Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Missing icons and loss of network [Solved]

Started by Dustylady , Feb 10 2012 12:33 PM

  • This topic is locked This topic is locked

#31
Dustylady
Posted 16 February 2012 - 10:26 AM

Dustylady

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts
It's been 3 hours so far, but ComboFix did move recently so no indication which side is winning just yet. The battle continues on...
  • 0

Advertisements

#32
Dustylady
Posted 16 February 2012 - 01:27 PM

Dustylady

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts
A few hours later, step 1 completed and the log file follows.
Step 2 failed on all counts. When trying to 'check for updates' I get - Windows could not search for new updates. An error occured while checking for new updates for your computer. Code 80096001
Each part of step 2 was met with a different error. I went a step further and on MS suggestion tried to run a system file check, and that also errored. I ran the cmd window as admin and got this error - Windows Resource Protection could not perform the requested operation.
Step 3 also went ok, as expected.


ComboFix 12-02-13.01 - IT 02/16/2012 12:55:16.4.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2037.1216 [GMT -5:00]
Running from: c:\users\IT\Desktop\ComboFix.exe
AV: Trend Micro Client/Server Security Agent Antivirus *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
SP: Trend Micro Client/Server Security Agent Anti-spyware *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-01-16 to 2012-02-16 )))))))))))))))))))))))))))))))
.
.
2012-02-16 18:06 . 2012-02-16 18:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-16 18:06 . 2012-02-16 18:06 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-02-16 18:06 . 2012-02-16 18:06 -------- d-----w- c:\users\Administrator.COMP2\AppData\Local\temp
2012-02-16 14:47 . 2012-02-16 18:06 -------- d-----w- c:\users\IT\AppData\Local\temp
2012-02-15 15:59 . 2012-02-15 15:59 -------- d-----w- c:\program files\Common Files\Java
2012-02-15 15:59 . 2012-02-15 15:58 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2012-02-15 15:59 . 2012-02-15 15:58 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-15 15:58 . 2012-02-15 15:58 -------- d-----w- c:\program files\Java
2012-02-15 15:48 . 2012-02-15 15:48 -------- d-----w- c:\users\IT\AppData\Local\Solid State Networks
2012-02-15 15:28 . 2012-02-15 15:28 -------- d-----w- c:\windows\system32\log
2012-02-15 15:27 . 2012-02-15 15:28 -------- d-----w- c:\program files\Trend Micro
2012-02-15 14:33 . 2011-04-25 03:24 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-15 14:19 . 2009-07-13 23:12 74240 ----a-w- c:\windows\system32\drivers\tdx.sys
2012-02-14 22:01 . 2012-02-15 11:55 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-02-14 13:33 . 2009-07-13 23:12 187904 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-02-13 22:43 . 2012-02-14 13:40 -------- d-----r- c:\users\Public
2012-02-13 22:38 . 2012-02-13 22:38 -------- d-----w- C:\_OTL
2012-02-08 20:25 . 2010-11-20 08:38 108544 ----a-w- c:\windows\system32\drivers\cdrom.sys
2012-02-08 20:25 . 2009-07-13 23:45 83456 ----a-w- c:\windows\system32\drivers\serial.sys
2012-02-08 18:36 . 2012-02-14 21:32 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-08 13:12 . 2012-02-08 17:57 -------- d-----w- c:\programdata\AVAST Software
2012-02-08 13:12 . 2012-02-08 13:12 -------- d-----w- c:\program files\AVAST Software
2012-01-25 15:12 . 2012-01-25 15:12 -------- d-----w- c:\users\IT\AppData\Local\Applications
2012-01-24 15:49 . 2012-01-24 15:49 -------- d-----w- c:\windows\system32\1033
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-31 12:44 . 2009-12-17 15:45 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-05 19:12 . 2011-08-22 18:36 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-09 21:36 . 2011-12-09 21:36 94208 ----a-w- c:\windows\TIRHService.exe
2007-12-21 14:00 . 2009-05-04 12:12 6224944 ----a-w- c:\program files\pkreader.exe
2012-02-15 16:12 . 2011-12-06 17:25 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-04-23 1314816]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-18 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-18 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-18 150552]
"OfficeScanNT Monitor"="c:\program files\Trend Micro\Client Server Security Agent\pccntmon.exe" [2011-09-14 1107472]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Start Pervasive PSQL Workgroup Engine.lnk - c:\windows\Installer\{0A3238D7-AB32-1030-B717-F3E3F18B4A8C}\WGE.14A03FCD_EA43_4130_A5C0_F02D38895A13.exe [2011-1-26 92854]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableInstallerDetection"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableChangePassword"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceStartMenuLogOff"= 1 (0x1)
"QuickLaunchEnabled"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-261903793-839522115-1390\Scripts\Logon\0\0]
"Script"=logon.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-261903793-839522115-1390\Scripts\Logon\1\0]
"Script"=\\tim\BGInfo\BGinfo.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-261903793-839522115-1390\Scripts\Logon\2\0]
"Script"=IT_Print_Script.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-261903793-839522115-1447\Scripts\Logon\0\0]
"Script"=logon.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-261903793-839522115-1447\Scripts\Logon\1\0]
"Script"=\\tim\BGInfo\BGinfo.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-261903793-839522115-1447\Scripts\Logon\2\0]
"Script"=IT_Print_Script.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-261903793-839522115-1473\Scripts\Logon\0\0]
"Script"=logon.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-261903793-839522115-1473\Scripts\Logon\1\0]
"Script"=\\tim\BGInfo\BGinfo.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-261903793-839522115-1473\Scripts\Logon\2\0]
"Script"=IT_Print_Script.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-261903793-839522115-2885\Scripts\Logon\0\0]
"Script"=logon.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-261903793-839522115-2928\Scripts\Logon\0\0]
"Script"=logon.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-261903793-839522115-2928\Scripts\Logon\1\0]
"Script"=\\tim\BGInfo\BGinfo.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-261903793-839522115-2928\Scripts\Logon\2\0]
"Script"=IT_Print_Script.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-261903793-839522115-3001\Scripts\Logon\0\0]
"Script"=logon.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-261903793-839522115-3001\Scripts\Logon\1\0]
"Script"=\\tim\BGInfo\BGinfo.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-261903793-839522115-3001\Scripts\Logon\2\0]
"Script"=IT_Print_Script.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-261903793-839522115-3005\Scripts\Logon\0\0]
"Script"=logon.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-261903793-839522115-3005\Scripts\Logon\1\0]
"Script"=\\tim\BGInfo\BGinfo.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-261903793-839522115-3005\Scripts\Logon\2\0]
"Script"=IT_Print_Script.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-261903793-839522115-3066\Scripts\Logon\0\0]
"Script"=logon.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-261903793-839522115-3066\Scripts\Logon\1\0]
"Script"=\\tim\BGInfo\BGinfo.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-261903793-839522115-3066\Scripts\Logon\2\0]
"Script"=IT_Print_Script.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-261903793-839522115-5122\Scripts\Logon\0\0]
"Script"=logon.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-261903793-839522115-5122\Scripts\Logon\1\0]
"Script"=\\tim\BGInfo\BGinfo.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-261903793-839522115-5122\Scripts\Logon\2\0]
"Script"=ACCT_Print_Script.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-261903793-839522115-5130\Scripts\Logon\0\0]
"Script"=logon.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-261903793-839522115-5130\Scripts\Logon\1\0]
"Script"=\\tim\BGInfo\BGinfo.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-261903793-839522115-5130\Scripts\Logon\2\0]
"Script"=ACCT_Print_Script.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-261903793-839522115-5150\Scripts\Logon\0\0]
"Script"=logon.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-261903793-839522115-5150\Scripts\Logon\1\0]
"Script"=\\tim\BGInfo\BGinfo.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-261903793-839522115-5150\Scripts\Logon\2\0]
"Script"=IT_Print_Script.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-261903793-839522115-5151\Scripts\Logon\0\0]
"Script"=logon.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-261903793-839522115-5151\Scripts\Logon\1\0]
"Script"=\\tim\BGInfo\BGinfo.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-261903793-839522115-5151\Scripts\Logon\2\0]
"Script"=IT_Print_Script.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-261903793-839522115-5215\Scripts\Logon\0\0]
"Script"=logon.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-261903793-839522115-5215\Scripts\Logon\1\0]
"Script"=\\tim\BGInfo\BGinfo.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-261903793-839522115-5215\Scripts\Logon\2\0]
"Script"=IT_Print_Script.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2010-09-22 22:11 640440 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2011-06-08 00:54 40376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 13:10 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-06-30 17:57 136176 ----atw- c:\users\IT\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 22:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2009-06-25 02:19 140520 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShoreTel Personal Call Manager]
2010-11-18 22:00 2314240 ----a-w- c:\program files\Shoreline Communications\ShoreWare Client\ShoreTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartSoft PDF Printer Agent]
2010-10-26 22:29 62864 ----a-w- c:\program files\Smart PDF Converter Pro\SmartSoft PDF Printer Agent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
2007-05-31 13:21 648072 ----a-w- c:\windows\WindowsMobile\wmdc.exe
.
R2 5689;5689;c:\windows\TEMP\5689.sys [x]
R2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\Client Server Security Agent\TmXPFlt.sys [2011-07-12 262416]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\Client Server Security Agent\TmPreFlt.sys [2011-07-12 36624]
R3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;c:\program files\Trend Micro\Client Server Security Agent\TmProxy.exe [2010-07-21 689488]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-14 1343400]
R4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-09-23 2799808]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe [2010-09-27 4180576]
S2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2010-10-20 67904]
S2 SageInstMgrServer;Sage Installation Manager Server;c:\program files\Sage\SIM\Server\Sage.Sim.Server.WindowsService.exe [2010-04-14 15656]
S2 svcGenericHost;Trend Micro Client/Server Security Agent;c:\program files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [2011-09-17 50704]
S2 TIRmtSvc;Track-It! Workstation Manager;c:\windows\TIREMOTE\TIRemoteService.exe [2010-03-03 210944]
S2 UpgradeManager;Upgrade Manager;c:\program files\GLDS\UpgradeManager\UpgradeManagerSvc.exe [2009-04-21 2010147]
S2 winvnc.exe;winvnc;c:\program files\UltraVNC\winvnc.exe [2009-12-07 1590216]
S3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-08-05 273448]
S3 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2011-03-30 53520]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-261903793-839522115-5150Core1cc4ec8c6f8f671.job
- c:\users\IT\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-30 17:57]
.
2012-02-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-261903793-839522115-5150UA.job
- c:\users\IT\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-30 17:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
DPF: {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} - hxxps://site.cmbchina.com/download/CMBEdit.cab
DPF: {71D73A47-975F-11D1-AA77-00A0C98D86D4} - hxxp://shoretel/shorewaredirector/VoiceMessage.ocx
DPF: {FA6424B7-D971-11D1-9697-00A0C928D512} - hxxp://shoretel/shorewaredirector/TwentyFour7.ocx
FF - ProfilePath - c:\users\IT\AppData\Roaming\Mozilla\Firefox\Profiles\cgtl6uct.default\
.
.
------- File Associations -------
.
.reg=Regedit.Document
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\.dfsc]
"ImagePath"="\?"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\.vpcvmm]
"ImagePath"="\?"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-02-16 13:08:18
ComboFix-quarantined-files.txt 2012-02-16 18:08
ComboFix2.txt 2012-02-16 17:48
.
Pre-Run: 85,050,310,656 bytes free
Post-Run: 84,955,095,040 bytes free
.
- - End Of File - - 18386851F5E59664E71DB9800A0E718A







OTL logfile created on: 2/16/2012 2:10:15 PM - Run 6
OTL by OldTimer - Version 3.2.32.0 Folder = C:\Users\IT\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.03 Gb Available Physical Memory | 51.93% Memory free
3.98 Gb Paging File | 2.79 Gb Available in Paging File | 70.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 134.32 Gb Total Space | 79.00 Gb Free Space | 58.81% Space Free | Partition Type: NTFS

Computer Name: COMP2 | User Name: IT | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/16 14:07:02 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\IT\Desktop\OTL.exe
PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/09/16 21:31:46 | 000,050,704 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe
PRC - [2011/09/16 21:22:46 | 000,023,568 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe
PRC - [2011/09/08 17:54:56 | 000,158,144 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Client Server Security Agent\Misc\xpupg.exe
PRC - [2011/09/08 17:43:38 | 000,240,544 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Client Server Security Agent\PccNTUpd.exe
PRC - [2011/06/23 23:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 07:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/10/20 17:41:22 | 000,067,904 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\NLSSRV32.EXE
PRC - [2010/09/27 16:42:18 | 004,180,576 | ---- | M] (SafeNet Inc.) -- C:\Windows\System32\hasplms.exe
PRC - [2010/04/14 04:01:34 | 000,015,656 | ---- | M] () -- C:\Program Files\Sage\SIM\Server\Sage.Sim.Server.WindowsService.exe
PRC - [2010/04/07 20:04:58 | 000,107,816 | ---- | M] (Timberline Software Corp.) -- C:\Program Files\Common Files\Sage\LS1\ServiceHost\1.0\Sage.LS1.ServiceHost.exe
PRC - [2010/03/03 17:07:26 | 000,210,944 | ---- | M] (Numara Software, Inc.) -- C:\Windows\TIREMOTE\TIRemoteService.exe
PRC - [2009/12/06 21:12:00 | 001,590,216 | ---- | M] (UltraVNC) -- C:\Program Files\ultravnc\winvnc.exe
PRC - [2009/10/22 13:48:58 | 000,435,488 | ---- | M] (Pervasive Software Inc.) -- C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe
PRC - [2009/04/21 14:37:16 | 002,010,147 | ---- | M] (Great Lakes Data Systems, Inc.) -- C:\Program Files\GLDS\UpgradeManager\UpgradeManagerSvc.exe
PRC - [2009/02/20 10:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe


========== Modules (No Company Name) ==========

MOD - [2010/12/23 09:01:48 | 000,139,776 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2010/10/26 17:28:06 | 000,278,928 | ---- | M] () -- C:\Program Files\Smart PDF Converter Pro\ExplorerExt.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/09/16 21:31:46 | 000,050,704 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe -- (svcGenericHost)
SRV - [2011/09/08 17:55:24 | 001,527,272 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe -- (tmlisten)
SRV - [2011/09/08 17:35:28 | 001,324,104 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe -- (ntrtscan)
SRV - [2011/06/03 10:31:52 | 000,345,616 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2010/10/20 17:41:22 | 000,067,904 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2010/09/27 16:42:18 | 004,180,576 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\Windows\System32\hasplms.exe -- (hasplms)
SRV - [2010/07/21 14:45:56 | 000,689,488 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe -- (TmProxy)
SRV - [2010/05/14 11:18:49 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/04/14 04:01:34 | 000,015,656 | ---- | M] () [Auto | Running] -- C:\Program Files\Sage\SIM\Server\Sage.Sim.Server.WindowsService.exe -- (SageInstMgrServer)
SRV - [2010/04/07 20:04:58 | 000,107,816 | ---- | M] (Timberline Software Corp.) [Auto | Running] -- C:\Program Files\Common Files\Sage\LS1\ServiceHost\1.0\Sage.LS1.ServiceHost.exe -- (Sage.LS1.ServiceHost.1.0) Sage Service Host (v1.0)
SRV - [2010/03/03 17:07:26 | 000,210,944 | ---- | M] (Numara Software, Inc.) [Auto | Running] -- C:\Windows\TIREMOTE\TIRemoteService.exe -- (TIRmtSvc)
SRV - [2009/12/06 21:12:00 | 001,590,216 | ---- | M] (UltraVNC) [Auto | Running] -- C:\Program Files\UltraVNC\winvnc.exe -- (winvnc.exe)
SRV - [2009/12/03 12:40:23 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/07/13 20:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/04/21 14:37:16 | 002,010,147 | ---- | M] (Great Lakes Data Systems, Inc.) [Auto | Running] -- C:\Program Files\GLDS\UpgradeManager\UpgradeManagerSvc.exe -- (UpgradeManager)
SRV - [2009/02/20 10:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/05/31 15:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 15:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2005/09/23 06:01:16 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)


========== Driver Services (SafeList) ==========

DRV - [2011/07/12 10:44:10 | 000,262,416 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Program Files\Trend Micro\Client Server Security Agent\TmXPFlt.sys -- (TmFilter)
DRV - [2011/07/12 10:43:58 | 000,036,624 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Program Files\Trend Micro\Client Server Security Agent\tmpreflt.sys -- (TmPreFilter)
DRV - [2011/07/12 10:09:32 | 001,405,720 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Program Files\Trend Micro\Client Server Security Agent\vsapiNT.sys -- (VSApiNt)
DRV - [2011/03/30 15:38:22 | 000,062,224 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2011/03/30 15:38:10 | 000,053,520 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2011/03/30 15:38:00 | 000,164,624 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2010/11/23 12:13:10 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2010/11/20 07:30:17 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2010/11/20 07:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 07:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 07:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 05:50:38 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 04:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WINUSB)
DRV - [2010/11/20 04:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 04:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/09/27 16:42:24 | 000,356,864 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2010/09/27 16:42:16 | 000,238,208 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\akshasp.sys -- (akshasp)
DRV - [2010/09/27 16:42:14 | 000,588,800 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2010/09/27 16:42:14 | 000,016,384 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\aksusb.sys -- (aksusb)
DRV - [2010/09/27 16:42:12 | 000,046,336 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\akshhl.sys -- (akshhl)
DRV - [2009/08/05 05:48:28 | 000,273,448 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink ™
DRV - [2009/07/13 17:09:17 | 004,194,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/05/11 12:55:12 | 000,084,992 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\basp.sys -- (Blfp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-823518204-261903793-839522115-5150\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-823518204-261903793-839522115-5150\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\IT\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\IT\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\IT\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\IT\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/15 11:12:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/15 10:59:03 | 000,000,000 | ---D | M]

[2011/12/06 12:25:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\IT\AppData\Roaming\mozilla\Extensions
[2011/05/05 15:24:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\IT\AppData\Roaming\mozilla\Firefox\Profiles\d5wusoz7.default\extensions
[2011/12/06 09:13:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\IT\AppData\Roaming\mozilla\Firefox\Profiles\d5wusoz7.default\extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}
[2012/02/15 11:12:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/02/15 11:12:07 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/15 10:58:47 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/01/09 08:17:33 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/09 08:17:33 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

Hosts file not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-823518204-261903793-839522115-5150\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe (Trend Micro Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\CommandBar present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-823518204-261903793-839522115-5150\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-823518204-261903793-839522115-5150\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-823518204-261903793-839522115-5150\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1
O7 - HKU\S-1-5-21-823518204-261903793-839522115-5150\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: QuickLaunchEnabled = 1
O7 - HKU\S-1-5-21-823518204-261903793-839522115-5150\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-823518204-261903793-839522115-5150\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 1
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O16 - DPF: {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} https://site.cmbchin...oad/CMBEdit.cab (Edit Class)
O16 - DPF: {71D73A47-975F-11D1-AA77-00A0C98D86D4} http://shoretel/shor...oiceMessage.ocx (VoiceMessage Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FA6424B7-D971-11D1-9697-00A0C928D512} http://shoretel/shor...TwentyFour7.ocx (TwentyFour7 Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.30 192.168.0.164
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = OO.NET
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1C9F0091-8910-4AE3-BAFE-ECFD91511BB8}: DhcpNameServer = 192.168.0.30 192.168.0.164
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/02/16 14:07:09 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\IT\Desktop\OTL.exe
[2012/02/16 13:07:25 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/02/16 12:51:49 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/02/16 09:47:46 | 000,000,000 | ---D | C] -- C:\Users\IT\AppData\Local\temp
[2012/02/16 08:19:02 | 004,403,246 | R--- | C] (Swearware) -- C:\Users\IT\Desktop\ComboFix.exe
[2012/02/15 10:59:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012/02/15 10:59:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/02/15 10:58:41 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/02/15 10:48:43 | 000,000,000 | ---D | C] -- C:\Users\IT\AppData\Local\Solid State Networks
[2012/02/15 10:28:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro Client-Server Security Agent
[2012/02/15 10:28:27 | 000,000,000 | ---D | C] -- C:\Windows\System32\log
[2012/02/15 10:27:52 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/02/14 08:26:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/13 17:38:08 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/02/08 15:25:10 | 000,083,456 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\serial.sys
[2012/02/08 14:23:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartDraw VP
[2012/02/08 14:21:59 | 000,000,000 | ---D | C] -- C:\Users\IT\Desktop\RK_Quarantine
[2012/02/08 13:36:58 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/02/08 08:12:44 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/02/08 08:12:44 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/02/07 15:11:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/07 15:03:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/02/07 15:03:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/02/07 15:03:41 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/02/07 15:02:27 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/25 10:12:54 | 000,000,000 | ---D | C] -- C:\Users\IT\AppData\Local\Applications
[2012/01/24 10:49:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\1033
[2009/05/04 07:12:48 | 006,224,944 | ---- | C] (PKWARE, Inc. ) -- C:\Program Files\pkreader.exe

========== Files - Modified Within 30 Days ==========

[2012/02/16 14:07:02 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\IT\Desktop\OTL.exe
[2012/02/16 13:55:40 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/16 13:55:40 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/16 13:28:24 | 000,000,031 | ---- | M] () -- C:\tmuninst.ini
[2012/02/16 13:28:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/16 13:28:04 | 1601,937,408 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/16 13:23:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-823518204-261903793-839522115-5150UA.job
[2012/02/16 08:21:05 | 004,403,246 | R--- | M] (Swearware) -- C:\Users\IT\Desktop\ComboFix.exe
[2012/02/15 10:28:30 | 000,731,778 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/15 10:28:30 | 000,147,586 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/15 08:48:31 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/02/15 06:55:15 | 000,000,000 | -HS- | M] () -- C:\Windows\System32\dds_trash_log.cmd
[2012/02/15 06:55:09 | 228,593,955 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/02/15 06:23:00 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-823518204-261903793-839522115-5150Core1cc4ec8c6f8f671.job
[2012/02/08 12:25:55 | 005,492,736 | ---- | M] () -- C:\Users\IT\Desktop\Deadline_Manager.mdb
[2012/02/08 08:56:17 | 000,000,158 | ---- | M] () -- C:\Windows\ricdb.ini
[2012/02/08 08:14:20 | 000,002,679 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/02/07 17:02:25 | 172,953,600 | ---- | M] () -- C:\Users\IT\Desktop\Service Department_BE.mdb
[2012/02/07 10:21:40 | 003,271,124 | ---- | M] () -- C:\Users\IT\Desktop\International Property Maintenance Code.pdf
[2012/02/01 16:57:24 | 036,769,792 | ---- | M] () -- C:\Users\IT\Desktop\Service Department.mdb
[2012/02/01 10:31:01 | 000,002,447 | ---- | M] () -- C:\Users\IT\Desktop\s Quick Connect.lnk

========== Files Created - No Company Name ==========

[2012/02/16 13:49:39 | 000,219,136 | ---- | C] () -- C:\Users\IT\Desktop\FixWU.exe
[2012/02/15 10:51:57 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/02/15 10:28:42 | 000,000,031 | ---- | C] () -- C:\tmuninst.ini
[2012/02/14 17:01:01 | 000,000,000 | -HS- | C] () -- C:\Windows\System32\dds_trash_log.cmd
[2012/02/14 08:26:48 | 000,002,039 | ---- | C] () -- C:\Users\Public\Desktop\500 Asset Accounting.lnk
[2012/02/14 08:26:48 | 000,002,021 | ---- | C] () -- C:\Users\Public\Desktop\500 Asset Inventory.lnk
[2012/02/14 08:26:48 | 000,001,956 | ---- | C] () -- C:\Users\Public\Desktop\Rent Manager.lnk
[2012/02/13 17:32:28 | 000,002,039 | ---- | C] () -- C:\500 Asset Accounting.lnk
[2012/02/13 17:32:28 | 000,002,021 | ---- | C] () -- C:\500 Asset Inventory.lnk
[2012/02/13 17:32:28 | 000,001,956 | ---- | C] () -- C:\Rent Manager.lnk
[2012/02/08 14:23:16 | 000,002,419 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mobile Device Center.lnk
[2012/02/08 14:23:16 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2012/02/08 14:23:16 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/02/08 14:23:16 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2012/02/08 14:23:16 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2012/02/08 14:23:16 | 000,001,064 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinCable.lnk
[2012/02/08 14:23:15 | 000,002,781 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start Pervasive PSQL Workgroup Engine.lnk
[2012/02/08 14:23:14 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2012/02/08 14:23:12 | 000,002,030 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerDVD DX.lnk
[2012/02/08 14:23:11 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/02/08 14:23:10 | 000,002,507 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat 9 Standard.lnk
[2012/02/08 14:23:10 | 000,002,495 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crystal Reports XI Release 2 for Sage.lnk
[2012/02/08 14:23:10 | 000,002,465 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Distiller 9.lnk
[2012/02/08 14:23:10 | 000,002,069 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 3.4.lnk
[2012/02/08 14:23:10 | 000,001,979 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Help Documentation.lnk
[2012/02/08 14:23:10 | 000,000,972 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity 1.3 Beta.lnk
[2012/02/08 12:16:27 | 005,492,736 | ---- | C] () -- C:\Users\IT\Desktop\Deadline_Manager.mdb
[2012/02/07 15:03:42 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/02/07 15:03:42 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/02/07 15:03:42 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/02/07 15:03:42 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/02/07 15:03:42 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/02/07 10:20:08 | 003,271,124 | ---- | C] () -- C:\Users\IT\Desktop\International Property Maintenance Code.pdf
[2012/02/01 16:44:27 | 036,769,792 | ---- | C] () -- C:\Users\IT\Desktop\Service Department.mdb
[2012/02/01 13:42:39 | 172,953,600 | ---- | C] () -- C:\Users\IT\Desktop\Service Department_BE.mdb
[2012/02/01 10:31:01 | 000,002,447 | ---- | C] () -- C:\Users\IT\Desktop\s Quick Connect.lnk
[2011/12/09 16:36:06 | 000,094,208 | ---- | C] () -- C:\Windows\TIRHService.exe
[2011/07/26 06:42:41 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/07/26 06:42:41 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/06/17 12:10:18 | 000,847,360 | ---- | C] () -- C:\Windows\System32\wodCertificate.dll
[2011/06/17 12:10:17 | 001,986,560 | ---- | C] () -- C:\Windows\System32\pvsdk.dll
[2011/04/28 14:36:59 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/04/08 12:03:13 | 000,000,530 | ---- | C] () -- C:\Windows\System32\tx151ic.ini
[2011/01/26 07:52:33 | 000,000,662 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011/01/06 10:28:51 | 000,000,315 | ---- | C] () -- C:\Windows\SoftWriting.ini
[2010/11/23 12:13:10 | 000,000,383 | ---- | C] () -- C:\Windows\System32\haspdos.sys
[2010/11/23 12:13:05 | 000,024,576 | ---- | C] () -- C:\Windows\System32\hdduinst.exe
[2010/08/05 12:37:23 | 000,000,000 | ---- | C] () -- C:\Windows\gllink32.INI
[2010/08/04 13:35:20 | 000,000,158 | ---- | C] () -- C:\Windows\ricdb.ini
[2010/07/27 07:45:55 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/02/23 12:37:10 | 000,000,795 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/01/12 11:52:54 | 000,155,648 | ---- | C] () -- C:\Windows\System32\ssleay32.dll
[2009/12/17 12:18:41 | 000,023,052 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2009/12/17 10:40:16 | 000,006,604 | R-S- | C] () -- C:\ProgramData\ntuser.pol
[2009/12/03 12:33:13 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2009/10/22 15:38:56 | 000,000,392 | ---- | C] () -- C:\Windows\System32\BTRDRVR.SYS
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 23:33:53 | 000,449,800 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 21:05:48 | 000,731,778 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,147,586 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/17 11:13:30 | 000,508,224 | ---- | C] () -- C:\Windows\System32\ICCProfiles.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2008/11/20 22:17:12 | 000,118,784 | ---- | C] () -- C:\Windows\System32\myodbc3i.exe
[2008/11/20 22:17:12 | 000,106,496 | ---- | C] () -- C:\Windows\System32\myodbc3m.exe
[2007/09/14 14:54:36 | 000,397,312 | ---- | C] () -- C:\Windows\System32\CMBEdit.dll
[2007/08/16 15:17:50 | 000,143,360 | ---- | C] () -- C:\Windows\System32\nsldap32v50.dll
[2006/11/29 01:30:00 | 000,000,530 | ---- | C] () -- C:\Windows\System32\tx13_ic.ini
[2006/10/04 18:32:20 | 000,479,232 | ---- | C] () -- C:\Windows\System32\pfpro.dll
[2006/08/15 09:00:00 | 000,454,656 | R--- | C] () -- C:\Windows\System32\PaintX.dll
[2005/12/21 18:57:04 | 000,024,576 | ---- | C] () -- C:\Windows\System32\nsldappr32v50.dll
[2005/12/21 18:54:34 | 000,040,960 | ---- | C] () -- C:\Windows\System32\nsldapssl32v50.dll
[2003/04/01 18:43:22 | 000,139,264 | ---- | C] () -- C:\Windows\System32\TripleDes.dll

========== LOP Check ==========

[2010/10/28 08:32:44 | 000,000,000 | ---D | M] -- C:\Users\IT\AppData\Roaming\Audacity
[2010/05/12 14:06:10 | 000,000,000 | ---D | M] -- C:\Users\IT\AppData\Roaming\BACS.exe
[2011/01/06 11:19:15 | 000,000,000 | ---D | M] -- C:\Users\IT\AppData\Roaming\Downloaded Installations
[2011/01/26 07:54:46 | 000,000,000 | ---D | M] -- C:\Users\IT\AppData\Roaming\Event 1
[2010/07/12 09:11:07 | 000,000,000 | ---D | M] -- C:\Users\IT\AppData\Roaming\KnowledgeTree
[2012/01/09 14:30:01 | 000,000,000 | ---D | M] -- C:\Users\IT\AppData\Roaming\Macro Recorder
[2011/01/06 11:33:03 | 000,000,000 | ---D | M] -- C:\Users\IT\AppData\Roaming\Nitro PDF
[2010/09/21 09:52:18 | 000,000,000 | ---D | M] -- C:\Users\IT\AppData\Roaming\PO Management
[2012/02/02 13:36:20 | 000,000,000 | ---D | M] -- C:\Users\IT\AppData\Roaming\ShoreWare Client
[2011/01/06 10:22:30 | 000,000,000 | ---D | M] -- C:\Users\IT\AppData\Roaming\Smart PDF Converter Pro
[2010/08/10 08:37:37 | 000,000,000 | ---D | M] -- C:\Users\IT\AppData\Roaming\SmartDraw
[2011/01/06 10:31:27 | 000,000,000 | ---D | M] -- C:\Users\IT\AppData\Roaming\SmartSoftOCRHelper
[2010/08/31 15:24:37 | 000,000,000 | ---D | M] -- C:\Users\IT\AppData\Roaming\SystemTools
[2011/01/26 08:08:06 | 000,000,000 | ---D | M] -- C:\Users\IT\AppData\Roaming\Timberline
[2011/05/04 10:18:38 | 000,000,000 | ---D | M] -- C:\Users\IT\AppData\Roaming\Track-It!
[2011/06/29 08:09:13 | 000,000,000 | ---D | M] -- C:\Users\IT\AppData\Roaming\webex
[2012/02/15 09:21:42 | 000,032,564 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\ERDNT\cache\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/03 00:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 00:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/10/28 01:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 00:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 07:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\ERDNT\cache\winlogon.exe
[2010/11/20 07:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 07:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/13 20:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
"Type" = 1
"Start" = 3
"ErrorControl" = 1
"ImagePath" = System32\DRIVERS\netbt.sys -- [2009/07/13 18:12:21 | 000,187,904 | ---- | M] (Microsoft Corporation)
"Group" = PNP_TDI
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"TransportBindName" = \Device\
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 2
"ImagePath" = system32\DRIVERS\netbios.sys -- [2009/07/13 18:53:54 | 000,036,352 | ---- | M] (Microsoft Corporation)
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 01 01 00 01 05 01 03 01 02 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 5
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters\Winsock]
"HelperDllName" = %SystemRoot%\System32\wshnetbs.dll -- [2009/07/13 20:16:20 | 000,010,752 | ---- | M] (Microsoft Corporation)
"MaxSockAddrLength" = 20
"MinSockAddrLength" = 20
"Mapping" = 02 00 00 00 03 00 00 00 11 00 00 00 05 00 00 00 00 00 00 00 11 00 00 00 02 00 00 00 00 00 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1

< C:\Windows\assembly\tmp\U\*.* /s >

< C:\windows\*. /RP /s >

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\System32\config\systemprofile\AppData\Local\History] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\System32\config\systemprofile\Application Data] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\System32\config\systemprofile\Cookies] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\System32\config\systemprofile\Local Settings] -> Error: Cannot create file handle -> Unknown point type

========== Alternate Data Streams ==========

@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:A4A25FD3

< End of report >

Edited by Dustylady, 27 February 2012 - 08:36 AM.

  • 0

#33
CompCav
Posted 16 February 2012 - 02:12 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Good job! :thumbsup:

We will get at the updates in another way. :ph34r:

Be back later with the next step!
  • 0

#34
CompCav
Posted 16 February 2012 - 03:41 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Step 1.

We need to run ComboFix again. Please delete your current copy and download a fresh copy and run it.

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix as nited above.

3. Open notepad and copy/paste the text in the quotebox below into it:


Service::
5689

File::
c:\windows\TEMP\5689.sys
c:\windows\system32\dds_trash_log.cmd

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\.dfsc]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\.vpcvmm]

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt


Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now


Step 2.

We need to run an OTL Fix

Note: If you have Malwarebytes 1.6 or higher installed please disable it for the duration of this fix as it may interfere with the successfully execution of the script below. If it still hangs then please uninstall MalwareBytes' and run this fix again.



  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :OTL
[2012/02/14 17:01:01 | 000,000,000 | -HS- | C] () -- C:\Windows\System32\dds_trash_log.cmd

:files
ipconfig /flushdns /c


:Commands
[purity]
[resethosts]
[emptytemp]
[createrestorepoint]
[Reboot]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.

Step 3.

  • Please download Farbar Service Scanner and run it on the computer.
    Posted Image
  • Make sure the following options are checked:

  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender


  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


Step 4.

OK next we will check the disc and then the file structure

  • On the desktop click the My Computer icon
  • Right click your main drive (I am on C) and select properties
  • Select the tools tab
  • Select error checking
  • Place a tick in both boxes
  • Press start
  • You will get a warning that it needs to reboot to continue
  • Allow it to do so

Posted Image

Once completed

Run an elevated command prompt
Go to Start, All programs, Accessories
Right click command prompt and select run as administrator
Posted Image

In the black box that opens type or copy and paste the following command and press enter:

sfc /scannow

Posted Image


Step 5.

Please post:

ComboFix.txt
OTL fix log
FSS.txt



After all this is completed could you update me on the problems being experienced
  • 0

#35
Dustylady
Posted 17 February 2012 - 09:13 AM

Dustylady

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts
No visable change. Same error when trying to run sfc, same error for trying to get updates.

TGIF!! :yeah:





ComboFix 12-02-16.02 - IT 02/16/2012 17:08:44.5.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2037.1043 [GMT -5:00]
Running from: c:\users\IT\Desktop\ComboFix.exe
Command switches used :: c:\users\IT\Desktop\CFScript.txt
AV: Trend Micro Client/Server Security Agent Antivirus *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
SP: Trend Micro Client/Server Security Agent Anti-spyware *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\dds_trash_log.cmd"
"c:\windows\TEMP\5689.sys"
.
.
((((((((((((((((((((((((( Files Created from 2012-01-16 to 2012-02-16 )))))))))))))))))))))))))))))))
.
.
2012-02-16 22:16 . 2012-02-16 22:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-16 22:16 . 2012-02-16 22:16 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-02-16 22:16 . 2012-02-16 22:16 -------- d-----w- c:\users\Administrator.COMP2\AppData\Local\temp
2012-02-16 14:47 . 2012-02-16 22:16 -------- d-----w- c:\users\IT\AppData\Local\temp
2012-02-15 15:59 . 2012-02-15 15:59 -------- d-----w- c:\program files\Common Files\Java
2012-02-15 15:59 . 2012-02-15 15:58 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2012-02-15 15:59 . 2012-02-15 15:58 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-15 15:58 . 2012-02-15 15:58 -------- d-----w- c:\program files\Java
2012-02-15 15:48 . 2012-02-15 15:48 -------- d-----w- c:\users\IT\AppData\Local\Solid State Networks
2012-02-15 15:28 . 2012-02-15 15:28 -------- d-----w- c:\windows\system32\log
2012-02-15 15:27 . 2012-02-15 15:28 -------- d-----w- c:\program files\Trend Micro
2012-02-15 14:33 . 2011-04-25 03:24 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-15 14:19 . 2009-07-13 23:12 74240 ----a-w- c:\windows\system32\drivers\tdx.sys
2012-02-14 22:01 . 2012-02-15 11:55 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-02-14 13:33 . 2009-07-13 23:12 187904 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-02-13 22:43 . 2012-02-14 13:40 -------- d-----r- c:\users\Public
2012-02-13 22:38 . 2012-02-13 22:38 -------- d-----w- C:\_OTL
2012-02-08 20:25 . 2010-11-20 08:38 108544 ----a-w- c:\windows\system32\drivers\cdrom.sys
2012-02-08 20:25 . 2009-07-13 23:45 83456 ----a-w- c:\windows\system32\drivers\serial.sys
2012-02-08 18:36 . 2012-02-14 21:32 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-08 13:12 . 2012-02-08 17:57 -------- d-----w- c:\programdata\AVAST Software
2012-02-08 13:12 . 2012-02-08 13:12 -------- d-----w- c:\program files\AVAST Software
2012-01-25 15:12 . 2012-01-25 15:12 -------- d-----w- c:\users\IT\AppData\Local\Applications
2012-01-24 15:49 . 2012-01-24 15:49 -------- d-----w- c:\windows\system32\1033
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-31 12:44 . 2009-12-17 15:45 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-05 19:12 . 2011-08-22 18:36 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-09 21:36 . 2011-12-09 21:36 94208 ----a-w- c:\windows\TIRHService.exe
2007-12-21 14:00 . 2009-05-04 12:12 6224944 ----a-w- c:\program files\pkreader.exe
2012-02-15 16:12 . 2011-12-06 17:25 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-04-23 1314816]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-18 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-18 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-18 150552]
"OfficeScanNT Monitor"="c:\program files\Trend Micro\Client Server Security Agent\pccntmon.exe" [2011-09-14 1107472]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Start Pervasive PSQL Workgroup Engine.lnk - c:\windows\Installer\{0A3238D7-AB32-1030-B717-F3E3F18B4A8C}\WGE.14A03FCD_EA43_4130_A5C0_F02D38895A13.exe [2011-1-26 92854]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableInstallerDetection"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableChangePassword"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceStartMenuLogOff"= 1 (0x1)
"QuickLaunchEnabled"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-261903793-839522115-1390\Scripts\Logon\0\0]
"Script"=logon.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-261903793-839522115-1390\Scripts\Logon\1\0]
"Script"=\\tim\BGInfo\BGinfo.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-261903793-839522115-1390\Scripts\Logon\2\0]
"Script"=IT_Print_Script.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-261903793-839522115-1447\Scripts\Logon\0\0]
"Script"=logon.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-261903793-839522115-1447\Scripts\Logon\1\0]
"Script"=\\tim\BGInfo\BGinfo.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-261903793-839522115-1447\Scripts\Logon\2\0]
"Script"=IT_Print_Script.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-261903793-839522115-1473\Scripts\Logon\0\0]
"Script"=logon.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-261903793-839522115-1473\Scripts\Logon\1\0]
"Script"=\\tim\BGInfo\BGinfo.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-261903793-839522115-1473\Scripts\Logon\2\0]
"Script"=IT_Print_Script.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-261903793-839522115-2885\Scripts\Logon\0\0]
"Script"=logon.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-261903793-839522115-5122\Scripts\Logon\0\0]
"Script"=logon.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-261903793-839522115-5122\Scripts\Logon\1\0]
"Script"=\\tim\BGInfo\BGinfo.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-261903793-839522115-5122\Scripts\Logon\2\0]
"Script"=ACCT_Print_Script.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-261903793-839522115-5150\Scripts\Logon\0\0]
"Script"=logon.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-261903793-839522115-5150\Scripts\Logon\1\0]
"Script"=\\tim\BGInfo\BGinfo.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-261903793-839522115-5150\Scripts\Logon\2\0]
"Script"=IT_Print_Script.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2010-09-22 22:11 640440 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2011-06-08 00:54 40376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 13:10 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-06-30 17:57 136176 ----atw- c:\users\IT\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 22:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2009-06-25 02:19 140520 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShoreTel Personal Call Manager]
2010-11-18 22:00 2314240 ----a-w- c:\program files\Shoreline Communications\ShoreWare Client\ShoreTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartSoft PDF Printer Agent]
2010-10-26 22:29 62864 ----a-w- c:\program files\Smart PDF Converter Pro\SmartSoft PDF Printer Agent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
2007-05-31 13:21 648072 ----a-w- c:\windows\WindowsMobile\wmdc.exe
.
R2 5689;5689;c:\windows\TEMP\5689.sys [x]
R2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\Client Server Security Agent\TmXPFlt.sys [2011-07-12 262416]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\Client Server Security Agent\TmPreFlt.sys [2011-07-12 36624]
R3 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2011-03-30 53520]
R3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;c:\program files\Trend Micro\Client Server Security Agent\TmProxy.exe [2010-07-21 689488]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-14 1343400]
R4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-09-23 2799808]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe [2010-09-27 4180576]
S2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2010-10-20 67904]
S2 SageInstMgrServer;Sage Installation Manager Server;c:\program files\Sage\SIM\Server\Sage.Sim.Server.WindowsService.exe [2010-04-14 15656]
S2 svcGenericHost;Trend Micro Client/Server Security Agent;c:\program files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [2011-09-17 50704]
S2 TIRmtSvc;Track-It! Workstation Manager;c:\windows\TIREMOTE\TIRemoteService.exe [2010-03-03 210944]
S2 UpgradeManager;Upgrade Manager;c:\program files\GLDS\UpgradeManager\UpgradeManagerSvc.exe [2009-04-21 2010147]
S2 winvnc.exe;winvnc;c:\program files\UltraVNC\winvnc.exe [2009-12-07 1590216]
S3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-08-05 273448]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-261903793-839522115-5150Core1cc4ec8c6f8f671.job
- c:\users\IT\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-30 17:57]
.
2012-02-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-261903793-839522115-5150UA.job
- c:\users\IT\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-30 17:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.30 192.168.0.164
DPF: {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} - hxxps://site.cmbchina.com/download/CMBEdit.cab
DPF: {71D73A47-975F-11D1-AA77-00A0C98D86D4} - hxxp://shoretel/shorewaredirector/VoiceMessage.ocx
DPF: {FA6424B7-D971-11D1-9697-00A0C928D512} - hxxp://shoretel/shorewaredirector/TwentyFour7.ocx
FF - ProfilePath - c:\users\IT\AppData\Roaming\Mozilla\Firefox\Profiles\cgtl6uct.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-02-16 17:18:28
ComboFix-quarantined-files.txt 2012-02-16 22:18
ComboFix2.txt 2012-02-16 17:48
.
Pre-Run: 85,039,874,048 bytes free
Post-Run: 84,792,729,600 bytes free
.
- - End Of File - - D0DDFD999F862E3C0E1CD2C83D8BF42E





All processes killed
========== OTL ==========
C:\Windows\System32\dds_trash_log.cmd moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\IT\Desktop\cmd.bat deleted successfully.
C:\Users\IT\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.COMP2
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users


User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: di_wu
->Temp folder emptied: 0 bytes

User: frank_reilly
->Temp folder emptied: 0 bytes

User: Guan_Wang
->Temp folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: IT
->Temp folder emptied: 2210 bytes
->Temporary Internet Files folder emptied: 652038378 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 53835567 bytes
->Flash cache emptied: 410 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8405897 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 681.00 mb



OTL by OldTimer - Version 3.2.32.0 log created on 02172012_084835

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\Buf4910.tmp not found!
File move failed. C:\Windows\temp\hlktmp scheduled to be moved on reboot.
File\Folder C:\Windows\temp\SEPA72D.tmp not found!

Registry entries deleted on Reboot...









Farbar Service Scanner Version: 14-02-2012
Ran by IT (administrator) on 17-02-2012 at 08:54:19
Running from "C:\Users\IT\Desktop"
Microsoft Windows 7 Professional Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Defender:
==============

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys
[2012-02-15 09:33] - [2011-04-24 22:24] - 0338944 ____A (Microsoft Corporation) C427F91A748CD342A2B3F9278D9FD6A5

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

Edited by Dustylady, 27 February 2012 - 08:36 AM.

  • 0

#36
CompCav
Posted 17 February 2012 - 03:04 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Step 1.

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.



On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
Posted Image
[*]Check the box List Drivers md5
[*]Click Scan
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]

Step 2.

While you are still at the command prompt, type C: then hit ENTER

Now type sfc /scannow (remember space between c and /) then hit ENTER

It should run better from this location.


Step 3.

Please post:

FRST.txt


Tell me how sfc went and if there are any errors what they are.
  • 0

#37
Dustylady
Posted 17 February 2012 - 03:42 PM

Dustylady

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts
My day is about over, so I'll have this answer on Monday. Enjoy the weekend! Posted Image
  • 0

#38
CompCav
Posted 17 February 2012 - 03:45 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Thank you and likewise enjoy your weekend. :popcorn: :cheers:
  • 0

#39
Dustylady
Posted 21 February 2012 - 09:28 AM

Dustylady

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts
Monday was nuts! :wacko:


When logging into the system repair it would not accept the main user (guessing because its a domain account) so I used the local administrator account. The Farbar scan seemed to run fine otherwise.

SFC still does not run. In the repair computer module, from the command prompt I get this message - System repair pending which requires reboot to complete. Rebooted and the same error. Also tried to run from a normal boot into the local admin account, old message of - Windows Resource Protection could not perform the requested operation.





Scan result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 20-02-2012
Ran by SYSTEM at 2012-02-21 09:57:37
Running from F:\
Windows 7 Professional (X86) OS Language: English(US)
The current controlset is ControlSet002

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe [1314816 2009-04-23] (Analog Devices, Inc.)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [141848 2009-09-17] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [173592 2009-09-17] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [150552 2009-09-17] (Intel Corporation)
HKLM\...\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow [1107472 2011-09-13] (Trend Micro Inc.)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKU\Administrator\...\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [3883856 2009-07-26] (Microsoft Corporation)
HKU\Administrator\...\Policies\system: [DisableChangePassword] 1
HKU\IT\...\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [3883856 2009-07-26] (Microsoft Corporation)
HKU\IT\...\Policies\system: [DisableChangePassword] 1
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.30 192.168.0.164

================================ Services (Whitelisted) ==================

2 BcmSqlStartupSvc; "C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" [30312 2009-02-20] (Microsoft Corporation)
2 hasplms; C:\Windows\system32\hasplms.exe -run [4180576 2010-09-27] (SafeNet Inc.)
4 msvsmon80; "C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80 [2799808 2005-09-23] (Microsoft Corporation)
2 nlsX86cc; C:\Windows\system32\NLSSRV32.EXE [67904 2010-10-20] (Nalpeiron Ltd.)
2 ntrtscan; "C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe" [1324104 2011-09-08] (Trend Micro Inc.)
2 RapiMgr; C:\Windows\WindowsMobile\rapimgr.dll [183688 2007-05-31] (Microsoft Corporation)
2 Sage.LS1.ServiceHost.1.0; "C:\Program Files\Common Files\Sage\LS1\ServiceHost\1.0\Sage.LS1.ServiceHost.exe" [107816 2010-04-07] (Timberline Software Corp.)
2 SageInstMgrServer; "C:\Program Files\Sage\SIM\Server\Sage.Sim.Server.WindowsService.exe" [15656 2010-04-14] ()
3 StorSvc; C:\Windows\System32\storsvc.dll [16384 2009-07-13] (Microsoft Corporation)
2 svcGenericHost; "C:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe" [50704 2011-09-16] (Trend Micro Inc.)
2 TIRmtSvc; C:\WINDOWS\TIREMOTE\TIRemoteService.exe [210944 2010-03-03] (Numara Software, Inc.)
3 TMBMServer; "C:\Program Files\Trend Micro\BM\TMBMSRV.exe" /service [345616 2011-06-03] (Trend Micro Inc.)
2 tmlisten; "C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe" [1527272 2011-09-08] (Trend Micro Inc.)
3 TmProxy; "C:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe" [689488 2010-07-21] (Trend Micro Inc.)
2 UpgradeManager; C:\Program Files\GLDS\UpgradeManager\UpgradeManagerSvc.exe [2010147 2009-04-21] (Great Lakes Data Systems, Inc.)
2 WcesComm; C:\Windows\WindowsMobile\wcescomm.dll [379784 2007-05-31] (Microsoft Corporation)
2 winvnc.exe; "C:\Program Files\UltraVNC\winvnc.exe" -service [1590216 2009-12-06] (UltraVNC)
3 MSSQL$MSSMLBIZ; "c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [x]
2 MSSQL$SQLEXPRESS; "c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS [x]
4 MSSQLServerADHelper; "c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe" [x]
2 SQLBrowser; "c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe" [x]
2 SQLWriter; "c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [x]

========================== Drivers (Whitelisted) =============

3 ADIHdAudAddService; C:\Windows\System32\drivers\ADIHdAud.sys [381440 2009-04-23] (Analog Devices, Inc.)
2 aksfridge; C:\Windows\System32\DRIVERS\aksfridge.sys [356864 2010-09-27] (SafeNet Inc.)
3 akshasp; C:\Windows\System32\DRIVERS\akshasp.sys [238208 2010-09-27] (Aladdin Knowledge Systems Ltd.)
3 akshhl; C:\Windows\System32\DRIVERS\akshhl.sys [46336 2010-09-27] (Aladdin Knowledge Systems Ltd.)
3 aksusb; C:\Windows\System32\DRIVERS\aksusb.sys [16384 2010-09-27] (Aladdin Knowledge Systems Ltd.)
3 atikmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [4194816 2009-07-13] (ATI Technologies Inc.)
3 Blfp; C:\Windows\System32\DRIVERS\basp.sys [84992 2009-05-11] (Broadcom Corporation)
3 BridgeMP; C:\Windows\System32\DRIVERS\bridge.sys [78336 2009-07-13] (Microsoft Corporation)
2 Hardlock; C:\Windows\System32\drivers\hardlock.sys [588800 2010-09-27] (SafeNet Inc.)
2 Haspnt; \??\C:\Windows\system32\drivers\Haspnt.sys [47616 2010-11-23] (Aladdin Knowledge Systems)
3 k57nd60x; C:\Windows\System32\DRIVERS\k57nd60x.sys [273448 2009-08-05] (Broadcom Corporation)
3 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [62224 2011-03-30] (Trend Micro Inc.)
2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [164624 2011-03-30] (Trend Micro Inc.)
3 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [53520 2011-03-30] (Trend Micro Inc.)
2 TmFilter; \??\C:\Program Files\Trend Micro\Client Server Security Agent\TmXPFlt.sys [262416 2011-07-12] (Trend Micro Inc.)
2 TmPreFilter; \??\C:\Program Files\Trend Micro\Client Server Security Agent\TmPreFlt.sys [36624 2011-07-12] (Trend Micro Inc.)
3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
2 VSApiNt; \??\C:\Program Files\Trend Micro\Client Server Security Agent\VSApiNt.sys [1405720 2011-07-12] (Trend Micro Inc.)
2 5689; \??\C:\Windows\TEMP\5689.sys [x]
3 catchme; \??\C:\Users\IT\AppData\Local\Temp\catchme.sys [x]

========================== Drivers MD5 =======================

C:\Windows\System32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\System32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ADIHdAud.sys 9E5AE3DA1956A7825CC5869BE3350A96
C:\Windows\System32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\System32\drivers\afd.sys C427F91A748CD342A2B3F9278D9FD6A5
C:\Windows\System32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\djsvs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\aksfridge.sys 11F424D02AEA63A3A53445087072FDD0
C:\Windows\System32\DRIVERS\akshasp.sys 64FC197D24A2B240598F29CE0A6660C0
C:\Windows\System32\DRIVERS\akshhl.sys 147B61B81BE1FFC38939EA47E5CFB51F
C:\Windows\System32\DRIVERS\aksusb.sys CCE6C56F18D214DE8D66F3F2A774CD5B
C:\Windows\System32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdagp.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdsata.sys D320BF87125326F996D4904FE24300FC
C:\Windows\System32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 46387FB17B086D16DEA267D5BE23A2F2
C:\Windows\System32\drivers\appid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atikmdag.sys 712D8A95E45B070114C5309ADA7358FF
C:\Windows\System32\DRIVERS\bxvbdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60x.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\basp.sys D2F8D15F4852920E1F6B769E982414AD
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bridge.sys 77361D72A04F18809D0EFB6CCEB74D4B
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\System32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\System32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\evbdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\System32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\flpydisk.sys ==> MD5 is legitB
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fssfltr.sys D909075FA72C090F27AA926C32CB4612
C:\Windows\System32\Drivers\Fs_Rec.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fvevol.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\drivers\hardlock.sys 995178A443B07FA9EEAEA041D7B4B5CA
C:\Windows\system32\drivers\Haspnt.sys 2DD25F060DC9F79B5CDF33D90ED93669
C:\Windows\System32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\System32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\drivers\iaStorV.sys 5CD5F9A5444E6CDCB0AC89BD62D8B76E
C:\Windows\System32\DRIVERS\igdkmd32.sys 1F50623259DF354776DF04C56504A2D7
C:\Windows\System32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\k57nd60x.sys 62632763D9B2B7F92D2968D40406E7AA
C:\Windows\System32\drivers\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\drivers\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecpkg.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\System32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys 5D16C921E3671636C0EBA3BBAAC5FD25
C:\Windows\System32\DRIVERS\mrxsmb10.sys 6D17A4791ACA19328C685D256349FEFC
C:\Windows\System32\DRIVERS\mrxsmb20.sys B81F204D146000BE76651A50670A5E9E
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\System32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 81189C3D7763838E55C397759D49007A
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\drivers\nvraid.sys B3E25EE28883877076E0E1FF877D02E0
C:\Windows\System32\drivers\nvstor.sys 4380E59A170D88C4F1022EFF6719A8A4
C:\Windows\System32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\System32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\parvdm.sys ==> MD5 is legit
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\System32\Drivers\PxHelp20.sys 40FEDD328F98245AD201CF5F9F311724
C:\Windows\System32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\System32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\drivers\vms3cap.sys ==> MD5 is legit
C:\Windows\System32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\System32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\System32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\System32\drivers\sisagp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys E4C2764065D66EA1D2D3EBC28FE99C46
C:\Windows\System32\DRIVERS\srv2.sys 03F0545BD8D4C77FA0AE1CEEDFCC71AB
C:\Windows\System32\DRIVERS\srvnet.sys BE6BD660CAA6F291AE06A718A4FA8ABC
C:\Windows\System32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit
C:\Windows\System32\drivers\storvsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 65D10B191C59C5501A1263FC33F6894B
C:\Windows\System32\DRIVERS\tcpip.sys 65D10B191C59C5501A1263FC33F6894B
C:\Windows\System32\drivers\tcpipreg.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tdx.sys CB39E896A2A83702D1737BFD402B3542
C:\Windows\System32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tmactmon.sys A3D1CDC695E22AC1AB5A15F384E2F31A
C:\Windows\System32\DRIVERS\tmcomm.sys 4485D4FBCEB536F4F7EC899EDF3C9601
C:\Windows\System32\DRIVERS\tmevtmgr.sys 7E82912B30B96C7E134188CFC85865EB
C:\Program Files\Trend Micro\Client Server Security Agent\TmXPFlt.sys 717E406972BBC07F8FB2A989416CAB73
C:\Program Files\Trend Micro\Client Server Security Agent\TmPreFlt.sys 379C4F99994A56B66E11D1E32BB22A1C
C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\drivers\umbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys BD9C55D7023C5DE374507ACC7A14E2AC
C:\Windows\System32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys F92DE757E4B7CE9C07C5E65423F3AE3B
C:\Windows\System32\DRIVERS\usbhub.sys 8DC94AEC6A7E644A06135AE7506DC2E9
C:\Windows\System32\DRIVERS\usbohci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS F991AB9CC6B908DB552166768176896A
C:\Windows\System32\DRIVERS\usbuhci.sys 68DF884CF41CDADA664BEB01DAF67E3D
C:\Windows\System32\Drivers\usbvideo.sys 45F4E7BF43DB40A6C6B4D92C76CBC3F2
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\System32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\viaagp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\viac7.sys ==> MD5 is legit
C:\Windows\System32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmbus.sys ==> MD5 is legit
C:\Windows\System32\drivers\VMBusHID.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vpchbus.sys B26536ADD1D748CDA104D856C979AE79
C:\Windows\System32\DRIVERS\vpcusb.sys 5F4B55E91CE7E2523C9E1E0ECE858869
C:\Program Files\Trend Micro\Client Server Security Agent\VSApiNt.sys 642EB152CB980AD9181B2161066BE629
C:\Windows\System32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys A67E5F9A400F3BD1BE3D80613B45F708
C:\Windows\System32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WUDFRd.sys ==> MD5 is legit

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-02-21 09:57 - 2012-02-21 09:57 - 0000000 ____D C:\FRST
2012-02-21 06:28 - 2012-02-21 06:28 - 0862340 ____A C:\Users\IT\Desktop\FRST.exe
2012-02-21 06:23 - 2012-02-21 06:49 - 0000168 ____A C:\Windows\setupact.log
2012-02-21 06:23 - 2012-02-21 06:23 - 0000000 ____A C:\Windows\setuperr.log
2012-02-17 07:54 - 2012-02-17 07:54 - 0000000 ____D C:\Program Files\CCleaner
2012-02-17 06:42 - 2012-02-17 06:42 - 0003664 ____N C:\bootsqm.dat
2012-02-17 05:54 - 2012-02-17 05:54 - 0001953 ____A C:\Users\IT\Desktop\FSS.txt
2012-02-17 05:53 - 2012-02-17 05:53 - 0005516 ____A C:\Users\IT\Desktop\02172012_084835.log
2012-02-17 05:53 - 2012-02-17 05:52 - 0337031 ____A C:\Users\IT\Desktop\FSS.exe
2012-02-17 05:48 - 2012-02-17 05:48 - 0000098 ____A C:\Windows\System32\Drivers\etc\Hosts
2012-02-16 14:18 - 2012-02-16 23:26 - 0000000 ____D C:\users\matt_bangert
2012-02-16 14:18 - 2012-02-16 23:26 - 0000000 ____D C:\users\Guan_Wang
2012-02-16 14:18 - 2012-02-16 23:26 - 0000000 ____D C:\users\frank_reilly
2012-02-16 14:18 - 2012-02-16 23:26 - 0000000 ____D C:\users\di_wu
2012-02-16 14:18 - 2012-02-16 23:26 - 0000000 ____D C:\users\alex_woolbright.OO
2012-02-16 14:18 - 2012-02-16 23:26 - 0000000 ____D C:\users\alex_woolbright
2012-02-16 14:18 - 2012-02-16 23:26 - 0000000 ____D C:\users\Admin
2012-02-16 14:18 - 2012-02-16 14:18 - 0014711 ____A C:\ComboFix.txt
2012-02-16 14:17 - 2012-02-16 14:17 - 0000000 __SHD C:\$RECYCLE.BIN
2012-02-16 14:06 - 2012-02-16 14:06 - 4406022 ____R (Swearware) C:\Users\IT\Desktop\ComboFix.exe
2012-02-16 11:07 - 2012-02-16 11:07 - 0584192 ____A (OldTimer Tools) C:\Users\IT\Desktop\OTL.exe
2012-02-16 10:49 - 2009-11-09 19:55 - 0219136 ____A C:\Users\IT\Desktop\FixWU.exe
2012-02-15 07:59 - 2012-02-15 07:59 - 0000000 ____D C:\Users\All Users\Sun
2012-02-15 07:59 - 2012-02-15 07:59 - 0000000 ____D C:\ProgramData\Sun
2012-02-15 07:59 - 2012-02-15 07:59 - 0000000 ____D C:\Program Files\Common Files\Java
2012-02-15 07:59 - 2012-02-15 07:58 - 0472808 ____A (Sun Microsystems, Inc.) C:\Windows\System32\deployJava1.dll
2012-02-15 07:59 - 2012-02-15 07:58 - 0157472 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaws.exe
2012-02-15 07:59 - 2012-02-15 07:58 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaw.exe
2012-02-15 07:59 - 2012-02-15 07:58 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\System32\java.exe
2012-02-15 07:58 - 2012-02-15 07:58 - 0000000 ____D C:\Program Files\Java
2012-02-15 07:48 - 2012-02-15 07:48 - 0000000 ____D C:\Users\IT\AppData\Local\Solid State Networks
2012-02-15 07:28 - 2012-02-21 06:49 - 0050680 ____A C:\Windows\System32\TmInstall.log
2012-02-15 07:28 - 2012-02-21 06:49 - 0000031 ____A C:\tmuninst.ini
2012-02-15 07:28 - 2012-02-15 07:28 - 0000000 ____D C:\Windows\System32\log
2012-02-15 07:27 - 2012-02-15 07:28 - 0000000 ____D C:\Program Files\Trend Micro
2012-02-15 06:33 - 2011-04-24 19:24 - 0338944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2012-02-15 06:19 - 2009-07-13 15:12 - 0074240 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdx.sys
2012-02-14 05:43 - 2012-02-21 06:50 - 0000112 ____A C:\Windows\System32\config\netlogon.ftl
2012-02-14 05:34 - 2012-02-14 05:34 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG2
2012-02-14 05:34 - 2012-02-14 05:34 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG1
2012-02-14 05:34 - 2012-02-14 05:34 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG2
2012-02-14 05:34 - 2012-02-14 05:34 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG1
2012-02-14 05:34 - 2012-02-14 05:34 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG2
2012-02-14 05:34 - 2012-02-14 05:34 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG1
2012-02-14 05:34 - 2012-02-14 05:34 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG2
2012-02-14 05:34 - 2012-02-14 05:34 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG1
2012-02-14 05:33 - 2012-02-14 05:33 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG2
2012-02-14 05:33 - 2012-02-14 05:33 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG1
2012-02-14 05:33 - 2009-07-13 15:12 - 0187904 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netbt.sys
2012-02-14 05:26 - 2011-05-18 05:29 - 0002021 ____A C:\Users\Public\Desktop\500 Asset Inventory.lnk
2012-02-14 05:26 - 2011-05-18 05:25 - 0002039 ____A C:\Users\Public\Desktop\500 Asset Accounting.lnk
2012-02-14 05:26 - 2011-04-08 08:58 - 0001956 ____A C:\Users\Public\Desktop\Rent Manager.lnk
2012-02-13 14:43 - 2012-02-14 05:40 - 0000000 ___RD C:\users\Public
2012-02-13 14:43 - 2012-02-13 14:43 - 0000174 ___SH C:\Users\Public\desktop.ini
2012-02-13 14:38 - 2012-02-13 14:38 - 0000000 ____D C:\_OTL
2012-02-13 14:32 - 2011-05-18 05:29 - 0002021 ____A C:\500 Asset Inventory.lnk
2012-02-13 14:32 - 2011-05-18 05:25 - 0002039 ____A C:\500 Asset Accounting.lnk
2012-02-13 14:32 - 2011-04-08 08:58 - 0001956 ____A C:\Rent Manager.lnk
2012-02-08 12:25 - 2010-11-20 00:38 - 0108544 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cdrom.sys
2012-02-08 12:25 - 2009-07-13 15:45 - 0083456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\serial.sys
2012-02-08 11:23 - 2011-01-26 04:52 - 0002781 ____A C:\Users\All Users\Start Menu\Programs\Startup\Start Pervasive PSQL Workgroup Engine.lnk
2012-02-08 11:23 - 2009-07-13 20:41 - 0000174 __ASH C:\Users\All Users\Start Menu\Programs\Startup\desktop.ini
2012-02-08 11:21 - 2012-02-13 14:32 - 0000000 ____D C:\Users\IT\Desktop\RK_Quarantine
2012-02-08 10:36 - 2012-02-14 13:32 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-02-08 09:16 - 2012-02-08 09:25 - 5492736 ____A C:\Users\IT\Desktop\Deadline_Manager.mdb
2012-02-08 08:17 - 2012-02-08 08:17 - 0058880 ____A C:\Users\IT\Desktop\RLPSSZM.doc
2012-02-08 05:12 - 2012-02-08 09:57 - 0000000 ____D C:\Users\All Users\AVAST Software
2012-02-08 05:12 - 2012-02-08 09:57 - 0000000 ____D C:\ProgramData\AVAST Software
2012-02-08 05:12 - 2012-02-08 05:12 - 0000000 ____D C:\Program Files\AVAST Software
2012-02-07 12:11 - 2012-02-16 14:18 - 0000000 ____D C:\Qoobox
2012-02-07 12:03 - 2011-06-25 22:45 - 0256000 ____A C:\Windows\PEV.exe
2012-02-07 12:03 - 2010-11-07 09:20 - 0208896 ____A C:\Windows\MBR.exe
2012-02-07 12:03 - 2009-04-19 20:56 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-02-07 12:03 - 2000-08-30 16:00 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-02-07 12:03 - 2000-08-30 16:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-02-07 12:03 - 2000-08-30 16:00 - 0098816 ____A C:\Windows\sed.exe
2012-02-07 12:03 - 2000-08-30 16:00 - 0080412 ____A C:\Windows\grep.exe
2012-02-07 12:03 - 2000-08-30 16:00 - 0068096 ____A C:\Windows\zip.exe
2012-02-07 12:02 - 2012-02-15 06:33 - 0000000 ____D C:\Windows\ERDNT
2012-02-07 07:20 - 2012-02-07 07:21 - 3271124 ____A C:\Users\IT\Desktop\International Property Maintenance Code.pdf
2012-02-01 13:44 - 2012-02-01 13:57 - 36769792 ____A C:\Users\IT\Desktop\Service Department.mdb
2012-02-01 10:42 - 2012-02-07 14:02 - 172953600 ____A C:\Users\IT\Desktop\Service Department_BE.mdb
2012-02-01 07:31 - 2012-02-01 07:31 - 0002447 ____A C:\Users\IT\Desktop\s Quick Connect.lnk
2012-01-31 11:30 - 2012-02-08 08:41 - 0066048 ____A C:\Users\IT\Desktop\Cindy.doc
2012-01-25 07:12 - 2012-01-25 07:12 - 0000000 ____D C:\Users\IT\AppData\Local\Applications
2012-01-24 07:49 - 2012-01-24 07:49 - 0000000 ____D C:\Windows\System32\1033

============ 3 Months Modified Files and Folders ===============

2012-02-21 09:57 - 2012-02-21 09:57 - 0000000 ____D C:\FRST
2012-02-21 06:55 - 2009-07-13 20:55 - 1359860 ____A C:\Windows\WindowsUpdate.log
2012-02-21 06:55 - 2009-07-13 20:34 - 0014256 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-02-21 06:55 - 2009-07-13 20:34 - 0014256 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-02-21 06:50 - 2012-02-14 05:43 - 0000112 ____A C:\Windows\System32\config\netlogon.ftl
2012-02-21 06:50 - 2010-06-07 11:43 - 0000000 ____D C:\Users\IT\Tracing
2012-02-21 06:49 - 2012-02-21 06:23 - 0000168 ____A C:\Windows\setupact.log
2012-02-21 06:49 - 2012-02-15 07:28 - 0050680 ____A C:\Windows\System32\TmInstall.log
2012-02-21 06:49 - 2012-02-15 07:28 - 0000031 ____A C:\tmuninst.ini
2012-02-21 06:49 - 2009-12-03 11:26 - 1601937408 __ASH C:\hiberfil.sys
2012-02-21 06:49 - 2009-07-13 20:53 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-02-21 06:28 - 2012-02-21 06:28 - 0862340 ____A C:\Users\IT\Desktop\FRST.exe
2012-02-21 06:23 - 2012-02-21 06:23 - 0000000 ____A C:\Windows\setuperr.log
2012-02-21 06:23 - 2011-09-11 16:17 - 0000924 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-261903793-839522115-5150UA.job
2012-02-18 03:23 - 2011-07-30 06:55 - 0000872 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-261903793-839522115-5150Core1cc4ec8c6f8f671.job
2012-02-17 07:55 - 2011-12-06 07:52 - 0000000 ____D C:\Windows\Minidump
2012-02-17 07:55 - 2009-12-03 11:21 - 0000000 ____D C:\Windows\Panther
2012-02-17 07:54 - 2012-02-17 07:54 - 0000000 ____D C:\Program Files\CCleaner
2012-02-17 06:42 - 2012-02-17 06:42 - 0003664 ____N C:\bootsqm.dat
2012-02-17 05:54 - 2012-02-17 05:54 - 0001953 ____A C:\Users\IT\Desktop\FSS.txt
2012-02-17 05:53 - 2012-02-17 05:53 - 0005516 ____A C:\Users\IT\Desktop\02172012_084835.log
2012-02-17 05:52 - 2012-02-17 05:53 - 0337031 ____A C:\Users\IT\Desktop\FSS.exe
2012-02-17 05:48 - 2012-02-17 05:48 - 0000098 ____A C:\Windows\System32\Drivers\etc\Hosts
2012-02-17 05:46 - 2010-05-14 10:15 - 0000000 ____D C:\Users\IT\AppData\Local\Apps\2.0
2012-02-16 14:18 - 2012-02-16 14:18 - 0014711 ____A C:\ComboFix.txt
2012-02-16 14:18 - 2012-02-07 12:11 - 0000000 ____D C:\Qoobox
2012-02-16 14:17 - 2012-02-16 14:17 - 0000000 __SHD C:\$RECYCLE.BIN
2012-02-16 14:16 - 2009-07-13 18:04 - 0000215 ____A C:\Windows\system.ini
2012-02-16 14:06 - 2012-02-16 14:06 - 4406022 ____R (Swearware) C:\Users\IT\Desktop\ComboFix.exe
2012-02-16 11:07 - 2012-02-16 11:07 - 0584192 ____A (OldTimer Tools) C:\Users\IT\Desktop\OTL.exe
2012-02-16 10:43 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\NDF
2012-02-16 06:12 - 2009-07-13 18:37 - 0000000 _SHDC C:\Windows\$NtUninstallKB2913$
2012-02-15 08:12 - 2010-07-27 04:45 - 0000000 ____D C:\Program Files\Mozilla Firefox
2012-02-15 07:59 - 2012-02-15 07:59 - 0000000 ____D C:\Users\All Users\Sun
2012-02-15 07:59 - 2012-02-15 07:59 - 0000000 ____D C:\ProgramData\Sun
2012-02-15 07:59 - 2012-02-15 07:59 - 0000000 ____D C:\Program Files\Common Files\Java
2012-02-15 07:58 - 2012-02-15 07:59 - 0472808 ____A (Sun Microsystems, Inc.) C:\Windows\System32\deployJava1.dll
2012-02-15 07:58 - 2012-02-15 07:59 - 0157472 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaws.exe
2012-02-15 07:58 - 2012-02-15 07:59 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaw.exe
2012-02-15 07:58 - 2012-02-15 07:59 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\System32\java.exe
2012-02-15 07:58 - 2012-02-15 07:58 - 0000000 ____D C:\Program Files\Java
2012-02-15 07:54 - 2010-05-04 09:28 - 0000000 ____D C:\Users\IT\AppData\Roaming\Adobe
2012-02-15 07:51 - 2009-12-03 09:39 - 0000000 ____D C:\Program Files\Adobe
2012-02-15 07:48 - 2012-02-15 07:48 - 0000000 ____D C:\Users\IT\AppData\Local\Solid State Networks
2012-02-15 07:39 - 2010-05-04 09:28 - 0000000 ____D C:\Users\IT\AppData\Local\Adobe
2012-02-15 07:39 - 2009-12-03 09:39 - 0000000 ____D C:\Users\All Users\Adobe
2012-02-15 07:39 - 2009-12-03 09:39 - 0000000 ____D C:\ProgramData\Adobe
2012-02-15 07:28 - 2012-02-15 07:28 - 0000000 ____D C:\Windows\System32\log
2012-02-15 07:28 - 2012-02-15 07:27 - 0000000 ____D C:\Program Files\Trend Micro
2012-02-15 07:28 - 2009-12-03 09:39 - 0880568 ____A C:\Windows\System32\PerfStringBackup.INI
2012-02-15 06:34 - 2009-07-13 18:03 - 80207872 ____A C:\Windows\System32\config\SOFTWARE.bak
2012-02-15 06:34 - 2009-07-13 18:03 - 22806528 ____A C:\Windows\System32\config\SYSTEM.bak
2012-02-15 06:34 - 2009-07-13 18:03 - 0839680 ____A C:\Windows\System32\config\DEFAULT.bak
2012-02-15 06:34 - 2009-07-13 18:03 - 0036864 ____A C:\Windows\System32\config\SECURITY.bak
2012-02-15 06:33 - 2012-02-07 12:02 - 0000000 ____D C:\Windows\ERDNT
2012-02-15 06:21 - 2009-07-13 20:53 - 0032564 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-02-15 06:20 - 2010-07-27 00:29 - 0065536 ____A C:\Windows\System32\config\SAM.bak
2012-02-15 05:48 - 2011-01-28 12:05 - 0001945 ____A C:\Windows\epplauncher.mif
2012-02-14 13:32 - 2012-02-08 10:36 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-02-14 05:40 - 2012-02-13 14:43 - 0000000 ___RD C:\users\Public
2012-02-14 05:40 - 2009-07-13 18:37 - 0000000 ___RD C:\users\Default
2012-02-14 05:40 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\config\TxR
2012-02-14 05:34 - 2012-02-14 05:34 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG2
2012-02-14 05:34 - 2012-02-14 05:34 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG1
2012-02-14 05:34 - 2012-02-14 05:34 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG2
2012-02-14 05:34 - 2012-02-14 05:34 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG1
2012-02-14 05:34 - 2012-02-14 05:34 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG2
2012-02-14 05:34 - 2012-02-14 05:34 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG1
2012-02-14 05:34 - 2012-02-14 05:34 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG2
2012-02-14 05:34 - 2012-02-14 05:34 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG1
2012-02-14 05:33 - 2012-02-14 05:33 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG2
2012-02-14 05:33 - 2012-02-14 05:33 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG1
2012-02-14 05:32 - 2010-05-04 09:28 - 0000000 ____D C:\users\IT
2012-02-13 14:43 - 2012-02-13 14:43 - 0000174 ___SH C:\Users\Public\desktop.ini
2012-02-13 14:38 - 2012-02-13 14:38 - 0000000 ____D C:\_OTL
2012-02-13 14:37 - 2010-11-30 10:26 - 0000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-02-13 14:32 - 2012-02-08 11:21 - 0000000 ____D C:\Users\IT\Desktop\RK_Quarantine
2012-02-08 11:00 - 2012-01-06 11:04 - 0000000 ____D C:\Users\IT\Desktop\Deadline Database
2012-02-08 09:57 - 2012-02-08 05:12 - 0000000 ____D C:\Users\All Users\AVAST Software
2012-02-08 09:57 - 2012-02-08 05:12 - 0000000 ____D C:\ProgramData\AVAST Software
2012-02-08 09:25 - 2012-02-08 09:16 - 5492736 ____A C:\Users\IT\Desktop\Deadline_Manager.mdb
2012-02-08 08:41 - 2012-01-31 11:30 - 0066048 ____A C:\Users\IT\Desktop\Cindy.doc
2012-02-08 08:17 - 2012-02-08 08:17 - 0058880 ____A C:\Users\IT\Desktop\RLPSSZM.doc
2012-02-08 05:56 - 2010-08-04 10:35 - 0000158 ____A C:\Windows\ricdb.ini
2012-02-08 05:14 - 2009-07-13 18:04 - 0002679 ____A C:\Windows\System32\config.nt
2012-02-08 05:12 - 2012-02-08 05:12 - 0000000 ____D C:\Program Files\AVAST Software
2012-02-07 14:02 - 2012-02-01 10:42 - 172953600 ____A C:\Users\IT\Desktop\Service Department_BE.mdb
2012-02-07 13:10 - 2010-10-11 06:19 - 0000000 ____D C:\Users\IT\AppData\Local\ApplicationHistory
2012-02-07 07:21 - 2012-02-07 07:20 - 3271124 ____A C:\Users\IT\Desktop\International Property Maintenance Code.pdf
2012-02-02 10:36 - 2011-02-17 12:36 - 0000000 ____D C:\Users\IT\AppData\Roaming\ShoreWare Client
2012-02-01 13:57 - 2012-02-01 13:44 - 36769792 ____A C:\Users\IT\Desktop\Service Department.mdb
2012-02-01 07:31 - 2012-02-01 07:31 - 0002447 ____A C:\Users\IT\Desktop\s Quick Connect.lnk
2012-01-31 04:44 - 2009-12-17 07:45 - 0237072 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-01-25 07:12 - 2012-01-25 07:12 - 0000000 ____D C:\Users\IT\AppData\Local\Applications
2012-01-24 10:44 - 2012-01-20 07:13 - 0556397 ____A C:\Users\IT\Desktop\Tenant & Guest.pptx
2012-01-24 09:42 - 2012-01-19 14:07 - 0144896 ____A C:\Users\IT\Desktop\Customer Service.doc
2012-01-24 07:51 - 2009-12-03 09:35 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-01-24 07:51 - 2009-12-03 09:35 - 0000000 ____D C:\ProgramData\Microsoft Help
2012-01-24 07:50 - 2011-04-28 10:51 - 0000000 ____D C:\Program Files\Common Files\Merge Modules
2012-01-24 07:50 - 2009-07-13 18:37 - 0000000 ____D C:\Program Files\Common Files\microsoft shared
2012-01-24 07:49 - 2012-01-24 07:49 - 0000000 ____D C:\Windows\System32\1033
2012-01-24 07:49 - 2011-04-28 10:50 - 0000000 ____D C:\Program Files\Microsoft Visual Studio 8
2012-01-23 12:40 - 2010-06-24 11:00 - 0000000 ____D C:\Users\IT\AppData\Local\ElevatedDiagnostics
2012-01-17 04:45 - 2010-05-14 10:15 - 0000000 ____D C:\Users\IT\AppData\Local\Deployment
2012-01-16 05:10 - 2010-05-03 05:16 - 52128560 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-01-09 11:30 - 2012-01-09 11:30 - 0000000 ____D C:\Users\IT\AppData\Roaming\Macro Recorder
2012-01-09 11:29 - 2012-01-09 11:30 - 0000326 ____A C:\Users\IT\Desktop\Macro Recorder.appref-ms
2012-01-06 13:49 - 2012-01-06 12:27 - 0157696 ____A C:\Users\IT\Desktop\ResidentInformation.adp
2012-01-05 11:13 - 2012-01-05 11:13 - 0000970 ____A C:\Users\IT\Desktop\join.me.lnk
2012-01-05 11:13 - 2012-01-05 11:13 - 0000000 ____D C:\Users\IT\AppData\Local\join.me
2012-01-05 11:12 - 2011-08-22 10:36 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-01-04 11:16 - 2012-01-04 05:56 - 0000000 ____D C:\Users\IT\Desktop\1098
2012-01-04 09:40 - 2012-01-04 05:47 - 16961536 ____A C:\Users\IT\Desktop\LL4000.mdb
2012-01-04 09:30 - 2011-05-02 10:13 - 0000000 ____D C:\Bin
2012-01-03 12:50 - 2012-01-03 12:50 - 0001574 ____A C:\Users\IT\Desktop\MortgageAddOns.exe - Shortcut.lnk
2011-12-23 07:35 - 2009-07-13 23:50 - 0000000 ____D C:\Windows\CSC
2011-12-21 06:26 - 2011-12-21 06:24 - 23048192 ____A (Dynamic Interface Systems Corporation) C:\Users\IT\Desktop\ll300.exe
2011-12-20 14:22 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\rescache
2011-12-20 09:34 - 2010-05-14 09:18 - 0000000 ___RD C:\Users\IT\Virtual Machines
2011-12-20 09:34 - 2010-05-04 09:28 - 0000174 ___SH C:\Users\IT\Start Menu\Programs\Startup\desktop.ini
2011-12-20 09:34 - 2010-05-04 09:28 - 0000174 ___SH C:\Users\IT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2011-12-20 09:09 - 2009-07-13 20:33 - 0449800 ____A C:\Windows\System32\FNTCACHE.DAT
2011-12-20 09:07 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\DriverStore
2011-12-20 06:00 - 2009-07-13 18:04 - 0000478 ____A C:\Windows\win.ini
2011-12-12 07:06 - 2011-12-12 07:06 - 0000000 ____D C:\Program Files\Common Files\ODBC
2011-12-09 13:36 - 2011-12-09 13:36 - 0094208 ____A C:\Windows\TIRHService.exe
2011-12-09 13:36 - 2011-12-09 13:36 - 0000000 ____D C:\Windows\TIREMOTE
2011-12-06 09:25 - 2010-07-27 04:45 - 0000000 ____D C:\Users\IT\AppData\Roaming\Mozilla
2011-12-06 06:14 - 2011-12-06 06:14 - 0176644 ____A C:\Windows\System32\c_7265186.nls
2011-11-30 11:14 - 2011-02-07 07:17 - 0000000 ____D C:\Program Files\SmartDraw VP
2011-11-30 08:59 - 2011-04-28 10:50 - 0000000 ____D C:\Users\IT\Documents\Visual Studio 2005

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 22%
Total physical RAM: 2036.97 MB
Available physical RAM: 1585.03 MB
Total Pagefile: 2036.97 MB
Available Pagefile: 1585.92 MB
Total Virtual: 2047.88 MB
Available Virtual: 1958.31 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:134.32 GB) (Free:79.23 GB) NTFS
3 Drive f: (TOSHIBA) (Removable) (Total:14.53 GB) (Free:11.41 GB) FAT32
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:10.13 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 149 GB 0 B
Disk 1 Online 14 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 14 GB 40 MB
Partition 3 Primary 134 GB 14 GB

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 FAT Partition 39 MB Healthy Hidden

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y RECOVERY NTFS Partition 14 GB Healthy

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 134 GB Healthy

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 14 GB 4032 KB

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F TOSHIBA FAT32 Removable 14 GB Healthy



==========================================================

Last Boot: 2012-02-14 06:24

======================= End Of Log ==========================

Edited by Dustylady, 27 February 2012 - 07:53 AM.

  • 0

#40
CompCav
Posted 21 February 2012 - 10:05 AM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Do you have a Windows 7 Professional SP1 DVD?
  • 0

Advertisements

#41
Dustylady
Posted 21 February 2012 - 02:34 PM

Dustylady

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts
I've found two unmarked disks that might be. Dell is fairly stingy with disks.
  • 0

#42
CompCav
Posted 21 February 2012 - 02:42 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Well to really get at this sfc problem we need an install disk so that we are completely outside the disk OS. Will post shortly when my instructor approves a fix.
  • 0

#43
CompCav
Posted 21 February 2012 - 03:02 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Step 1.

Download the enclosed file. Attached File fixlist.txt
Attached File  fixlist.txt   80bytes   101 downloads

Save it in the USB drive.

Insert the USB drive into the ailing computer. Run FRST as you did before, except that this time around click on the Fix button.

The tool will make a log on the flashdrive (Fixlog.txt) please post it it your reply.


Step 2.

We need to run sfc /scannow from outside the OS installed on the hard drive.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Select English as the keyboard language settings, and then click Next.
  • Click Repair your computer.
  • Select the operating system you want to repair, and then click Next.


On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt[*]Select Command Prompt
[*]Type sfc /scannow and hit ENTER.
[*]Once it completes close the command window.
[*]Click Restart and remove the DVD.
[*]Allow the computer to boot into normal mode. Please note any errors and error codes during startup and post them in your next reply.

[*]If the sfc had trouble completing or said it could not replace a file do the next several steps. If it completed normally just go on to Step 3.

[*]Click on All Programs and Accessories, then right click on Command Prompt and click on Run as administrator. (See screenshot below)
Posted Image
[*]Copy the line below and paste it at the command prompt. Then press Enter 

findstr /c:"[SR]" %windir%\Logs\CBS\CBS.log >%userprofile%\Desktop\sfcdetails.txt

[*]The file sfcdetails.txt will now be on your desktop. Please open it , Edit | select all | copy and paste it in your next reply.

[/list]

Step 3.

Please post:

Fixlog.txt
sfcdetails.txt (if necessary)
Any errors and error codes during startup

What are the current issues with the computer?
  • 0

#44
Dustylady
Posted 22 February 2012 - 07:52 AM

Dustylady

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts
Are we having fun yet? :unsure: SFC still does not run. Same error when run from the disk - System repair pending which requires reboot to complete.

Fixlog:

Fix result of Farbar Recovery Tool (FRST written by farbar) Version: 20-02-2012
Ran by SYSTEM at 2012-02-22 08:24:41 R:1
Running from F:\

==============================================

5689 service deleted successfully.
C:\Windows\TEMP\5689.sys not found.

==== End of Fixlog ====


...and the sfcdetails file is completely empty. Not a thing in it. No errors when I ran it.



  • 0

#45
Dustylady
Posted 22 February 2012 - 11:47 AM

Dustylady

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts
Possibly new problem, at some point the DVD drive does not work within windows. Since I wasnt looking for the problem nor using it, I cant say when that happened. The drive works fine using the Windows 7 DVD to boot. There is a yellow mark on the drive in Device manager, it knows its there, knows its a dvd drive, but cant start it up. The auto update for the driver of course does not work. I downloaded Dell drivers for the DVD drive, and when running it claims the drive is not found.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP