Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malwarebytes will not run


  • Please log in to reply

#1
bhzendner

bhzendner

    Member

  • Member
  • PipPipPip
  • 223 posts

Malwarebytes will not run, with all its special starts, in fact with one of them it gets a BSOS.

Superantispyware does not find any infections.

What do you think is up?

 


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,658 posts
  • MVP
 
Please download Farbar Recovery Scan Tool and save it to your Desktop. 
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. 
 
  •  
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 
  • Press Scan button. 
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here. 
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 
  •  
    If that does not work can you boot into Safe mode?
     

     
    (Reboot and when you see the maker's logo, hear a beep or it talks about F8, start tapping the F8 key slowly.  Keep tapping until the Safe Mode Menu appears and choose Safe Mode with Networking.  Login with your usual login.)
     

    • 0

    #3
    bhzendner

    bhzendner

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 223 posts
    Additional scan result of Farbar Recovery Scan Tool (x86) Version:08-05-2014
    Ran by caloffice at 2014-05-08 18:00:05
    Running from C:\Documents and Settings\caloffice.CALOFFICE\My Documents\Downloads
    Boot Mode: Normal
    ==========================================================
     
     
    ==================== Security Center ========================
     
     
    ==================== Installed Programs ======================
     
    Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) (Version: 8.1.2 - Adobe Systems, Inc) Hidden
    Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.2.202.233 - Adobe Systems Incorporated)
    Adobe Reader 8.1.2 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A81200000003}) (Version: 8.1.2 - Adobe Systems Incorporated)
    Adobe Reader 8.1.2 Security Update 1 (KB403742) (HKLM\...\{AC76BA86-7AD7-1033-7B44-A81200000003}_Adobe Reader 8.1.2) (Version:  - )
    Boot Media Builder for Paragon Hard Disk Manager™ 14 Premium Edition (HKLM\...\{3E9F3D5C-8B49-5854-ACF6-75EE3C96A6CC}) (Version: 1.00.0000 - Paragon Software)
    CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
    CleanUp! (HKLM\...\CleanUp!) (Version:  - )
    Defraggler (HKLM\...\Defraggler) (Version: 2.18 - Piriform)
    DocForm 5.0 Professional (HKLM\...\{869ED054-0A06-47A2-995E-DA20A571BDCF}) (Version: 5.0.1 - Prism Software Corporation)
    DocForm Professional 4.2 (HKLM\...\{C560143C-E9D4-4E88-96E2-7D242B4479C9}) (Version: 4.2.0 - Prism Software Corporation)
    FileZilla Client 3.2.4.1 (HKLM\...\FileZilla Client) (Version: 3.2.4.1 - )
    Google Chrome (HKLM\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)
    Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
    Hyper-V Integration Services (version 6.2.9200.16384) (HKLM\...\{E675F32B-3508-4658-84EC-2069EE621899}) (Version: 3.9200.16384 - Microsoft Corporation)
    Intel® PRO Network Adapters and Drivers (HKLM\...\PROSet) (Version:  - )
    Kyocera Product Library (HKLM\...\Kyocera Product Library) (Version: 2.0.0713 - Kyocera Mita Corporation)
    Linksys PrintServer Driver (HKLM\...\Linksys PrintServer Driver) (Version:  - )
    LogMeIn (HKLM\...\{34F93E31-E1A0-421C-8E86-BCF7C4193A91}) (Version: 4.0.982 - LogMeIn, Inc.)
    LogMeIn (HKLM\...\{7F831576-6246-42C7-B523-55B3F96509CC}) (Version: 4.0.784 - LogMeIn, Inc.)
    Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
    Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
    Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 (Version:  - Microsoft Corporation) Hidden
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 (Version:  - Microsoft Corporation) Hidden
    Microsoft SQL Server Native Client (HKLM\...\{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}) (Version: 9.00.3042.00 - Microsoft Corporation)
    Microsoft User-Mode Driver Framework Feature Pack 1.9 (HKLM\...\Wudf01009) (Version:  - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft XML Parser (Version: 8.70.1104.04 - Microsoft Corporation) Hidden
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
    MSXML 6 Service Pack 2 (KB2758696) (HKLM\...\{E46A76D1-9FB9-4770-BA24-3975EF4D120A}) (Version: 6.20.2016.0 - Microsoft Corporation)
    Paragon Hard Disk Manager™ 14 Premium Edition (HKLM\...\{619A89DE-5F01-11E2-85E8-000C2982512D}) (Version: 90.00.0003 - Paragon Software)
    PowerChute Network Shutdown (HKLM\...\PowerChute Network Shutdown) (Version:  - American Power Conversion)
    PrintKey2000 (HKLM\...\PrintKey2000) (Version:  - )
    Promise Array Management (HKLM\...\Promise Array Management) (Version:  - )
    Recovery Media Builder™ (HKLM\...\{EC1AB719-E98B-532C-95D4-381FB69F5CD2}) (Version: 1.00.0000 - Paragon Software)
    Shadow Copy Client (HKLM\...\{23E5032B-56CA-4C19-A72E-B50161DB82CA}) (Version: 5.2.01 - Microsoft)
    SonicWALL Continuous Data Protection (HKLM\...\{E61925A2-F785-413E-B245-B8EB12AE24E0}) (Version: 5.0.3 - SonicWALL)
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1144 - SUPERAntiSpyware.com)
    Transoft U/BL for Windows 2000 & xp (HKLM\...\UBL) (Version:  - )
    TreeSize Free V2.1 (HKLM\...\TreeSize Free_is1) (Version:  - JAM Software)
    Trend Micro Worry-Free Business Security Agent (HKLM\...\Wofie) (Version: 18.0.2013 - Trend Micro Inc.)
    Trend Micro Worry-Free Business Security Agent (Version: 8.0 - Trend Micro Inc.) Hidden
    U/Gi 32 bit Edition (HKLM\...\UGi32) (Version:  - )
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2473228) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2468871) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2533523) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2600217) (Version: 1 - Microsoft Corporation)
    Update for Windows Internet Explorer 8 (KB2632503) (HKLM\...\KB2632503-IE8) (Version: 1 - Microsoft Corporation)
    Update for Windows Internet Explorer 8 (KB971180) (HKLM\...\KB971180-IE8) (Version: 1 - Microsoft Corporation)
    Update for Windows Internet Explorer 8 (KB971930) (HKLM\...\KB971930-IE8) (Version: 1 - Microsoft Corporation)
    Update for Windows Internet Explorer 8 (KB973874) (HKLM\...\KB973874-IE8) (Version: 1 - Microsoft Corporation)
    Update for Windows Internet Explorer 8 (KB975364) (HKLM\...\KB975364-IE8) (Version: 1 - Microsoft Corporation)
    Update for Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8) (Version: 1 - Microsoft Corporation)
    Update for Windows Internet Explorer 8 (KB976749) (HKLM\...\KB976749-IE8) (Version: 1 - Microsoft Corporation)
    Update for Windows Internet Explorer 8 (KB978506) (HKLM\...\KB978506-IE8) (Version: 1 - Microsoft Corporation)
    Update for Windows Internet Explorer 8 (KB980182) (HKLM\...\KB980182-IE8) (Version: 1 - Microsoft Corporation)
    Update for Windows Internet Explorer 8 (KB980302) (HKLM\...\KB980302-IE8) (Version: 1 - Microsoft Corporation)
    Update for Windows Internet Explorer 8 (KB982632) (HKLM\...\KB982632-IE8) (Version: 1 - Microsoft Corporation)
    Update for Windows Server 2003 (KB2388210) (HKLM\...\KB2388210) (Version:  - )
    Update for Windows Server 2003 (KB2492386) (HKLM\...\KB2492386) (Version: 1 - Microsoft Corporation)
    Update for Windows Server 2003 (KB2607712) (HKLM\...\KB2607712) (Version: 1 - Microsoft Corporation)
    Update for Windows Server 2003 (KB2616676) (HKLM\...\KB2616676) (Version: 1 - Microsoft Corporation)
    Update for Windows Server 2003 (KB2641690-v2) (HKLM\...\KB2641690-v2) (Version: 2 - Microsoft Corporation)
    Update for Windows Server 2003 (KB2661254) (HKLM\...\KB2661254) (Version: 1 - Microsoft Corporation)
    Update for Windows Server 2003 (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
    Update for Windows Server 2003 (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
    Update for Windows Server 2003 (KB2748349) (HKLM\...\KB2748349) (Version: 1 - Microsoft Corporation)
    Update for Windows Server 2003 (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
    Update for Windows Server 2003 (KB2808679) (HKLM\...\KB2808679) (Version: 1 - Microsoft Corporation)
    Update for Windows Server 2003 (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
    Update for Windows Server 2003 (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
    Update for Windows Server 2003 (KB2927811) (HKLM\...\KB2927811) (Version: 1 - Microsoft Corporation)
    Update for Windows Server 2003 (KB943295) (HKLM\...\KB943295) (Version:  - )
    Update for Windows Server 2003 (KB943729) (HKLM\...\KB943729) (Version:  - Microsoft Corporation)
    Update for Windows Server 2003 (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
    Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
    Windows Internet Explorer 7 (Version: 20061027.150806 - Microsoft Corporation) Hidden
    Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
    Windows Management Framework Core (HKLM\...\KB968930) (Version:  - Microsoft Corporation)
    Windows Presentation Foundation (Version: 3.0.6920.0 - Microsoft Corporation) Hidden
    Windows Server 2003 Service Pack 2 (HKLM\...\Windows Server 2003 Service Pack) (Version: 20070217.021455 - Microsoft Corporation)
    Windows Small Business Server 2011 Standard ClientAgent (HKLM\...\{3032BC7D-E713-452D-AAF7-F5ED073226C8}) (Version: 6.1.7900.1 - Microsoft Corporation)
    Windows Small Business Server 2011 Standard WMI Provider (Version: 6.1.7900.1 - Microsoft Corporation) Hidden
    XML Paper Specification Shared Components Pack 1.0 (Version:  - Microsoft Corporation) Hidden
     
    ==================== Restore Points  =========================
     
    Could not list Restore Points. Check "winmgmt" service or repair WMI.
     
     
    ==================== Hosts content: ==========================
     
    2003-03-25 05:00 - 2003-03-25 05:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
    127.0.0.1       localhost
     
    ==================== Scheduled Tasks (whitelisted) =============
     
    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\Paragon SRVR-LMS Full Image Full.job => C:\PROGRA~1\PARAGO~1\HARDDI~2\program\scripts.exe
    Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 88e26820-3367-484b-820c-5f7c97575737.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 993ae6a9-7cf7-468e-9795-06d41e230abd.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{5A530E92-A2C6-4614-A4D3-432F6647BFBE}.job => C:\WINDOWS\system32\msfeedssync.exe
     
    ==================== Loaded Modules (whitelisted) =============
     
     
    ==================== Alternate Data Streams (whitelisted) =========
     
     
    ==================== Safe Mode (whitelisted) ===================
     
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wd.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
     
    ==================== EXE Association (whitelisted) =============
     
     
    ==================== Disabled items from MSCONFIG ==============
     
     
    ==================== Faulty Device Manager Devices =============
     
     
    ==================== Event log errors: =========================
     
    Application errors:
    ==================
    Error: (05/08/2014 01:32:05 AM) (Source: Userenv) (User: NT AUTHORITY) (EventID: 1030)
    Description: Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this.
     
    Error: (05/08/2014 01:32:05 AM) (Source: Userenv) (User: NT AUTHORITY) (EventID: 1058)
    Description: Windows cannot access the file gpt.ini for GPO CN={FE571A1E-6849-4B30-B182-1F4A1E46115B},CN=POLICIES,CN=SYSTEM,DC=CALOFFICE,DC=LOCAL. The file must be present at the location <\\caloffice.local\SysVol\caloffice.local\Policies\{FE571A1E-6849-4B30-B182-1F4A1E46115B}\gpt.ini>. (The specified network name is no longer available. ). Group Policy processing aborted.
     
    Error: (05/07/2014 11:30:06 PM) (Source: Userenv) (User: NT AUTHORITY) (EventID: 1030)
    Description: Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this.
     
    Error: (05/07/2014 11:30:06 PM) (Source: Userenv) (User: NT AUTHORITY) (EventID: 1058)
    Description: Windows cannot access the file gpt.ini for GPO CN={FE571A1E-6849-4B30-B182-1F4A1E46115B},CN=POLICIES,CN=SYSTEM,DC=CALOFFICE,DC=LOCAL. The file must be present at the location <\\caloffice.local\SysVol\caloffice.local\Policies\{FE571A1E-6849-4B30-B182-1F4A1E46115B}\gpt.ini>. (The specified network name is no longer available. ). Group Policy processing aborted.
     
    Error: (05/07/2014 08:10:33 PM) (Source: Application Error) (User: ) (EventID: 1000)
    Description: Faulting application mbam.exe, version 1.0.0.500, faulting module msvcr100.dll, version 10.0.40219.325, fault address 0x0008d6fd.
    Processing media-specific event for [mbam.exe!ws!]
     
    Error: (05/07/2014 06:21:17 PM) (Source: Application Error) (User: ) (EventID: 1000)
    Description: Faulting application mbam.exe, version 1.0.0.500, faulting module msvcr100.dll, version 10.0.40219.325, fault address 0x0008d6fd.
    Processing media-specific event for [mbam.exe!ws!]
     
    Error: (05/07/2014 05:01:11 PM) (Source: Application Error) (User: ) (EventID: 1000)
    Description: Faulting application mbam.exe, version 1.0.0.500, faulting module msvcr100.dll, version 10.0.40219.325, fault address 0x0008d6fd.
    Processing media-specific event for [mbam.exe!ws!]
     
    Error: (05/07/2014 03:21:25 PM) (Source: Application Error) (User: ) (EventID: 1000)
    Description: Faulting application mbam.exe, version 1.0.0.500, faulting module msvcr100.dll, version 10.0.40219.325, fault address 0x0008d6fd.
    Processing media-specific event for [mbam.exe!ws!]
     
    Error: (05/07/2014 11:59:17 AM) (Source: Application Error) (User: ) (EventID: 1000)
    Description: Faulting application mbam.exe, version 1.0.0.500, faulting module msvcr100.dll, version 10.0.40219.325, fault address 0x0008d6fd.
    Processing media-specific event for [mbam.exe!ws!]
     
    Error: (05/07/2014 08:48:04 AM) (Source: Application Error) (User: ) (EventID: 1000)
    Description: Faulting application mbam.exe, version 1.0.0.500, faulting module msvcr100.dll, version 10.0.40219.325, fault address 0x0008d6fd.
    Processing media-specific event for [mbam.exe!ws!]
     
     
    System errors:
    =============
    Error: (05/08/2014 05:04:54 PM) (Source: W32Time) (User: ) (EventID: 29)
    Description: The time provider NtpClient is configured to acquire time from one or more
    time sources, however none of the sources are currently accessible. 
    No attempt to contact a source will be made for 15 minutes.
    NtpClient has no source of accurate time.
     
    Error: (05/08/2014 03:58:59 PM) (Source: W32Time) (User: ) (EventID: 29)
    Description: The time provider NtpClient is configured to acquire time from one or more
    time sources, however none of the sources are currently accessible. 
    No attempt to contact a source will be made for 15 minutes.
    NtpClient has no source of accurate time.
     
    Error: (05/08/2014 02:53:10 PM) (Source: W32Time) (User: ) (EventID: 29)
    Description: The time provider NtpClient is configured to acquire time from one or more
    time sources, however none of the sources are currently accessible. 
    No attempt to contact a source will be made for 15 minutes.
    NtpClient has no source of accurate time.
     
    Error: (05/08/2014 01:47:27 PM) (Source: W32Time) (User: ) (EventID: 29)
    Description: The time provider NtpClient is configured to acquire time from one or more
    time sources, however none of the sources are currently accessible. 
    No attempt to contact a source will be made for 15 minutes.
    NtpClient has no source of accurate time.
     
    Error: (05/08/2014 00:41:36 PM) (Source: W32Time) (User: ) (EventID: 29)
    Description: The time provider NtpClient is configured to acquire time from one or more
    time sources, however none of the sources are currently accessible. 
    No attempt to contact a source will be made for 15 minutes.
    NtpClient has no source of accurate time.
     
    Error: (05/08/2014 11:35:55 AM) (Source: W32Time) (User: ) (EventID: 29)
    Description: The time provider NtpClient is configured to acquire time from one or more
    time sources, however none of the sources are currently accessible. 
    No attempt to contact a source will be made for 15 minutes.
    NtpClient has no source of accurate time.
     
    Error: (05/08/2014 10:30:06 AM) (Source: W32Time) (User: ) (EventID: 29)
    Description: The time provider NtpClient is configured to acquire time from one or more
    time sources, however none of the sources are currently accessible. 
    No attempt to contact a source will be made for 15 minutes.
    NtpClient has no source of accurate time.
     
    Error: (05/08/2014 09:24:17 AM) (Source: W32Time) (User: ) (EventID: 29)
    Description: The time provider NtpClient is configured to acquire time from one or more
    time sources, however none of the sources are currently accessible. 
    No attempt to contact a source will be made for 15 minutes.
    NtpClient has no source of accurate time.
     
    Error: (05/08/2014 08:18:26 AM) (Source: W32Time) (User: ) (EventID: 29)
    Description: The time provider NtpClient is configured to acquire time from one or more
    time sources, however none of the sources are currently accessible. 
    No attempt to contact a source will be made for 15 minutes.
    NtpClient has no source of accurate time.
     
    Error: (05/08/2014 07:12:44 AM) (Source: W32Time) (User: ) (EventID: 29)
    Description: The time provider NtpClient is configured to acquire time from one or more
    time sources, however none of the sources are currently accessible. 
    No attempt to contact a source will be made for 15 minutes.
    NtpClient has no source of accurate time.
     
     
    Microsoft Office Sessions:
    =========================
    Error: (05/08/2014 01:32:05 AM) (Source: Userenv) (User: NT AUTHORITY) (EventID: 1030)
    Description: 
     
    Error: (05/08/2014 01:32:05 AM) (Source: Userenv) (User: NT AUTHORITY) (EventID: 1058)
    Description: CN={FE571A1E-6849-4B30-B182-1F4A1E46115B},CN=POLICIES,CN=SYSTEM,DC=CALOFFICE,DC=LOCAL\\caloffice.local\SysVol\caloffice.local\Policies\{FE571A1E-6849-4B30-B182-1F4A1E46115B}\gpt.iniThe specified network name is no longer available.
     
    Error: (05/07/2014 11:30:06 PM) (Source: Userenv) (User: NT AUTHORITY) (EventID: 1030)
    Description: 
     
    Error: (05/07/2014 11:30:06 PM) (Source: Userenv) (User: NT AUTHORITY) (EventID: 1058)
    Description: CN={FE571A1E-6849-4B30-B182-1F4A1E46115B},CN=POLICIES,CN=SYSTEM,DC=CALOFFICE,DC=LOCAL\\caloffice.local\SysVol\caloffice.local\Policies\{FE571A1E-6849-4B30-B182-1F4A1E46115B}\gpt.iniThe specified network name is no longer available.
     
    Error: (05/07/2014 08:10:33 PM) (Source: Application Error) (User: ) (EventID: 1000)
    Description: mbam.exe1.0.0.500msvcr100.dll10.0.40219.3250008d6fd
     
    Error: (05/07/2014 06:21:17 PM) (Source: Application Error) (User: ) (EventID: 1000)
    Description: mbam.exe1.0.0.500msvcr100.dll10.0.40219.3250008d6fd
     
    Error: (05/07/2014 05:01:11 PM) (Source: Application Error) (User: ) (EventID: 1000)
    Description: mbam.exe1.0.0.500msvcr100.dll10.0.40219.3250008d6fd
     
    Error: (05/07/2014 03:21:25 PM) (Source: Application Error) (User: ) (EventID: 1000)
    Description: mbam.exe1.0.0.500msvcr100.dll10.0.40219.3250008d6fd
     
    Error: (05/07/2014 11:59:17 AM) (Source: Application Error) (User: ) (EventID: 1000)
    Description: mbam.exe1.0.0.500msvcr100.dll10.0.40219.3250008d6fd
     
    Error: (05/07/2014 08:48:04 AM) (Source: Application Error) (User: ) (EventID: 1000)
    Description: mbam.exe1.0.0.500msvcr100.dll10.0.40219.3250008d6fd
     
     
    ==================== Memory info =========================== 
     
    Percentage of memory in use: 42%
    Total physical RAM: 2047.45 MB
    Available physical RAM: 1179.39 MB
    Total Pagefile: 3944.13 MB
    Available Pagefile: 3215.51 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1960.39 MB
     
    ==================== Drives ================================
     
    Drive c: () (Fixed) (Total:34.46 GB) (Free:15.32 GB) NTFS
    Drive e: (VMGUEST) (CDROM) (Total:0.03 GB) (Free:0 GB) CDFS
    Drive f: (DATA) (Fixed) (Total:232.81 GB) (Free:209.11 GB) NTFS
    Drive p: () (Network) (Total:474.9 GB) (Free:194.57 GB) NTFS
    Drive t: () (Network) (Total:474.9 GB) (Free:194.57 GB) NTFS
    Drive x: (BOOT) (Network) (Total:48.83 GB) (Free:8.81 GB) NTFS
    Drive y: (DATA01) (Network) (Total:1861.71 GB) (Free:1859.06 GB) NTFS
     
    ==================== MBR & Partition Table ==================
     
    ========================================================
    Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 34 GB) (Disk ID: B4525A29)
    Partition 1: (Active) - (Size=34 GB) - (Type=07 NTFS)
     
    ========================================================
    Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: EADE756F)
    Partition 1: (Not Active) - (Size=233 GB) - (Type=07 NTFS)
     
    ==================== End Of Log ============================
    Additional scan result of Farbar Recovery Scan Tool (x86) Version:08-05-2014
    Ran by caloffice at 2014-05-08 18:00:05
    Running from C:\Documents and Settings\caloffice.CALOFFICE\My Documents\Downloads
    Boot Mode: Normal
    ==========================================================
     
     
    ==================== Security Center ========================
     
     
    ==================== Installed Programs ======================
     
    Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) (Version: 8.1.2 - Adobe Systems, Inc) Hidden
    Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.2.202.233 - Adobe Systems Incorporated)
    Adobe Reader 8.1.2 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A81200000003}) (Version: 8.1.2 - Adobe Systems Incorporated)
    Adobe Reader 8.1.2 Security Update 1 (KB403742) (HKLM\...\{AC76BA86-7AD7-1033-7B44-A81200000003}_Adobe Reader 8.1.2) (Version:  - )
    Boot Media Builder for Paragon Hard Disk Manager™ 14 Premium Edition (HKLM\...\{3E9F3D5C-8B49-5854-ACF6-75EE3C96A6CC}) (Version: 1.00.0000 - Paragon Software)
    CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
    CleanUp! (HKLM\...\CleanUp!) (Version:  - )
    Defraggler (HKLM\...\Defraggler) (Version: 2.18 - Piriform)
    DocForm 5.0 Professional (HKLM\...\{869ED054-0A06-47A2-995E-DA20A571BDCF}) (Version: 5.0.1 - Prism Software Corporation)
    DocForm Professional 4.2 (HKLM\...\{C560143C-E9D4-4E88-96E2-7D242B4479C9}) (Version: 4.2.0 - Prism Software Corporation)
    FileZilla Client 3.2.4.1 (HKLM\...\FileZilla Client) (Version: 3.2.4.1 - )
    Google Chrome (HKLM\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)
    Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
    Hyper-V Integration Services (version 6.2.9200.16384) (HKLM\...\{E675F32B-3508-4658-84EC-2069EE621899}) (Version: 3.9200.16384 - Microsoft Corporation)
    Intel® PRO Network Adapters and Drivers (HKLM\...\PROSet) (Version:  - )
    Kyocera Product Library (HKLM\...\Kyocera Product Library) (Version: 2.0.0713 - Kyocera Mita Corporation)
    Linksys PrintServer Driver (HKLM\...\Linksys PrintServer Driver) (Version:  - )
    LogMeIn (HKLM\...\{34F93E31-E1A0-421C-8E86-BCF7C4193A91}) (Version: 4.0.982 - LogMeIn, Inc.)
    LogMeIn (HKLM\...\{7F831576-6246-42C7-B523-55B3F96509CC}) (Version: 4.0.784 - LogMeIn, Inc.)
    Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
    Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
    Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 (Version:  - Microsoft Corporation) Hidden
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 (Version:  - Microsoft Corporation) Hidden
    Microsoft SQL Server Native Client (HKLM\...\{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}) (Version: 9.00.3042.00 - Microsoft Corporation)
    Microsoft User-Mode Driver Framework Feature Pack 1.9 (HKLM\...\Wudf01009) (Version:  - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft XML Parser (Version: 8.70.1104.04 - Microsoft Corporation) Hidden
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
    MSXML 6 Service Pack 2 (KB2758696) (HKLM\...\{E46A76D1-9FB9-4770-BA24-3975EF4D120A}) (Version: 6.20.2016.0 - Microsoft Corporation)
    Paragon Hard Disk Manager™ 14 Premium Edition (HKLM\...\{619A89DE-5F01-11E2-85E8-000C2982512D}) (Version: 90.00.0003 - Paragon Software)
    PowerChute Network Shutdown (HKLM\...\PowerChute Network Shutdown) (Version:  - American Power Conversion)
    PrintKey2000 (HKLM\...\PrintKey2000) (Version:  - )
    Promise Array Management (HKLM\...\Promise Array Management) (Version:  - )
    Recovery Media Builder™ (HKLM\...\{EC1AB719-E98B-532C-95D4-381FB69F5CD2}) (Version: 1.00.0000 - Paragon Software)
    Shadow Copy Client (HKLM\...\{23E5032B-56CA-4C19-A72E-B50161DB82CA}) (Version: 5.2.01 - Microsoft)
    SonicWALL Continuous Data Protection (HKLM\...\{E61925A2-F785-413E-B245-B8EB12AE24E0}) (Version: 5.0.3 - SonicWALL)
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1144 - SUPERAntiSpyware.com)
    Transoft U/BL for Windows 2000 & xp (HKLM\...\UBL) (Version:  - )
    TreeSize Free V2.1 (HKLM\...\TreeSize Free_is1) (Version:  - JAM Software)
    Trend Micro Worry-Free Business Security Agent (HKLM\...\Wofie) (Version: 18.0.2013 - Trend Micro Inc.)
    Trend Micro Worry-Free Business Security Agent (Version: 8.0 - Trend Micro Inc.) Hidden
    U/Gi 32 bit Edition (HKLM\...\UGi32) (Version:  - )
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2473228) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2468871) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2533523) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2600217) (Version: 1 - Microsoft Corporation)
    Update for Windows Internet Explorer 8 (KB2632503) (HKLM\...\KB2632503-IE8) (Version: 1 - Microsoft Corporation)
    Update for Windows Internet Explorer 8 (KB971180) (HKLM\...\KB971180-IE8) (Version: 1 - Microsoft Corporation)
    Update for Windows Internet Explorer 8 (KB971930) (HKLM\...\KB971930-IE8) (Version: 1 - Microsoft Corporation)
    Update for Windows Internet Explorer 8 (KB973874) (HKLM\...\KB973874-IE8) (Version: 1 - Microsoft Corporation)
    Update for Windows Internet Explorer 8 (KB975364) (HKLM\...\KB975364-IE8) (Version: 1 - Microsoft Corporation)
    Update for Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8) (Version: 1 - Microsoft Corporation)
    Update for Windows Internet Explorer 8 (KB976749) (HKLM\...\KB976749-IE8) (Version: 1 - Microsoft Corporation)
    Update for Windows Internet Explorer 8 (KB978506) (HKLM\...\KB978506-IE8) (Version: 1 - Microsoft Corporation)
    Update for Windows Internet Explorer 8 (KB980182) (HKLM\...\KB980182-IE8) (Version: 1 - Microsoft Corporation)
    Update for Windows Internet Explorer 8 (KB980302) (HKLM\...\KB980302-IE8) (Version: 1 - Microsoft Corporation)
    Update for Windows Internet Explorer 8 (KB982632) (HKLM\...\KB982632-IE8) (Version: 1 - Microsoft Corporation)
    Update for Windows Server 2003 (KB2388210) (HKLM\...\KB2388210) (Version:  - )
    Update for Windows Server 2003 (KB2492386) (HKLM\...\KB2492386) (Version: 1 - Microsoft Corporation)
    Update for Windows Server 2003 (KB2607712) (HKLM\...\KB2607712) (Version: 1 - Microsoft Corporation)
    Update for Windows Server 2003 (KB2616676) (HKLM\...\KB2616676) (Version: 1 - Microsoft Corporation)
    Update for Windows Server 2003 (KB2641690-v2) (HKLM\...\KB2641690-v2) (Version: 2 - Microsoft Corporation)
    Update for Windows Server 2003 (KB2661254) (HKLM\...\KB2661254) (Version: 1 - Microsoft Corporation)
    Update for Windows Server 2003 (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
    Update for Windows Server 2003 (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
    Update for Windows Server 2003 (KB2748349) (HKLM\...\KB2748349) (Version: 1 - Microsoft Corporation)
    Update for Windows Server 2003 (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
    Update for Windows Server 2003 (KB2808679) (HKLM\...\KB2808679) (Version: 1 - Microsoft Corporation)
    Update for Windows Server 2003 (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
    Update for Windows Server 2003 (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
    Update for Windows Server 2003 (KB2927811) (HKLM\...\KB2927811) (Version: 1 - Microsoft Corporation)
    Update for Windows Server 2003 (KB943295) (HKLM\...\KB943295) (Version:  - )
    Update for Windows Server 2003 (KB943729) (HKLM\...\KB943729) (Version:  - Microsoft Corporation)
    Update for Windows Server 2003 (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
    Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
    Windows Internet Explorer 7 (Version: 20061027.150806 - Microsoft Corporation) Hidden
    Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
    Windows Management Framework Core (HKLM\...\KB968930) (Version:  - Microsoft Corporation)
    Windows Presentation Foundation (Version: 3.0.6920.0 - Microsoft Corporation) Hidden
    Windows Server 2003 Service Pack 2 (HKLM\...\Windows Server 2003 Service Pack) (Version: 20070217.021455 - Microsoft Corporation)
    Windows Small Business Server 2011 Standard ClientAgent (HKLM\...\{3032BC7D-E713-452D-AAF7-F5ED073226C8}) (Version: 6.1.7900.1 - Microsoft Corporation)
    Windows Small Business Server 2011 Standard WMI Provider (Version: 6.1.7900.1 - Microsoft Corporation) Hidden
    XML Paper Specification Shared Components Pack 1.0 (Version:  - Microsoft Corporation) Hidden
     
    ==================== Restore Points  =========================
     
    Could not list Restore Points. Check "winmgmt" service or repair WMI.
     
     
    ==================== Hosts content: ==========================
     
    2003-03-25 05:00 - 2003-03-25 05:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
    127.0.0.1       localhost
     
    ==================== Scheduled Tasks (whitelisted) =============
     
    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\Paragon SRVR-LMS Full Image Full.job => C:\PROGRA~1\PARAGO~1\HARDDI~2\program\scripts.exe
    Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 88e26820-3367-484b-820c-5f7c97575737.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 993ae6a9-7cf7-468e-9795-06d41e230abd.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{5A530E92-A2C6-4614-A4D3-432F6647BFBE}.job => C:\WINDOWS\system32\msfeedssync.exe
     
    ==================== Loaded Modules (whitelisted) =============
     
     
    ==================== Alternate Data Streams (whitelisted) =========
     
     
    ==================== Safe Mode (whitelisted) ===================
     
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wd.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
     
    ==================== EXE Association (whitelisted) =============
     
     
    ==================== Disabled items from MSCONFIG ==============
     
     
    ==================== Faulty Device Manager Devices =============
     
     
    ==================== Event log errors: =========================
     
    Application errors:
    ==================
    Error: (05/08/2014 01:32:05 AM) (Source: Userenv) (User: NT AUTHORITY) (EventID: 1030)
    Description: Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this.
     
    Error: (05/08/2014 01:32:05 AM) (Source: Userenv) (User: NT AUTHORITY) (EventID: 1058)
    Description: Windows cannot access the file gpt.ini for GPO CN={FE571A1E-6849-4B30-B182-1F4A1E46115B},CN=POLICIES,CN=SYSTEM,DC=CALOFFICE,DC=LOCAL. The file must be present at the location <\\caloffice.local\SysVol\caloffice.local\Policies\{FE571A1E-6849-4B30-B182-1F4A1E46115B}\gpt.ini>. (The specified network name is no longer available. ). Group Policy processing aborted.
     
    Error: (05/07/2014 11:30:06 PM) (Source: Userenv) (User: NT AUTHORITY) (EventID: 1030)
    Description: Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this.
     
    Error: (05/07/2014 11:30:06 PM) (Source: Userenv) (User: NT AUTHORITY) (EventID: 1058)
    Description: Windows cannot access the file gpt.ini for GPO CN={FE571A1E-6849-4B30-B182-1F4A1E46115B},CN=POLICIES,CN=SYSTEM,DC=CALOFFICE,DC=LOCAL. The file must be present at the location <\\caloffice.local\SysVol\caloffice.local\Policies\{FE571A1E-6849-4B30-B182-1F4A1E46115B}\gpt.ini>. (The specified network name is no longer available. ). Group Policy processing aborted.
     
    Error: (05/07/2014 08:10:33 PM) (Source: Application Error) (User: ) (EventID: 1000)
    Description: Faulting application mbam.exe, version 1.0.0.500, faulting module msvcr100.dll, version 10.0.40219.325, fault address 0x0008d6fd.
    Processing media-specific event for [mbam.exe!ws!]
     
    Error: (05/07/2014 06:21:17 PM) (Source: Application Error) (User: ) (EventID: 1000)
    Description: Faulting application mbam.exe, version 1.0.0.500, faulting module msvcr100.dll, version 10.0.40219.325, fault address 0x0008d6fd.
    Processing media-specific event for [mbam.exe!ws!]
     
    Error: (05/07/2014 05:01:11 PM) (Source: Application Error) (User: ) (EventID: 1000)
    Description: Faulting application mbam.exe, version 1.0.0.500, faulting module msvcr100.dll, version 10.0.40219.325, fault address 0x0008d6fd.
    Processing media-specific event for [mbam.exe!ws!]
     
    Error: (05/07/2014 03:21:25 PM) (Source: Application Error) (User: ) (EventID: 1000)
    Description: Faulting application mbam.exe, version 1.0.0.500, faulting module msvcr100.dll, version 10.0.40219.325, fault address 0x0008d6fd.
    Processing media-specific event for [mbam.exe!ws!]
     
    Error: (05/07/2014 11:59:17 AM) (Source: Application Error) (User: ) (EventID: 1000)
    Description: Faulting application mbam.exe, version 1.0.0.500, faulting module msvcr100.dll, version 10.0.40219.325, fault address 0x0008d6fd.
    Processing media-specific event for [mbam.exe!ws!]
     
    Error: (05/07/2014 08:48:04 AM) (Source: Application Error) (User: ) (EventID: 1000)
    Description: Faulting application mbam.exe, version 1.0.0.500, faulting module msvcr100.dll, version 10.0.40219.325, fault address 0x0008d6fd.
    Processing media-specific event for [mbam.exe!ws!]
     
     
    System errors:
    =============
    Error: (05/08/2014 05:04:54 PM) (Source: W32Time) (User: ) (EventID: 29)
    Description: The time provider NtpClient is configured to acquire time from one or more
    time sources, however none of the sources are currently accessible. 
    No attempt to contact a source will be made for 15 minutes.
    NtpClient has no source of accurate time.
     
    Error: (05/08/2014 03:58:59 PM) (Source: W32Time) (User: ) (EventID: 29)
    Description: The time provider NtpClient is configured to acquire time from one or more
    time sources, however none of the sources are currently accessible. 
    No attempt to contact a source will be made for 15 minutes.
    NtpClient has no source of accurate time.
     
    Error: (05/08/2014 02:53:10 PM) (Source: W32Time) (User: ) (EventID: 29)
    Description: The time provider NtpClient is configured to acquire time from one or more
    time sources, however none of the sources are currently accessible. 
    No attempt to contact a source will be made for 15 minutes.
    NtpClient has no source of accurate time.
     
    Error: (05/08/2014 01:47:27 PM) (Source: W32Time) (User: ) (EventID: 29)
    Description: The time provider NtpClient is configured to acquire time from one or more
    time sources, however none of the sources are currently accessible. 
    No attempt to contact a source will be made for 15 minutes.
    NtpClient has no source of accurate time.
     
    Error: (05/08/2014 00:41:36 PM) (Source: W32Time) (User: ) (EventID: 29)
    Description: The time provider NtpClient is configured to acquire time from one or more
    time sources, however none of the sources are currently accessible. 
    No attempt to contact a source will be made for 15 minutes.
    NtpClient has no source of accurate time.
     
    Error: (05/08/2014 11:35:55 AM) (Source: W32Time) (User: ) (EventID: 29)
    Description: The time provider NtpClient is configured to acquire time from one or more
    time sources, however none of the sources are currently accessible. 
    No attempt to contact a source will be made for 15 minutes.
    NtpClient has no source of accurate time.
     
    Error: (05/08/2014 10:30:06 AM) (Source: W32Time) (User: ) (EventID: 29)
    Description: The time provider NtpClient is configured to acquire time from one or more
    time sources, however none of the sources are currently accessible. 
    No attempt to contact a source will be made for 15 minutes.
    NtpClient has no source of accurate time.
     
    Error: (05/08/2014 09:24:17 AM) (Source: W32Time) (User: ) (EventID: 29)
    Description: The time provider NtpClient is configured to acquire time from one or more
    time sources, however none of the sources are currently accessible. 
    No attempt to contact a source will be made for 15 minutes.
    NtpClient has no source of accurate time.
     
    Error: (05/08/2014 08:18:26 AM) (Source: W32Time) (User: ) (EventID: 29)
    Description: The time provider NtpClient is configured to acquire time from one or more
    time sources, however none of the sources are currently accessible. 
    No attempt to contact a source will be made for 15 minutes.
    NtpClient has no source of accurate time.
     
    Error: (05/08/2014 07:12:44 AM) (Source: W32Time) (User: ) (EventID: 29)
    Description: The time provider NtpClient is configured to acquire time from one or more
    time sources, however none of the sources are currently accessible. 
    No attempt to contact a source will be made for 15 minutes.
    NtpClient has no source of accurate time.
     
     
    Microsoft Office Sessions:
    =========================
    Error: (05/08/2014 01:32:05 AM) (Source: Userenv) (User: NT AUTHORITY) (EventID: 1030)
    Description: 
     
    Error: (05/08/2014 01:32:05 AM) (Source: Userenv) (User: NT AUTHORITY) (EventID: 1058)
    Description: CN={FE571A1E-6849-4B30-B182-1F4A1E46115B},CN=POLICIES,CN=SYSTEM,DC=CALOFFICE,DC=LOCAL\\caloffice.local\SysVol\caloffice.local\Policies\{FE571A1E-6849-4B30-B182-1F4A1E46115B}\gpt.iniThe specified network name is no longer available.
     
    Error: (05/07/2014 11:30:06 PM) (Source: Userenv) (User: NT AUTHORITY) (EventID: 1030)
    Description: 
     
    Error: (05/07/2014 11:30:06 PM) (Source: Userenv) (User: NT AUTHORITY) (EventID: 1058)
    Description: CN={FE571A1E-6849-4B30-B182-1F4A1E46115B},CN=POLICIES,CN=SYSTEM,DC=CALOFFICE,DC=LOCAL\\caloffice.local\SysVol\caloffice.local\Policies\{FE571A1E-6849-4B30-B182-1F4A1E46115B}\gpt.iniThe specified network name is no longer available.
     
    Error: (05/07/2014 08:10:33 PM) (Source: Application Error) (User: ) (EventID: 1000)
    Description: mbam.exe1.0.0.500msvcr100.dll10.0.40219.3250008d6fd
     
    Error: (05/07/2014 06:21:17 PM) (Source: Application Error) (User: ) (EventID: 1000)
    Description: mbam.exe1.0.0.500msvcr100.dll10.0.40219.3250008d6fd
     
    Error: (05/07/2014 05:01:11 PM) (Source: Application Error) (User: ) (EventID: 1000)
    Description: mbam.exe1.0.0.500msvcr100.dll10.0.40219.3250008d6fd
     
    Error: (05/07/2014 03:21:25 PM) (Source: Application Error) (User: ) (EventID: 1000)
    Description: mbam.exe1.0.0.500msvcr100.dll10.0.40219.3250008d6fd
     
    Error: (05/07/2014 11:59:17 AM) (Source: Application Error) (User: ) (EventID: 1000)
    Description: mbam.exe1.0.0.500msvcr100.dll10.0.40219.3250008d6fd
     
    Error: (05/07/2014 08:48:04 AM) (Source: Application Error) (User: ) (EventID: 1000)
    Description: mbam.exe1.0.0.500msvcr100.dll10.0.40219.3250008d6fd
     
     
    ==================== Memory info =========================== 
     
    Percentage of memory in use: 42%
    Total physical RAM: 2047.45 MB
    Available physical RAM: 1179.39 MB
    Total Pagefile: 3944.13 MB
    Available Pagefile: 3215.51 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1960.39 MB
     
    ==================== Drives ================================
     
    Drive c: () (Fixed) (Total:34.46 GB) (Free:15.32 GB) NTFS
    Drive e: (VMGUEST) (CDROM) (Total:0.03 GB) (Free:0 GB) CDFS
    Drive f: (DATA) (Fixed) (Total:232.81 GB) (Free:209.11 GB) NTFS
    Drive p: () (Network) (Total:474.9 GB) (Free:194.57 GB) NTFS
    Drive t: () (Network) (Total:474.9 GB) (Free:194.57 GB) NTFS
    Drive x: (BOOT) (Network) (Total:48.83 GB) (Free:8.81 GB) NTFS
    Drive y: (DATA01) (Network) (Total:1861.71 GB) (Free:1859.06 GB) NTFS
     
    ==================== MBR & Partition Table ==================
     
    ========================================================
    Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 34 GB) (Disk ID: B4525A29)
    Partition 1: (Active) - (Size=34 GB) - (Type=07 NTFS)
     
    ========================================================
    Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: EADE756F)
    Partition 1: (Not Active) - (Size=233 GB) - (Type=07 NTFS)
     
    ==================== End Of Log ============================

    • 0

    #4
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,658 posts
    • MVP

    You posted the additions log twice.  Can you post the FRST log?


    • 0

    #5
    bhzendner

    bhzendner

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 223 posts
    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:08-05-2014
    Ran by caloffice (administrator) on SRVR-LMS on 08-05-2014 17:57:23
    Running from C:\Documents and Settings\caloffice.CALOFFICE\My Documents\Downloads
    Microsoft® Windows® Server 2003, Standard Edition Service Pack 2 (X86) OS Language: English(US)
    Internet Explorer Version 8
    Boot Mode: Normal
     
    The only official download link for FRST:
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
     
    ==================== Processes (Whitelisted) =================
     
     
     
    ==================== Registry (Whitelisted) ==================
     
    HKLM\...\Run: [PtiuPbmd] => C:\WINDOWS\system32\ptipbm.dll [24576 2006-11-08] (Promise Technology,Inc.)
    HKLM\...\Run: [Ptipbmf] => C:\WINDOWS\system32\ptipbmf.dll [118784 2003-06-20] (Promise Technology, Inc.)
    HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [39792 2008-01-11] (Adobe Systems Incorporated)
    HKLM\...\Run: [LogMeIn GUI] => C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [63048 2008-08-11] (LogMeIn, Inc.)
    HKLM\...\Run: [OfficeScanNT Monitor] => C:\Program Files\Trend Micro\Security Agent\pccntmon.exe [1373040 2013-08-29] (Trend Micro Inc.)
    HKLM\...\Run: [UserFaultCheck] => %systemroot%\system32\dumprep 0 -u
    HKLM Group Policy restriction on software: %AppData%**.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %AppData%*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
    HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
    HKLM\...\Winlogon: [UIHost] %SystemRoot%\system32\logonui.exe [x ] ()
    Winlogon\Notify\LMIinit: C:\WINDOWS\system32\LMIinit.dll (LogMeIn, Inc.)
    HKLM\...\Policies\Explorer: [ShowSuperHidden] 1
    HKLM\...\Command Processor:  <======= ATTENTION
    HKU\.DEFAULT\...\RunOnce: [tscuninstall] - C:\WINDOWS\system32\tscupgrd.exe [44032 2003-03-25] (Microsoft Corporation)
    HKU\.DEFAULT\...\RunOnce: [TSClientMSIUninstaller] - cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"
    HKU\S-1-5-19\...\RunOnce: [tscuninstall] - C:\WINDOWS\system32\tscupgrd.exe [44032 2003-03-25] (Microsoft Corporation)
    HKU\S-1-5-20\...\RunOnce: [tscuninstall] - C:\WINDOWS\system32\tscupgrd.exe [44032 2003-03-25] (Microsoft Corporation)
    HKU\S-1-5-21-2219929767-1382271633-992909681-1143\...\Policies\system: [Wallpaper] \\srvr-sbs\clientapps\building2.jpg
    HKU\S-1-5-21-2219929767-1382271633-992909681-1143\...\Policies\system: [WallpaperStyle] 0
    HKU\S-1-5-21-2219929767-1382271633-992909681-1243\...\Policies\system: [Wallpaper] \\srvr-sbs\clientapps\building2.jpg
    HKU\S-1-5-21-2219929767-1382271633-992909681-1243\...\Policies\system: [WallpaperStyle] 0
    HKU\S-1-5-21-2219929767-1382271633-992909681-1349\...\Policies\system: [Wallpaper] \\srvr-sbs\clientapps\building2.jpg
    HKU\S-1-5-21-2219929767-1382271633-992909681-1349\...\Policies\system: [WallpaperStyle] 0
    HKU\S-1-5-21-2219929767-1382271633-992909681-1349\...\Policies\Explorer: [DisablePersonalDirChange] 1
    HKU\S-1-5-21-2219929767-1382271633-992909681-1363\...\Policies\system: [Wallpaper] \\srvr-sbs\clientapps\building2.jpg
    HKU\S-1-5-21-2219929767-1382271633-992909681-1363\...\Policies\system: [WallpaperStyle] 0
    HKU\S-1-5-21-2219929767-1382271633-992909681-1363\...\Policies\Explorer: [DisablePersonalDirChange] 1
    HKU\S-1-5-21-2219929767-1382271633-992909681-500\...\Policies\system: [Wallpaper] \\srvr-sbs\clientapps\building2.jpg
    HKU\S-1-5-21-2219929767-1382271633-992909681-500\...\Policies\system: [WallpaperStyle] 0
    HKU\S-1-5-21-2219929767-1382271633-992909681-500\...\Policies\Explorer: [DisablePersonalDirChange] 1
    HKU\S-1-5-21-300805047-2660154848-1721935562-500\...\Run: [GoToMeeting] => C:\Program Files\Citrix\GoToMeeting\198\g2mstart.exe "/Trigger RunAtLogon"
    Lsa: [Notification Packages] RASSFM KDCSVC WDIGEST scecli
    Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Printkey2000.lnk
    ShortcutTarget: Printkey2000.lnk -> C:\Program Files\PrintKey2000\Printkey2000.exe (Fred's Software)
     
    ==================== Internet (Whitelisted) ====================
     
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://companyweb
    HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://companyweb
    BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\Security Agent\TmIEPlg.dll (Trend Micro Inc.)
    DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab
    DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} http://srvr-cos/conn...uter/nshelp.dll
    DPF: {8BBDC81D-81B3-49EE-87E8-47B7A707FAE8} https://www1.gotomee...ets/g2mdlax.cab
    DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
    DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100
    Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\Security Agent\TmIEPlg.dll (Trend Micro Inc.)
    ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com)
    Winsock: Catalog5 03 %SystemRoot%\System32\mswsock.dll [256000] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
    Tcpip\..\Interfaces\{1B4DE293-EA07-4106-97D6-75AED790C150}: [NameServer]192.168.192.10
    Tcpip\..\Interfaces\{3C489710-A503-476B-AB68-153F2A7F1798}: [NameServer]192.168.192.11
    Tcpip\..\Interfaces\{BC23F679-DD05-4603-9309-D9599BCFBCF7}: [NameServer]192.168.192.11,8.8.8.8
    Tcpip\..\Interfaces\{C0EDACF3-3558-4517-9D09-C2E19546560E}: [NameServer]192.168.192.10
     
    FireFox:
    ========
    FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
    FF HKLM\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\Security Agent\FirefoxExtension
    FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\Security Agent\FirefoxExtension [2013-03-25]
     
    ========================== Services (Whitelisted) =================
     
    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-09-10] (SUPERAntiSpyware.com)
    S3 Dfs; C:\WINDOWS\system32\Dfssvc.exe [164864 2007-02-17] (Microsoft Corporation)
    S3 DocForm5Svc; C:\Program Files\Prism Software\DocForm 5\DocForm5Svc.exe [28672 2007-03-28] (Prism Software)
    R2 DocFormSvc; c:\program files\prism software\docform\docformsvc.exe [36864 2006-08-08] (Prism Software)
    S4 IsmServ; C:\WINDOWS\System32\ismserv.exe [40448 2007-02-17] (Microsoft Corporation)
    S4 kdc; C:\WINDOWS\System32\lsass.exe [13312 2003-03-25] (Microsoft Corporation)
    S4 LicenseService; C:\WINDOWS\System32\llssrv.exe [94720 2007-02-17] (Microsoft Corporation)
    R2 LPDSVC; C:\WINDOWS\system32\tcpsvcs.exe [21504 2003-03-25] (Microsoft Corporation)
    S3 NtFrs; C:\WINDOWS\system32\ntfrs.exe [792064 2007-02-17] (Microsoft Corporation)
    R2 ntrtscan; C:\Program Files\Trend Micro\Security Agent\ntrtscan.exe [2279440 2013-11-21] (Trend Micro Inc.)
    R2 PCNS1; C:\Program Files\APC\PowerChute\group1\pcns.exe [29952 2008-05-15] (American Power Conversion Corporation)
    S3 RSoPProv; C:\WINDOWS\system32\RSoPProv.exe [67072 2007-02-17] (Microsoft Corporation)
    S3 sacsvr; C:\WINDOWS\system32\sacsvr.dll [12288 2003-03-25] (Microsoft Corporation)
    R2 SonicWALLCDPAgent; C:\Program Files\SonicWALL\SonicWALL Continuous Data Protection\CDPAgentService.exe [35328 2009-05-21] (SonicWALL, Inc.)
    R2 tmlisten; C:\Program Files\Trend Micro\Security Agent\tmlisten.exe [2293088 2013-08-29] (Trend Micro Inc.)
    R3 TmProxy; C:\Program Files\Trend Micro\Security Agent\TmProxy.exe [689712 2012-08-08] (Trend Micro Inc.)
    S4 TrkSvr; C:\WINDOWS\system32\trksvr.dll [50688 2003-03-25] (Microsoft Corporation)
    S4 Tssdis; C:\WINDOWS\System32\tssdis.exe [71168 2007-02-17] (Microsoft Corporation)
    R2 UBLService5; C:\UBL\bin\UBLServ.exe [16384 2003-08-17] ()
    S3 uploadmgr; C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll [39936 2007-02-17] (Microsoft Corporation)
    S2 ATKKeyboardService; C:\WINDOWS\ATKKBService.exe [X]
    R2 Eventlog;  [X]
     
    ==================== Drivers (Whitelisted) ====================
     
    R1 AmdPPM; C:\WINDOWS\System32\DRIVERS\AmdPPM.sys [33792 2007-04-16] (Advanced Micro Devices)
    S3 asusgsb; C:\WINDOWS\System32\drivers\asusgsb.sys [12416 2007-07-12] (ASUSTeK Computer Inc.)
    S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17408 2007-02-17] (Microsoft Corporation)
    S4 ClusDisk; C:\WINDOWS\System32\DRIVERS\ClusDisk.sys [69120 2007-02-16] (Microsoft Corporation)
    R0 DfsDriver; C:\WINDOWS\System32\drivers\Dfs.sys [34816 2007-02-16] (Microsoft Corporation)
    S3 E1000; C:\WINDOWS\System32\DRIVERS\e1000325.sys [121344 2003-03-11] (Intel Corporation)
    R1 EIO; C:\WINDOWS\system32\drivers\EIO.sys [12288 2007-07-12] (ASUSTeK Computer Inc.)
    R0 fasttx2k; C:\WINDOWS\System32\DRIVERS\fasttx2k.sys [127488 2003-08-06] (Promise Technology, Inc.)
    S3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10112 2003-03-24] (Microsoft Corporation)
    R0 gpt_loader; C:\WINDOWS\System32\DRIVERS\gpt_loader.sys [51792 2013-11-20] (Paragon Software Group)
    R0 hotcore3; C:\WINDOWS\System32\DRIVERS\hotcore3.sys [27464 2013-11-26] (Paragon Software Group)
    R1 LassoBackup; C:\WINDOWS\System32\DRIVERS\lassobackup.sys [38784 2006-03-22] (SonicWALL Inc.)
    R3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [50648 2014-05-07] (Malwarebytes Corporation)
    S3 ms_mpu401; C:\WINDOWS\System32\drivers\msmpu401.sys [5120 2003-03-24] (Microsoft Corporation)
    S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [11776 2007-02-17] (Microsoft Corporation)
    R3 netvsc; C:\WINDOWS\System32\DRIVERS\netvsc50.sys [39040 2012-07-25] (Microsoft Corporation)
    R2 NwlnkIpx; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [90624 2007-02-16] (Microsoft Corporation)
    R2 NwlnkNb; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [65024 2003-03-25] (Microsoft Corporation)
    R2 NwlnkSpx; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [58368 2007-02-16] (Microsoft Corporation)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R3 SynthVid; C:\WINDOWS\System32\DRIVERS\VMBusVideoM.sys [18048 2012-07-25] (Microsoft Corporation)
    R2 tmcomm; C:\WINDOWS\system32\drivers\tmcomm.sys [258976 2012-11-13] (Trend Micro Inc.)
    R2 TmFilter; C:\Program Files\Trend Micro\Security Agent\TmXPFlt.sys [263968 2013-08-14] (Trend Micro Inc.)
    R2 TmPreFilter; C:\Program Files\Trend Micro\Security Agent\TmPreFlt.sys [36128 2013-08-14] (Trend Micro Inc.)
    R1 tmtdi; C:\WINDOWS\System32\DRIVERS\tmtdi.sys [92112 2010-12-06] (Trend Micro Inc.)
    R1 UimBus; C:\WINDOWS\System32\DRIVERS\UimBus.sys [91016 2013-11-26] ()
    R1 Uim_DEVIM; C:\WINDOWS\System32\DRIVERS\uim_devim.sys [20616 2013-11-26] ()
    R1 Uim_IM; C:\WINDOWS\System32\Drivers\Uim_IM.sys [540168 2013-11-26] ()
    S1 Uim_Vim; C:\WINDOWS\System32\Drivers\Uim_Vim.sys [283600 2012-12-11] (Paragon)
    R2 VSApiNt; C:\Program Files\Trend Micro\Security Agent\VSApiNt.sys [1517600 2013-08-14] (Trend Micro Inc.)
    S3 WLBS; C:\WINDOWS\System32\DRIVERS\wlbs.sys [169984 2007-02-16] (Microsoft Corporation)
    S4 adpu320; No ImagePath
    S3 aeaudio; system32\drivers\aeaudio.sys [X]
    S4 afcnt; No ImagePath
    S3 atillk64; \??\C:\WINDOWS\atillk64.sys [X]
    S4 cpqarry2; No ImagePath
    S4 cpqcissm; No ImagePath
    S4 cpqfcalm; No ImagePath
    S4 dellcerc; No ImagePath
    S4 hpt3xx; No ImagePath
    S4 iirsp; No ImagePath
    S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
    S4 ipsraidn; No ImagePath
    U3 LicenseInfo; No ImagePath
    S4 LMIRfsClientNP; No ImagePath
    S4 lp6nds35; No ImagePath
    S3 MidiSyn; system32\drivers\MidiSyn.sys [X]
    S4 nfrd960; No ImagePath
    S4 ql2100; No ImagePath
    S4 ql2200; No ImagePath
    S4 ql2300; No ImagePath
    U5 sacdrv; C:\Windows\System32\Drivers\sacdrv.sys [72704 2007-02-16] (Microsoft Corporation)
    U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [105472 2007-02-16] (Microsoft Corporation)
    S3 smwdm; system32\drivers\smwdm.sys [X]
    S4 symmpi; No ImagePath
    S3 Video3D; System32\Drivers\Video3D32.sys [X]
     
    ==================== NetSvcs (Whitelisted) ===================
     
    NETSVC: Sacsvr -> C:\Windows\system32\sacsvr.dll (Microsoft Corporation)
    NETSVC: TrkSvr -> C:\Windows\system32\trksvr.dll (Microsoft Corporation)
     
    ==================== One Month Created Files and Folders ========
     
    2014-05-08 17:56 - 2014-05-08 17:57 - 00000000 ____D () C:\FRST
    2014-05-05 07:44 - 2014-05-05 07:44 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-05-05 07:43 - 2014-05-07 07:27 - 00050648 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
    2014-05-05 07:43 - 2014-05-05 07:44 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
    2014-05-05 07:43 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
    2014-05-02 07:09 - 2014-05-02 07:09 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2927811$
    2014-05-01 07:05 - 2014-05-01 07:06 - 00000000 ____D () C:\Program Files\Defraggler
    2014-05-01 07:05 - 2014-05-01 07:05 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Defraggler
    2014-04-09 06:17 - 2014-04-09 06:17 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
    2014-04-09 02:11 - 2014-03-06 10:57 - 01216000 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\urlmon.dll
    2014-04-09 02:11 - 2014-03-06 10:57 - 01216000 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2014-04-09 02:11 - 2014-03-06 10:57 - 00920064 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wininet.dll
    2014-04-09 02:11 - 2014-03-06 10:57 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2014-04-09 02:11 - 2014-03-06 10:57 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
    2014-04-09 02:11 - 2014-03-06 10:57 - 00206848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\occache.dll
    2014-04-09 02:11 - 2014-03-06 10:57 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
    2014-04-09 02:11 - 2014-03-06 10:57 - 00105984 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\url.dll
    2014-04-09 02:11 - 2014-03-06 10:57 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
    2014-04-09 02:11 - 2014-03-06 10:57 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
    2014-04-09 02:10 - 2014-03-06 10:57 - 11113472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2014-04-09 02:10 - 2014-03-06 10:57 - 02006016 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2014-04-09 02:10 - 2014-02-06 02:25 - 01044480 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kernel32.dll
    2014-04-09 02:10 - 2014-02-06 02:25 - 01044480 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
     
    ==================== One Month Modified Files and Folders =======
     
    2014-05-08 17:57 - 2014-05-08 17:56 - 00000000 ____D () C:\FRST
    2014-05-08 17:56 - 2011-03-13 12:06 - 00000438 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{5A530E92-A2C6-4614-A4D3-432F6647BFBE}.job
    2014-05-08 17:56 - 2006-11-09 18:50 - 01438527 _____ () C:\WINDOWS\WindowsUpdate.log
    2014-05-08 17:44 - 2012-06-15 06:28 - 00000892 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2014-05-08 17:38 - 2009-06-10 14:50 - 14245508 _____ () C:\WINDOWS\system32\TmInstall.log
    2014-05-08 17:37 - 2006-11-09 16:08 - 00015004 _____ () C:\WINDOWS\cfgall.ini
    2014-05-08 17:28 - 2008-06-19 06:07 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\LogMeIn
    2014-05-08 17:01 - 2012-04-16 06:29 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2014-05-08 16:38 - 2006-11-09 15:41 - 00000136 _____ () C:\WINDOWS\system32\config\netlogon.ftl
    2014-05-08 14:44 - 2012-06-15 06:28 - 00000888 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2014-05-08 11:13 - 2013-09-18 11:14 - 00000518 _____ () C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 88e26820-3367-484b-820c-5f7c97575737.job
    2014-05-08 06:39 - 2007-02-21 11:54 - 00000186 _____ () C:\WINDOWS\hpbafd.ini
    2014-05-08 06:22 - 2014-03-18 17:30 - 00000562 _____ () C:\WINDOWS\Tasks\Paragon SRVR-LMS Full Image Full.job
    2014-05-08 05:09 - 2011-03-13 12:31 - 00000000 ____D () C:\Documents and Settings\caloffice.CALOFFICE
    2014-05-08 05:02 - 2006-11-08 11:13 - 00000000 ____D () C:\WINDOWS\security
    2014-05-07 23:07 - 2006-11-08 11:13 - 00000000 ____D () C:\WINDOWS\repair
    2014-05-07 21:00 - 2013-09-18 11:14 - 00000518 _____ () C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 993ae6a9-7cf7-468e-9795-06d41e230abd.job
    2014-05-07 14:01 - 2006-11-08 19:35 - 00032580 _____ () C:\WINDOWS\Tasks\SchedLgU.Txt
    2014-05-07 07:35 - 2006-11-08 11:18 - 00610732 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
    2014-05-07 07:30 - 2014-01-21 15:42 - 00000735 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\LogMeIn Client.lnk
    2014-05-07 07:27 - 2014-05-05 07:43 - 00050648 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
    2014-05-07 07:07 - 2014-02-26 15:07 - 00064530 _____ () C:\Documents and Settings\LocalService\objsrv.log
    2014-05-07 07:07 - 2007-02-26 11:40 - 00000000 ____D () C:\WINDOWS\Minidump
    2014-05-07 07:07 - 2006-11-08 19:35 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
    2014-05-06 08:06 - 2003-03-25 05:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
    2014-05-06 07:58 - 2011-03-13 12:32 - 00000178 ___SH () C:\Documents and Settings\caloffice.CALOFFICE\ntuser.ini
    2014-05-06 07:58 - 2006-12-12 15:04 - 00393216 _____ () C:\WINDOWS\system32\config\DocForm Server Log.evt
    2014-05-06 06:07 - 2010-05-25 06:45 - 00000000 ____D () C:\Documents and Settings\administrator.COSINC\Desktop\TuneUp
    2014-05-05 07:44 - 2014-05-05 07:44 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-05-05 07:44 - 2014-05-05 07:43 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
    2014-05-02 07:22 - 2006-11-08 11:13 - 00000000 ____D () C:\WINDOWS\system32\LogFiles
    2014-05-02 07:19 - 2013-11-13 07:53 - 00000000 ____D () C:\WINDOWS\system32\MRT
    2014-05-02 07:09 - 2014-05-02 07:09 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2927811$
    2014-05-01 07:06 - 2014-05-01 07:05 - 00000000 ____D () C:\Program Files\Defraggler
    2014-05-01 07:05 - 2014-05-01 07:05 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Defraggler
    2014-04-30 02:40 - 2014-03-12 00:19 - 06022144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2014-04-30 02:40 - 2014-02-12 01:40 - 06022144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll
    2014-04-28 07:13 - 2010-01-11 07:21 - 00000000 ____D () C:\Program Files\CCleaner
    2014-04-24 06:25 - 2014-04-01 07:12 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2014-04-18 06:43 - 2014-01-21 15:42 - 00000719 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\LogMeIn Control Panel.lnk
    2014-04-18 06:43 - 2006-11-28 15:40 - 00001024 _____ () C:\.rnd
    2014-04-18 06:42 - 2010-01-17 09:34 - 00000000 ____D () C:\Program Files\LogMeIn
    2014-04-18 06:41 - 2010-01-17 09:34 - 00086888 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIRfsClientNP.dll
    2014-04-18 06:41 - 2010-01-17 09:34 - 00085832 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIinit.dll
    2014-04-18 06:41 - 2010-01-17 09:34 - 00031560 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIport.dll
    2014-04-10 23:30 - 2010-01-17 09:34 - 00086888 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIRfsClientNP.dll.000.bak
    2014-04-10 23:30 - 2006-11-28 15:41 - 00085832 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIinit.dll.000.bak
    2014-04-09 06:17 - 2014-04-09 06:17 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
     
    ==================== Bamital & volsnap Check =================
     
    C:\WINDOWS\explorer.exe
    [2007-02-17 07:03] - [2007-02-17 07:03] - 1053184 ____A (Microsoft Corporation) A26C39540F8BE3729846E360E2C57344
     
    C:\WINDOWS\system32\winlogon.exe
    [2007-02-17 07:04] - [2007-02-17 07:04] - 0528384 ____A (Microsoft Corporation) B4AA8AE0F18E5DFCF99A671A181D3EDC
     
    C:\WINDOWS\system32\svchost.exe
    [2007-02-17 07:04] - [2007-02-17 07:04] - 0014848 ____A (Microsoft Corporation) C09CCFE81DEC9B162533D7184D705682
     
    C:\WINDOWS\system32\services.exe
    [2003-03-25 05:00] - [2009-02-03 04:07] - 0113152 ____A (Microsoft Corporation) CF500580CDD83B145646A4DCFCE1CF3C
     
    C:\WINDOWS\system32\User32.dll
    [2007-04-04 06:35] - [2007-03-01 23:38] - 0583680 ____A (Microsoft Corporation) 1959150096B010BA953A78B0D6B0B4E4
     
    C:\WINDOWS\system32\userinit.exe
    [2003-03-25 05:00] - [2007-02-17 07:04] - 0026112 ____A (Microsoft Corporation) B5FEB3B971A8B8C81CE9DE65031A87E5
     
    C:\WINDOWS\system32\rpcss.dll
    [2009-04-15 16:55] - [2009-02-09 04:02] - 0486912 ____A (Microsoft Corporation) 305A8757D66B5D416B47C497C27A01FE
     
     ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
    C:\WINDOWS\system32\Drivers\volsnap.sys
    [2003-03-25 05:00] - [2012-08-21 05:56] - 0153600 ____A (Microsoft Corporation) 701D86EC9D221F68C8528CC47D3958E6
     
    C:\Windows\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION!.
     
    ==================== End Of Log ============================

    • 0

    #6
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,658 posts
    • MVP

    You have some Policy restrictions which may be interfering.  We can remove them with FRST:

     

    Download the attached fixlist.txt to the same location as FRST
    Run FRST and press Fix
    A fix log will be generated please post that.  Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.

     

    Now try your MBAM.  You may need to reinstall it.

     

    There are a lot of dead services which I would normally remove but since this is a 2003 server there may be things about it FRST doesn't understand.

     

    S4 adpu320; No ImagePath
    S3 aeaudio; system32\drivers\aeaudio.sys [X]
    S4 afcnt; No ImagePath
    S3 atillk64; \??\C:\WINDOWS\atillk64.sys [X]
    S4 cpqarry2; No ImagePath
    S4 cpqcissm; No ImagePath
    S4 cpqfcalm; No ImagePath
    S4 dellcerc; No ImagePath
    S4 hpt3xx; No ImagePath
    S4 iirsp; No ImagePath
    S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
    S4 ipsraidn; No ImagePath
    U3 LicenseInfo; No ImagePath
    S4 LMIRfsClientNP; No ImagePath
    S4 lp6nds35; No ImagePath
    S3 MidiSyn; system32\drivers\MidiSyn.sys [X]
    S4 nfrd960; No ImagePath
    S4 ql2100; No ImagePath
    S4 ql2200; No ImagePath
    S4 ql2300; No ImagePath
    S3 smwdm; system32\drivers\smwdm.sys [X]
    S4 symmpi; No ImagePath
    S3 Video3D; System32\Drivers\Video3D32.sys [X]

     

     

     
     

     

    There is also talk of a missing bootcat.cache file which should keep it from booting but obviously it does.
     

     

    C:\Windows\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION!.

     

     

     

    Finally I see a wrong winsock2 entry:
     

     

    Winsock: Catalog5 03 %SystemRoot%\System32\mswsock.dll [256000] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

     

     

     

    This can be reset to the default by opening a command prompt and typing:

    netsh  winsock  reset  catalog

    then hit Enter and reboot.

     

     

     

     


    • 0

    #7
    bhzendner

    bhzendner

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 223 posts
    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:08-05-2014
    Ran by caloffice at 2014-05-09 08:59:26 Run:1
    Running from C:\Documents and Settings\caloffice.CALOFFICE\Desktop
    Boot Mode: Normal
     
    ==============================================
     
    Content of fixlist:
    *****************
    HKLM Group Policy restriction on software: %AppData%**.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %AppData%*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
    HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
    HKLM\...\Command Processor:  <======= ATTENTION
     
     
     
     
     
    *****************
     
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM\Software\Microsoft\Command Processor\\AutoRun => Value deleted successfully.
     
    ==== End of Fixlog ====
     
     
     
    Additional scan result of Farbar Recovery Scan Tool (x86) Version:08-05-2014
    Ran by caloffice at 2014-05-09 09:04:59
    Running from C:\Documents and Settings\caloffice.CALOFFICE\Desktop
    Boot Mode: Normal
    ==========================================================
     
     
    ==================== Security Center ========================
     
     
    ==================== Installed Programs ======================
     
    Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) (Version: 8.1.2 - Adobe Systems, Inc) Hidden
    Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.2.202.233 - Adobe Systems Incorporated)
    Adobe Reader 8.1.2 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A81200000003}) (Version: 8.1.2 - Adobe Systems Incorporated)
    Adobe Reader 8.1.2 Security Update 1 (KB403742) (HKLM\...\{AC76BA86-7AD7-1033-7B44-A81200000003}_Adobe Reader 8.1.2) (Version:  - )
    Boot Media Builder for Paragon Hard Disk Manager™ 14 Premium Edition (HKLM\...\{3E9F3D5C-8B49-5854-ACF6-75EE3C96A6CC}) (Version: 1.00.0000 - Paragon Software)
    CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
    CleanUp! (HKLM\...\CleanUp!) (Version:  - )
    Defraggler (HKLM\...\Defraggler) (Version: 2.18 - Piriform)
    DocForm 5.0 Professional (HKLM\...\{869ED054-0A06-47A2-995E-DA20A571BDCF}) (Version: 5.0.1 - Prism Software Corporation)
    DocForm Professional 4.2 (HKLM\...\{C560143C-E9D4-4E88-96E2-7D242B4479C9}) (Version: 4.2.0 - Prism Software Corporation)
    FileZilla Client 3.2.4.1 (HKLM\...\FileZilla Client) (Version: 3.2.4.1 - )
    Google Chrome (HKLM\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)
    Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
    Hyper-V Integration Services (version 6.2.9200.16384) (HKLM\...\{E675F32B-3508-4658-84EC-2069EE621899}) (Version: 3.9200.16384 - Microsoft Corporation)
    Intel® PRO Network Adapters and Drivers (HKLM\...\PROSet) (Version:  - )
    Kyocera Product Library (HKLM\...\Kyocera Product Library) (Version: 2.0.0713 - Kyocera Mita Corporation)
    Linksys PrintServer Driver (HKLM\...\Linksys PrintServer Driver) (Version:  - )
    LogMeIn (HKLM\...\{34F93E31-E1A0-421C-8E86-BCF7C4193A91}) (Version: 4.0.982 - LogMeIn, Inc.)
    LogMeIn (HKLM\...\{7F831576-6246-42C7-B523-55B3F96509CC}) (Version: 4.0.784 - LogMeIn, Inc.)
    Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
    Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
    Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 (Version:  - Microsoft Corporation) Hidden
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 (Version:  - Microsoft Corporation) Hidden
    Microsoft SQL Server Native Client (HKLM\...\{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}) (Version: 9.00.3042.00 - Microsoft Corporation)
    Microsoft User-Mode Driver Framework Feature Pack 1.9 (HKLM\...\Wudf01009) (Version:  - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft XML Parser (Version: 8.70.1104.04 - Microsoft Corporation) Hidden
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
    MSXML 6 Service Pack 2 (KB2758696) (HKLM\...\{E46A76D1-9FB9-4770-BA24-3975EF4D120A}) (Version: 6.20.2016.0 - Microsoft Corporation)
    Paragon Hard Disk Manager™ 14 Premium Edition (HKLM\...\{619A89DE-5F01-11E2-85E8-000C2982512D}) (Version: 90.00.0003 - Paragon Software)
    PowerChute Network Shutdown (HKLM\...\PowerChute Network Shutdown) (Version:  - American Power Conversion)
    PrintKey2000 (HKLM\...\PrintKey2000) (Version:  - )
    Promise Array Management (HKLM\...\Promise Array Management) (Version:  - )
    Recovery Media Builder™ (HKLM\...\{EC1AB719-E98B-532C-95D4-381FB69F5CD2}) (Version: 1.00.0000 - Paragon Software)
    Shadow Copy Client (HKLM\...\{23E5032B-56CA-4C19-A72E-B50161DB82CA}) (Version: 5.2.01 - Microsoft)
    SonicWALL Continuous Data Protection (HKLM\...\{E61925A2-F785-413E-B245-B8EB12AE24E0}) (Version: 5.0.3 - SonicWALL)
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1144 - SUPERAntiSpyware.com)
    Transoft U/BL for Windows 2000 & xp (HKLM\...\UBL) (Version:  - )
    TreeSize Free V2.1 (HKLM\...\TreeSize Free_is1) (Version:  - JAM Software)
    Trend Micro Worry-Free Business Security Agent (HKLM\...\Wofie) (Version: 18.0.2013 - Trend Micro Inc.)
    Trend Micro Worry-Free Business Security Agent (Version: 8.0 - Trend Micro Inc.) Hidden
    U/Gi 32 bit Edition (HKLM\...\UGi32) (Version:  - )
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2473228) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2468871) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2533523) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2600217) (Version: 1 - Microsoft Corporation)
    Update for Windows Internet Explorer 8 (KB2632503) (HKLM\...\KB2632503-IE8) (Version: 1 - Microsoft Corporation)
    Update for Windows Internet Explorer 8 (KB971180) (HKLM\...\KB971180-IE8) (Version: 1 - Microsoft Corporation)
    Update for Windows Internet Explorer 8 (KB971930) (HKLM\...\KB971930-IE8) (Version: 1 - Microsoft Corporation)
    Update for Windows Internet Explorer 8 (KB973874) (HKLM\...\KB973874-IE8) (Version: 1 - Microsoft Corporation)
    Update for Windows Internet Explorer 8 (KB975364) (HKLM\...\KB975364-IE8) (Version: 1 - Microsoft Corporation)
    Update for Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8) (Version: 1 - Microsoft Corporation)
    Update for Windows Internet Explorer 8 (KB976749) (HKLM\...\KB976749-IE8) (Version: 1 - Microsoft Corporation)
    Update for Windows Internet Explorer 8 (KB978506) (HKLM\...\KB978506-IE8) (Version: 1 - Microsoft Corporation)
    Update for Windows Internet Explorer 8 (KB980182) (HKLM\...\KB980182-IE8) (Version: 1 - Microsoft Corporation)
    Update for Windows Internet Explorer 8 (KB980302) (HKLM\...\KB980302-IE8) (Version: 1 - Microsoft Corporation)
    Update for Windows Internet Explorer 8 (KB982632) (HKLM\...\KB982632-IE8) (Version: 1 - Microsoft Corporation)
    Update for Windows Server 2003 (KB2388210) (HKLM\...\KB2388210) (Version:  - )
    Update for Windows Server 2003 (KB2492386) (HKLM\...\KB2492386) (Version: 1 - Microsoft Corporation)
    Update for Windows Server 2003 (KB2607712) (HKLM\...\KB2607712) (Version: 1 - Microsoft Corporation)
    Update for Windows Server 2003 (KB2616676) (HKLM\...\KB2616676) (Version: 1 - Microsoft Corporation)
    Update for Windows Server 2003 (KB2641690-v2) (HKLM\...\KB2641690-v2) (Version: 2 - Microsoft Corporation)
    Update for Windows Server 2003 (KB2661254) (HKLM\...\KB2661254) (Version: 1 - Microsoft Corporation)
    Update for Windows Server 2003 (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
    Update for Windows Server 2003 (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
    Update for Windows Server 2003 (KB2748349) (HKLM\...\KB2748349) (Version: 1 - Microsoft Corporation)
    Update for Windows Server 2003 (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
    Update for Windows Server 2003 (KB2808679) (HKLM\...\KB2808679) (Version: 1 - Microsoft Corporation)
    Update for Windows Server 2003 (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
    Update for Windows Server 2003 (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
    Update for Windows Server 2003 (KB2927811) (HKLM\...\KB2927811) (Version: 1 - Microsoft Corporation)
    Update for Windows Server 2003 (KB943295) (HKLM\...\KB943295) (Version:  - )
    Update for Windows Server 2003 (KB943729) (HKLM\...\KB943729) (Version:  - Microsoft Corporation)
    Update for Windows Server 2003 (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
    Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
    Windows Internet Explorer 7 (Version: 20061027.150806 - Microsoft Corporation) Hidden
    Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
    Windows Management Framework Core (HKLM\...\KB968930) (Version:  - Microsoft Corporation)
    Windows Presentation Foundation (Version: 3.0.6920.0 - Microsoft Corporation) Hidden
    Windows Server 2003 Service Pack 2 (HKLM\...\Windows Server 2003 Service Pack) (Version: 20070217.021455 - Microsoft Corporation)
    Windows Small Business Server 2011 Standard ClientAgent (HKLM\...\{3032BC7D-E713-452D-AAF7-F5ED073226C8}) (Version: 6.1.7900.1 - Microsoft Corporation)
    Windows Small Business Server 2011 Standard WMI Provider (Version: 6.1.7900.1 - Microsoft Corporation) Hidden
    XML Paper Specification Shared Components Pack 1.0 (Version:  - Microsoft Corporation) Hidden
     
    ==================== Restore Points  =========================
     
    Could not list Restore Points. Check "winmgmt" service or repair WMI.
     
     
    ==================== Hosts content: ==========================
     
    2003-03-25 05:00 - 2003-03-25 05:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
    127.0.0.1       localhost
     
    ==================== Scheduled Tasks (whitelisted) =============
     
    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\Paragon SRVR-LMS Full Image Full.job => C:\PROGRA~1\PARAGO~1\HARDDI~2\program\scripts.exe
    Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 88e26820-3367-484b-820c-5f7c97575737.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 993ae6a9-7cf7-468e-9795-06d41e230abd.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{5A530E92-A2C6-4614-A4D3-432F6647BFBE}.job => C:\WINDOWS\system32\msfeedssync.exe
     
    ==================== Loaded Modules (whitelisted) =============
     
     
    ==================== Alternate Data Streams (whitelisted) =========
     
     
    ==================== Safe Mode (whitelisted) ===================
     
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wd.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
     
    ==================== EXE Association (whitelisted) =============
     
     
    ==================== Disabled items from MSCONFIG ==============
     
     
    ==================== Faulty Device Manager Devices =============
     
     
    ==================== Event log errors: =========================
     
    Application errors:
    ==================
    Error: (05/09/2014 08:05:23 AM) (Source: Application Error) (User: ) (EventID: 1000)
    Description: Faulting application UBLServ.exe, version 0.0.0.0, faulting module TSUBLMon.dll, version 5.3.0.0, fault address 0x0000aef2.
    Processing media-specific event for [UBLServ.exe!ws!]
     
    Error: (05/09/2014 08:04:11 AM) (Source: Application Error) (User: ) (EventID: 1000)
    Description: Faulting application UBLServ.exe, version 0.0.0.0, faulting module TSUBLMon.dll, version 5.3.0.0, fault address 0x0000aef2.
    Processing media-specific event for [UBLServ.exe!ws!]
     
    Error: (05/09/2014 08:02:46 AM) (Source: Application Error) (User: ) (EventID: 1000)
    Description: Faulting application UBLServ.exe, version 0.0.0.0, faulting module TSUBLMon.dll, version 5.3.0.0, fault address 0x0000aef2.
    Processing media-specific event for [UBLServ.exe!ws!]
     
    Error: (05/09/2014 08:00:00 AM) (Source: Application Error) (User: ) (EventID: 1000)
    Description: Faulting application UBLServ.exe, version 0.0.0.0, faulting module TSUBLMon.dll, version 5.3.0.0, fault address 0x0000aef2.
    Processing media-specific event for [UBLServ.exe!ws!]
     
    Error: (05/09/2014 07:59:46 AM) (Source: UserInit) (User: ) (EventID: 1000)
    Description: Could not execute the following script \\caloffice.local\SysVol\caloffice.local\ClientAgent\ClientAgent.vbs. No network provider accepted the given network path.
    .
     
    Error: (05/09/2014 07:59:46 AM) (Source: UserInit) (User: ) (EventID: 1000)
    Description: Could not execute the following script \\caloffice.local\SysVol\caloffice.local\ClientAgent\ClientAgent.vbs. No network provider accepted the given network path.
    .
     
    Error: (05/09/2014 07:59:43 AM) (Source: Userenv) (User: NT AUTHORITY) (EventID: 1053)
    Description: Windows cannot determine the user or computer name. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.
     
    Error: (05/09/2014 06:33:21 AM) (Source: Application Error) (User: ) (EventID: 1000)
    Description: Faulting application mbam.exe, version 1.0.0.500, faulting module msvcr100.dll, version 10.0.40219.325, fault address 0x0008d6fd.
    Processing media-specific event for [mbam.exe!ws!]
     
    Error: (05/09/2014 06:21:25 AM) (Source: Application Hang) (User: ) (EventID: 1002)
    Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
     
    Error: (05/08/2014 01:32:05 AM) (Source: Userenv) (User: NT AUTHORITY) (EventID: 1030)
    Description: Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this.
     
     
    System errors:
    =============
    Error: (05/09/2014 08:00:59 AM) (Source: Print) (User: NT AUTHORITY) (EventID: 33)
    Description: The PrintQueue Container could not be found because the DNS Domain name could not be retrieved.  Error: 54b
     
    Error: (05/09/2014 08:00:59 AM) (Source: Print) (User: NT AUTHORITY) (EventID: 33)
    Description: The PrintQueue Container could not be found because the DNS Domain name could not be retrieved.  Error: 54b
     
    Error: (05/09/2014 07:59:46 AM) (Source: W32Time) (User: ) (EventID: 29)
    Description: The time provider NtpClient is configured to acquire time from one or more
    time sources, however none of the sources are currently accessible. 
    No attempt to contact a source will be made for 15 minutes.
    NtpClient has no source of accurate time.
     
    Error: (05/09/2014 07:59:43 AM) (Source: 0) (User: ) (EventID: 18)
    Description: 
     
    Error: (05/09/2014 07:59:41 AM) (Source: NETLOGON) (User: ) (EventID: 5719)
    Description: This computer was not able to set up a secure session with a domain
    controller in domain CALOFFICE due to the following: 
    %%1311
     
    This may lead to authentication problems. Make sure that this
    computer is connected to the network. If the problem persists,
    please contact your domain administrator.
     
     
     
    ADDITIONAL INFO
     
    If this computer is a domain controller for the specified domain, it
    sets up the secure session to the primary domain controller emulator in the specified
    domain. Otherwise, this computer sets up the secure session to any domain controller
    in the specified domain.
     
    Error: (05/09/2014 07:37:31 AM) (Source: EventLog) (User: ) (EventID: 6008)
    Description: The previous system shutdown at 7:46:32 AM on 5/9/2014 was unexpected.
     
    Error: (05/09/2014 07:19:57 AM) (Source: W32Time) (User: ) (EventID: 29)
    Description: The time provider NtpClient is configured to acquire time from one or more
    time sources, however none of the sources are currently accessible. 
    No attempt to contact a source will be made for 15 minutes.
    NtpClient has no source of accurate time.
     
    Error: (05/09/2014 06:14:14 AM) (Source: W32Time) (User: ) (EventID: 29)
    Description: The time provider NtpClient is configured to acquire time from one or more
    time sources, however none of the sources are currently accessible. 
    No attempt to contact a source will be made for 15 minutes.
    NtpClient has no source of accurate time.
     
    Error: (05/09/2014 05:08:21 AM) (Source: W32Time) (User: ) (EventID: 29)
    Description: The time provider NtpClient is configured to acquire time from one or more
    time sources, however none of the sources are currently accessible. 
    No attempt to contact a source will be made for 15 minutes.
    NtpClient has no source of accurate time.
     
    Error: (05/09/2014 04:02:40 AM) (Source: W32Time) (User: ) (EventID: 29)
    Description: The time provider NtpClient is configured to acquire time from one or more
    time sources, however none of the sources are currently accessible. 
    No attempt to contact a source will be made for 15 minutes.
    NtpClient has no source of accurate time.
     
     
    Microsoft Office Sessions:
    =========================
    Error: (05/09/2014 08:05:23 AM) (Source: Application Error) (User: ) (EventID: 1000)
    Description: UBLServ.exe0.0.0.0TSUBLMon.dll5.3.0.00000aef2
     
    Error: (05/09/2014 08:04:11 AM) (Source: Application Error) (User: ) (EventID: 1000)
    Description: UBLServ.exe0.0.0.0TSUBLMon.dll5.3.0.00000aef2
     
    Error: (05/09/2014 08:02:46 AM) (Source: Application Error) (User: ) (EventID: 1000)
    Description: UBLServ.exe0.0.0.0TSUBLMon.dll5.3.0.00000aef2
     
    Error: (05/09/2014 08:00:00 AM) (Source: Application Error) (User: ) (EventID: 1000)
    Description: UBLServ.exe0.0.0.0TSUBLMon.dll5.3.0.00000aef2
     
    Error: (05/09/2014 07:59:46 AM) (Source: UserInit) (User: ) (EventID: 1000)
    Description: \\caloffice.local\SysVol\caloffice.local\ClientAgent\ClientAgent.vbsNo network provider accepted the given network path.
     
    Error: (05/09/2014 07:59:46 AM) (Source: UserInit) (User: ) (EventID: 1000)
    Description: \\caloffice.local\SysVol\caloffice.local\ClientAgent\ClientAgent.vbsNo network provider accepted the given network path.
     
    Error: (05/09/2014 07:59:43 AM) (Source: Userenv) (User: NT AUTHORITY) (EventID: 1053)
    Description: The specified domain either does not exist or could not be contacted.
     
    Error: (05/09/2014 06:33:21 AM) (Source: Application Error) (User: ) (EventID: 1000)
    Description: mbam.exe1.0.0.500msvcr100.dll10.0.40219.3250008d6fd
     
    Error: (05/09/2014 06:21:25 AM) (Source: Application Hang) (User: ) (EventID: 1002)
    Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000
     
    Error: (05/08/2014 01:32:05 AM) (Source: Userenv) (User: NT AUTHORITY) (EventID: 1030)
    Description: 
     
     
    ==================== Memory info =========================== 
     
    Percentage of memory in use: 32%
    Total physical RAM: 2047.45 MB
    Available physical RAM: 1381.29 MB
    Total Pagefile: 3944.13 MB
    Available Pagefile: 3424.8 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1964.49 MB
     
    ==================== Drives ================================
     
    Drive c: () (Fixed) (Total:34.46 GB) (Free:15.32 GB) NTFS
    Drive e: (VMGUEST) (CDROM) (Total:0.03 GB) (Free:0 GB) CDFS
    Drive f: (DATA) (Fixed) (Total:232.81 GB) (Free:209.11 GB) NTFS
    Drive p: () (Network) (Total:474.9 GB) (Free:182.86 GB) NTFS
    Drive t: () (Network) (Total:474.9 GB) (Free:182.86 GB) NTFS
    Drive x: (BOOT) (Network) (Total:48.83 GB) (Free:9 GB) NTFS
    Drive y: (DATA01) (Network) (Total:1861.71 GB) (Free:1217.49 GB) NTFS
     
    ==================== MBR & Partition Table ==================
     
    ========================================================
    Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 34 GB) (Disk ID: B4525A29)
    Partition 1: (Active) - (Size=34 GB) - (Type=07 NTFS)
     
    ========================================================
    Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: EADE756F)
    Partition 1: (Not Active) - (Size=233 GB) - (Type=07 NTFS)
     
    ==================== End Of Log ============================
     
     
     
     
    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:08-05-2014
    Ran by caloffice (administrator) on SRVR-LMS on 09-05-2014 09:01:19
    Running from C:\Documents and Settings\caloffice.CALOFFICE\Desktop
    Microsoft® Windows® Server 2003, Standard Edition Service Pack 2 (X86) OS Language: English(US)
    Internet Explorer Version 8
    Boot Mode: Normal
     
    The only official download link for FRST:
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
     
    ==================== Processes (Whitelisted) =================
     
     
     
    ==================== Registry (Whitelisted) ==================
     
    HKLM\...\Run: [PtiuPbmd] => C:\WINDOWS\system32\ptipbm.dll [24576 2006-11-08] (Promise Technology,Inc.)
    HKLM\...\Run: [Ptipbmf] => C:\WINDOWS\system32\ptipbmf.dll [118784 2003-06-20] (Promise Technology, Inc.)
    HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [39792 2008-01-11] (Adobe Systems Incorporated)
    HKLM\...\Run: [LogMeIn GUI] => C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [63048 2008-08-11] (LogMeIn, Inc.)
    HKLM\...\Run: [OfficeScanNT Monitor] => C:\Program Files\Trend Micro\Security Agent\pccntmon.exe [1373040 2013-08-29] (Trend Micro Inc.)
    HKLM\...\Run: [UserFaultCheck] => %systemroot%\system32\dumprep 0 -u
    HKLM\...\Winlogon: [UIHost] %SystemRoot%\system32\logonui.exe [x ] ()
    Winlogon\Notify\LMIinit: C:\WINDOWS\system32\LMIinit.dll (LogMeIn, Inc.)
    HKLM\...\Policies\Explorer: [ShowSuperHidden] 1
    HKU\.DEFAULT\...\RunOnce: [tscuninstall] - C:\WINDOWS\system32\tscupgrd.exe [44032 2003-03-25] (Microsoft Corporation)
    HKU\.DEFAULT\...\RunOnce: [TSClientMSIUninstaller] - cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"
    HKU\S-1-5-19\...\RunOnce: [tscuninstall] - C:\WINDOWS\system32\tscupgrd.exe [44032 2003-03-25] (Microsoft Corporation)
    HKU\S-1-5-20\...\RunOnce: [tscuninstall] - C:\WINDOWS\system32\tscupgrd.exe [44032 2003-03-25] (Microsoft Corporation)
    Lsa: [Notification Packages] RASSFM KDCSVC WDIGEST scecli
    Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Printkey2000.lnk
    ShortcutTarget: Printkey2000.lnk -> C:\Program Files\PrintKey2000\Printkey2000.exe (Fred's Software)
     
    ==================== Internet (Whitelisted) ====================
     
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://companyweb
    HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://companyweb
    BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\Security Agent\TmIEPlg.dll (Trend Micro Inc.)
    DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab
    DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} http://srvr-cos/conn...uter/nshelp.dll
    DPF: {8BBDC81D-81B3-49EE-87E8-47B7A707FAE8} https://www1.gotomee...ets/g2mdlax.cab
    DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
    DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100
    Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\Security Agent\TmIEPlg.dll (Trend Micro Inc.)
    ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com)
    Winsock: Catalog5 03 %SystemRoot%\System32\mswsock.dll [256000] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
    Tcpip\..\Interfaces\{1B4DE293-EA07-4106-97D6-75AED790C150}: [NameServer]192.168.192.10
    Tcpip\..\Interfaces\{3C489710-A503-476B-AB68-153F2A7F1798}: [NameServer]192.168.192.11
    Tcpip\..\Interfaces\{BC23F679-DD05-4603-9309-D9599BCFBCF7}: [NameServer]192.168.192.11,8.8.8.8
    Tcpip\..\Interfaces\{C0EDACF3-3558-4517-9D09-C2E19546560E}: [NameServer]192.168.192.10
     
    FireFox:
    ========
    FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
    FF HKLM\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\Security Agent\FirefoxExtension
    FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\Security Agent\FirefoxExtension [2013-03-25]
     
    ========================== Services (Whitelisted) =================
     
    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-09-10] (SUPERAntiSpyware.com)
    S3 Dfs; C:\WINDOWS\system32\Dfssvc.exe [164864 2007-02-17] (Microsoft Corporation)
    S3 DocForm5Svc; C:\Program Files\Prism Software\DocForm 5\DocForm5Svc.exe [28672 2007-03-28] (Prism Software)
    R2 DocFormSvc; c:\program files\prism software\docform\docformsvc.exe [36864 2006-08-08] (Prism Software)
    S4 IsmServ; C:\WINDOWS\System32\ismserv.exe [40448 2007-02-17] (Microsoft Corporation)
    S4 kdc; C:\WINDOWS\System32\lsass.exe [13312 2003-03-25] (Microsoft Corporation)
    S4 LicenseService; C:\WINDOWS\System32\llssrv.exe [94720 2007-02-17] (Microsoft Corporation)
    R2 LPDSVC; C:\WINDOWS\system32\tcpsvcs.exe [21504 2003-03-25] (Microsoft Corporation)
    S3 NtFrs; C:\WINDOWS\system32\ntfrs.exe [792064 2007-02-17] (Microsoft Corporation)
    R2 ntrtscan; C:\Program Files\Trend Micro\Security Agent\ntrtscan.exe [2279440 2013-11-21] (Trend Micro Inc.)
    R2 PCNS1; C:\Program Files\APC\PowerChute\group1\pcns.exe [29952 2008-05-15] (American Power Conversion Corporation)
    S3 RSoPProv; C:\WINDOWS\system32\RSoPProv.exe [67072 2007-02-17] (Microsoft Corporation)
    S3 sacsvr; C:\WINDOWS\system32\sacsvr.dll [12288 2003-03-25] (Microsoft Corporation)
    R2 SonicWALLCDPAgent; C:\Program Files\SonicWALL\SonicWALL Continuous Data Protection\CDPAgentService.exe [35328 2009-05-21] (SonicWALL, Inc.)
    R2 tmlisten; C:\Program Files\Trend Micro\Security Agent\tmlisten.exe [2293088 2013-08-29] (Trend Micro Inc.)
    R3 TmProxy; C:\Program Files\Trend Micro\Security Agent\TmProxy.exe [689712 2012-08-08] (Trend Micro Inc.)
    S4 TrkSvr; C:\WINDOWS\system32\trksvr.dll [50688 2003-03-25] (Microsoft Corporation)
    S4 Tssdis; C:\WINDOWS\System32\tssdis.exe [71168 2007-02-17] (Microsoft Corporation)
    R2 UBLService5; C:\UBL\bin\UBLServ.exe [16384 2003-08-17] ()
    S3 uploadmgr; C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll [39936 2007-02-17] (Microsoft Corporation)
    S2 ATKKeyboardService; C:\WINDOWS\ATKKBService.exe [X]
    R2 Eventlog;  [X]
     
    ==================== Drivers (Whitelisted) ====================
     
    R1 AmdPPM; C:\WINDOWS\System32\DRIVERS\AmdPPM.sys [33792 2007-04-16] (Advanced Micro Devices)
    S3 asusgsb; C:\WINDOWS\System32\drivers\asusgsb.sys [12416 2007-07-12] (ASUSTeK Computer Inc.)
    S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17408 2007-02-17] (Microsoft Corporation)
    S4 ClusDisk; C:\WINDOWS\System32\DRIVERS\ClusDisk.sys [69120 2007-02-16] (Microsoft Corporation)
    R0 DfsDriver; C:\WINDOWS\System32\drivers\Dfs.sys [34816 2007-02-16] (Microsoft Corporation)
    S3 E1000; C:\WINDOWS\System32\DRIVERS\e1000325.sys [121344 2003-03-11] (Intel Corporation)
    R1 EIO; C:\WINDOWS\system32\drivers\EIO.sys [12288 2007-07-12] (ASUSTeK Computer Inc.)
    R0 fasttx2k; C:\WINDOWS\System32\DRIVERS\fasttx2k.sys [127488 2003-08-06] (Promise Technology, Inc.)
    S3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10112 2003-03-24] (Microsoft Corporation)
    R0 gpt_loader; C:\WINDOWS\System32\DRIVERS\gpt_loader.sys [51792 2013-11-20] (Paragon Software Group)
    R0 hotcore3; C:\WINDOWS\System32\DRIVERS\hotcore3.sys [27464 2013-11-26] (Paragon Software Group)
    R1 LassoBackup; C:\WINDOWS\System32\DRIVERS\lassobackup.sys [38784 2006-03-22] (SonicWALL Inc.)
    S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [50648 2014-05-07] (Malwarebytes Corporation)
    S3 ms_mpu401; C:\WINDOWS\System32\drivers\msmpu401.sys [5120 2003-03-24] (Microsoft Corporation)
    S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [11776 2007-02-17] (Microsoft Corporation)
    R3 netvsc; C:\WINDOWS\System32\DRIVERS\netvsc50.sys [39040 2012-07-25] (Microsoft Corporation)
    R2 NwlnkIpx; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [90624 2007-02-16] (Microsoft Corporation)
    R2 NwlnkNb; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [65024 2003-03-25] (Microsoft Corporation)
    R2 NwlnkSpx; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [58368 2007-02-16] (Microsoft Corporation)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R3 SynthVid; C:\WINDOWS\System32\DRIVERS\VMBusVideoM.sys [18048 2012-07-25] (Microsoft Corporation)
    R2 tmcomm; C:\WINDOWS\system32\drivers\tmcomm.sys [258976 2012-11-13] (Trend Micro Inc.)
    R2 TmFilter; C:\Program Files\Trend Micro\Security Agent\TmXPFlt.sys [263968 2013-08-14] (Trend Micro Inc.)
    R2 TmPreFilter; C:\Program Files\Trend Micro\Security Agent\TmPreFlt.sys [36128 2013-08-14] (Trend Micro Inc.)
    R1 tmtdi; C:\WINDOWS\System32\DRIVERS\tmtdi.sys [92112 2010-12-06] (Trend Micro Inc.)
    R1 UimBus; C:\WINDOWS\System32\DRIVERS\UimBus.sys [91016 2013-11-26] ()
    R1 Uim_DEVIM; C:\WINDOWS\System32\DRIVERS\uim_devim.sys [20616 2013-11-26] ()
    R1 Uim_IM; C:\WINDOWS\System32\Drivers\Uim_IM.sys [540168 2013-11-26] ()
    S1 Uim_Vim; C:\WINDOWS\System32\Drivers\Uim_Vim.sys [283600 2012-12-11] (Paragon)
    R2 VSApiNt; C:\Program Files\Trend Micro\Security Agent\VSApiNt.sys [1517600 2013-08-14] (Trend Micro Inc.)
    S3 WLBS; C:\WINDOWS\System32\DRIVERS\wlbs.sys [169984 2007-02-16] (Microsoft Corporation)
    S4 adpu320; No ImagePath
    S3 aeaudio; system32\drivers\aeaudio.sys [X]
    S4 afcnt; No ImagePath
    S3 atillk64; \??\C:\WINDOWS\atillk64.sys [X]
    S4 cpqarry2; No ImagePath
    S4 cpqcissm; No ImagePath
    S4 cpqfcalm; No ImagePath
    S4 dellcerc; No ImagePath
    S4 hpt3xx; No ImagePath
    S4 iirsp; No ImagePath
    S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
    S4 ipsraidn; No ImagePath
    U3 LicenseInfo; No ImagePath
    S4 LMIRfsClientNP; No ImagePath
    S4 lp6nds35; No ImagePath
    S3 MidiSyn; system32\drivers\MidiSyn.sys [X]
    S4 nfrd960; No ImagePath
    S4 ql2100; No ImagePath
    S4 ql2200; No ImagePath
    S4 ql2300; No ImagePath
    U5 sacdrv; C:\Windows\System32\Drivers\sacdrv.sys [72704 2007-02-16] (Microsoft Corporation)
    U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [105472 2007-02-16] (Microsoft Corporation)
    S3 smwdm; system32\drivers\smwdm.sys [X]
    S4 symmpi; No ImagePath
    S3 Video3D; System32\Drivers\Video3D32.sys [X]
     
    ==================== NetSvcs (Whitelisted) ===================
     
    NETSVC: Sacsvr -> C:\Windows\system32\sacsvr.dll (Microsoft Corporation)
    NETSVC: TrkSvr -> C:\Windows\system32\trksvr.dll (Microsoft Corporation)
     
    ==================== One Month Created Files and Folders ========
     
    2014-05-09 09:01 - 2014-05-09 09:03 - 00012056 _____ () C:\Documents and Settings\caloffice.CALOFFICE\Desktop\FRST.txt
    2014-05-09 07:59 - 2014-05-09 07:59 - 00008436 _____ () C:\WINDOWS\setupapi.log
    2014-05-09 07:37 - 2014-05-09 07:37 - 00010248 _____ () C:\WINDOWS\PFRO.log
    2014-05-08 17:56 - 2014-05-09 09:01 - 00000000 ____D () C:\FRST
    2014-05-08 17:55 - 2014-05-08 17:56 - 01053184 _____ (Farbar) C:\Documents and Settings\caloffice.CALOFFICE\Desktop\FRST.exe
    2014-05-05 07:44 - 2014-05-05 07:44 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-05-05 07:43 - 2014-05-07 07:27 - 00050648 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
    2014-05-05 07:43 - 2014-05-05 07:44 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
    2014-05-05 07:43 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
    2014-05-02 07:09 - 2014-05-02 07:09 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2927811$
    2014-05-01 07:05 - 2014-05-01 07:06 - 00000000 ____D () C:\Program Files\Defraggler
    2014-05-01 07:05 - 2014-05-01 07:05 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Defraggler
    2014-04-09 06:17 - 2014-04-09 06:17 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
    2014-04-09 02:11 - 2014-03-06 10:57 - 01216000 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\urlmon.dll
    2014-04-09 02:11 - 2014-03-06 10:57 - 01216000 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2014-04-09 02:11 - 2014-03-06 10:57 - 00920064 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wininet.dll
    2014-04-09 02:11 - 2014-03-06 10:57 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2014-04-09 02:11 - 2014-03-06 10:57 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
    2014-04-09 02:11 - 2014-03-06 10:57 - 00206848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\occache.dll
    2014-04-09 02:11 - 2014-03-06 10:57 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
    2014-04-09 02:11 - 2014-03-06 10:57 - 00105984 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\url.dll
    2014-04-09 02:11 - 2014-03-06 10:57 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
    2014-04-09 02:11 - 2014-03-06 10:57 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
    2014-04-09 02:10 - 2014-03-06 10:57 - 11113472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2014-04-09 02:10 - 2014-03-06 10:57 - 02006016 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2014-04-09 02:10 - 2014-02-06 02:25 - 01044480 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kernel32.dll
    2014-04-09 02:10 - 2014-02-06 02:25 - 01044480 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
     
    ==================== One Month Modified Files and Folders =======
     
    2014-05-09 09:03 - 2014-05-09 09:01 - 00012056 _____ () C:\Documents and Settings\caloffice.CALOFFICE\Desktop\FRST.txt
    2014-05-09 09:02 - 2006-11-09 16:08 - 00015004 _____ () C:\WINDOWS\cfgall.ini
    2014-05-09 09:01 - 2014-05-08 17:56 - 00000000 ____D () C:\FRST
    2014-05-09 09:01 - 2012-04-16 06:29 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2014-05-09 09:01 - 2011-03-13 12:06 - 00000438 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{5A530E92-A2C6-4614-A4D3-432F6647BFBE}.job
    2014-05-09 09:01 - 2009-06-10 14:50 - 14326172 _____ () C:\WINDOWS\system32\TmInstall.log
    2014-05-09 08:58 - 2006-11-09 18:50 - 01590479 _____ () C:\WINDOWS\WindowsUpdate.log
    2014-05-09 08:44 - 2012-06-15 06:28 - 00000892 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2014-05-09 08:30 - 2008-06-19 06:07 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\LogMeIn
    2014-05-09 08:27 - 2012-06-15 06:28 - 00000888 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2014-05-09 08:27 - 2006-11-09 15:41 - 00000136 _____ () C:\WINDOWS\system32\config\netlogon.ftl
    2014-05-09 08:20 - 2006-11-08 11:18 - 00610732 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
    2014-05-09 07:59 - 2014-05-09 07:59 - 00008436 _____ () C:\WINDOWS\setupapi.log
    2014-05-09 07:59 - 2014-01-21 15:42 - 00000735 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\LogMeIn Client.lnk
    2014-05-09 07:59 - 2003-03-25 05:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
    2014-05-09 07:37 - 2014-05-09 07:37 - 00010248 _____ () C:\WINDOWS\PFRO.log
    2014-05-09 07:37 - 2014-02-26 15:07 - 00065964 _____ () C:\Documents and Settings\LocalService\objsrv.log
    2014-05-09 07:37 - 2006-11-08 19:35 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
    2014-05-09 07:19 - 2007-02-21 11:54 - 00000186 _____ () C:\WINDOWS\hpbafd.ini
    2014-05-09 06:32 - 2011-03-13 12:31 - 00000000 ____D () C:\Documents and Settings\caloffice.CALOFFICE
    2014-05-09 03:13 - 2013-09-18 11:14 - 00000518 _____ () C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 88e26820-3367-484b-820c-5f7c97575737.job
    2014-05-09 00:19 - 2014-03-18 17:30 - 00000562 _____ () C:\WINDOWS\Tasks\Paragon SRVR-LMS Full Image Full.job
    2014-05-08 23:03 - 2006-11-08 11:13 - 00000000 ____D () C:\WINDOWS\repair
    2014-05-08 21:14 - 2006-11-08 11:13 - 00000000 ____D () C:\WINDOWS\security
    2014-05-08 21:00 - 2013-09-18 11:14 - 00000518 _____ () C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 993ae6a9-7cf7-468e-9795-06d41e230abd.job
    2014-05-08 20:44 - 2006-11-08 19:35 - 00032622 _____ () C:\WINDOWS\Tasks\SchedLgU.Txt
    2014-05-08 17:56 - 2014-05-08 17:55 - 01053184 _____ (Farbar) C:\Documents and Settings\caloffice.CALOFFICE\Desktop\FRST.exe
    2014-05-07 07:27 - 2014-05-05 07:43 - 00050648 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
    2014-05-07 07:07 - 2007-02-26 11:40 - 00000000 ____D () C:\WINDOWS\Minidump
    2014-05-06 07:58 - 2011-03-13 12:32 - 00000178 ___SH () C:\Documents and Settings\caloffice.CALOFFICE\ntuser.ini
    2014-05-06 07:58 - 2006-12-12 15:04 - 00393216 _____ () C:\WINDOWS\system32\config\DocForm Server Log.evt
    2014-05-06 06:07 - 2010-05-25 06:45 - 00000000 ____D () C:\Documents and Settings\administrator.COSINC\Desktop\TuneUp
    2014-05-05 07:44 - 2014-05-05 07:44 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-05-05 07:44 - 2014-05-05 07:43 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
    2014-05-02 07:22 - 2006-11-08 11:13 - 00000000 ____D () C:\WINDOWS\system32\LogFiles
    2014-05-02 07:19 - 2013-11-13 07:53 - 00000000 ____D () C:\WINDOWS\system32\MRT
    2014-05-02 07:09 - 2014-05-02 07:09 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2927811$
    2014-05-01 07:06 - 2014-05-01 07:05 - 00000000 ____D () C:\Program Files\Defraggler
    2014-05-01 07:05 - 2014-05-01 07:05 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Defraggler
    2014-04-30 02:40 - 2014-03-12 00:19 - 06022144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2014-04-30 02:40 - 2014-02-12 01:40 - 06022144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll
    2014-04-28 07:13 - 2010-01-11 07:21 - 00000000 ____D () C:\Program Files\CCleaner
    2014-04-24 06:25 - 2014-04-01 07:12 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2014-04-18 06:43 - 2014-01-21 15:42 - 00000719 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\LogMeIn Control Panel.lnk
    2014-04-18 06:43 - 2006-11-28 15:40 - 00001024 _____ () C:\.rnd
    2014-04-18 06:42 - 2010-01-17 09:34 - 00000000 ____D () C:\Program Files\LogMeIn
    2014-04-18 06:41 - 2010-01-17 09:34 - 00086888 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIRfsClientNP.dll
    2014-04-18 06:41 - 2010-01-17 09:34 - 00085832 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIinit.dll
    2014-04-18 06:41 - 2010-01-17 09:34 - 00031560 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIport.dll
    2014-04-10 23:30 - 2010-01-17 09:34 - 00086888 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIRfsClientNP.dll.000.bak
    2014-04-10 23:30 - 2006-11-28 15:41 - 00085832 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIinit.dll.000.bak
    2014-04-09 06:17 - 2014-04-09 06:17 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
     
    ==================== Bamital & volsnap Check =================
     
    C:\WINDOWS\explorer.exe
    [2007-02-17 07:03] - [2007-02-17 07:03] - 1053184 ____A (Microsoft Corporation) A26C39540F8BE3729846E360E2C57344
     
    C:\WINDOWS\system32\winlogon.exe
    [2007-02-17 07:04] - [2007-02-17 07:04] - 0528384 ____A (Microsoft Corporation) B4AA8AE0F18E5DFCF99A671A181D3EDC
     
    C:\WINDOWS\system32\svchost.exe
    [2007-02-17 07:04] - [2007-02-17 07:04] - 0014848 ____A (Microsoft Corporation) C09CCFE81DEC9B162533D7184D705682
     
    C:\WINDOWS\system32\services.exe
    [2003-03-25 05:00] - [2009-02-03 04:07] - 0113152 ____A (Microsoft Corporation) CF500580CDD83B145646A4DCFCE1CF3C
     
    C:\WINDOWS\system32\User32.dll
    [2007-04-04 06:35] - [2007-03-01 23:38] - 0583680 ____A (Microsoft Corporation) 1959150096B010BA953A78B0D6B0B4E4
     
    C:\WINDOWS\system32\userinit.exe
    [2003-03-25 05:00] - [2007-02-17 07:04] - 0026112 ____A (Microsoft Corporation) B5FEB3B971A8B8C81CE9DE65031A87E5
     
    C:\WINDOWS\system32\rpcss.dll
    [2009-04-15 16:55] - [2009-02-09 04:02] - 0486912 ____A (Microsoft Corporation) 305A8757D66B5D416B47C497C27A01FE
     
     ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
    C:\WINDOWS\system32\Drivers\volsnap.sys
    [2003-03-25 05:00] - [2012-08-21 05:56] - 0153600 ____A (Microsoft Corporation) 701D86EC9D221F68C8528CC47D3958E6
     
    C:\Windows\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION!.
     
    ==================== End Of Log ============================

    • 0

    #8
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,658 posts
    • MVP

    Do you know what this is:

     

    C:\UBL\bin\UBLServ.exe

     

    If not submit it to virustotal.com:

     

     

     
    Easiest way to submit a file is to copy the path:
     
    C:\UBL\bin\UBLServ.exe
     
    Then
    Go to virustotal.com with your browser.  Click on Choose File then when the file chooser window opens, move down to the File Name: box and then Ctrl + v and the path should appear.  Hit Open and it should return to the main page with UBLServ.exe chosen.  Click on Scan it.  If it knows the file already it will tell you it's already been analyzed and offer you a choice of Reanalyze and View Last Analysis.  In that case click on View Last Analysis.  If it doesn't know the file it will take a minute to query 46 different anti-virus companies.  In either case, If the Detection ratio: is not 0 / 46 (or so - the last number changes daily) then copy the Analysis page and paste it into the forum.  You can just hit Ctrl + a then Ctrl + c to copy the page then go to a reply and Ctrl + v.

    • 0

    #9
    bhzendner

    bhzendner

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 223 posts

    I know that file it is very important it runs one of the softwares on this machine.

    I am afraid your fix might have not been nice to it.


    • 0

    #10
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,658 posts
    • MVP

    Attached fixlist should restore it to prefix conditions.

     

    Download the attached fixlist.txt to the same location as FRST
    Run FRST and press Fix
    A fix log will be generated please post that.  Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.
     
     

    • 0

    Advertisements


    #11
    bhzendner

    bhzendner

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 223 posts

    Running the fix did not produce a log?

     

    Running a Scan...

     

    Additional...

     

    Additional scan result of Farbar Recovery Scan Tool (x86) Version:11-05-2014 01
    Ran by caloffice at 2014-05-12 07:20:00
    Running from C:\Documents and Settings\caloffice.CALOFFICE\Desktop
    Boot Mode: Normal
    ==========================================================
     
     
    ==================== Security Center ========================
     
     
    ==================== Installed Programs ======================
     
    Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) (Version: 8.1.2 - Adobe Systems, Inc) Hidden
    Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.2.202.233 - Adobe Systems Incorporated)
    Adobe Reader 8.1.2 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A81200000003}) (Version: 8.1.2 - Adobe Systems Incorporated)
    Adobe Reader 8.1.2 Security Update 1 (KB403742) (HKLM\...\{AC76BA86-7AD7-1033-7B44-A81200000003}_Adobe Reader 8.1.2) (Version:  - )
    Boot Media Builder for Paragon Hard Disk Manager™ 14 Premium Edition (HKLM\...\{3E9F3D5C-8B49-5854-ACF6-75EE3C96A6CC}) (Version: 1.00.0000 - Paragon Software)
    CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
    CleanUp! (HKLM\...\CleanUp!) (Version:  - )
    Defraggler (HKLM\...\Defraggler) (Version: 2.18 - Piriform)
    DocForm 5.0 Professional (HKLM\...\{869ED054-0A06-47A2-995E-DA20A571BDCF}) (Version: 5.0.1 - Prism Software Corporation)
    DocForm Professional 4.2 (HKLM\...\{C560143C-E9D4-4E88-96E2-7D242B4479C9}) (Version: 4.2.0 - Prism Software Corporation)
    FileZilla Client 3.2.4.1 (HKLM\...\FileZilla Client) (Version: 3.2.4.1 - )
    Google Chrome (HKLM\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)
    Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
    Hyper-V Integration Services (version 6.2.9200.16384) (HKLM\...\{E675F32B-3508-4658-84EC-2069EE621899}) (Version: 3.9200.16384 - Microsoft Corporation)
    Intel® PRO Network Adapters and Drivers (HKLM\...\PROSet) (Version:  - )
    Kyocera Product Library (HKLM\...\Kyocera Product Library) (Version: 2.0.0713 - Kyocera Mita Corporation)
    Linksys PrintServer Driver (HKLM\...\Linksys PrintServer Driver) (Version:  - )
    LogMeIn (HKLM\...\{34F93E31-E1A0-421C-8E86-BCF7C4193A91}) (Version: 4.0.982 - LogMeIn, Inc.)
    LogMeIn (HKLM\...\{7F831576-6246-42C7-B523-55B3F96509CC}) (Version: 4.0.784 - LogMeIn, Inc.)
    Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
    Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
    Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 (Version:  - Microsoft Corporation) Hidden
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 (Version:  - Microsoft Corporation) Hidden
    Microsoft SQL Server Native Client (HKLM\...\{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}) (Version: 9.00.3042.00 - Microsoft Corporation)
    Microsoft User-Mode Driver Framework Feature Pack 1.9 (HKLM\...\Wudf01009) (Version:  - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft XML Parser (Version: 8.70.1104.04 - Microsoft Corporation) Hidden
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
    MSXML 6 Service Pack 2 (KB2758696) (HKLM\...\{E46A76D1-9FB9-4770-BA24-3975EF4D120A}) (Version: 6.20.2016.0 - Microsoft Corporation)
    Paragon Hard Disk Manager™ 14 Premium Edition (HKLM\...\{619A89DE-5F01-11E2-85E8-000C2982512D}) (Version: 90.00.0003 - Paragon Software)
    PowerChute Network Shutdown (HKLM\...\PowerChute Network Shutdown) (Version:  - American Power Conversion)
    PrintKey2000 (HKLM\...\PrintKey2000) (Version:  - )
    Promise Array Management (HKLM\...\Promise Array Management) (Version:  - )
    Recovery Media Builder™ (HKLM\...\{EC1AB719-E98B-532C-95D4-381FB69F5CD2}) (Version: 1.00.0000 - Paragon Software)
    Shadow Copy Client (HKLM\...\{23E5032B-56CA-4C19-A72E-B50161DB82CA}) (Version: 5.2.01 - Microsoft)
    SonicWALL Continuous Data Protection (HKLM\...\{E61925A2-F785-413E-B245-B8EB12AE24E0}) (Version: 5.0.3 - SonicWALL)
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1144 - SUPERAntiSpyware.com)
    Transoft U/BL for Windows 2000 & xp (HKLM\...\UBL) (Version:  - )
    TreeSize Free V2.1 (HKLM\...\TreeSize Free_is1) (Version:  - JAM Software)
    Trend Micro Worry-Free Business Security Agent (HKLM\...\Wofie) (Version: 18.0.2013 - Trend Micro Inc.)
    Trend Micro Worry-Free Business Security Agent (Version: 8.0 - Trend Micro Inc.) Hidden
    U/Gi 32 bit Edition (HKLM\...\UGi32) (Version:  - )
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2473228) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2468871) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2533523) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2600217) (Version: 1 - Microsoft Corporation)
    Update for Windows Internet Explorer 8 (KB2632503) (HKLM\...\KB2632503-IE8) (Version: 1 - Microsoft Corporation)
    Update for Windows Internet Explorer 8 (KB971180) (HKLM\...\KB971180-IE8) (Version: 1 - Microsoft Corporation)
    Update for Windows Internet Explorer 8 (KB971930) (HKLM\...\KB971930-IE8) (Version: 1 - Microsoft Corporation)
    Update for Windows Internet Explorer 8 (KB973874) (HKLM\...\KB973874-IE8) (Version: 1 - Microsoft Corporation)
    Update for Windows Internet Explorer 8 (KB975364) (HKLM\...\KB975364-IE8) (Version: 1 - Microsoft Corporation)
    Update for Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8) (Version: 1 - Microsoft Corporation)
    Update for Windows Internet Explorer 8 (KB976749) (HKLM\...\KB976749-IE8) (Version: 1 - Microsoft Corporation)
    Update for Windows Internet Explorer 8 (KB978506) (HKLM\...\KB978506-IE8) (Version: 1 - Microsoft Corporation)
    Update for Windows Internet Explorer 8 (KB980182) (HKLM\...\KB980182-IE8) (Version: 1 - Microsoft Corporation)
    Update for Windows Internet Explorer 8 (KB980302) (HKLM\...\KB980302-IE8) (Version: 1 - Microsoft Corporation)
    Update for Windows Internet Explorer 8 (KB982632) (HKLM\...\KB982632-IE8) (Version: 1 - Microsoft Corporation)
    Update for Windows Server 2003 (KB2388210) (HKLM\...\KB2388210) (Version:  - )
    Update for Windows Server 2003 (KB2492386) (HKLM\...\KB2492386) (Version: 1 - Microsoft Corporation)
    Update for Windows Server 2003 (KB2607712) (HKLM\...\KB2607712) (Version: 1 - Microsoft Corporation)
    Update for Windows Server 2003 (KB2616676) (HKLM\...\KB2616676) (Version: 1 - Microsoft Corporation)
    Update for Windows Server 2003 (KB2641690-v2) (HKLM\...\KB2641690-v2) (Version: 2 - Microsoft Corporation)
    Update for Windows Server 2003 (KB2661254) (HKLM\...\KB2661254) (Version: 1 - Microsoft Corporation)
    Update for Windows Server 2003 (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
    Update for Windows Server 2003 (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
    Update for Windows Server 2003 (KB2748349) (HKLM\...\KB2748349) (Version: 1 - Microsoft Corporation)
    Update for Windows Server 2003 (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
    Update for Windows Server 2003 (KB2808679) (HKLM\...\KB2808679) (Version: 1 - Microsoft Corporation)
    Update for Windows Server 2003 (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
    Update for Windows Server 2003 (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
    Update for Windows Server 2003 (KB2927811) (HKLM\...\KB2927811) (Version: 1 - Microsoft Corporation)
    Update for Windows Server 2003 (KB943295) (HKLM\...\KB943295) (Version:  - )
    Update for Windows Server 2003 (KB943729) (HKLM\...\KB943729) (Version:  - Microsoft Corporation)
    Update for Windows Server 2003 (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
    Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
    Windows Internet Explorer 7 (Version: 20061027.150806 - Microsoft Corporation) Hidden
    Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
    Windows Management Framework Core (HKLM\...\KB968930) (Version:  - Microsoft Corporation)
    Windows Presentation Foundation (Version: 3.0.6920.0 - Microsoft Corporation) Hidden
    Windows Server 2003 Service Pack 2 (HKLM\...\Windows Server 2003 Service Pack) (Version: 20070217.021455 - Microsoft Corporation)
    Windows Small Business Server 2011 Standard ClientAgent (HKLM\...\{3032BC7D-E713-452D-AAF7-F5ED073226C8}) (Version: 6.1.7900.1 - Microsoft Corporation)
    Windows Small Business Server 2011 Standard WMI Provider (Version: 6.1.7900.1 - Microsoft Corporation) Hidden
    XML Paper Specification Shared Components Pack 1.0 (Version:  - Microsoft Corporation) Hidden
     
    ==================== Restore Points  =========================
     
    Could not list Restore Points. Check "winmgmt" service or repair WMI.
     
     
    ==================== Hosts content: ==========================
     
    2003-03-25 05:00 - 2003-03-25 05:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
    127.0.0.1       localhost
     
    ==================== Scheduled Tasks (whitelisted) =============
     
    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\Paragon SRVR-LMS Full Image Full.job => C:\PROGRA~1\PARAGO~1\HARDDI~2\program\scripts.exe
    Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 88e26820-3367-484b-820c-5f7c97575737.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 993ae6a9-7cf7-468e-9795-06d41e230abd.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{5A530E92-A2C6-4614-A4D3-432F6647BFBE}.job => C:\WINDOWS\system32\msfeedssync.exe
     
    ==================== Loaded Modules (whitelisted) =============
     
     
    ==================== Alternate Data Streams (whitelisted) =========
     
     
    ==================== Safe Mode (whitelisted) ===================
     
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wd.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
     
    ==================== EXE Association (whitelisted) =============
     
     
    ==================== Disabled items from MSCONFIG ==============
     
     
    ==================== Faulty Device Manager Devices =============
     
     
    ==================== Event log errors: =========================
     
    Application errors:
    ==================
    Error: (05/11/2014 11:10:05 PM) (Source: Userenv) (User: NT AUTHORITY) (EventID: 1030)
    Description: Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this.
     
    Error: (05/11/2014 11:09:08 PM) (Source: Userenv) (User: NT AUTHORITY) (EventID: 1030)
    Description: Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this.
     
    Error: (05/09/2014 09:58:14 AM) (Source: Application Error) (User: ) (EventID: 1000)
    Description: Faulting application mbam.exe, version 1.0.0.500, faulting module msvcr100.dll, version 10.0.40219.325, fault address 0x0008d6fd.
    Processing media-specific event for [mbam.exe!ws!]
     
    Error: (05/09/2014 09:55:30 AM) (Source: Application Error) (User: ) (EventID: 1000)
    Description: Faulting application mbam.exe, version 1.0.0.500, faulting module msvcr100.dll, version 10.0.40219.325, fault address 0x0008d6fd.
    Processing media-specific event for [mbam.exe!ws!]
     
    Error: (05/09/2014 09:26:39 AM) (Source: Application Error) (User: ) (EventID: 1000)
    Description: Faulting application mbam.exe, version 1.0.0.500, faulting module msvcr100.dll, version 10.0.40219.325, fault address 0x0008d6fd.
    Processing media-specific event for [mbam.exe!ws!]
     
    Error: (05/09/2014 09:19:35 AM) (Source: Application Error) (User: ) (EventID: 1001)
    Description: Fault bucket 170779580.
    The Wep key exchange did not result in a secure connection setup after 802.1x authentication.  The current setting has been marked as failed and the Wireless connection will be disconnected.
     
    Error: (05/09/2014 09:14:18 AM) (Source: Userenv) (User: CALOFFICE) (EventID: 1030)
    Description: Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this.
     
    Error: (05/09/2014 09:13:40 AM) (Source: Userenv) (User: NT AUTHORITY) (EventID: 1030)
    Description: Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this.
     
    Error: (05/09/2014 09:13:11 AM) (Source: Userenv) (User: NT AUTHORITY) (EventID: 1030)
    Description: Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this.
     
    Error: (05/09/2014 09:08:08 AM) (Source: Application Error) (User: ) (EventID: 1000)
    Description: Faulting application mbam.exe, version 1.0.0.500, faulting module msvcr100.dll, version 10.0.40219.325, fault address 0x0008d6fd.
    Processing media-specific event for [mbam.exe!ws!]
     
     
    System errors:
    =============
    Error: (05/12/2014 06:51:10 AM) (Source: W32Time) (User: ) (EventID: 29)
    Description: The time provider NtpClient is configured to acquire time from one or more
    time sources, however none of the sources are currently accessible. 
    No attempt to contact a source will be made for 15 minutes.
    NtpClient has no source of accurate time.
     
    Error: (05/12/2014 06:44:46 AM) (Source: System Error) (User: ) (EventID: 1003)
    Description: Error code 1000008e, parameter1 c0000005, parameter2 bf8998d4, parameter3 b8074be0, parameter4 00000000.
     
    Error: (05/12/2014 05:45:22 AM) (Source: W32Time) (User: ) (EventID: 29)
    Description: The time provider NtpClient is configured to acquire time from one or more
    time sources, however none of the sources are currently accessible. 
    No attempt to contact a source will be made for 15 minutes.
    NtpClient has no source of accurate time.
     
    Error: (05/12/2014 04:39:32 AM) (Source: W32Time) (User: ) (EventID: 29)
    Description: The time provider NtpClient is configured to acquire time from one or more
    time sources, however none of the sources are currently accessible. 
    No attempt to contact a source will be made for 15 minutes.
    NtpClient has no source of accurate time.
     
    Error: (05/12/2014 03:33:50 AM) (Source: W32Time) (User: ) (EventID: 29)
    Description: The time provider NtpClient is configured to acquire time from one or more
    time sources, however none of the sources are currently accessible. 
    No attempt to contact a source will be made for 15 minutes.
    NtpClient has no source of accurate time.
     
    Error: (05/12/2014 02:28:08 AM) (Source: W32Time) (User: ) (EventID: 29)
    Description: The time provider NtpClient is configured to acquire time from one or more
    time sources, however none of the sources are currently accessible. 
    No attempt to contact a source will be made for 15 minutes.
    NtpClient has no source of accurate time.
     
    Error: (05/12/2014 01:22:27 AM) (Source: W32Time) (User: ) (EventID: 29)
    Description: The time provider NtpClient is configured to acquire time from one or more
    time sources, however none of the sources are currently accessible. 
    No attempt to contact a source will be made for 15 minutes.
    NtpClient has no source of accurate time.
     
    Error: (05/12/2014 00:16:43 AM) (Source: W32Time) (User: ) (EventID: 29)
    Description: The time provider NtpClient is configured to acquire time from one or more
    time sources, however none of the sources are currently accessible. 
    No attempt to contact a source will be made for 15 minutes.
    NtpClient has no source of accurate time.
     
    Error: (05/11/2014 11:08:41 PM) (Source: 0) (User: ) (EventID: 18)
    Description: 
     
    Error: (05/11/2014 11:08:33 PM) (Source: EventLog) (User: ) (EventID: 6008)
    Description: The previous system shutdown at 11:06:28 PM on 5/11/2014 was unexpected.
     
     
    Microsoft Office Sessions:
    =========================
    Error: (05/11/2014 11:10:05 PM) (Source: Userenv) (User: NT AUTHORITY) (EventID: 1030)
    Description: 
     
    Error: (05/11/2014 11:09:08 PM) (Source: Userenv) (User: NT AUTHORITY) (EventID: 1030)
    Description: 
     
    Error: (05/09/2014 09:58:14 AM) (Source: Application Error) (User: ) (EventID: 1000)
    Description: mbam.exe1.0.0.500msvcr100.dll10.0.40219.3250008d6fd
     
    Error: (05/09/2014 09:55:30 AM) (Source: Application Error) (User: ) (EventID: 1000)
    Description: mbam.exe1.0.0.500msvcr100.dll10.0.40219.3250008d6fd
     
    Error: (05/09/2014 09:26:39 AM) (Source: Application Error) (User: ) (EventID: 1000)
    Description: mbam.exe1.0.0.500msvcr100.dll10.0.40219.3250008d6fd
     
    Error: (05/09/2014 09:19:35 AM) (Source: Application Error) (User: ) (EventID: 1001)
    Description: 170779580
     
    Error: (05/09/2014 09:14:18 AM) (Source: Userenv) (User: CALOFFICE) (EventID: 1030)
    Description: 
     
    Error: (05/09/2014 09:13:40 AM) (Source: Userenv) (User: NT AUTHORITY) (EventID: 1030)
    Description: 
     
    Error: (05/09/2014 09:13:11 AM) (Source: Userenv) (User: NT AUTHORITY) (EventID: 1030)
    Description: 
     
    Error: (05/09/2014 09:08:08 AM) (Source: Application Error) (User: ) (EventID: 1000)
    Description: mbam.exe1.0.0.500msvcr100.dll10.0.40219.3250008d6fd
     
     
    ==================== Memory info =========================== 
     
    Percentage of memory in use: 33%
    Total physical RAM: 2047.45 MB
    Available physical RAM: 1368.09 MB
    Total Pagefile: 3944.13 MB
    Available Pagefile: 3406.89 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1964.47 MB
     
    ==================== Drives ================================
     
    Drive c: () (Fixed) (Total:34.46 GB) (Free:15.16 GB) NTFS
    Drive e: (VMGUEST) (CDROM) (Total:0.03 GB) (Free:0 GB) CDFS
    Drive f: (DATA) (Fixed) (Total:232.81 GB) (Free:209.11 GB) NTFS
    Drive p: () (Network) (Total:474.9 GB) (Free:179.08 GB) NTFS
    Drive t: () (Network) (Total:474.9 GB) (Free:179.08 GB) NTFS
    Drive x: (BOOT) (Network) (Total:48.83 GB) (Free:8.84 GB) NTFS
    Drive y: (DATA01) (Network) (Total:1861.71 GB) (Free:581.42 GB) NTFS
     
    ==================== MBR & Partition Table ==================
     
    ========================================================
    Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 34 GB) (Disk ID: B4525A29)
    Partition 1: (Active) - (Size=34 GB) - (Type=07 NTFS)
     
    ========================================================
    Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: EADE756F)
    Partition 1: (Not Active) - (Size=233 GB) - (Type=07 NTFS)
     
    ==================== End Of Log ============================
     
     
    Frst Text...
     
    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:11-05-2014 01
    Ran by caloffice (administrator) on SRVR-LMS on 12-05-2014 07:17:45
    Running from C:\Documents and Settings\caloffice.CALOFFICE\Desktop
    Platform: Microsoft® Windows® Server 2003, Standard Edition Service Pack 2 (X86) OS Language: English(US)
    Internet Explorer Version 8
    Boot Mode: Normal
     
    The only official download link for FRST:
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
     
    ==================== Processes (Whitelisted) =================
     
     
     
    ==================== Registry (Whitelisted) ==================
     
    HKLM\...\Run: [PtiuPbmd] => C:\WINDOWS\system32\ptipbm.dll [24576 2006-11-08] (Promise Technology,Inc.)
    HKLM\...\Run: [Ptipbmf] => C:\WINDOWS\system32\ptipbmf.dll [118784 2003-06-20] (Promise Technology, Inc.)
    HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [39792 2008-01-11] (Adobe Systems Incorporated)
    HKLM\...\Run: [LogMeIn GUI] => C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [63048 2008-08-11] (LogMeIn, Inc.)
    HKLM\...\Run: [OfficeScanNT Monitor] => C:\Program Files\Trend Micro\Security Agent\pccntmon.exe [1373040 2013-08-29] (Trend Micro Inc.)
    HKLM\...\Run: [UserFaultCheck] => %systemroot%\system32\dumprep 0 -u
    HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
    HKLM\...\Winlogon: [UIHost] %SystemRoot%\system32\logonui.exe [x ] ()
    Winlogon\Notify\LMIinit: C:\WINDOWS\system32\LMIinit.dll (LogMeIn, Inc.)
    HKLM\...\Policies\Explorer: [ShowSuperHidden] 1
    HKU\.DEFAULT\...\RunOnce: [tscuninstall] - C:\WINDOWS\system32\tscupgrd.exe [44032 2003-03-25] (Microsoft Corporation)
    HKU\.DEFAULT\...\RunOnce: [TSClientMSIUninstaller] - cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"
    HKU\S-1-5-19\...\RunOnce: [tscuninstall] - C:\WINDOWS\system32\tscupgrd.exe [44032 2003-03-25] (Microsoft Corporation)
    HKU\S-1-5-20\...\RunOnce: [tscuninstall] - C:\WINDOWS\system32\tscupgrd.exe [44032 2003-03-25] (Microsoft Corporation)
    Lsa: [Notification Packages] RASSFM KDCSVC WDIGEST scecli
    Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Printkey2000.lnk
    ShortcutTarget: Printkey2000.lnk -> C:\Program Files\PrintKey2000\Printkey2000.exe (Fred's Software)
     
    ==================== Internet (Whitelisted) ====================
     
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://companyweb
    HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://companyweb
    BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\Security Agent\TmIEPlg.dll (Trend Micro Inc.)
    DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab
    DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} http://srvr-cos/conn...uter/nshelp.dll
    DPF: {8BBDC81D-81B3-49EE-87E8-47B7A707FAE8} https://www1.gotomee...ets/g2mdlax.cab
    DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
    DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100
    Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\Security Agent\TmIEPlg.dll (Trend Micro Inc.)
    ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com)
    Winsock: Catalog5 03 %SystemRoot%\System32\mswsock.dll [256000] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
    Tcpip\..\Interfaces\{1B4DE293-EA07-4106-97D6-75AED790C150}: [NameServer]192.168.192.10
    Tcpip\..\Interfaces\{3C489710-A503-476B-AB68-153F2A7F1798}: [NameServer]192.168.192.11
    Tcpip\..\Interfaces\{BC23F679-DD05-4603-9309-D9599BCFBCF7}: [NameServer]192.168.192.11,8.8.8.8
    Tcpip\..\Interfaces\{C0EDACF3-3558-4517-9D09-C2E19546560E}: [NameServer]192.168.192.10
     
    FireFox:
    ========
    FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
    FF HKLM\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\Security Agent\FirefoxExtension
    FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\Security Agent\FirefoxExtension [2013-03-25]
     
    ========================== Services (Whitelisted) =================
     
    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-09-10] (SUPERAntiSpyware.com)
    S3 Dfs; C:\WINDOWS\system32\Dfssvc.exe [164864 2007-02-17] (Microsoft Corporation)
    S3 DocForm5Svc; C:\Program Files\Prism Software\DocForm 5\DocForm5Svc.exe [28672 2007-03-28] (Prism Software)
    R2 DocFormSvc; c:\program files\prism software\docform\docformsvc.exe [36864 2006-08-08] (Prism Software)
    S4 IsmServ; C:\WINDOWS\System32\ismserv.exe [40448 2007-02-17] (Microsoft Corporation)
    S4 kdc; C:\WINDOWS\System32\lsass.exe [13312 2003-03-25] (Microsoft Corporation)
    S4 LicenseService; C:\WINDOWS\System32\llssrv.exe [94720 2007-02-17] (Microsoft Corporation)
    R2 LPDSVC; C:\WINDOWS\system32\tcpsvcs.exe [21504 2003-03-25] (Microsoft Corporation)
    S3 NtFrs; C:\WINDOWS\system32\ntfrs.exe [792064 2007-02-17] (Microsoft Corporation)
    R2 ntrtscan; C:\Program Files\Trend Micro\Security Agent\ntrtscan.exe [2279440 2013-11-21] (Trend Micro Inc.)
    R2 PCNS1; C:\Program Files\APC\PowerChute\group1\pcns.exe [29952 2008-05-15] (American Power Conversion Corporation)
    S3 RSoPProv; C:\WINDOWS\system32\RSoPProv.exe [67072 2007-02-17] (Microsoft Corporation)
    S3 sacsvr; C:\WINDOWS\system32\sacsvr.dll [12288 2003-03-25] (Microsoft Corporation)
    R2 SonicWALLCDPAgent; C:\Program Files\SonicWALL\SonicWALL Continuous Data Protection\CDPAgentService.exe [35328 2009-05-21] (SonicWALL, Inc.)
    R2 tmlisten; C:\Program Files\Trend Micro\Security Agent\tmlisten.exe [2293088 2013-08-29] (Trend Micro Inc.)
    R3 TmProxy; C:\Program Files\Trend Micro\Security Agent\TmProxy.exe [689712 2012-08-08] (Trend Micro Inc.)
    S4 TrkSvr; C:\WINDOWS\system32\trksvr.dll [50688 2003-03-25] (Microsoft Corporation)
    S4 Tssdis; C:\WINDOWS\System32\tssdis.exe [71168 2007-02-17] (Microsoft Corporation)
    R2 UBLService5; C:\UBL\bin\UBLServ.exe [16384 2003-08-17] ()
    S3 uploadmgr; C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll [39936 2007-02-17] (Microsoft Corporation)
    S2 ATKKeyboardService; C:\WINDOWS\ATKKBService.exe [X]
    R2 Eventlog;  [X]
     
    ==================== Drivers (Whitelisted) ====================
     
    R1 AmdPPM; C:\WINDOWS\System32\DRIVERS\AmdPPM.sys [33792 2007-04-16] (Advanced Micro Devices)
    S3 asusgsb; C:\WINDOWS\System32\drivers\asusgsb.sys [12416 2007-07-12] (ASUSTeK Computer Inc.)
    S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17408 2007-02-17] (Microsoft Corporation)
    S4 ClusDisk; C:\WINDOWS\System32\DRIVERS\ClusDisk.sys [69120 2007-02-16] (Microsoft Corporation)
    R0 DfsDriver; C:\WINDOWS\System32\drivers\Dfs.sys [34816 2007-02-16] (Microsoft Corporation)
    S3 E1000; C:\WINDOWS\System32\DRIVERS\e1000325.sys [121344 2003-03-11] (Intel Corporation)
    R1 EIO; C:\WINDOWS\system32\drivers\EIO.sys [12288 2007-07-12] (ASUSTeK Computer Inc.)
    R0 fasttx2k; C:\WINDOWS\System32\DRIVERS\fasttx2k.sys [127488 2003-08-06] (Promise Technology, Inc.)
    S3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10112 2003-03-24] (Microsoft Corporation)
    R0 gpt_loader; C:\WINDOWS\System32\DRIVERS\gpt_loader.sys [51792 2013-11-20] (Paragon Software Group)
    R0 hotcore3; C:\WINDOWS\System32\DRIVERS\hotcore3.sys [27464 2013-11-26] (Paragon Software Group)
    R1 LassoBackup; C:\WINDOWS\System32\DRIVERS\lassobackup.sys [38784 2006-03-22] (SonicWALL Inc.)
    S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [50648 2014-04-03] (Malwarebytes Corporation)
    S3 ms_mpu401; C:\WINDOWS\System32\drivers\msmpu401.sys [5120 2003-03-24] (Microsoft Corporation)
    S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [11776 2007-02-17] (Microsoft Corporation)
    R3 netvsc; C:\WINDOWS\System32\DRIVERS\netvsc50.sys [39040 2012-07-25] (Microsoft Corporation)
    R2 NwlnkIpx; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [90624 2007-02-16] (Microsoft Corporation)
    R2 NwlnkNb; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [65024 2003-03-25] (Microsoft Corporation)
    R2 NwlnkSpx; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [58368 2007-02-16] (Microsoft Corporation)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R3 SynthVid; C:\WINDOWS\System32\DRIVERS\VMBusVideoM.sys [18048 2012-07-25] (Microsoft Corporation)
    R2 tmcomm; C:\WINDOWS\system32\drivers\tmcomm.sys [258976 2012-11-13] (Trend Micro Inc.)
    R2 TmFilter; C:\Program Files\Trend Micro\Security Agent\TmXPFlt.sys [263968 2013-08-14] (Trend Micro Inc.)
    R2 TmPreFilter; C:\Program Files\Trend Micro\Security Agent\TmPreFlt.sys [36128 2013-08-14] (Trend Micro Inc.)
    R1 tmtdi; C:\WINDOWS\System32\DRIVERS\tmtdi.sys [92112 2010-12-06] (Trend Micro Inc.)
    R1 UimBus; C:\WINDOWS\System32\DRIVERS\UimBus.sys [91016 2013-11-26] ()
    R1 Uim_DEVIM; C:\WINDOWS\System32\DRIVERS\uim_devim.sys [20616 2013-11-26] ()
    R1 Uim_IM; C:\WINDOWS\System32\Drivers\Uim_IM.sys [540168 2013-11-26] ()
    S1 Uim_Vim; C:\WINDOWS\System32\Drivers\Uim_Vim.sys [283600 2012-12-11] (Paragon)
    R2 VSApiNt; C:\Program Files\Trend Micro\Security Agent\VSApiNt.sys [1517600 2013-08-14] (Trend Micro Inc.)
    S3 WLBS; C:\WINDOWS\System32\DRIVERS\wlbs.sys [169984 2007-02-16] (Microsoft Corporation)
    S4 adpu320; No ImagePath
    S3 aeaudio; system32\drivers\aeaudio.sys [X]
    S4 afcnt; No ImagePath
    S3 atillk64; \??\C:\WINDOWS\atillk64.sys [X]
    S4 cpqarry2; No ImagePath
    S4 cpqcissm; No ImagePath
    S4 cpqfcalm; No ImagePath
    S4 dellcerc; No ImagePath
    S4 hpt3xx; No ImagePath
    S4 iirsp; No ImagePath
    S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
    S4 ipsraidn; No ImagePath
    U3 LicenseInfo; No ImagePath
    S4 LMIRfsClientNP; No ImagePath
    S4 lp6nds35; No ImagePath
    S3 MidiSyn; system32\drivers\MidiSyn.sys [X]
    S4 nfrd960; No ImagePath
    S4 ql2100; No ImagePath
    S4 ql2200; No ImagePath
    S4 ql2300; No ImagePath
    U5 sacdrv; C:\Windows\System32\Drivers\sacdrv.sys [72704 2007-02-16] (Microsoft Corporation)
    U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [105472 2007-02-16] (Microsoft Corporation)
    S3 smwdm; system32\drivers\smwdm.sys [X]
    S4 symmpi; No ImagePath
    S3 Video3D; System32\Drivers\Video3D32.sys [X]
     
    ==================== NetSvcs (Whitelisted) ===================
     
    NETSVC: Sacsvr -> C:\Windows\system32\sacsvr.dll (Microsoft Corporation)
    NETSVC: TrkSvr -> C:\Windows\system32\trksvr.dll (Microsoft Corporation)
     
    ==================== One Month Created Files and Folders ========
     
    2014-05-12 07:17 - 2014-05-12 07:18 - 00012141 _____ () C:\Documents and Settings\caloffice.CALOFFICE\Desktop\FRST.txt
    2014-05-12 07:14 - 2014-05-12 07:14 - 00000000 ____D () C:\Documents and Settings\caloffice.CALOFFICE\Desktop\FRST-OlderVersion
    2014-05-12 07:13 - 2014-05-12 07:13 - 00000130 _____ () C:\Documents and Settings\caloffice.CALOFFICE\Desktop\fixlist.txt
    2014-05-11 23:08 - 2014-05-11 23:08 - 00090728 _____ () C:\WINDOWS\Minidump\Mini051114-01.dmp
    2014-05-09 09:25 - 2014-05-09 09:25 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
    2014-05-09 09:25 - 2014-05-09 09:25 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-05-09 09:25 - 2014-04-03 09:51 - 00050648 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
    2014-05-09 09:25 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
    2014-05-09 07:59 - 2014-05-11 23:08 - 00025008 _____ () C:\WINDOWS\setupapi.log
    2014-05-09 07:37 - 2014-05-09 07:37 - 00010248 _____ () C:\WINDOWS\PFRO.log
    2014-05-08 17:56 - 2014-05-12 07:17 - 00000000 ____D () C:\FRST
    2014-05-08 17:55 - 2014-05-12 07:14 - 01056256 _____ (Farbar) C:\Documents and Settings\caloffice.CALOFFICE\Desktop\FRST.exe
    2014-05-02 07:09 - 2014-05-02 07:09 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2927811$
    2014-05-01 07:05 - 2014-05-01 07:06 - 00000000 ____D () C:\Program Files\Defraggler
    2014-05-01 07:05 - 2014-05-01 07:05 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Defraggler
     
    ==================== One Month Modified Files and Folders =======
     
    2014-05-12 07:18 - 2014-05-12 07:17 - 00012141 _____ () C:\Documents and Settings\caloffice.CALOFFICE\Desktop\FRST.txt
    2014-05-12 07:17 - 2014-05-08 17:56 - 00000000 ____D () C:\FRST
    2014-05-12 07:16 - 2011-03-13 12:06 - 00000438 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{5A530E92-A2C6-4614-A4D3-432F6647BFBE}.job
    2014-05-12 07:14 - 2014-05-12 07:14 - 00000000 ____D () C:\Documents and Settings\caloffice.CALOFFICE\Desktop\FRST-OlderVersion
    2014-05-12 07:14 - 2014-05-08 17:55 - 01056256 _____ (Farbar) C:\Documents and Settings\caloffice.CALOFFICE\Desktop\FRST.exe
    2014-05-12 07:13 - 2014-05-12 07:13 - 00000130 _____ () C:\Documents and Settings\caloffice.CALOFFICE\Desktop\fixlist.txt
    2014-05-12 07:07 - 2006-11-09 18:50 - 01199422 _____ () C:\WINDOWS\WindowsUpdate.log
    2014-05-12 07:02 - 2006-11-09 16:08 - 00015004 _____ () C:\WINDOWS\cfgall.ini
    2014-05-12 07:01 - 2012-04-16 06:29 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2014-05-12 06:44 - 2012-06-15 06:28 - 00000892 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2014-05-12 06:43 - 2012-06-15 06:28 - 00000888 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2014-05-12 06:43 - 2006-11-09 15:41 - 00000136 _____ () C:\WINDOWS\system32\config\netlogon.ftl
    2014-05-12 06:28 - 2008-06-19 06:07 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\LogMeIn
    2014-05-12 03:13 - 2013-09-18 11:14 - 00000518 _____ () C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 88e26820-3367-484b-820c-5f7c97575737.job
    2014-05-12 02:02 - 2009-06-10 14:50 - 14562832 _____ () C:\WINDOWS\system32\TmInstall.log
    2014-05-11 23:13 - 2006-11-08 11:18 - 00610732 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
    2014-05-11 23:08 - 2014-05-11 23:08 - 00090728 _____ () C:\WINDOWS\Minidump\Mini051114-01.dmp
    2014-05-11 23:08 - 2014-05-09 07:59 - 00025008 _____ () C:\WINDOWS\setupapi.log
    2014-05-11 23:08 - 2014-03-18 17:30 - 00000562 _____ () C:\WINDOWS\Tasks\Paragon SRVR-LMS Full Image Full.job
    2014-05-11 23:08 - 2014-02-26 15:07 - 00068832 _____ () C:\Documents and Settings\LocalService\objsrv.log
    2014-05-11 23:08 - 2014-01-21 15:42 - 00000735 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\LogMeIn Client.lnk
    2014-05-11 23:08 - 2007-02-26 11:40 - 00000000 ____D () C:\WINDOWS\Minidump
    2014-05-11 23:08 - 2006-11-08 19:35 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
    2014-05-11 23:08 - 2006-11-08 11:13 - 145907712 _____ () C:\WINDOWS\MEMORY.DMP
    2014-05-11 23:08 - 2003-03-25 05:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
    2014-05-11 23:02 - 2006-11-08 11:13 - 00000000 ____D () C:\WINDOWS\repair
    2014-05-11 21:00 - 2013-09-18 11:14 - 00000518 _____ () C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 993ae6a9-7cf7-468e-9795-06d41e230abd.job
    2014-05-11 17:37 - 2006-11-08 11:13 - 00000000 ____D () C:\WINDOWS\security
    2014-05-11 07:50 - 2007-02-21 11:54 - 00000187 _____ () C:\WINDOWS\hpbafd.ini
    2014-05-11 07:44 - 2006-11-08 19:35 - 00032612 _____ () C:\WINDOWS\Tasks\SchedLgU.Txt
    2014-05-09 09:25 - 2014-05-09 09:25 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
    2014-05-09 09:25 - 2014-05-09 09:25 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-05-09 09:11 - 2011-03-13 12:32 - 00000178 ___SH () C:\Documents and Settings\caloffice.CALOFFICE\ntuser.ini
    2014-05-09 09:11 - 2006-12-12 15:04 - 00393216 _____ () C:\WINDOWS\system32\config\DocForm Server Log.evt
    2014-05-09 07:37 - 2014-05-09 07:37 - 00010248 _____ () C:\WINDOWS\PFRO.log
    2014-05-09 06:32 - 2011-03-13 12:31 - 00000000 ____D () C:\Documents and Settings\caloffice.CALOFFICE
    2014-05-06 06:07 - 2010-05-25 06:45 - 00000000 ____D () C:\Documents and Settings\administrator.COSINC\Desktop\TuneUp
    2014-05-02 07:22 - 2006-11-08 11:13 - 00000000 ____D () C:\WINDOWS\system32\LogFiles
    2014-05-02 07:19 - 2013-11-13 07:53 - 00000000 ____D () C:\WINDOWS\system32\MRT
    2014-05-02 07:09 - 2014-05-02 07:09 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2927811$
    2014-05-01 07:06 - 2014-05-01 07:05 - 00000000 ____D () C:\Program Files\Defraggler
    2014-05-01 07:05 - 2014-05-01 07:05 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Defraggler
    2014-04-30 02:40 - 2014-03-12 00:19 - 06022144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2014-04-30 02:40 - 2014-02-12 01:40 - 06022144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll
    2014-04-28 07:13 - 2010-01-11 07:21 - 00000000 ____D () C:\Program Files\CCleaner
    2014-04-24 06:25 - 2014-04-01 07:12 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2014-04-18 06:43 - 2014-01-21 15:42 - 00000719 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\LogMeIn Control Panel.lnk
    2014-04-18 06:43 - 2006-11-28 15:40 - 00001024 _____ () C:\.rnd
    2014-04-18 06:42 - 2010-01-17 09:34 - 00000000 ____D () C:\Program Files\LogMeIn
    2014-04-18 06:41 - 2010-01-17 09:34 - 00086888 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIRfsClientNP.dll
    2014-04-18 06:41 - 2010-01-17 09:34 - 00085832 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIinit.dll
    2014-04-18 06:41 - 2010-01-17 09:34 - 00031560 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIport.dll
     
    ==================== Bamital & volsnap Check =================
     
    C:\WINDOWS\explorer.exe
    [2007-02-17 07:03] - [2007-02-17 07:03] - 1053184 ____A (Microsoft Corporation) A26C39540F8BE3729846E360E2C57344
     
    C:\WINDOWS\system32\winlogon.exe
    [2007-02-17 07:04] - [2007-02-17 07:04] - 0528384 ____A (Microsoft Corporation) B4AA8AE0F18E5DFCF99A671A181D3EDC
     
    C:\WINDOWS\system32\svchost.exe
    [2007-02-17 07:04] - [2007-02-17 07:04] - 0014848 ____A (Microsoft Corporation) C09CCFE81DEC9B162533D7184D705682
     
    C:\WINDOWS\system32\services.exe
    [2003-03-25 05:00] - [2009-02-03 04:07] - 0113152 ____A (Microsoft Corporation) CF500580CDD83B145646A4DCFCE1CF3C
     
    C:\WINDOWS\system32\User32.dll
    [2007-04-04 06:35] - [2007-03-01 23:38] - 0583680 ____A (Microsoft Corporation) 1959150096B010BA953A78B0D6B0B4E4
     
    C:\WINDOWS\system32\userinit.exe
    [2003-03-25 05:00] - [2007-02-17 07:04] - 0026112 ____A (Microsoft Corporation) B5FEB3B971A8B8C81CE9DE65031A87E5
     
    C:\WINDOWS\system32\rpcss.dll
    [2009-04-15 16:55] - [2009-02-09 04:02] - 0486912 ____A (Microsoft Corporation) 305A8757D66B5D416B47C497C27A01FE
     
     ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
    C:\WINDOWS\system32\Drivers\volsnap.sys
    [2003-03-25 05:00] - [2012-08-21 05:56] - 0153600 ____A (Microsoft Corporation) 701D86EC9D221F68C8528CC47D3958E6
     
    C:\Windows\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION!.
     
    ==================== End Of Log ============================

    • 0

    #12
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,658 posts
    • MVP

    I don't see the policy entries either so I guess it didn't work.  You may need to reinstall your app.

     

    Did MBAM ever work on this system?  Could be it doesn't like 2003 servers.  Can you run an on line ESET scan?

     

    Use IE and go to http://eset.com/onlinescan  and click on ESET online Scanner.  Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).  
     
    # Check Scan Archives
    # Push the Start button.
    # ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    # When the scan completes, push LIST OF THREATS FOUND
    # Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    # Push the BACK button.
    # Push Finish
    # Once the scan is completed, you may close the window.
    # Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
    # Copy and paste that log as a reply.
     
     
    Let's also try the bitdefender quickscan.
     
     
    When it finishes there is a View Report option at the bottom.  Click on it and copy and paste the report (even if it says nothing found).

    • 0

    #13
    bhzendner

    bhzendner

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 223 posts

    Malwarebytes did run for years it seems.


    • 0

    #14
    bhzendner

    bhzendner

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 223 posts
    [email protected] as downloader log:
    all ok
    # version=8
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6920
    # api_version=3.0.2
    # EOSSerial=db819d48b021604290e63ad8b70545ed
    # engine=18234
    # end=finished
    # remove_checked=true
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=true
    # antistealth_checked=true
    # utc_time=2014-05-13 12:21:53
    # local_time=2014-05-12 05:21:53 (-0800, Pacific Daylight Time)
    # country="United States"
    # lang=1033
    # osver=5.2.3790 NT Service Pack 2
    # scanned=230645
    # found=2
    # cleaned=2
    # scan_time=20222
    sh=03215C48CB00536971E88817819081965062F03E ft=1 fh=71226b2d678a6418 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Documents and Settings\caloffice.CALOFFICE\My Documents\Downloads\dfsetup218.exe"
    sh=617FD6B8278FEAE70FD1FABF7E6D5061B12F9177 ft=1 fh=d90d61bccf1a4b8a vn="a variant of Win32/Bundled.Toolbar.Ask.A potentially unsafe application (deleted - quarantined)" ac=C fn="F:\download\burnaware_free.exe"

    • 0

    #15
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,658 posts
    • MVP

    Nothing showing but some adware.


    • 0






    Similar Topics

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP