows\system32\drivers\Haspnt.sys - copied to quarantine
13:36:58.0706 2328 Haspnt ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
13:36:58.0711 2328 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
13:36:58.0714 2328 \Device\Harddisk0\DR0\TDLFS\bid - copied to quarantine
13:36:58.0719 2328 \Device\Harddisk0\DR0\TDLFS\affid - copied to quarantine
13:36:58.0721 2328 \Device\Harddisk0\DR0\TDLFS\boot - copied to quarantine
13:36:58.0726 2328 \Device\Harddisk0\DR0\TDLFS\cmd32 - copied to quarantine
13:36:58.0909 2328 \Device\Harddisk0\DR0\TDLFS\cmd64 - copied to quarantine
13:36:59.0019 2328 \Device\Harddisk0\DR0\TDLFS\dbg32 - copied to quarantine
13:36:59.0097 2328 \Device\Harddisk0\DR0\TDLFS\dbg64 - copied to quarantine
13:36:59.0144 2328 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
13:36:59.0239 2328 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
13:36:59.0269 2328 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
13:36:59.0308 2328 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
13:36:59.0339 2328 \Device\Harddisk0\DR0\TDLFS\main - copied to quarantine
13:36:59.0345 2328 \Device\Harddisk0\DR0\TDLFS\subid - copied to quarantine
13:36:59.0351 2328 \Device\Harddisk0\DR0\TDLFS\info - copied to quarantine
13:36:59.0356 2328 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Quarantine
13:37:01.0709 1420 Deinitialize success



13:54:07.0727 3472 ============================================================
13:54:07.0727 3472 Scan finished
13:54:07.0727 3472 ============================================================
13:54:07.0748 3464 Detected object count: 1
13:54:07.0748 3464 Actual detected object count: 1
13:54:14.0491 3464 Backup copy not found, trying to cure infected file..
13:54:14.0494 3464 Cure success, using it..
13:54:14.0594 3464 C:\Windows\system32\DRIVERS\MpFilter.sys - will be cured on reboot
13:54:14.0594 3464 MpFilter ( Rootkit.Win32.ZAccess.c ) - User select action: Cure



RKReports are all over the desktop. Here is the first one, and the most recent one



RogueKiller V7.0.4 [02/08/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User: IT [Admin rights]
Mode: Scan -- Date : 02/08/2012 14:22:15

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 21 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (202.136.55.155:8080) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowControlPanel (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD161GJ ATA Device +++++
--- User ---
[MBR] cae1fb3ef053c100bb2437796535c943
[BSP] be9ddea2c49fafe7fc0c60cd5a35b9a9 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 137546 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: TOSHIBA TransMemory USB Device +++++
--- User ---
[MBR] 8d70193cab9a880929a06e2e45d8e830
[BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 8064 | Size: 14879 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1].txt >>
RKreport[1].txt







RogueKiller V7.0.4 [02/08/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User: IT [Admin rights]
Mode: Scan -- Date : 02/08/2012 15:31:49

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 20 ¤¤¤
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowControlPanel (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD161GJ ATA Device +++++
--- User ---
[MBR] cae1fb3ef053c100bb2437796535c943
[BSP] be9ddea2c49fafe7fc0c60cd5a35b9a9 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 137546 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[9].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ;
RKreport[6].txt ; RKreport[7].txt ; RKreport[8].txt ; RKreport[9].txt

Edited by Dustylady, 27 February 2012 - 08:19 AM.

  • 0

#8
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Hi Dustylady,

Just a few steps to remember as we begin.

I am glad you have already put the Panda Vaccine on for protection of your clean computer. If you had not we would want you to do that before moving files back and forth.

Since this is Windows 7 we want to run all tools with a right click then run as administrator.

Make sure all tools are saved to the desktop and are run from the desktop.

Do you use Citrix GoToMeeting and/or GoToWebinar? Was it used or manipulated on 2/1 this month?


Step 1.

  • Download RogueKiller and save it on your desktop.
  • Quit all programs
  • Start RogueKiller.exe. (right click and run as administrator)
  • Wait until Prescan has finished ...
  • Click on Scan
  • Note: If RogueKiller will not run please try it several times, if it still does not run rename it winlogon.com and try it several times.
Posted Image
  • Wait for the end of the scan.
  • The report has been created on the desktop.
  • Click on the Delete button.
Posted Image
  • The report has been created on the desktop.

  • Next click on ShortcutsFix

    Posted Image
  • The report has been created on the desktop.

Please post:

All RKreport.txt text files located on your desktop.







Step 2.

We need to run an OTL Fix

Note: If you have Malwarebytes 1.6 or higher installed please disable it for the duration of this fix as it may interfere with the successfully execution of the script below. If it still hangs then please uninstall MalwareBytes' and run this fix again.


  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :processes
    killallprocesses
    
    
    :OTL
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-823518204-261903793-839522115-5150\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
    O32 - Unable to open key or key not present!
    [2012/02/08 08:41:33 | 000,000,000 | -HS- | M] () -- C:\Windows\System32\dds_trash_log.cmd
    
    
    :files
    ipconfig /flushdns /c
    xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
    xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
    xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
    xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
    
    
    :reg
    
    
    :Commands
    [purity]
    [resethosts]
    [emptyflash]
    [emptyjava]
    [createrestorepoint]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.


Step 3.

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks

Posted Image

Posted Image

When finished, it produces a log for you.
Please include the C:\ComboFix.txt in your next reply.



Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now


Step 4.

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


Step 5.

Download OTL to your Desktop ro if you still have it skip to the next step.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users, and under Extra Registry select Use SafeList
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
    C:\Windows\assembly\tmp\U\*.* /s
    C:\windows\*. /RP /s
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes
  • Post the log


Step 6.

Please Post:

all RkReport.txt files
Combofix log
TDSSKiller log
OTL.txt
Extras.txt



How is your computer doing? Are your wallpaper and icons normal?
  • 0

#9
Dustylady

Dustylady

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts
Well, that was nifty! Posted Image
My coworker said ComboFix had run all night and froze, hence no log from the previous run. As for the meeting connections, they are most likely ok and installed on purpose.

After RogueKiller ran, the start menu returned to normal, but after ComboFix the desktop background went black. All icons appear to be returned to normal in the menus. So I'd call this part all fixed!

During the scans ComboFix said it'd found the ZeroAccess rootkit and later said it found a rootkit, is that 2? Still no network connection, on reboot I get this error - w3dbsmgr.exe ordinal 1009 not found in dll WSOCK32.dll

and onwards with the logs...


1st RogueKiller


RogueKiller V7.0.4 [02/08/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User: IT [Admin rights]
Mode: Scan -- Date : 02/13/2012 17:31:22

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 20 ¤¤¤
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowControlPanel (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD161GJ ATA Device +++++
--- User ---
[MBR] cae1fb3ef053c100bb2437796535c943
[BSP] be9ddea2c49fafe7fc0c60cd5a35b9a9 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 137546 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: TOSHIBA TransMemory USB Device +++++
--- User ---
[MBR] 8d70193cab9a880929a06e2e45d8e830
[BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 8064 | Size: 14879 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[10].txt >>
RKreport[10].txt ; RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ;
RKreport[5].txt ; RKreport[6].txt ; RKreport[7].txt ; RKreport[8].txt ; RKreport[9].txt


=============================
2nd RogueKiller


RogueKiller V7.0.4 [02/08/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User: IT [Admin rights]
Mode: Remove -- Date : 02/13/2012 17:32:15

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 20 ¤¤¤
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowUser (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowControlPanel (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowHelp (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> REPLACED (1)
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD161GJ ATA Device +++++
--- User ---
[MBR] cae1fb3ef053c100bb2437796535c943
[BSP] be9ddea2c49fafe7fc0c60cd5a35b9a9 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 137546 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: TOSHIBA TransMemory USB Device +++++
--- User ---
[MBR] 8d70193cab9a880929a06e2e45d8e830
[BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 8064 | Size: 14879 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[11].txt >>
RKreport[10].txt ; RKreport[11].txt ; RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ;
RKreport[4].txt ; RKreport[5].txt ; RKreport[6].txt ; RKreport[7].txt ; RKreport[8].txt ;
RKreport[9].txt


===========================
3rd RogueKiller


RogueKiller V7.0.4 [02/08/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User: IT [Admin rights]
Mode: Shortcuts HJfix -- Date : 02/13/2012 17:33:51

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 0 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 0 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 6 / Fail 0
My documents: Success 0 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 38 / Fail 0
Backup: [FOUND] Success 4 / Fail 246

Drives:
[C:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume4 -- 0x2 --> Restored

¤¤¤ Infection : Rogue.FakeHDD ¤¤¤

Finished : << RKreport[12].txt >>
RKreport[10].txt ; RKreport[11].txt ; RKreport[12].txt ; RKreport[1].txt ; RKreport[2].txt ;
RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ; RKreport[6].txt ; RKreport[7].txt ;
RKreport[8].txt ; RKreport[9].txt

Edited by Dustylady, 27 February 2012 - 08:22 AM.

  • 0

#10
Dustylady

Dustylady

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts
OTL fix


========== PROCESSES ==========
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-823518204-261903793-839522115-5150\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
File not found.
C:\Windows\System32\dds_trash_log.cmd moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Could not flush the DNS Resolver Cache: Function failed during execution.
C:\Users\IT\Desktop\cmd.bat deleted successfully.
C:\Users\IT\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 File(s) copied
C:\Users\IT\Desktop\cmd.bat deleted successfully.
C:\Users\IT\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
0 File(s) copied
C:\Users\IT\Desktop\cmd.bat deleted successfully.
C:\Users\IT\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\Users\IT\Desktop\cmd.bat deleted successfully.
C:\Users\IT\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied
C:\Users\IT\Desktop\cmd.bat deleted successfully.
C:\Users\IT\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYFLASH]

User: Admin

User: Administrator

User: Administrator.COMP2
->Flash cache emptied: 578 bytes

User: All Users

User: Default

User: Default User

User: IT
->Flash cache emptied: 470 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: Admin

User: Administrator

User: Administrator.COMP2
->Java cache emptied: 0 bytes

User: All Users

User: Default

User: Default User

User: IT
->Java cache emptied: 36673283 bytes

Total Java Files Cleaned = 35.00 mb



OTL by OldTimer - Version 3.2.31.0 log created on 02132012_173808

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Edited by Dustylady, 27 February 2012 - 08:24 AM.

  • 0

Advertisements


#11
Dustylady

Dustylady

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts
ComboFix 12-02-13.01 - IT 02/14/2012 8:20.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2037.1359 [GMT -5:00]
Running from: c:\users\IT\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\autorun.inf
c:\users\IT\AppData\Local\assembly\tmp
c:\users\IT\g2mdlhlpx.exe
c:\users\IT\GoToAssistDownloadHelper.exe
c:\windows\$NtUninstallKB2913$\BCD-Template
c:\windows\$NtUninstallKB2913$\BCD-Template.LOG
c:\windows\$NtUninstallKB2913$\COMPONENTS
c:\windows\$NtUninstallKB2913$\COMPONENTS.LOG
c:\windows\$NtUninstallKB2913$\COMPONENTS.LOG1
c:\windows\$NtUninstallKB2913$\COMPONENTS.LOG2
c:\windows\$NtUninstallKB2913$\COMPONENTS{2489bbe4-3b0f-11e1-9aee-002564917f8d}.TM.blf
c:\windows\$NtUninstallKB2913$\COMPONENTS{2489bbe4-3b0f-11e1-9aee-002564917f8d}.TMContainer00000000000000000001.regtrans-ms
c:\windows\$NtUninstallKB2913$\COMPONENTS{2489bbe4-3b0f-11e1-9aee-002564917f8d}.TMContainer00000000000000000002.regtrans-ms
c:\windows\$NtUninstallKB2913$\COMPONENTS{6640a2b0-f7c8-11df-9c1c-002564917f8d}.TM.blf
c:\windows\$NtUninstallKB2913$\COMPONENTS{6640a2b0-f7c8-11df-9c1c-002564917f8d}.TMContainer00000000000000000001.regtrans-ms
c:\windows\$NtUninstallKB2913$\COMPONENTS{6640a2b0-f7c8-11df-9c1c-002564917f8d}.TMContainer00000000000000000002.regtrans-ms
c:\windows\$NtUninstallKB2913$\COMPONENTS{6cced2ed-6e01-11de-8bed-001e0bcd1824}.TM.blf
c:\windows\$NtUninstallKB2913$\COMPONENTS{6cced2ed-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
c:\windows\$NtUninstallKB2913$\COMPONENTS{6cced2ed-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
c:\windows\$NtUninstallKB2913$\COMPONENTS{b5b8160b-20a1-11df-b10b-002564917f8d}.TM.blf
c:\windows\$NtUninstallKB2913$\COMPONENTS{b5b8160b-20a1-11df-b10b-002564917f8d}.TMContainer00000000000000000001.regtrans-ms
c:\windows\$NtUninstallKB2913$\COMPONENTS{b5b8160b-20a1-11df-b10b-002564917f8d}.TMContainer00000000000000000002.regtrans-ms
c:\windows\$NtUninstallKB2913$\DEFAULT.LOG
c:\windows\$NtUninstallKB2913$\netlogon.ftl
c:\windows\$NtUninstallKB2913$\RegBack\DEFAULT.LOG1
c:\windows\$NtUninstallKB2913$\RegBack\DEFAULT.LOG2
c:\windows\$NtUninstallKB2913$\RegBack\SAM.LOG1
c:\windows\$NtUninstallKB2913$\RegBack\SAM.LOG2
c:\windows\$NtUninstallKB2913$\RegBack\SECURITY.LOG1
c:\windows\$NtUninstallKB2913$\RegBack\SECURITY.LOG2
c:\windows\$NtUninstallKB2913$\RegBack\SOFTWARE.LOG1
c:\windows\$NtUninstallKB2913$\RegBack\SOFTWARE.LOG2
c:\windows\$NtUninstallKB2913$\RegBack\SYSTEM.LOG1
c:\windows\$NtUninstallKB2913$\RegBack\SYSTEM.LOG2
c:\windows\$NtUninstallKB2913$\SAM.LOG
c:\windows\$NtUninstallKB2913$\SECURITY.LOG
c:\windows\$NtUninstallKB2913$\SOFTWARE.LOG
c:\windows\$NtUninstallKB2913$\SYSTEM.LOG
c:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Adobe\Acrobat\9.0\Cache\AcroFnt09.lst
c:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Adobe\Color\ACECache10.lst
c:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Adobe\Color\Profiles\wscRGB.icc
c:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Adobe\Color\Profiles\wsRGB.icc
c:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data\Adobe\Acrobat\9.0\Cache\AcroFnt09.lst
c:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data\Adobe\Color\ACECache10.lst
c:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data\Adobe\Color\Profiles\wscRGB.icc
c:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data\Adobe\Color\Profiles\wsRGB.icc
c:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data\Application Data\Adobe\Acrobat\9.0\Cache\AcroFnt09.lst
c:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data\Application Data\Adobe\Color\ACECache10.lst
c:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data\Application Data\Adobe\Color\Profiles\wscRGB.icc
c:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data\Application Data\Adobe\Color\Profiles\wsRGB.icc
c:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Adobe\Acrobat\9.0\Cache\AcroFnt09.lst
c:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Adobe\Color\ACECache10.lst
c:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wscRGB.icc
c:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wsRGB.icc
c:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\9.0\Cache\AcroFnt09.lst
c:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Color\ACECache10.lst
c:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wscRGB.icc
c:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wsRGB.icc
c:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\9.0\Cache\AcroFnt09.lst
c:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\ACECache10.lst
c:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wscRGB.icc
c:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wsRGB.icc
c:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\9.0\Cache\AcroFnt09.lst
c:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\ACECache10.lst
c:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wscRGB.icc
c:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wsRGB.icc
c:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\9.0\Cache\AcroFnt09.lst
c:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\ACECache10.lst
c:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wscRGB.icc
c:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wsRGB.icc
c:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\9.0\Cache\AcroFnt09.lst
c:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\ACECache10.lst
c:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wscRGB.icc
c:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wsRGB.icc
c:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\9.0\Cache\AcroFnt09.lst
c:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\ACECache10.lst
c:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wscRGB.icc
c:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wsRGB.icc
c:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\9.0\Cache\AcroFnt09.lst
c:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\ACECache10.lst
c:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wscRGB.icc
c:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wsRGB.icc
c:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\ACECache10.lst
c:\windows\$NtUninstallKB2913$\systemprofile\ntuser.dat
c:\windows\$NtUninstallKB2913$\systemprofile\ntuser.dat.LOG
c:\windows\$NtUninstallKB2913$\systemprofile\ntuser.dat.LOG1
c:\windows\$NtUninstallKB2913$\systemprofile\ntuser.dat.LOG2
c:\windows\$NtUninstallKB2913$\systemprofile\ntuser.dat{c7ab7476-e041-11de-8491-806e6f6e6963}.TM.blf
c:\windows\$NtUninstallKB2913$\systemprofile\ntuser.dat{c7ab7476-e041-11de-8491-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
c:\windows\$NtUninstallKB2913$\systemprofile\ntuser.dat{c7ab7476-e041-11de-8491-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
c:\windows\$NtUninstallKB2913$\TxR\{6cced300-6e01-11de-8bed-001e0bcd1824}.TxR.0.regtrans-ms
c:\windows\$NtUninstallKB2913$\TxR\{6cced300-6e01-11de-8bed-001e0bcd1824}.TxR.1.regtrans-ms
c:\windows\$NtUninstallKB2913$\TxR\{6cced300-6e01-11de-8bed-001e0bcd1824}.TxR.2.regtrans-ms
c:\windows\$NtUninstallKB2913$\TxR\{6cced300-6e01-11de-8bed-001e0bcd1824}.TxR.blf
c:\windows\system32\UNWISE.EXE
.
c:\windows\system32\drivers\afd.sys was missing
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_da774a9ad5cea29e\afd.sys
.
c:\windows\system32\drivers\netbt.sys was missing
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.1.7600.16385_none_603b1e855897bcd6\netbt.sys
.
c:\windows\system32\drivers\tdx.sys was missing
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7600.16385_none_ea141e6f3d693e28\tdx.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_.afd
-------\Service_.netbt
-------\Service_.serial
.
.
((((((((((((((((((((((((( Files Created from 2012-01-14 to 2012-02-14 )))))))))))))))))))))))))))))))
.
.
2012-02-14 13:33 . 2012-02-14 13:36 -------- d-----w- c:\users\IT\AppData\Local\temp
2012-02-14 13:33 . 2012-02-14 13:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-14 13:33 . 2012-02-14 13:33 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-02-14 13:33 . 2012-02-14 13:33 -------- d-----w- c:\users\Administrator.COMP2\AppData\Local\temp
2012-02-07 09:52 . 2012-01-06 04:19 6557240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C67EA321-B4AA-4906-B9BD-3E39BAB3FF3B}\mpengine.dll
2012-01-25 15:12 . 2012-01-25 15:12 -------- d-----w- c:\users\IT\AppData\Local\Applications
2012-01-24 15:49 . 2012-01-24 15:49 -------- d-----w- c:\windows\system32\1033
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-31 12:44 . 2009-12-17 15:45 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-06 04:19 . 2010-12-02 19:27 6557240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-01-05 19:12 . 2011-08-22 18:36 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-09 21:36 . 2011-12-09 21:36 94208 ----a-w- c:\windows\TIRHService.exe
2011-11-17 05:38 . 2012-01-11 14:46 1288472 ----a-w- c:\windows\system32\ntdll.dll
2007-12-21 14:00 . 2009-05-04 12:12 6224944 ----a-w- c:\program files\pkreader.exe
2012-02-02 21:55 . 2011-12-06 17:25 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-04-23 1314816]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-18 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-18 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-18 150552]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Start Pervasive PSQL Workgroup Engine.lnk - c:\windows\Installer\{0A3238D7-AB32-1030-B717-F3E3F18B4A8C}\WGE.14A03FCD_EA43_4130_A5C0_F02D38895A13.exe [2011-1-26 92854]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableInstallerDetection"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableChangePassword"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceStartMenuLogOff"= 1 (0x1)
"QuickLaunchEnabled"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-261903793-839522115-1390\Scripts\Logon\0\0]
"Script"=logon.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-261903793-839522115-1390\Scripts\Logon\1\0]
"Script"=\\tim\BGInfo\BGinfo.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-261903793-839522115-1390\Scripts\Logon\2\0]
"Script"=IT_Print_Script.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-261903793-839522115-1447\Scripts\Logon\0\0]
"Script"=logon.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-261903793-839522115-1447\Scripts\Logon\1\0]
"Script"=\\tim\BGInfo\BGinfo.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-261903793-839522115-1447\Scripts\Logon\2\0]
"Script"=IT_Print_Script.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-261903793-839522115-1473\Scripts\Logon\0\0]
"Script"=logon.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-261903793-839522115-1473\Scripts\Logon\1\0]
"Script"=\\tim\BGInfo\BGinfo.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-261903793-839522115-1473\Scripts\Logon\2\0]
"Script"=IT_Print_Script.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-261903793-839522115-2885\Scripts\Logon\0\0]
"Script"=logon.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-261903793-839522115-2928\Scripts\Logon\0\0]
"Script"=logon.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-261903793-839522115-2928\Scripts\Logon\1\0]
"Script"=\\tim\BGInfo\BGinfo.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-261903793-839522115-2928\Scripts\Logon\2\0]
"Script"=IT_Print_Script.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-261903793-839522115-3001\Scripts\Logon\0\0]
"Script"=logon.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-261903793-839522115-3001\Scripts\Logon\1\0]
"Script"=\\tim\BGInfo\BGinfo.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-261903793-839522115-3001\Scripts\Logon\2\0]
"Script"=IT_Print_Script.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-261903793-839522115-3005\Scripts\Logon\0\0]
"Script"=logon.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-261903793-839522115-3005\Scripts\Logon\1\0]
"Script"=\\tim\BGInfo\BGinfo.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-261903793-839522115-3005\Scripts\Logon\2\0]
"Script"=IT_Print_Script.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-261903793-839522115-3066\Scripts\Logon\0\0]
"Script"=logon.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-261903793-839522115-3066\Scripts\Logon\1\0]
"Script"=\\tim\BGInfo\BGinfo.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-261903793-839522115-3066\Scripts\Logon\2\0]
"Script"=IT_Print_Script.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-261903793-839522115-5122\Scripts\Logon\0\0]
"Script"=logon.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-261903793-839522115-5122\Scripts\Logon\1\0]
"Script"=\\tim\BGInfo\BGinfo.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-261903793-839522115-5122\Scripts\Logon\2\0]
"Script"=ACCT_Print_Script.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-261903793-839522115-5130\Scripts\Logon\0\0]
"Script"=logon.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-261903793-839522115-5130\Scripts\Logon\1\0]
"Script"=\\tim\BGInfo\BGinfo.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-261903793-839522115-5130\Scripts\Logon\2\0]
"Script"=ACCT_Print_Script.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-261903793-839522115-5150\Scripts\Logon\0\0]
"Script"=logon.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-261903793-839522115-5150\Scripts\Logon\1\0]
"Script"=\\tim\BGInfo\BGinfo.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-261903793-839522115-5150\Scripts\Logon\2\0]
"Script"=IT_Print_Script.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-261903793-839522115-5151\Scripts\Logon\0\0]
"Script"=logon.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-261903793-839522115-5151\Scripts\Logon\1\0]
"Script"=\\tim\BGInfo\BGinfo.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-261903793-839522115-5151\Scripts\Logon\2\0]
"Script"=IT_Print_Script.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-261903793-839522115-5215\Scripts\Logon\0\0]
"Script"=logon.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-261903793-839522115-5215\Scripts\Logon\1\0]
"Script"=\\tim\BGInfo\BGinfo.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-261903793-839522115-5215\Scripts\Logon\2\0]
"Script"=IT_Print_Script.vbs
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2010-09-22 22:11 640440 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2011-06-08 00:54 40376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 01:59 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-06-30 17:57 136176 ----atw- c:\users\IT\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 22:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2009-06-25 02:19 140520 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShoreTel Personal Call Manager]
2010-11-18 22:00 2314240 ----a-w- c:\program files\Shoreline Communications\ShoreWare Client\ShoreTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartSoft PDF Printer Agent]
2010-10-26 22:29 62864 ----a-w- c:\program files\Smart PDF Converter Pro\SmartSoft PDF Printer Agent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
2007-05-31 13:21 648072 ----a-w- c:\windows\WindowsMobile\wmdc.exe
.
R2 5689;5689;c:\windows\TEMP\5689.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-14 1343400]
R4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-09-23 2799808]
S2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe [2010-09-27 4180576]
S2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2010-10-20 67904]
S2 SageInstMgrServer;Sage Installation Manager Server;c:\program files\Sage\SIM\Server\Sage.Sim.Server.WindowsService.exe [2010-04-14 15656]
S2 TIRmtSvc;Track-It! Workstation Manager;c:\windows\TIREMOTE\TIRemoteService.exe [2010-03-03 210944]
S2 UpgradeManager;Upgrade Manager;c:\program files\GLDS\UpgradeManager\UpgradeManagerSvc.exe [2009-04-21 2010147]
S2 winvnc.exe;winvnc;c:\program files\UltraVNC\winvnc.exe [2009-12-07 1590216]
S3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-08-05 273448]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
emupia
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-261903793-839522115-5150Core1cc4ec8c6f8f671.job
- c:\users\IT\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-30 17:57]
.
2012-02-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-261903793-839522115-5150UA.job
- c:\users\IT\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-30 17:57]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
DPF: {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} - hxxps://site.cmbchina.com/download/CMBEdit.cab
DPF: {71D73A47-975F-11D1-AA77-00A0C98D86D4} - hxxp://shoretel/shorewaredirector/VoiceMessage.ocx
DPF: {FA6424B7-D971-11D1-9697-00A0C928D512} - hxxp://shoretel/shorewaredirector/TwentyFour7.ocx
FF - ProfilePath - c:\users\IT\AppData\Roaming\Mozilla\Firefox\Profiles\cgtl6uct.default\
.
.
------- File Associations -------
.
.reg=Regedit.Document
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-28717118.sys
MSConfigStartUp-MozillaAgent - c:\windows\Temp\_ex-68.exe
MSConfigStartUp-Privacy Protection - c:\programdata\privacy.exe
MSConfigStartUp-xXcnbsQjRkB - c:\programdata\xXcnbsQjRkB.exe
AddRemove-HASP Device Drivers - c:\windows\system32\UNWISE.EXE
AddRemove-Jenark - Access Property Management - K:\UNWISE.EXE
AddRemove-TurboMeeting - c:\users\Public\TurboMeeting\TMInstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\.dfsc]
"ImagePath"="\?"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\.vpcvmm]
"ImagePath"="\?"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
c:\program files\Common Files\Sage\LS1\ServiceHost\1.0\Sage.LS1.ServiceHost.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Pervasive Software\PSQL\bin\w3dbsmgr.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2012-02-14 08:40:22 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-14 13:40
.
Pre-Run: 70,805,557,248 bytes free
Post-Run: 79,543,070,720 bytes free
.
- - End Of File - - E43279FABB0AA62D1E8D4B30E340BB0E

Edited by Dustylady, 27 February 2012 - 08:26 AM.

  • 0

#12
Dustylady

Dustylady

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts
08:47:26.0480 2316 TDSS rootkit removing tool 2.7.12.0 Feb 11 2012 16:58:52
08:47:26.0767 2316 ============================================================
08:47:26.0767 2316 Current date / time: 2012/02/14 08:47:26.0767
08:47:26.0767 2316 SystemInfo:
08:47:26.0767 2316
08:47:26.0768 2316 OS Version: 6.1.7601 ServicePack: 1.0
08:47:26.0768 2316 Product type: Workstation
08:47:26.0768 2316 ComputerName: COMP2
08:47:26.0768 2316 UserName: IT
08:47:26.0768 2316 Windows directory: C:\Windows
08:47:26.0768 2316 System windows directory: C:\Windows
08:47:26.0768 2316 Processor architecture: Intel x86
08:47:26.0768 2316 Number of processors: 2
08:47:26.0768 2316 Page size: 0x1000
08:47:26.0768 2316 Boot type: Normal boot
08:47:26.0768 2316 ============================================================
08:47:28.0312 2316 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
08:47:28.0314 2316 Drive \Device\Harddisk1\DR1 - Size: 0x3A2360000 (14.53 Gb), SectorSize: 0x200, Cylinders: 0x769, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
08:47:28.0316 2316 \Device\Harddisk0\DR0:
08:47:28.0316 2316 MBR used
08:47:28.0316 2316 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
08:47:28.0316 2316 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x10CA5720
08:47:28.0316 2316 \Device\Harddisk1\DR1:
08:47:28.0317 2316 MBR used
08:47:28.0317 2316 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0x1D0FB80
08:47:28.0359 2316 Initialize success
08:47:28.0359 2316 ============================================================
08:48:35.0561 2332 ============================================================
08:48:35.0561 2332 Scan started
08:48:35.0561 2332 Mode: Manual; SigCheck; TDLFS;
08:48:35.0561 2332 ============================================================
08:48:36.0880 2332 .dfsc - ok
08:48:36.0936 2332 .vpcvmm - ok
08:48:37.0055 2332 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
08:48:37.0200 2332 1394ohci - ok
08:48:37.0390 2332 5689 - ok
08:48:37.0492 2332 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
08:48:37.0506 2332 ACPI - ok
08:48:37.0532 2332 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
08:48:37.0569 2332 AcpiPmi - ok
08:48:37.0628 2332 ADIHdAudAddService (9e5ae3da1956a7825cc5869be3350a96) C:\Windows\system32\drivers\ADIHdAud.sys
08:48:37.0689 2332 ADIHdAudAddService - ok
08:48:37.0738 2332 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
08:48:37.0757 2332 adp94xx - ok
08:48:37.0791 2332 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
08:48:37.0806 2332 adpahci - ok
08:48:37.0831 2332 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
08:48:37.0844 2332 adpu320 - ok
08:48:37.0928 2332 AFD (c427f91a748cd342a2b3f9278d9fd6a5) C:\Windows\system32\drivers\afd.sys
08:48:37.0970 2332 AFD - ok
08:48:38.0020 2332 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
08:48:38.0030 2332 agp440 - ok
08:48:38.0076 2332 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
08:48:38.0087 2332 aic78xx - ok
08:48:38.0150 2332 aksfridge (11f424d02aea63a3a53445087072fdd0) C:\Windows\system32\DRIVERS\aksfridge.sys
08:48:38.0187 2332 aksfridge - ok
08:48:38.0254 2332 akshasp (64fc197d24a2b240598f29ce0a6660c0) C:\Windows\system32\DRIVERS\akshasp.sys
08:48:38.0332 2332 akshasp - ok
08:48:38.0358 2332 akshhl (147b61b81be1ffc38939ea47e5cfb51f) C:\Windows\system32\DRIVERS\akshhl.sys
08:48:38.0377 2332 akshhl - ok
08:48:38.0425 2332 aksusb (cce6c56f18d214de8d66f3f2a774cd5b) C:\Windows\system32\DRIVERS\aksusb.sys
08:48:38.0449 2332 aksusb - ok
08:48:38.0510 2332 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
08:48:38.0519 2332 aliide - ok
08:48:38.0547 2332 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
08:48:38.0582 2332 amdagp - ok
08:48:38.0614 2332 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
08:48:38.0631 2332 amdide - ok
08:48:38.0676 2332 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
08:48:38.0712 2332 AmdK8 - ok
08:48:38.0739 2332 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
08:48:38.0773 2332 AmdPPM - ok
08:48:38.0833 2332 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
08:48:38.0843 2332 amdsata - ok
08:48:38.0868 2332 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
08:48:38.0880 2332 amdsbs - ok
08:48:38.0925 2332 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
08:48:38.0934 2332 amdxata - ok
08:48:38.0972 2332 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
08:48:39.0049 2332 AppID - ok
08:48:39.0118 2332 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
08:48:39.0130 2332 arc - ok
08:48:39.0155 2332 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
08:48:39.0166 2332 arcsas - ok
08:48:39.0238 2332 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
08:48:39.0320 2332 AsyncMac - ok
08:48:39.0448 2332 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
08:48:39.0456 2332 atapi - ok
08:48:39.0595 2332 atikmdag (712d8a95e45b070114c5309ada7358ff) C:\Windows\system32\DRIVERS\atikmdag.sys
08:48:39.0748 2332 atikmdag - ok
08:48:39.0928 2332 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
08:48:39.0956 2332 b06bdrv - ok
08:48:39.0998 2332 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
08:48:40.0034 2332 b57nd60x - ok
08:48:40.0098 2332 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
08:48:40.0136 2332 Beep - ok
08:48:40.0203 2332 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
08:48:40.0226 2332 blbdrive - ok
08:48:40.0273 2332 Blfp (d2f8d15f4852920e1f6b769e982414ad) C:\Windows\system32\DRIVERS\basp.sys
08:48:40.0297 2332 Blfp - ok
08:48:40.0342 2332 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
08:48:40.0362 2332 bowser - ok
08:48:40.0387 2332 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
08:48:40.0418 2332 BrFiltLo - ok
08:48:40.0444 2332 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
08:48:40.0487 2332 BrFiltUp - ok
08:48:40.0531 2332 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
08:48:40.0563 2332 BridgeMP - ok
08:48:40.0641 2332 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
08:48:40.0658 2332 Brserid - ok
08:48:40.0690 2332 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
08:48:40.0717 2332 BrSerWdm - ok
08:48:40.0740 2332 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
08:48:40.0766 2332 BrUsbMdm - ok
08:48:40.0789 2332 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
08:48:40.0801 2332 BrUsbSer - ok
08:48:40.0835 2332 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
08:48:40.0861 2332 BTHMODEM - ok
08:48:41.0022 2332 catchme - ok
08:48:41.0049 2332 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
08:48:41.0085 2332 cdfs - ok
08:48:41.0130 2332 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
08:48:41.0156 2332 circlass - ok
08:48:41.0220 2332 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
08:48:41.0233 2332 CLFS - ok
08:48:41.0272 2332 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
08:48:41.0296 2332 CmBatt - ok
08:48:41.0343 2332 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
08:48:41.0352 2332 cmdide - ok
08:48:41.0408 2332 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
08:48:41.0428 2332 CNG - ok
08:48:41.0468 2332 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
08:48:41.0478 2332 Compbatt - ok
08:48:41.0504 2332 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
08:48:41.0531 2332 CompositeBus - ok
08:48:41.0564 2332 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
08:48:41.0585 2332 crcdisk - ok
08:48:41.0664 2332 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
08:48:41.0692 2332 CSC - ok
08:48:41.0738 2332 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
08:48:41.0769 2332 discache - ok
08:48:41.0796 2332 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
08:48:41.0806 2332 Disk - ok
08:48:41.0883 2332 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
08:48:41.0918 2332 drmkaud - ok
08:48:41.0988 2332 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
08:48:42.0008 2332 DXGKrnl - ok
08:48:42.0101 2332 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
08:48:42.0160 2332 ebdrv - ok
08:48:42.0323 2332 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
08:48:42.0340 2332 elxstor - ok
08:48:42.0407 2332 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
08:48:42.0430 2332 ErrDev - ok
08:48:42.0483 2332 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
08:48:42.0513 2332 exfat - ok
08:48:42.0643 2332 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
08:48:42.0703 2332 fastfat - ok
08:48:42.0755 2332 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
08:48:42.0775 2332 fdc - ok
08:48:42.0817 2332 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
08:48:42.0828 2332 FileInfo - ok
08:48:42.0851 2332 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
08:48:42.0901 2332 Filetrace - ok
08:48:42.0945 2332 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
08:48:42.0966 2332 flpydisk - ok
08:48:42.0995 2332 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
08:48:43.0007 2332 FltMgr - ok
08:48:43.0040 2332 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
08:48:43.0051 2332 FsDepends - ok
08:48:43.0133 2332 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
08:48:43.0141 2332 fssfltr - ok
08:48:43.0165 2332 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
08:48:43.0175 2332 Fs_Rec - ok
08:48:43.0221 2332 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
08:48:43.0235 2332 fvevol - ok
08:48:43.0260 2332 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
08:48:43.0273 2332 gagp30kx - ok
08:48:43.0355 2332 Hardlock (995178a443b07fa9eeaea041d7b4b5ca) C:\Windows\system32\drivers\hardlock.sys
08:48:43.0381 2332 Hardlock - ok
08:48:43.0452 2332 Haspnt (2dd25f060dc9f79b5cdf33d90ed93669) C:\Windows\system32\drivers\Haspnt.sys
08:48:43.0468 2332 Haspnt ( UnsignedFile.Multi.Generic ) - warning
08:48:43.0468 2332 Haspnt - detected UnsignedFile.Multi.Generic (1)
08:48:43.0521 2332 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
08:48:43.0545 2332 hcw85cir - ok
08:48:43.0590 2332 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
08:48:43.0626 2332 HDAudBus - ok
08:48:43.0655 2332 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
08:48:43.0692 2332 HidBatt - ok
08:48:43.0731 2332 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
08:48:43.0760 2332 HidBth - ok
08:48:43.0788 2332 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
08:48:43.0824 2332 HidIr - ok
08:48:43.0884 2332 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
08:48:43.0912 2332 HidUsb - ok
08:48:43.0975 2332 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
08:48:43.0986 2332 HpSAMD - ok
08:48:44.0049 2332 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
08:48:44.0088 2332 HTTP - ok
08:48:44.0136 2332 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
08:48:44.0145 2332 hwpolicy - ok
08:48:44.0195 2332 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
08:48:44.0207 2332 i8042prt - ok
08:48:44.0335 2332 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
08:48:44.0349 2332 iaStorV - ok
08:48:44.0487 2332 igfx (1f50623259df354776df04c56504a2d7) C:\Windows\system32\DRIVERS\igdkmd32.sys
08:48:44.0601 2332 igfx - ok
08:48:44.0744 2332 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
08:48:44.0755 2332 iirsp - ok
08:48:44.0815 2332 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
08:48:44.0824 2332 intelide - ok
08:48:44.0845 2332 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
08:48:44.0869 2332 intelppm - ok
08:48:44.0904 2332 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:48:44.0940 2332 IpFilterDriver - ok
08:48:45.0003 2332 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
08:48:45.0027 2332 IPMIDRV - ok
08:48:45.0055 2332 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
08:48:45.0110 2332 IPNAT - ok
08:48:45.0141 2332 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
08:48:45.0164 2332 IRENUM - ok
08:48:45.0190 2332 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
08:48:45.0214 2332 isapnp - ok
08:48:45.0244 2332 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
08:48:45.0259 2332 iScsiPrt - ok
08:48:45.0368 2332 k57nd60x (62632763d9b2b7f92d2968d40406e7aa) C:\Windows\system32\DRIVERS\k57nd60x.sys
08:48:45.0501 2332 k57nd60x - ok
08:48:45.0524 2332 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
08:48:45.0538 2332 kbdclass - ok
08:48:45.0617 2332 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
08:48:45.0652 2332 kbdhid - ok
08:48:45.0708 2332 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
08:48:45.0718 2332 KSecDD - ok
08:48:45.0756 2332 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
08:48:45.0768 2332 KSecPkg - ok
08:48:45.0806 2332 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
08:48:45.0847 2332 lltdio - ok
08:48:45.0895 2332 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
08:48:45.0905 2332 LSI_FC - ok
08:48:45.0932 2332 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
08:48:45.0944 2332 LSI_SAS - ok
08:48:45.0969 2332 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
08:48:45.0980 2332 LSI_SAS2 - ok
08:48:46.0007 2332 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
08:48:46.0018 2332 LSI_SCSI - ok
08:48:46.0059 2332 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
08:48:46.0095 2332 luafv - ok
08:48:46.0133 2332 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
08:48:46.0143 2332 megasas - ok
08:48:46.0174 2332 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
08:48:46.0188 2332 MegaSR - ok
08:48:46.0221 2332 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
08:48:46.0259 2332 Modem - ok
08:48:46.0301 2332 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
08:48:46.0326 2332 monitor - ok
08:48:46.0388 2332 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
08:48:46.0398 2332 mouclass - ok
08:48:46.0433 2332 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
08:48:46.0459 2332 mouhid - ok
08:48:46.0499 2332 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
08:48:46.0511 2332 mountmgr - ok
08:48:46.0538 2332 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
08:48:46.0550 2332 mpio - ok
08:48:46.0608 2332 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
08:48:46.0633 2332 MpNWMon - ok
08:48:46.0734 2332 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
08:48:46.0767 2332 mpsdrv - ok
08:48:46.0834 2332 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
08:48:46.0864 2332 MRxDAV - ok
08:48:46.0906 2332 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
08:48:46.0919 2332 mrxsmb - ok
08:48:46.0973 2332 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:48:46.0989 2332 mrxsmb10 - ok
08:48:47.0011 2332 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:48:47.0044 2332 mrxsmb20 - ok
08:48:47.0094 2332 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
08:48:47.0105 2332 msahci - ok
08:48:47.0135 2332 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
08:48:47.0146 2332 msdsm - ok
08:48:47.0197 2332 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
08:48:47.0222 2332 Msfs - ok
08:48:47.0245 2332 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
08:48:47.0270 2332 mshidkmdf - ok
08:48:47.0287 2332 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
08:48:47.0297 2332 msisadrv - ok
08:48:47.0333 2332 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
08:48:47.0373 2332 MSKSSRV - ok
08:48:47.0413 2332 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
08:48:47.0450 2332 MSPCLOCK - ok
08:48:47.0464 2332 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
08:48:47.0507 2332 MSPQM - ok
08:48:47.0535 2332 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
08:48:47.0546 2332 MsRPC - ok
08:48:47.0575 2332 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
08:48:47.0586 2332 mssmbios - ok
08:48:47.0647 2332 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
08:48:47.0682 2332 MSTEE - ok
08:48:47.0722 2332 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
08:48:47.0748 2332 MTConfig - ok
08:48:47.0767 2332 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
08:48:47.0779 2332 Mup - ok
08:48:47.0814 2332 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
08:48:47.0845 2332 NativeWifiP - ok
08:48:47.0903 2332 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
08:48:47.0925 2332 NDIS - ok
08:48:48.0004 2332 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
08:48:48.0068 2332 NdisCap - ok
08:48:48.0093 2332 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
08:48:48.0132 2332 NdisTapi - ok
08:48:48.0196 2332 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
08:48:48.0231 2332 Ndisuio - ok
08:48:48.0277 2332 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
08:48:48.0301 2332 NdisWan - ok
08:48:48.0348 2332 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
08:48:48.0384 2332 NDProxy - ok
08:48:48.0444 2332 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
08:48:48.0482 2332 NetBIOS - ok
08:48:48.0556 2332 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
08:48:48.0597 2332 NetBT - ok
08:48:48.0670 2332 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
08:48:48.0694 2332 nfrd960 - ok
08:48:48.0745 2332 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
08:48:48.0754 2332 NisDrv - ok
08:48:48.0809 2332 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
08:48:48.0848 2332 Npfs - ok
08:48:48.0875 2332 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
08:48:48.0929 2332 nsiproxy - ok
08:48:48.0998 2332 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
08:48:49.0029 2332 Ntfs - ok
08:48:49.0048 2332 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
08:48:49.0089 2332 Null - ok
08:48:49.0145 2332 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
08:48:49.0161 2332 nvraid - ok
08:48:49.0187 2332 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
08:48:49.0201 2332 nvstor - ok
08:48:49.0250 2332 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
08:48:49.0261 2332 nv_agp - ok
08:48:49.0290 2332 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
08:48:49.0316 2332 ohci1394 - ok
08:48:49.0402 2332 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
08:48:49.0414 2332 Parport - ok
08:48:49.0464 2332 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
08:48:49.0474 2332 partmgr - ok
08:48:49.0510 2332 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
08:48:49.0532 2332 Parvdm - ok
08:48:49.0591 2332 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
08:48:49.0603 2332 pci - ok
08:48:49.0628 2332 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
08:48:49.0638 2332 pciide - ok
08:48:49.0683 2332 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
08:48:49.0697 2332 pcmcia - ok
08:48:49.0881 2332 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
08:48:49.0890 2332 pcw - ok
08:48:49.0944 2332 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
08:48:49.0996 2332 PEAUTH - ok
08:48:50.0090 2332 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
08:48:50.0153 2332 PptpMiniport - ok
08:48:50.0177 2332 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
08:48:50.0207 2332 Processor - ok
08:48:50.0271 2332 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
08:48:50.0327 2332 Psched - ok
08:48:50.0373 2332 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\Windows\system32\Drivers\PxHelp20.sys
08:48:50.0382 2332 PxHelp20 - ok
08:48:50.0430 2332 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
08:48:50.0465 2332 ql2300 - ok
08:48:50.0491 2332 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
08:48:50.0504 2332 ql40xx - ok
08:48:50.0537 2332 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
08:48:50.0553 2332 QWAVEdrv - ok
08:48:50.0596 2332 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
08:48:50.0636 2332 RasAcd - ok
08:48:50.0700 2332 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
08:48:50.0723 2332 RasAgileVpn - ok
08:48:50.0748 2332 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
08:48:50.0787 2332 Rasl2tp - ok
08:48:50.0836 2332 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
08:48:50.0872 2332 RasPppoe - ok
08:48:50.0899 2332 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
08:48:50.0934 2332 RasSstp - ok
08:48:51.0021 2332 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
08:48:51.0080 2332 rdbss - ok
08:48:51.0107 2332 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
08:48:51.0121 2332 rdpbus - ok
08:48:51.0164 2332 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
08:48:51.0223 2332 RDPCDD - ok
08:48:51.0296 2332 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
08:48:51.0322 2332 RDPDR - ok
08:48:51.0385 2332 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
08:48:51.0420 2332 RDPENCDD - ok
08:48:51.0459 2332 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
08:48:51.0494 2332 RDPREFMP - ok
08:48:51.0542 2332 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
08:48:51.0595 2332 RDPWD - ok
08:48:51.0676 2332 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
08:48:51.0690 2332 rdyboost - ok
08:48:51.0794 2332 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
08:48:51.0834 2332 rspndr - ok
08:48:51.0899 2332 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
08:48:52.0033 2332 s3cap - ok
08:48:52.0273 2332 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
08:48:52.0296 2332 sbp2port - ok
08:48:52.0366 2332 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
08:48:52.0403 2332 scfilter - ok
08:48:52.0506 2332 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
08:48:52.0551 2332 secdrv - ok
08:48:52.0590 2332 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
08:48:52.0625 2332 Serenum - ok
08:48:52.0694 2332 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
08:48:52.0718 2332 sermouse - ok
08:48:52.0750 2332 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
08:48:52.0775 2332 sffdisk - ok
08:48:52.0794 2332 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
08:48:52.0806 2332 sffp_mmc - ok
08:48:52.0833 2332 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
08:48:52.0860 2332 sffp_sd - ok
08:48:52.0907 2332 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
08:48:52.0944 2332 sfloppy - ok
08:48:52.0993 2332 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
08:48:53.0008 2332 sisagp - ok
08:48:53.0062 2332 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
08:48:53.0086 2332 SiSRaid2 - ok
08:48:53.0109 2332 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
08:48:53.0120 2332 SiSRaid4 - ok
08:48:53.0138 2332 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
08:48:53.0168 2332 Smb - ok
08:48:53.0225 2332 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
08:48:53.0233 2332 spldr - ok
08:48:53.0338 2332 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
08:48:53.0377 2332 srv - ok
08:48:53.0436 2332 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
08:48:53.0476 2332 srv2 - ok
08:48:53.0497 2332 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
08:48:53.0521 2332 srvnet - ok
08:48:53.0601 2332 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
08:48:53.0611 2332 stexstor - ok
08:48:53.0726 2332 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
08:48:53.0743 2332 storflt - ok
08:48:53.0769 2332 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
08:48:53.0782 2332 storvsc - ok
08:48:53.0806 2332 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
08:48:53.0815 2332 swenum - ok
08:48:53.0985 2332 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
08:48:54.0021 2332 Tcpip - ok
08:48:54.0050 2332 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
08:48:54.0076 2332 TCPIP6 - ok
08:48:54.0133 2332 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
08:48:54.0169 2332 tcpipreg - ok
08:48:54.0229 2332 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
08:48:54.0265 2332 TDPIPE - ok
08:48:54.0288 2332 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
08:48:54.0322 2332 TDTCP - ok
08:48:54.0378 2332 tdx (38f57d262164cb35bc8659785703cd6b) C:\Windows\system32\DRIVERS\tdx.sys
08:48:54.0379 2332 Suspicious file (Forged): C:\Windows\system32\DRIVERS\tdx.sys. Real md5: 38f57d262164cb35bc8659785703cd6b, Fake md5: cb39e896a2a83702d1737bfd402b3542
08:48:54.0380 2332 tdx ( Virus.Win32.ZAccess.c ) - infected
08:48:54.0380 2332 tdx - detected Virus.Win32.ZAccess.c (0)
08:48:54.0456 2332 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
08:48:54.0467 2332 TermDD - ok
08:48:54.0586 2332 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
08:48:54.0620 2332 tssecsrv - ok
08:48:54.0708 2332 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
08:48:54.0735 2332 TsUsbFlt - ok
08:48:54.0780 2332 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
08:48:54.0820 2332 tunnel - ok
08:48:54.0868 2332 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
08:48:54.0891 2332 uagp35 - ok
08:48:54.0935 2332 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
08:48:54.0976 2332 udfs - ok
08:48:55.0037 2332 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
08:48:55.0048 2332 uliagpkx - ok
08:48:55.0103 2332 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
08:48:55.0129 2332 umbus - ok
08:48:55.0175 2332 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
08:48:55.0199 2332 UmPass - ok
08:48:55.0264 2332 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
08:48:55.0276 2332 usbccgp - ok
08:48:55.0306 2332 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
08:48:55.0321 2332 usbcir - ok
08:48:55.0361 2332 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
08:48:55.0397 2332 usbehci - ok
08:48:55.0423 2332 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
08:48:55.0455 2332 usbhub - ok
08:48:55.0487 2332 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
08:48:55.0519 2332 usbohci - ok
08:48:55.0579 2332 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
08:48:55.0664 2332 usbprint - ok
08:48:55.0743 2332 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:48:55.0765 2332 USBSTOR - ok
08:48:55.0810 2332 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
08:48:55.0841 2332 usbuhci - ok
08:48:55.0904 2332 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\system32\Drivers\usbvideo.sys
08:48:55.0944 2332 usbvideo - ok
08:48:55.0989 2332 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
08:48:56.0000 2332 vdrvroot - ok
08:48:56.0044 2332 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
08:48:56.0067 2332 vga - ok
08:48:56.0088 2332 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
08:48:56.0113 2332 VgaSave - ok
08:48:56.0158 2332 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
08:48:56.0170 2332 vhdmp - ok
08:48:56.0202 2332 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
08:48:56.0223 2332 viaagp - ok
08:48:56.0252 2332 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
08:48:56.0300 2332 ViaC7 - ok
08:48:56.0317 2332 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
08:48:56.0327 2332 viaide - ok
08:48:56.0350 2332 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
08:48:56.0395 2332 vmbus - ok
08:48:56.0418 2332 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
08:48:56.0452 2332 VMBusHID - ok
08:48:56.0472 2332 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
08:48:56.0482 2332 volmgr - ok
08:48:56.0513 2332 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
08:48:56.0527 2332 volmgrx - ok
08:48:56.0572 2332 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
08:48:56.0586 2332 volsnap - ok
08:48:56.0623 2332 vpcbus (b26536add1d748cda104d856c979ae79) C:\Windows\system32\DRIVERS\vpchbus.sys
08:48:56.0635 2332 vpcbus - ok
08:48:56.0673 2332 vpcusb (5f4b55e91ce7e2523c9e1e0ece858869) C:\Windows\system32\DRIVERS\vpcusb.sys
08:48:56.0701 2332 vpcusb - ok
08:48:56.0775 2332 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
08:48:56.0787 2332 vsmraid - ok
08:48:56.0819 2332 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
08:48:56.0854 2332 vwifibus - ok
08:48:56.0899 2332 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
08:48:56.0918 2332 WacomPen - ok
08:48:56.0964 2332 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
08:48:57.0003 2332 WANARP - ok
08:48:57.0011 2332 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
08:48:57.0038 2332 Wanarpv6 - ok
08:48:57.0101 2332 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
08:48:57.0112 2332 Wd - ok
08:48:57.0143 2332 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
08:48:57.0161 2332 Wdf01000 - ok
08:48:57.0217 2332 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
08:48:57.0241 2332 WfpLwf - ok
08:48:57.0262 2332 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
08:48:57.0273 2332 WIMMount - ok
08:48:57.0367 2332 WINUSB (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
08:48:57.0405 2332 WINUSB - ok
08:48:57.0538 2332 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
08:48:57.0592 2332 WmiAcpi - ok
08:48:57.0661 2332 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
08:48:57.0702 2332 ws2ifsl - ok
08:48:58.0029 2332 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
08:48:58.0052 2332 WudfPf - ok
08:48:58.0081 2332 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
08:48:58.0133 2332 WUDFRd - ok
08:48:58.0163 2332 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
08:48:58.0642 2332 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
08:48:58.0642 2332 \Device\Harddisk0\DR0 - detected TDSS File System (1)
08:48:58.0648 2332 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
08:49:01.0028 2332 \Device\Harddisk1\DR1 - ok
08:49:01.0054 2332 Boot (0x1200) (15576ab3bbef52ebf0e7614e5b957224) \Device\Harddisk0\DR0\Partition0
08:49:01.0073 2332 \Device\Harddisk0\DR0\Partition0 - ok
08:49:01.0086 2332 Boot (0x1200) (6ab3f2df73ca4d0c35c038286ebf8b7f) \Device\Harddisk0\DR0\Partition1
08:49:01.0124 2332 \Device\Harddisk0\DR0\Partition1 - ok
08:49:01.0128 2332 Boot (0x1200) (27a6b9d7375b2ff43db9aacf3324feb3) \Device\Harddisk1\DR1\Partition0
08:49:01.0129 2332 \Device\Harddisk1\DR1\Partition0 - ok
08:49:01.0130 2332 ============================================================
08:49:01.0130 2332 Scan finished
08:49:01.0130 2332 ============================================================
08:49:01.0144 2316 Detected object count: 3
08:49:01.0144 2316 Actual detected object count: 3
08:49:49.0719 2316 Haspnt ( UnsignedFile.Multi.Generic ) - skipped by user
08:49:49.0719 2316 Haspnt ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:49:50.0087 2316 C:\Windows\system32\DRIVERS\tdx.sys - copied to quarantine
08:49:50.0179 2316 Backup copy found, using it..
08:49:50.0189 2316 C:\Windows\system32\DRIVERS\tdx.sys - will be cured on reboot
08:50:05.0447 2316 tdx ( Virus.Win32.ZAccess.c ) - User select action: Cure
08:50:05.0448 2316 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
08:50:05.0448 2316 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
08:50:12.0371 2084 Deinitialize success

Edited by Dustylady, 27 February 2012 - 08:28 AM.

  • 0

#13
Dustylady

Dustylady

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts
OTL logfile created on: 2/14/2012 8:55:14 AM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\IT\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.23 Gb Available Physical Memory | 61.63% Memory free
3.98 Gb Paging File | 3.00 Gb Available in Paging File | 75.41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 134.32 Gb Total Space | 74.80 Gb Free Space | 55.68% Space Free | Partition Type: NTFS
Drive D: | 14.53 Gb Total Space | 11.40 Gb Free Space | 78.47% Space Free | Partition Type: FAT32

Computer Name: COMP2 | User Name: IT | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/09 14:50:02 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\IT\Desktop\OTL.exe
PRC - [2011/06/15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 07:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/10/20 17:41:22 | 000,067,904 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\NLSSRV32.EXE
PRC - [2010/09/27 16:42:18 | 004,180,576 | ---- | M] (SafeNet Inc.) -- C:\Windows\System32\hasplms.exe
PRC - [2010/04/14 04:01:34 | 000,015,656 | ---- | M] () -- C:\Program Files\Sage\SIM\Server\Sage.Sim.Server.WindowsService.exe
PRC - [2010/04/07 20:04:58 | 000,107,816 | ---- | M] (Timberline Software Corp.) -- C:\Program Files\Common Files\Sage\LS1\ServiceHost\1.0\Sage.LS1.ServiceHost.exe
PRC - [2010/03/03 17:07:26 | 000,210,944 | ---- | M] (Numara Software, Inc.) -- C:\Windows\TIREMOTE\TIRemoteService.exe
PRC - [2009/12/06 21:12:00 | 001,590,216 | ---- | M] (UltraVNC) -- C:\Program Files\ultravnc\winvnc.exe
PRC - [2009/10/22 13:48:58 | 000,435,488 | ---- | M] (Pervasive Software Inc.) -- C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe
PRC - [2009/04/21 14:37:16 | 002,010,147 | ---- | M] (Great Lakes Data Systems, Inc.) -- C:\Program Files\GLDS\UpgradeManager\UpgradeManagerSvc.exe
PRC - [2009/02/20 10:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe


========== Modules (No Company Name) ==========

MOD - [2010/12/23 09:01:48 | 000,139,776 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2010/10/26 17:28:06 | 000,278,928 | ---- | M] () -- C:\Program Files\Smart PDF Converter Pro\ExplorerExt.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/04/27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/10/20 17:41:22 | 000,067,904 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2010/09/27 16:42:18 | 004,180,576 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\Windows\System32\hasplms.exe -- (hasplms)
SRV - [2010/05/14 11:18:49 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/04/14 04:01:34 | 000,015,656 | ---- | M] () [Auto | Running] -- C:\Program Files\Sage\SIM\Server\Sage.Sim.Server.WindowsService.exe -- (SageInstMgrServer)
SRV - [2010/04/07 20:04:58 | 000,107,816 | ---- | M] (Timberline Software Corp.) [Auto | Running] -- C:\Program Files\Common Files\Sage\LS1\ServiceHost\1.0\Sage.LS1.ServiceHost.exe -- (Sage.LS1.ServiceHost.1.0) Sage Service Host (v1.0)
SRV - [2010/03/03 17:07:26 | 000,210,944 | ---- | M] (Numara Software, Inc.) [Auto | Running] -- C:\Windows\TIREMOTE\TIRemoteService.exe -- (TIRmtSvc)
SRV - [2009/12/06 21:12:00 | 001,590,216 | ---- | M] (UltraVNC) [Auto | Running] -- C:\Program Files\UltraVNC\winvnc.exe -- (winvnc.exe)
SRV - [2009/12/03 12:40:23 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/07/13 20:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 20:14:41 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Auto | Running] -- C:\Windows\System32\hpn.dll -- (emupia)
SRV - [2009/04/21 14:37:16 | 002,010,147 | ---- | M] (Great Lakes Data Systems, Inc.) [Auto | Running] -- C:\Program Files\GLDS\UpgradeManager\UpgradeManagerSvc.exe -- (UpgradeManager)
SRV - [2009/02/20 10:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/05/31 15:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 15:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2005/09/23 06:01:16 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)


========== Driver Services (SafeList) ==========

DRV - [2011/04/27 14:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 12:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/11/23 12:13:10 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2010/11/20 07:30:17 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2010/11/20 07:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 07:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 07:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 05:50:38 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 04:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WINUSB)
DRV - [2010/11/20 04:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 04:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/09/27 16:42:24 | 000,356,864 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2010/09/27 16:42:16 | 000,238,208 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\akshasp.sys -- (akshasp)
DRV - [2010/09/27 16:42:14 | 000,588,800 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2010/09/27 16:42:14 | 000,016,384 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\aksusb.sys -- (aksusb)
DRV - [2010/09/27 16:42:12 | 000,046,336 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\akshhl.sys -- (akshhl)
DRV - [2009/08/05 05:48:28 | 000,273,448 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink ™
DRV - [2009/07/13 17:09:17 | 004,194,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/05/11 12:55:12 | 000,084,992 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\basp.sys -- (Blfp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-823518204-261903793-839522115-5150\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-823518204-261903793-839522115-5150\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\IT\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\IT\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\IT\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\IT\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/02 16:55:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/22 13:49:22 | 000,000,000 | ---D | M]

[2011/12/06 12:25:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\IT\AppData\Roaming\mozilla\Extensions
[2011/05/05 15:24:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\IT\AppData\Roaming\mozilla\Firefox\Profiles\d5wusoz7.default\extensions
[2011/12/06 09:13:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\IT\AppData\Roaming\mozilla\Firefox\Profiles\d5wusoz7.default\extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}
[2011/12/06 12:25:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/02 16:55:41 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/01/09 08:17:33 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/09 08:17:33 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/02/14 08:36:29 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-823518204-261903793-839522115-5150\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\CommandBar present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-823518204-261903793-839522115-5150\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-823518204-261903793-839522115-5150\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-823518204-261903793-839522115-5150\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1
O7 - HKU\S-1-5-21-823518204-261903793-839522115-5150\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: QuickLaunchEnabled = 1
O7 - HKU\S-1-5-21-823518204-261903793-839522115-5150\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-823518204-261903793-839522115-5150\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 1
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O16 - DPF: {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} https://site.cmbchin...oad/CMBEdit.cab (Edit Class)
O16 - DPF: {71D73A47-975F-11D1-AA77-00A0C98D86D4} http://shoretel/shor...oiceMessage.ocx (VoiceMessage Control)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FA6424B7-D971-11D1-9697-00A0C928D512} http://shoretel/shor...TwentyFour7.ocx (TwentyFour7 Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.30 192.168.0.164
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = OO.NET
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1C9F0091-8910-4AE3-BAFE-ECFD91511BB8}: DhcpNameServer = 192.168.0.30 192.168.0.164
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/12/22 13:47:36 | 000,000,016 | -H-- | M] () - D:\AUTORUN.INF -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: emupia - C:\Windows\System32\hpn.dll (Oak Technology Inc.)
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/02/14 08:39:49 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/02/14 08:33:20 | 000,000,000 | ---D | C] -- C:\Users\IT\AppData\Local\temp
[2012/02/14 08:26:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/13 17:43:22 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/02/13 17:38:08 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/02/10 12:55:14 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Users\IT\Desktop\aswMBR.exe
[2012/02/10 12:55:14 | 002,061,360 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\IT\Desktop\tdsskiller.exe
[2012/02/10 12:55:14 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\IT\Desktop\OTL.exe
[2012/02/10 12:55:13 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\IT\Desktop\mbam--setup-1.60.1.1000.exe
[2012/02/08 15:25:10 | 000,083,456 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\serial.sys
[2012/02/08 14:23:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartDraw VP
[2012/02/08 14:21:59 | 000,000,000 | ---D | C] -- C:\Users\IT\Desktop\RK_Quarantine
[2012/02/08 14:21:56 | 004,403,246 | R--- | C] (Swearware) -- C:\Users\IT\Desktop\ComboFix.exe
[2012/02/08 13:36:58 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/02/08 08:12:44 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/02/08 08:12:44 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/02/07 15:11:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/07 15:03:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/02/07 15:03:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/02/07 15:03:41 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/02/07 15:02:27 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/25 10:12:54 | 000,000,000 | ---D | C] -- C:\Users\IT\AppData\Local\Applications
[2012/01/24 10:49:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\1033
[2009/05/04 07:12:48 | 006,224,944 | ---- | C] (PKWARE, Inc. ) -- C:\Program Files\pkreader.exe

========== Files - Modified Within 30 Days ==========

[2012/02/14 08:51:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/14 08:51:14 | 1601,937,408 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/14 08:50:20 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/14 08:50:19 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/14 08:36:29 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/02/13 17:23:46 | 002,061,360 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\IT\Desktop\tdsskiller.exe
[2012/02/13 17:23:18 | 004,403,246 | R--- | M] (Swearware) -- C:\Users\IT\Desktop\ComboFix.exe
[2012/02/09 14:50:02 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\IT\Desktop\OTL.exe
[2012/02/09 14:47:02 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\IT\Desktop\mbam--setup-1.60.1.1000.exe
[2012/02/09 14:46:04 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Users\IT\Desktop\aswMBR.exe
[2012/02/08 14:22:35 | 000,722,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/08 14:22:35 | 000,145,030 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/08 14:14:42 | 001,202,688 | ---- | M] () -- C:\Users\IT\Desktop\RogueKiller.exe
[2012/02/08 13:51:39 | 277,389,603 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/02/08 12:25:55 | 005,492,736 | ---- | M] () -- C:\Users\IT\Desktop\Deadline_Manager.mdb
[2012/02/08 12:23:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-823518204-261903793-839522115-5150UA.job
[2012/02/08 08:56:17 | 000,000,158 | ---- | M] () -- C:\Windows\ricdb.ini
[2012/02/08 08:14:20 | 000,002,679 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/02/08 06:23:00 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-823518204-261903793-839522115-5150Core1cc4ec8c6f8f671.job
[2012/02/07 17:17:28 | 000,002,198 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/02/07 17:02:25 | 172,953,600 | ---- | M] () -- C:\Users\IT\Desktop\Service Department_BE.mdb
[2012/02/07 10:21:40 | 003,271,124 | ---- | M] () -- C:\Users\IT\Desktop\International Property Maintenance Code.pdf
[2012/02/01 16:57:24 | 036,769,792 | ---- | M] () -- C:\Users\IT\Desktop\Service Department.mdb
[2012/02/01 10:31:01 | 000,002,447 | ---- | M] () -- C:\Users\IT\Desktop\s Quick Connect.lnk
[2012/01/23 15:36:05 | 000,000,284 | ---- | M] () -- C:\Users\IT\Desktop\repair.bat

========== Files Created - No Company Name ==========

[2012/02/14 08:26:48 | 000,002,039 | ---- | C] () -- C:\Users\Public\Desktop\500 Asset Accounting.lnk
[2012/02/14 08:26:48 | 000,002,021 | ---- | C] () -- C:\Users\Public\Desktop\500 Asset Inventory.lnk
[2012/02/14 08:26:48 | 000,001,956 | ---- | C] () -- C:\Users\Public\Desktop\Rent Manager.lnk
[2012/02/14 08:26:48 | 000,000,981 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2012/02/13 17:32:28 | 000,002,039 | ---- | C] () -- C:\500 Asset Accounting.lnk
[2012/02/13 17:32:28 | 000,002,021 | ---- | C] () -- C:\500 Asset Inventory.lnk
[2012/02/13 17:32:28 | 000,001,956 | ---- | C] () -- C:\Rent Manager.lnk
[2012/02/13 17:32:28 | 000,000,981 | ---- | C] () -- C:\Malwarebytes' Anti-Malware.lnk
[2012/02/08 14:23:16 | 000,002,419 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mobile Device Center.lnk
[2012/02/08 14:23:16 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2012/02/08 14:23:16 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/02/08 14:23:16 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2012/02/08 14:23:16 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2012/02/08 14:23:16 | 000,001,064 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinCable.lnk
[2012/02/08 14:23:15 | 000,002,781 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start Pervasive PSQL Workgroup Engine.lnk
[2012/02/08 14:23:14 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2012/02/08 14:23:12 | 000,002,030 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerDVD DX.lnk
[2012/02/08 14:23:11 | 000,001,899 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/02/08 14:23:11 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/02/08 14:23:10 | 000,002,507 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat 9 Standard.lnk
[2012/02/08 14:23:10 | 000,002,495 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crystal Reports XI Release 2 for Sage.lnk
[2012/02/08 14:23:10 | 000,002,465 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Distiller 9.lnk
[2012/02/08 14:23:10 | 000,002,069 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 3.4.lnk
[2012/02/08 14:23:10 | 000,001,979 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Help Documentation.lnk
[2012/02/08 14:23:10 | 000,000,972 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity 1.3 Beta.lnk
[2012/02/08 14:21:56 | 001,202,688 | ---- | C] () -- C:\Users\IT\Desktop\RogueKiller.exe
[2012/02/08 12:16:27 | 005,492,736 | ---- | C] () -- C:\Users\IT\Desktop\Deadline_Manager.mdb
[2012/02/07 15:03:42 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/02/07 15:03:42 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/02/07 15:03:42 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/02/07 15:03:42 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/02/07 15:03:42 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/02/07 10:20:08 | 003,271,124 | ---- | C] () -- C:\Users\IT\Desktop\International Property Maintenance Code.pdf
[2012/02/01 16:44:27 | 036,769,792 | ---- | C] () -- C:\Users\IT\Desktop\Service Department.mdb
[2012/02/01 13:42:39 | 172,953,600 | ---- | C] () -- C:\Users\IT\Desktop\Service Department_BE.mdb
[2012/02/01 10:31:01 | 000,002,447 | ---- | C] () -- C:\Users\IT\Desktop\s Quick Connect.lnk
[2012/01/23 15:36:05 | 000,000,284 | ---- | C] () -- C:\Users\IT\Desktop\repair.bat
[2011/12/09 16:36:06 | 000,094,208 | ---- | C] () -- C:\Windows\TIRHService.exe
[2011/07/26 06:42:41 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/07/26 06:42:41 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/06/17 12:10:18 | 000,847,360 | ---- | C] () -- C:\Windows\System32\wodCertificate.dll
[2011/06/17 12:10:17 | 001,986,560 | ---- | C] () -- C:\Windows\System32\pvsdk.dll
[2011/04/28 14:36:59 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/04/08 12:03:13 | 000,000,530 | ---- | C] () -- C:\Windows\System32\tx151ic.ini
[2011/01/26 07:52:33 | 000,000,662 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011/01/06 10:28:51 | 000,000,315 | ---- | C] () -- C:\Windows\SoftWriting.ini
[2010/11/23 12:13:10 | 000,000,383 | ---- | C] () -- C:\Windows\System32\haspdos.sys
[2010/11/23 12:13:05 | 000,024,576 | ---- | C] () -- C:\Windows\System32\hdduinst.exe
[2010/08/05 12:37:23 | 000,000,000 | ---- | C] () -- C:\Windows\gllink32.INI
[2010/08/04 13:35:20 | 000,000,158 | ---- | C] () -- C:\Windows\ricdb.ini
[2010/07/27 07:45:55 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/02/23 12:37:10 | 000,000,795 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/01/12 11:52:54 | 000,155,648 | ---- | C] () -- C:\Windows\System32\ssleay32.dll
[2009/12/17 12:18:41 | 000,023,052 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2009/12/17 10:40:16 | 000,006,604 | R-S- | C] () -- C:\ProgramData\ntuser.pol
[2009/12/03 12:33:13 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2009/10/22 15:38:56 | 000,000,392 | ---- | C] () -- C:\Windows\System32\BTRDRVR.SYS
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 23:33:53 | 000,449,800 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 21:05:48 | 000,722,810 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,145,030 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/17 11:13:30 | 000,508,224 | ---- | C] () -- C:\Windows\System32\ICCProfiles.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2008/11/20 22:17:12 | 000,118,784 | ---- | C] () -- C:\Windows\System32\myodbc3i.exe
[2008/11/20 22:17:12 | 000,106,496 | ---- | C] () -- C:\Windows\System32\myodbc3m.exe
[2007/09/14 14:54:36 | 000,397,312 | ---- | C] () -- C:\Windows\System32\CMBEdit.dll
[2007/08/16 15:17:50 | 000,143,360 | ---- | C] () -- C:\Windows\System32\nsldap32v50.dll
[2006/11/29 01:30:00 | 000,000,530 | ---- | C] () -- C:\Windows\System32\tx13_ic.ini
[2006/10/04 18:32:20 | 000,479,232 | ---- | C] () -- C:\Windows\System32\pfpro.dll
[2006/08/15 09:00:00 | 000,454,656 | R--- | C] () -- C:\Windows\System32\PaintX.dll
[2005/12/21 18:57:04 | 000,024,576 | ---- | C] () -- C:\Windows\System32\nsldappr32v50.dll
[2005/12/21 18:54:34 | 000,040,960 | ---- | C] () -- C:\Windows\System32\nsldapssl32v50.dll
[2003/04/01 18:43:22 | 000,139,264 | ---- | C] () -- C:\Windows\System32\TripleDes.dll

========== LOP Check ==========

[2010/10/28 08:32:44 | 000,000,000 | ---D | M] -- C:\Users\IT\AppData\Roaming\Audacity
[2010/05/12 14:06:10 | 000,000,000 | ---D | M] -- C:\Users\IT\AppData\Roaming\BACS.exe
[2011/01/06 11:19:15 | 000,000,000 | ---D | M] -- C:\Users\IT\AppData\Roaming\Downloaded Installations
[2011/01/26 07:54:46 | 000,000,000 | ---D | M] -- C:\Users\IT\AppData\Roaming\Event 1
[2010/07/12 09:11:07 | 000,000,000 | ---D | M] -- C:\Users\IT\AppData\Roaming\KnowledgeTree
[2012/01/09 14:30:01 | 000,000,000 | ---D | M] -- C:\Users\IT\AppData\Roaming\Macro Recorder
[2011/01/06 11:33:03 | 000,000,000 | ---D | M] -- C:\Users\IT\AppData\Roaming\Nitro PDF
[2010/09/21 09:52:18 | 000,000,000 | ---D | M] -- C:\Users\IT\AppData\Roaming\PO Management
[2012/02/02 13:36:20 | 000,000,000 | ---D | M] -- C:\Users\IT\AppData\Roaming\ShoreWare Client
[2011/01/06 10:22:30 | 000,000,000 | ---D | M] -- C:\Users\IT\AppData\Roaming\Smart PDF Converter Pro
[2010/08/10 08:37:37 | 000,000,000 | ---D | M] -- C:\Users\IT\AppData\Roaming\SmartDraw
[2011/01/06 10:31:27 | 000,000,000 | ---D | M] -- C:\Users\IT\AppData\Roaming\SmartSoftOCRHelper
[2010/08/31 15:24:37 | 000,000,000 | ---D | M] -- C:\Users\IT\AppData\Roaming\SystemTools
[2011/01/26 08:08:06 | 000,000,000 | ---D | M] -- C:\Users\IT\AppData\Roaming\Timberline
[2011/05/04 10:18:38 | 000,000,000 | ---D | M] -- C:\Users\IT\AppData\Roaming\Track-It!
[2011/06/29 08:09:13 | 000,000,000 | ---D | M] -- C:\Users\IT\AppData\Roaming\webex
[2012/02/14 08:18:21 | 000,032,564 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\ERDNT\cache\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/03 00:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 00:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/10/28 01:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 00:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 07:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\ERDNT\cache\winlogon.exe
[2010/11/20 07:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 07:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/13 20:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
"Type" = 1
"Start" = 3
"ErrorControl" = 1
"ImagePath" = System32\DRIVERS\netbt.sys -- [2009/07/13 18:12:21 | 000,187,904 | ---- | M] (Microsoft Corporation)
"Group" = PNP_TDI
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"TransportBindName" = \Device\
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 2
"ImagePath" = system32\DRIVERS\netbios.sys -- [2009/07/13 18:53:54 | 000,036,352 | ---- | M] (Microsoft Corporation)
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 01 01 00 01 05 01 03 01 02 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 5
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters\Winsock]
"HelperDllName" = %SystemRoot%\System32\wshnetbs.dll -- [2009/07/13 20:16:20 | 000,010,752 | ---- | M] (Microsoft Corporation)
"MaxSockAddrLength" = 20
"MinSockAddrLength" = 20
"Mapping" = 02 00 00 00 03 00 00 00 11 00 00 00 05 00 00 00 00 00 00 00 11 00 00 00 02 00 00 00 00 00 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1

< C:\Windows\assembly\tmp\U\*.* /s >

< C:\windows\*. /RP /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\History] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\$NtUninstallKB2913$\systemprofile\Application Data] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\$NtUninstallKB2913$\systemprofile\Cookies] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\$NtUninstallKB2913$\systemprofile\Local Settings] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\$NtUninstallKB2913$] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\System32\config\systemprofile\AppData\Local\History] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\System32\config\systemprofile\Application Data] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\System32\config\systemprofile\Cookies] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\System32\config\systemprofile\Local Settings] -> Error: Cannot create file handle -> Unknown point type

========== Alternate Data Streams ==========

@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:A4A25FD3

< End of report >

Edited by Dustylady, 27 February 2012 - 08:30 AM.

  • 0

#14
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts

During the scans ComboFix said it'd found the ZeroAccess rootkit and later said it found a rootkit, is that 2? Still no network connection, on reboot I get this error - w3dbsmgr.exe ordinal 1009 not found in dll WSOCK32.dll


This particular variant of zeroaccess just keeps on giving so it is all in the 2 are all in the family. It is still respawning so we will address in the next fix. It should be this afternoon after 2 your time, when I get an approval on my proposed fix for the next step.

CompCav
  • 0

#15
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Step 1.

We need to run ComboFix again. Please delete your current copy and download a fresh copy and run it.

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix as nited above.

3. Open notepad and copy/paste the text in the quotebox below into it:


NetSvc::
emupia

Driver::
emupia

File::
C:\Windows\System32\hpn.dll

Folder::
C:\windows\$NtUninstallKB2913$


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt


Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now


Step 2.


TDSSKiller

Delete old copy and download a new copy of TDSSKiller.exe


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


Step 3.

Download OTL to your Desktop ro if you still have it skip to the next step.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users, and under Extra Registry select Use SafeList
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
    C:\Windows\assembly\tmp\U\*.* /s
    C:\windows\*. /RP /s
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes
  • Post the log


Step 4.

Please Post:

Combofix log
TDSSKiller log
OTL.txt



What symptoms or issues doe the computer have now?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP