BleepingComputer.com: httpd.exe & PING.exe problems

Jump to content

Forum Guidelines

Posted Image Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


Posted Image Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.


Posted Image DO NOT RUN ComboFix unless requested to.


Posted Image Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


Posted Image When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Posted Image Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  • 3 Pages +
  • 1
  • 2
  • 3
  • You cannot start a new topic
  • This topic is locked

httpd.exe & PING.exe problems Do not know how to remove

#16 User is offline   RPMcMurphy 

  • Bleeping *^#@%~
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 2,398
  • Joined: 16-May 10
  • Gender:Male

Posted 07 February 2012 - 10:53 PM

It looks like the driver for your keyboard was infected and TDSSKiller removed it. Do you have access to a keyboard that connects via USB?

This post has been edited by RPMcMurphy: 07 February 2012 - 10:58 PM

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member

The help you receive here is free. If you wish to show your appreciation, then you may Posted Image

#17 User is offline   wingvc 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 20
  • Joined: 22-January 12

Posted 07 February 2012 - 11:46 PM

Yes, I do. I attached it and then restarted the computer. It worked fine. How do I go about reinstalling the appropriate keyboard drivers?

Also, I have attached the TDSSKiller log you requested.

Thanks again for your patience, persistence, and assistance.

Attached File(s)


This post has been edited by wingvc: 07 February 2012 - 11:47 PM

#18 User is offline   RPMcMurphy 

  • Bleeping *^#@%~
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 2,398
  • Joined: 16-May 10
  • Gender:Male

Posted 08 February 2012 - 09:56 AM

Good! Pleaese do this next:

Posted Image Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
i8042prt.sys


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Posted Image Download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.


To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.


On the System Recovery Options menu you will get the following options:
      Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt

  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Please include the following in your next post:
  • SystemLook log
  • FRST log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member

The help you receive here is free. If you wish to show your appreciation, then you may Posted Image

#19 User is offline   wingvc 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 20
  • Joined: 22-January 12

Posted 08 February 2012 - 09:50 PM

Here is the SystemLook Log:

SystemLook 30.07.11 by jpshortstuff
Log created at 20:14 on 08/02/2012 by Valerie
Administrator - Elevation successful

========== filefind ==========

Searching for "i8042prt.sys"
C:\Windows\System32\drivers\i8042prt.sys --a---- 54784 bytes [02:23 21/01/2008] [03:49 07/02/2012] 22D56C8184586B7A1F6FA60BE5F5A2BD
C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_93b1c41f\i8042prt.sys --a---- 54784 bytes [10:25 02/11/2006] [08:51 02/11/2006] 1060F1377F395A242E27719440ECE602
C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_da7e599e\i8042prt.sys --a---- 54784 bytes [02:23 21/01/2008] [02:23 21/01/2008] 22D56C8184586B7A1F6FA60BE5F5A2BD
C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_f55d5e51\i8042prt.sys --a---- 54784 bytes [02:23 21/01/2008] [02:23 21/01/2008] 22D56C8184586B7A1F6FA60BE5F5A2BD
C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_3dfa3917\i8042prt.sys --a---- 54784 bytes [10:25 02/11/2006] [08:51 02/11/2006] 1060F1377F395A242E27719440ECE602
C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_8b7c4328\i8042prt.sys --a---- 54784 bytes [02:23 21/01/2008] [02:23 21/01/2008] 22D56C8184586B7A1F6FA60BE5F5A2BD
C:\Windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.0.6000.16609_none_957131ccdbca3f9c\i8042prt.sys --a---- 54784 bytes [02:09 21/01/2008] [02:09 21/01/2008] 1C9EE072BAA3ABB460B91D7EE9152660
C:\Windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.0.6000.20734_none_95d55d61f504b486\i8042prt.sys --a---- 54784 bytes [02:09 21/01/2008] [02:09 21/01/2008] BEA9838CD25D36BEBA3F94386A761D60
C:\Windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.0.6001.18000_none_974e6dd8d8f8ec7e\i8042prt.sys --a---- 54784 bytes [02:23 21/01/2008] [02:23 21/01/2008] 22D56C8184586B7A1F6FA60BE5F5A2BD
C:\Windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.0.6002.18005_none_9939e6e4d61ab7ca\i8042prt.sys --a---- 54784 bytes [02:23 21/01/2008] [02:23 21/01/2008] 22D56C8184586B7A1F6FA60BE5F5A2BD
C:\Windows\winsxs\x86_msmouse.inf_31bf3856ad364e35_6.0.6000.16609_none_4c56cf70d52c8670\i8042prt.sys --a---- 54784 bytes [02:09 21/01/2008] [02:09 21/01/2008] 1C9EE072BAA3ABB460B91D7EE9152660
C:\Windows\winsxs\x86_msmouse.inf_31bf3856ad364e35_6.0.6000.20734_none_4cbafb05ee66fb5a\i8042prt.sys --a---- 54784 bytes [02:09 21/01/2008] [02:09 21/01/2008] BEA9838CD25D36BEBA3F94386A761D60
C:\Windows\winsxs\x86_msmouse.inf_31bf3856ad364e35_6.0.6001.18000_none_4e340b7cd25b3352\i8042prt.sys --a---- 54784 bytes [02:23 21/01/2008] [02:23 21/01/2008] 22D56C8184586B7A1F6FA60BE5F5A2BD

-= EOF =-

Here is the FRST log:
Scan result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 28-01-2012
Ran by SYSTEM at 2012-02-08 20:33:48
Running from F:\Documents
Windows Vista ™ Home Premium Service Pack 1 (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [167936 2008-01-24] (Alps Electric Co., Ltd.)
HKLM\...\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe [36864 2008-03-03] (Creative Technology Ltd.)
HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe [3810304 2008-12-18] (Dell Inc.)
HKLM\...\Run: [PSQLLauncher] "C:\Program Files\Fingerprint Reader Suite\launcher.exe" /startup [49168 2007-04-16] (UPEK Inc.)
HKLM\...\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe" [184320 2007-12-21] (CyberLink Corp.)
HKLM\...\Run: [Dell DataSafe Online] "C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe" /m [1779952 2009-07-07] ()
HKLM\...\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter [206064 2008-10-04] (SupportSoft, Inc.)
HKLM\...\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun [122368 2009-08-07] (Google Inc.)
HKLM\...\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe [405504 2007-12-02] (IDT, Inc.)
HKLM\...\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)
HKLM\...\Run: [IAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-05] (Intel Corporation)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421736 2011-12-07] (Apple Inc.)
HKU\Valerie\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\Valerie\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-04-06] (Google Inc.)
HKU\Valerie\...\Run: [PhotoshopElementsSyncAgent] c:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsSyncAgent.exe [1779040 2010-01-17] (Adobe Systems Incorporated)
HKU\Valerie_Bills\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-04-06] (Google Inc.)
Winlogon\Notify\psfus: C:\Windows\system32\psqlpwd.dll (UPEK Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Lsa: [Notification Packages] scecli
psqlpwd

================================ Services (Whitelisted) ==================

2 ADVService; "C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe" [25704 2010-03-04] (Amazon.com)
2 AESTFilters; C:\Windows\system32\aestsrv.exe [73728 2007-12-02] (Andrea Electronics Corporation)
2 Apache2.2; "C:\Program Files\Common Files\Dell\apache\bin\httpd.exe" -k runservice [15872 2007-09-21] (Apache Software Foundation)
2 BBUpdate; "C:\Program Files\Microsoft\BingBar\SeaPort.EXE" [249648 2011-10-13] (Microsoft Corporation)
2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-09-23] (Stardock Corporation)
2 dsl-db; "C:\Program Files\Common Files\Dell\MySQL\bin\mysqld.exe" "--defaults-file=C:\Program Files\Common Files\Dell\MySQL\my.ini" dsl-db [9441 2011-04-12] ()
2 dsl-fs-sync; "C:\Program Files\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe" [173296 2009-01-05] (SingleClick Systems)
3 GoToAssist; "C:\Program Files\Citrix\GoToAssist\516\g2aservice.exe" Start=service [16680 2009-09-13] (Citrix Online, a division of Citrix Systems, Inc.)
2 RichVideo; "C:\Program Files\CyberLink\Shared Files\RichVideo.exe" [247152 2010-08-19] ()
2 sprtsvc_DellSupportCenter; "C:\Program Files\Dell Support Center\bin\sprtsvc.exe" /service /P DellSupportCenter [201968 2008-10-04] (SupportSoft, Inc.)
2 STacSV; C:\Windows\system32\STacSV.exe [102400 2007-12-02] (IDT, Inc.)
2 USBVCD; C:\Windows\System32\aliide.dll [5632 2008-01-20] (Oak Technology Inc.)
2 wltrysvc; C:\Windows\System32\WLTRYSVC.EXE C:\Windows\System32\bcmwltry.exe [2809856 2008-12-18] (Dell Inc.)
2 AdobeActiveFileMonitor7.0; c:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [x]
2 hnmsvc; "c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe" [x]
2 XMLProvS; C:\Windows\system32\xmlprw32.dll [x]

========================== Drivers (Whitelisted) =============

3 61883; C:\Windows\System32\DRIVERS\61883.sys [45696 2008-01-20] (Microsoft Corporation)
3 ApfiltrService; C:\Windows\System32\DRIVERS\Apfiltr.sys [164400 2008-01-24] (Alps Electric Co., Ltd.)
3 Avc; C:\Windows\System32\DRIVERS\avc.sys [40448 2008-01-20] (Microsoft Corporation)
3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2008-12-18] (Broadcom Corporation)
4 iaNvStor; C:\Windows\System32\drivers\ianvstor.sys [209408 2007-09-07] (Intel Corporation)
3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [34248 2009-09-16] (McAfee, Inc.)
3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [40552 2009-09-16] (McAfee, Inc.)
4 Mraid35x; C:\Windows\System32\drivers\mraid35x.sys [33384 2006-11-02] (LSI Logic Corporation)
3 MSDV; C:\Windows\System32\DRIVERS\msdv.sys [52608 2008-01-20] (Microsoft Corporation)
1 netbt; C:\Windows\System32\DRIVERS\netbt.sys [185856 2009-04-10] ()
3 OEM02Dev; C:\Windows\System32\DRIVERS\OEM02Dev.sys [235648 2008-03-03] (Creative Technology Ltd.)
3 OEM02Vfx; C:\Windows\System32\DRIVERS\OEM02Vfx.sys [7424 2008-03-03] (EyePower Games Pte. Ltd.)
2 Packet; C:\Windows\System32\DRIVERS\packet.sys [22016 2008-06-17] (SingleClick Systems)
2 rimmptsk; C:\Windows\System32\DRIVERS\rimmptsk.sys [46592 2008-10-22] (REDC)
2 rimsptsk; C:\Windows\System32\DRIVERS\rimsptsk.sys [43008 2008-10-22] (REDC)
2 rismxdp; C:\Windows\System32\DRIVERS\rixdptsk.sys [38400 2008-10-22] (REDC)
4 SiSRaid2; C:\Windows\System32\drivers\sisraid2.sys [41016 2008-01-20] (Microsoft Corporation)
3 TcUsb; C:\Windows\System32\Drivers\tcusb.sys [46992 2007-04-16] (UPEK Inc.)
4 UlSata; C:\Windows\System32\drivers\ulsata.sys [98408 2006-11-02] (Promise Technology, Inc.)
4 ulsata2; C:\Windows\System32\drivers\ulsata2.sys [115816 2008-01-20] (Promise Technology, Inc.)
3 WSDPrintDevice; C:\Windows\System32\DRIVERS\WSDPrint.sys [16896 2008-01-20] (Microsoft Corporation)
0 26649288; C:\Windows\System32\drivers\98329515.sys [x]
3 APL531; C:\Windows\System32\Drivers\FILMSCAN.sys [x]
3 catchme; \??\C:\ComboFix\catchme.sys [x]
1 i8042prt; C:\Windows\System32\drivers\tsk9A67.tmp [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
1 MpKslb6309ad8; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AFDBEC17-E8E4-4893-98F1-B5D9BC9F2AF2}\MpKslb6309ad8.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]

========================== NetSvcs (Whitelisted) ===========
NETSVC: USBVCD

============ One Month Created Files and Folders ==============

2012-02-08 20:33 - 2012-02-08 20:33 - 0000000 ____D C:\FRST
2012-02-08 18:14 - 2012-02-08 18:26 - 0005110 ____A C:\Users\Valerie\Desktop\SystemLook.txt
2012-02-08 18:13 - 2012-02-08 18:13 - 0139264 ____A C:\Users\Valerie\Desktop\SystemLook.exe
2012-02-06 19:43 - 2012-02-06 19:43 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-02-06 19:41 - 2012-02-06 19:43 - 0075086 ____A C:\TDSSKiller.2.7.9.0_06.02.2012_21.41.16_log.txt
2012-02-06 19:40 - 2012-02-06 19:40 - 2040543 ____A C:\Users\Valerie\Desktop\tdsskiller.zip
2012-02-06 19:40 - 2012-02-01 07:31 - 2059312 ____A (Kaspersky Lab ZAO) C:\Users\Valerie\Desktop\TDSSKiller.exe
2012-02-06 19:40 - 2010-12-31 23:14 - 0002254 ____A C:\Users\Valerie\Desktop\eula.txt
2012-02-06 08:24 - 2012-02-06 08:24 - 0000573 ____A C:\Users\Valerie\Desktop\MBR.zip
2012-02-06 08:20 - 2012-02-06 08:20 - 0013077 ____A C:\ComboFix.txt
2012-02-06 08:12 - 2012-02-06 08:12 - 0000000 __SHD C:\$RECYCLE.BIN
2012-02-06 08:09 - 2012-02-06 08:11 - 0000027 ____A C:\Windows\System32\Drivers\etc\hosts
2012-02-06 07:56 - 2011-06-25 22:45 - 0256000 ____A C:\Windows\PEV.exe
2012-02-06 07:56 - 2010-11-07 09:20 - 0208896 ____A C:\Windows\MBR.exe
2012-02-06 07:56 - 2009-04-19 20:56 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-02-06 07:56 - 2000-08-30 16:00 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-02-06 07:56 - 2000-08-30 16:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-02-06 07:56 - 2000-08-30 16:00 - 0098816 ____A C:\Windows\sed.exe
2012-02-06 07:56 - 2000-08-30 16:00 - 0080412 ____A C:\Windows\grep.exe
2012-02-06 07:56 - 2000-08-30 16:00 - 0068096 ____A C:\Windows\zip.exe
2012-02-06 07:55 - 2012-02-06 08:20 - 0000000 ____D C:\ComboFix
2012-02-05 16:00 - 2012-02-05 16:00 - 0001959 ____A C:\Users\Valerie\Desktop\aswMBR.txt
2012-02-05 16:00 - 2012-02-05 16:00 - 0000512 ____A C:\Users\Valerie\Desktop\MBR.dat
2012-02-05 15:58 - 2012-02-05 15:58 - 4733440 ____A (AVAST Software) C:\Users\Valerie\Desktop\aswMBR.exe
2012-02-05 15:46 - 2012-02-05 15:46 - 45686340 ____A C:\Users\Valerie\Desktop\TDD_Playbook_August2010.zip
2012-02-05 15:42 - 2012-02-05 15:42 - 50199237 ____A C:\Users\Valerie\Desktop\TDD_Playbook_July2010.zip
2012-02-05 15:40 - 2012-02-05 15:40 - 41223029 ____A C:\Users\Valerie\Desktop\TDD_Playbook_June2010.zip
2012-02-05 14:29 - 2012-02-08 18:09 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-02-01 01:28 - 2012-02-08 18:09 - 3756064768 __ASH C:\hiberfil.sys
2012-02-01 01:28 - 2012-02-01 01:28 - 0135184 ____A C:\Windows\Minidump\Mini020112-01.dmp
2012-01-28 18:09 - 2012-02-06 08:17 - 0000000 ____D C:\Windows\ERDNT
2012-01-28 18:07 - 2012-02-06 08:20 - 0000000 ____D C:\Qoobox
2012-01-28 18:06 - 2012-01-28 18:06 - 4392905 ____R (Swearware) C:\Users\Valerie\Desktop\ComboFix.exe
2012-01-28 17:56 - 2012-01-28 17:56 - 9326515 ____A C:\Users\Valerie\Desktop\cc_vdaycards_01.zip
2012-01-23 18:16 - 2012-01-23 18:16 - 0152000 ____A C:\Windows\Minidump\Mini012312-02.dmp
2012-01-23 14:52 - 2012-01-23 14:52 - 0155336 ____A C:\Windows\Minidump\Mini012312-01.dmp
2012-01-23 09:19 - 2012-01-23 09:19 - 0100864 ____A (GMER) C:\kfdiqkog.sys
2012-01-23 08:35 - 2012-01-23 08:35 - 0294216 ____A C:\Users\Valerie\Desktop\gmer.zip
2012-01-23 08:35 - 2012-01-23 08:35 - 0000000 ____D C:\Users\Valerie\Desktop\gmer
2012-01-23 08:31 - 2012-01-23 08:31 - 0022351 ____A C:\Users\Valerie\Desktop\Attach.txt
2012-01-23 08:30 - 2012-01-23 08:30 - 0018929 ____A C:\Users\Valerie\Desktop\DDS.txt
2012-01-23 08:24 - 2012-01-23 08:24 - 0607260 ____R (Swearware) C:\Users\Valerie\Desktop\dds.scr
2012-01-23 08:21 - 2012-01-23 08:21 - 0000476 ____A C:\Users\Valerie\Desktop\defogger_disable.log
2012-01-23 08:21 - 2012-01-23 08:21 - 0000000 ____A C:\Users\Valerie\defogger_reenable
2012-01-22 13:06 - 2012-01-22 13:06 - 0155648 ____A C:\Windows\Minidump\Mini012212-01.dmp
2012-01-12 17:46 - 2011-11-18 09:47 - 0066560 ____A (Microsoft Corporation) C:\Windows\System32\packager.dll
2012-01-12 17:46 - 2011-10-14 08:03 - 0189952 ____A (Microsoft Corporation) C:\Windows\System32\winmm.dll
2012-01-12 17:46 - 2011-10-14 08:00 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\mciseq.dll
2012-01-12 17:45 - 2011-11-18 12:23 - 1205064 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2012-01-12 17:44 - 2011-11-25 07:59 - 0376320 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-01-12 17:44 - 2011-10-25 07:58 - 1314816 ____A (Microsoft Corporation) C:\Windows\System32\quartz.dll
2012-01-12 17:44 - 2011-10-25 07:58 - 0497152 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-01-12 17:44 - 2011-10-17 22:18 - 0726528 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

============ 3 Months Modified Files and Folders ===============

2012-02-08 20:33 - 2012-02-08 20:33 - 0000000 ____D C:\FRST
2012-02-08 18:29 - 2009-03-25 11:34 - 1926638 ____A C:\Windows\WindowsUpdate.log
2012-02-08 18:29 - 2006-11-02 05:01 - 0032540 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-02-08 18:29 - 2006-11-02 05:01 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-02-08 18:29 - 2006-11-02 04:47 - 0003744 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-02-08 18:29 - 2006-11-02 04:47 - 0003744 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-02-08 18:26 - 2012-02-08 18:14 - 0005110 ____A C:\Users\Valerie\Desktop\SystemLook.txt
2012-02-08 18:13 - 2012-02-08 18:13 - 0139264 ____A C:\Users\Valerie\Desktop\SystemLook.exe
2012-02-08 18:10 - 2010-02-02 19:01 - 0000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-02-08 18:09 - 2012-02-05 14:29 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-02-08 18:09 - 2012-02-01 01:28 - 3756064768 __ASH C:\hiberfil.sys
2012-02-08 18:09 - 2009-04-21 17:47 - 0032061 ____A C:\Users\All Users\nvModes.dat
2012-02-08 18:09 - 2009-04-21 17:47 - 0032061 ____A C:\Users\All Users\nvModes.001
2012-02-08 18:09 - 2009-04-21 17:47 - 0032061 ____A C:\Users\All Users\Application Data\nvModes.dat
2012-02-08 18:09 - 2009-04-21 17:47 - 0032061 ____A C:\Users\All Users\Application Data\nvModes.001
2012-02-08 18:09 - 2009-04-21 17:47 - 0032061 ____A C:\ProgramData\nvModes.dat
2012-02-08 18:09 - 2009-04-21 17:47 - 0032061 ____A C:\ProgramData\nvModes.001
2012-02-07 06:34 - 2010-02-02 19:01 - 0000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-02-06 19:49 - 2008-01-20 18:23 - 0054784 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\i8042prt.sys
2012-02-06 19:43 - 2012-02-06 19:43 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-02-06 19:43 - 2012-02-06 19:41 - 0075086 ____A C:\TDSSKiller.2.7.9.0_06.02.2012_21.41.16_log.txt
2012-02-06 19:40 - 2012-02-06 19:40 - 2040543 ____A C:\Users\Valerie\Desktop\tdsskiller.zip
2012-02-06 08:24 - 2012-02-06 08:24 - 0000573 ____A C:\Users\Valerie\Desktop\MBR.zip
2012-02-06 08:20 - 2012-02-06 08:20 - 0013077 ____A C:\ComboFix.txt
2012-02-06 08:20 - 2012-02-06 07:55 - 0000000 ____D C:\ComboFix
2012-02-06 08:20 - 2012-01-28 18:07 - 0000000 ____D C:\Qoobox
2012-02-06 08:20 - 2006-11-02 03:18 - 0000000 __RHD C:\users\Default
2012-02-06 08:20 - 2006-11-02 03:18 - 0000000 ___RD C:\users\Public
2012-02-06 08:17 - 2012-01-28 18:09 - 0000000 ____D C:\Windows\ERDNT
2012-02-06 08:12 - 2012-02-06 08:12 - 0000000 __SHD C:\$RECYCLE.BIN
2012-02-06 08:12 - 2006-11-02 02:23 - 0000215 ____A C:\Windows\system.ini
2012-02-06 08:11 - 2012-02-06 08:09 - 0000027 ____A C:\Windows\System32\Drivers\etc\hosts
2012-02-06 08:10 - 2008-01-20 18:47 - 0100266 ____A C:\Windows\PFRO.log
2012-02-06 07:50 - 2009-05-05 18:05 - 0008592 ____A C:\Users\Valerie\AppData\Local\d3d9caps.dat
2012-02-05 16:00 - 2012-02-05 16:00 - 0001959 ____A C:\Users\Valerie\Desktop\aswMBR.txt
2012-02-05 16:00 - 2012-02-05 16:00 - 0000512 ____A C:\Users\Valerie\Desktop\MBR.dat
2012-02-05 15:58 - 2012-02-05 15:58 - 4733440 ____A (AVAST Software) C:\Users\Valerie\Desktop\aswMBR.exe
2012-02-05 15:46 - 2012-02-05 15:46 - 45686340 ____A C:\Users\Valerie\Desktop\TDD_Playbook_August2010.zip
2012-02-05 15:42 - 2012-02-05 15:42 - 50199237 ____A C:\Users\Valerie\Desktop\TDD_Playbook_July2010.zip
2012-02-05 15:40 - 2012-02-05 15:40 - 41223029 ____A C:\Users\Valerie\Desktop\TDD_Playbook_June2010.zip
2012-02-01 07:31 - 2012-02-06 19:40 - 2059312 ____A (Kaspersky Lab ZAO) C:\Users\Valerie\Desktop\TDSSKiller.exe
2012-02-01 01:28 - 2012-02-01 01:28 - 0135184 ____A C:\Windows\Minidump\Mini020112-01.dmp
2012-02-01 01:28 - 2011-06-05 03:58 - 1987821575 ____A C:\Windows\MEMORY.DMP
2012-02-01 01:28 - 2011-06-05 03:58 - 0000000 ____D C:\Windows\Minidump
2012-02-01 00:14 - 2012-01-08 09:57 - 467922340 ____A C:\Windows\ntbtlog.txt
2012-01-31 20:42 - 2006-11-02 02:33 - 0759570 ____A C:\Windows\System32\PerfStringBackup.INI
2012-01-31 20:34 - 2009-03-25 17:00 - 0000000 ____D C:\Program Files\Common Files\McAfee
2012-01-31 20:32 - 2009-03-25 17:00 - 0000000 ____D C:\Program Files\McAfee
2012-01-28 18:06 - 2012-01-28 18:06 - 4392905 ____R (Swearware) C:\Users\Valerie\Desktop\ComboFix.exe
2012-01-28 17:56 - 2012-01-28 17:56 - 9326515 ____A C:\Users\Valerie\Desktop\cc_vdaycards_01.zip
2012-01-28 16:23 - 2009-03-25 17:27 - 0000000 ____D C:\Program Files\Windows Live
2012-01-23 18:16 - 2012-01-23 18:16 - 0152000 ____A C:\Windows\Minidump\Mini012312-02.dmp
2012-01-23 14:52 - 2012-01-23 14:52 - 0155336 ____A C:\Windows\Minidump\Mini012312-01.dmp
2012-01-23 09:19 - 2012-01-23 09:19 - 0100864 ____A (GMER) C:\kfdiqkog.sys
2012-01-23 08:35 - 2012-01-23 08:35 - 0294216 ____A C:\Users\Valerie\Desktop\gmer.zip
2012-01-23 08:35 - 2012-01-23 08:35 - 0000000 ____D C:\Users\Valerie\Desktop\gmer
2012-01-23 08:31 - 2012-01-23 08:31 - 0022351 ____A C:\Users\Valerie\Desktop\Attach.txt
2012-01-23 08:30 - 2012-01-23 08:30 - 0018929 ____A C:\Users\Valerie\Desktop\DDS.txt
2012-01-23 08:24 - 2012-01-23 08:24 - 0607260 ____R (Swearware) C:\Users\Valerie\Desktop\dds.scr
2012-01-23 08:21 - 2012-01-23 08:21 - 0000476 ____A C:\Users\Valerie\Desktop\defogger_disable.log
2012-01-23 08:21 - 2012-01-23 08:21 - 0000000 ____A C:\Users\Valerie\defogger_reenable
2012-01-23 08:21 - 2009-04-03 16:54 - 0000000 ____D C:\users\Valerie
2012-01-22 13:06 - 2012-01-22 13:06 - 0155648 ____A C:\Windows\Minidump\Mini012212-01.dmp
2012-01-22 12:51 - 2009-04-03 17:05 - 0168960 ____A C:\Users\Valerie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-01-15 16:09 - 2011-02-01 12:24 - 0005950 ____A C:\Windows\setupact.log
2012-01-13 01:11 - 2006-11-02 02:24 - 52128560 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-01-13 01:10 - 2009-04-06 14:29 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-01-13 01:10 - 2009-04-06 14:29 - 0000000 ____D C:\Users\All Users\Application Data\Microsoft Help
2012-01-13 01:10 - 2009-04-06 14:29 - 0000000 ____D C:\ProgramData\Microsoft Help
2012-01-12 17:25 - 2006-11-02 03:18 - 0000000 ____D C:\Windows\System32\config\TxR
2012-01-07 14:06 - 2012-01-07 14:06 - 0152152 ____A C:\Windows\Minidump\Mini010712-01.dmp
2012-01-06 13:57 - 2009-04-06 14:14 - 0000000 ____D C:\Users\Valerie\Documents\My Scrapbook Supplies
2012-01-05 07:20 - 2006-11-02 03:18 - 0000000 ____D C:\Windows\Microsoft.NET
2012-01-04 19:43 - 2009-12-06 13:13 - 0000000 ____D C:\Users\Valerie\AppData\Roaming\Apple Computer
2012-01-04 19:13 - 2009-12-07 20:01 - 0000000 ____D C:\Windows\Downloaded Installations
2012-01-03 07:20 - 2009-08-11 20:45 - 0000000 ____D C:\Users\Valerie\Downloads\ScrappersGuide
2012-01-03 06:52 - 2009-04-06 13:44 - 0000000 ____D C:\Users\Valerie\Documents\My Documents
2012-01-02 14:00 - 2012-01-02 13:58 - 0000000 ____D C:\Program Files\iTunes
2012-01-02 13:58 - 2012-01-02 13:58 - 0000000 ____D C:\Program Files\iPod
2012-01-02 13:58 - 2009-09-10 18:41 - 0000000 ____D C:\Program Files\Common Files\Apple
2012-01-02 13:52 - 2009-04-04 12:52 - 0000000 ____D C:\Users\All Users\Application Data\Apple
2012-01-02 13:52 - 2009-04-04 12:52 - 0000000 ____D C:\Users\All Users\Apple
2012-01-02 13:52 - 2009-04-04 12:52 - 0000000 ____D C:\ProgramData\Apple
2012-01-02 13:48 - 2012-01-02 13:48 - 0000000 ____D C:\Program Files\Bonjour
2012-01-02 13:47 - 2012-01-02 13:46 - 0000000 ____D C:\Program Files\QuickTime
2012-01-01 17:05 - 2012-01-01 17:05 - 0000908 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-01-01 17:05 - 2011-12-05 06:21 - 0000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-01-01 16:38 - 2011-05-01 15:48 - 0000000 ____D C:\Users\Valerie\Downloads\Gingerscraps
2012-01-01 13:17 - 2009-09-01 17:43 - 0000000 ____D C:\Users\Valerie\Downloads\GottaPixel
2011-12-26 22:33 - 2011-12-26 19:17 - 0000000 ____D C:\Users\Valerie\Documents\My Kindle Content
2011-12-26 19:17 - 2011-12-26 19:17 - 0002030 ____A C:\Users\Valerie\Desktop\Kindle.lnk
2011-12-26 19:17 - 2011-12-26 19:17 - 0000000 ____D C:\Users\Valerie\AppData\Local\Amazon
2011-12-21 07:03 - 2010-12-15 19:00 - 0000000 ____D C:\Users\Valerie\Downloads\ScrapbookBytes
2011-12-21 06:36 - 2011-12-06 10:29 - 0001945 ____A C:\Windows\epplauncher.mif
2011-12-21 06:35 - 2011-02-23 19:47 - 0000000 ____D C:\Program Files\DVDVideoSoft
2011-12-18 08:24 - 2011-01-27 07:10 - 0000000 ____D C:\Users\Valerie\Downloads\ScrapOrchard
2011-12-16 01:48 - 2006-11-02 03:18 - 0000000 ____D C:\Windows\rescache
2011-12-16 01:31 - 2006-11-02 04:47 - 0513736 ____A C:\Windows\System32\FNTCACHE.DAT
2011-12-15 19:09 - 2010-03-29 14:47 - 0000000 ____D C:\Users\Valerie\Downloads\0_Templates
2011-12-14 15:57 - 2011-12-14 15:57 - 0153496 ____A C:\Windows\Minidump\Mini121411-01.dmp
2011-12-14 07:41 - 2010-04-20 12:25 - 0000000 ____D C:\Users\Valerie\AppData\Roaming\U3
2011-12-14 07:41 - 2009-08-16 21:31 - 0000000 ____D C:\Users\Valerie\Downloads\Stuff2Scrap
2011-12-14 07:39 - 2011-09-15 18:51 - 0000000 ____D C:\Users\Valerie\Downloads\SNPStore
2011-12-12 06:08 - 2006-11-02 03:18 - 0000000 _SHDC C:\Windows\$NtUninstallKB36723$
2011-12-12 06:08 - 2006-11-02 03:18 - 0000000 ____D C:\Windows\system
2011-12-12 06:08 - 2006-11-02 03:18 - 0000000 ____D C:\Windows\Resources
2011-12-12 00:04 - 2011-12-12 00:04 - 0103365 ____A C:\Windows\System32\itusbcore.dat
2011-12-12 00:04 - 2011-12-12 00:04 - 0000197 ____A C:\Windows\System32\itlsvc.dat
2011-12-10 13:24 - 2011-12-05 06:21 - 0020464 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2011-12-09 08:41 - 2011-12-04 20:38 - 0010090 __ASH C:\Users\Valerie\AppData\Local\u1ii01w6mq7doc
2011-12-09 08:41 - 2011-12-04 20:38 - 0010090 __ASH C:\Users\All Users\u1ii01w6mq7doc
2011-12-09 08:41 - 2011-12-04 20:38 - 0010090 __ASH C:\Users\All Users\Application Data\u1ii01w6mq7doc
2011-12-09 08:41 - 2011-12-04 20:38 - 0010090 __ASH C:\ProgramData\u1ii01w6mq7doc
2011-12-06 10:54 - 2006-11-02 03:18 - 0000000 ___HD C:\Windows\System32\GroupPolicy
2011-12-06 10:30 - 2011-12-06 10:30 - 0000000 __AHT C:\Windows\wusa.lock
2011-12-05 06:22 - 2011-12-05 06:22 - 0000000 ____D C:\Users\Valerie\AppData\Roaming\Malwarebytes
2011-12-05 06:21 - 2011-12-05 06:21 - 0000000 ____D C:\Users\All Users\Malwarebytes
2011-12-05 06:21 - 2011-12-05 06:21 - 0000000 ____D C:\Users\All Users\Application Data\Malwarebytes
2011-12-05 06:21 - 2011-12-05 06:21 - 0000000 ____D C:\ProgramData\Malwarebytes
2011-12-04 22:50 - 2006-11-02 03:18 - 0000000 ____D C:\Windows\System32\LogFiles
2011-12-04 21:27 - 2011-02-23 19:47 - 0000000 ____D C:\Program Files\Common Files\DVDVideoSoft
2011-12-04 21:08 - 2011-12-04 21:08 - 0155664 ____A C:\Windows\Minidump\Mini120411-01.dmp
2011-12-04 20:40 - 2011-05-22 11:09 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2011-12-04 20:16 - 2011-12-04 19:39 - 0000000 ____D C:\Users\Valerie\Downloads\DigiChick
2011-11-27 14:51 - 2010-06-16 19:15 - 0000000 ____D C:\Users\Valerie\Downloads\ScrapMatters
2011-11-26 19:09 - 2009-04-16 10:27 - 0000000 ____D C:\Users\Valerie\Documents\Valerie's Scrapbook Pages
2011-11-25 18:30 - 2006-11-02 03:18 - 0000000 ___SD C:\Windows\Downloaded Program Files
2011-11-25 07:59 - 2012-01-12 17:44 - 0376320 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2011-11-23 06:18 - 2011-11-13 16:31 - 0000000 ____D C:\Users\Valerie\AppData\Local\Audible
2011-11-23 05:37 - 2011-12-15 17:02 - 2043904 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2011-11-20 14:35 - 2011-11-20 14:35 - 63136241 ____A C:\Users\Valerie\Desktop\PDR10_Tutorial_Book_ENU.zip
2011-11-18 12:23 - 2012-01-12 17:45 - 1205064 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2011-11-18 09:47 - 2012-01-12 17:46 - 0066560 ____A (Microsoft Corporation) C:\Windows\System32\packager.dll
2011-11-18 09:13 - 2011-11-18 09:11 - 0000000 ____D C:\Users\Valerie\Downloads\10_09_11
2011-11-18 09:12 - 2011-11-18 09:11 - 0000000 ____D C:\Users\Valerie\Downloads\10_06_11
2011-11-17 18:20 - 2006-11-02 03:18 - 0000000 ____D C:\Program Files\Common Files\microsoft shared
2011-11-17 18:16 - 2006-11-02 03:18 - 0000000 ____D C:\Program Files\Common Files\System
2011-11-17 18:16 - 2006-11-02 02:23 - 0000219 ____A C:\Windows\win.ini
2011-11-17 17:57 - 2011-06-05 08:33 - 0000000 ____D C:\Program Files\Intel
2011-11-16 15:41 - 2009-04-10 13:11 - 0000000 ____D C:\Users\Valerie\Downloads\01_Scrapbook Samples
2011-11-16 15:25 - 2011-02-22 19:47 - 0000000 ____D C:\Users\Valerie\Downloads\WishList
2011-11-13 14:38 - 2011-11-13 14:38 - 0255352 ____A (Audible, Inc.) C:\Windows\System32\awrdscdc.ax
2011-11-13 14:38 - 2011-11-13 14:38 - 0001748 ____A C:\Users\Valerie_Bills\Desktop\Audible Manager.lnk
2011-11-13 14:38 - 2011-11-13 14:38 - 0001748 ____A C:\Users\Valerie_2\Desktop\Audible Manager.lnk
2011-11-13 14:38 - 2011-11-13 14:38 - 0001748 ____A C:\Users\Valerie\Desktop\Audible Manager.lnk
2011-11-13 14:38 - 2011-11-13 14:38 - 0001748 ____A C:\Users\RA Media Server\Desktop\Audible Manager.lnk
2011-11-13 14:38 - 2011-11-13 14:38 - 0000000 ____D C:\Users\Valerie\Documents\Audible
2011-11-13 14:38 - 2011-11-13 14:38 - 0000000 ____D C:\Users\Public\Documents\Audible
2011-11-13 14:38 - 2011-11-13 14:38 - 0000000 ____D C:\Program Files\Audible

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 8%
Total physical RAM: 4093.14 MB
Available physical RAM: 3744.81 MB
Total Pagefile: 3960.45 MB
Available Pagefile: 3818.32 MB
Total Virtual: 2047.88 MB
Available Virtual: 1974.32 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:448.16 GB) (Free:196.31 GB) NTFS ==>[Drive with boot components (obtanied from BCD)]
3 Drive e: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
4 Drive f: () (Removable) (Total:1.85 GB) (Free:1.84 GB) FAT
5 Drive x: (RECOVERY) (Fixed) (Total:15 GB) (Free:5.11 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 466 GB 0 B
Disk 1 Online 1898 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 102 MB 32 KB
Partition 2 Primary 15 GB 102 MB
Partition 3 Primary 448 GB 15 GB
Partition 0 Extended 2560 MB 463 GB
Partition 4 Logical 2559 MB 463 GB

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 FAT Partition 102 MB Healthy Hidden

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 X RECOVERY NTFS Partition 15 GB Healthy Boot

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C OS NTFS Partition 448 GB Healthy

Disk: 0
Partition 4
Type : DD
Hidden: Yes
Active: No

There is no volume associated with this partition.

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1898 MB 8 KB

Disk: 1
Partition 1
Type : 0E
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F FAT Removable 1898 MB Healthy



==========================================================

Last Boot: 2012-02-08 18:21

======================= End Of Log ==========================

#20 User is offline   RPMcMurphy 

  • Bleeping *^#@%~
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 2,398
  • Joined: 16-May 10
  • Gender:Male

Posted 08 February 2012 - 11:19 PM

Pleaese do this next:

Posted Image Open an elevated command window:
  • Click Start and type cmd in Start Search.
  • When cmd.exe populates above, right click it and select Run as Administrator to open an elevated command prompt.
  • Copy the commands in the following code box, one at a time, then right click in the command window, select paste and press "Enter"
  • Repeat that with each command until you've run them all


ren C:\Windows\System32\drivers\i8042prt.sys i8042prt.old
copy /y C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_da7e599e\i8042prt.sys C:\WINDOWS\SYSTEM32\DRIVERS
dir C:\WINDOWS\SYSTEM32\DRIVERS\i8042prt*>log.txt
reg add HKLM\SYSTEM\CurrentControlSet\Services\i8042prt /v imagepath /t REG_EXPAND_SZ /d system32\drivers\i8042prt.sys /f
reg query HKLM\SYSTEM\CurrentControlSet\Services\i8042prt /v imagepath >>log.txt
start notepad log.txt


  • Type exit and press enter to close the command window.
  • Post the contents of the notepad logs that open, then reboot and try your old ps/2 keyboard.


Posted Image Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    :filefind
netbt.sys
:dir /s
C:\Windows\$NtUninstallKB36723$

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Please include the following in your next post:
  • The notepad logs from the commands
  • SystemLook log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member

The help you receive here is free. If you wish to show your appreciation, then you may Posted Image

#21 User is offline   wingvc 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 20
  • Joined: 22-January 12

Posted 09 February 2012 - 09:42 AM

Here is the only log I got from the commands:
Volume in drive C is OS
Volume Serial Number is 70AA-74CB

Directory of C:\WINDOWS\SYSTEM32\DRIVERS

02/06/2012 09:49 PM 54,784 i8042prt.old
01/20/2008 08:23 PM 54,784 i8042prt.sys
2 File(s) 109,568 bytes
0 Dir(s) 210,613,051,392 bytes free

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i8042prt
imagepath REG_EXPAND_SZ system32\drivers\i8042prt.sys


Here is the SystemLook log:

SystemLook 30.07.11 by jpshortstuff
Log created at 08:38 on 09/02/2012 by Valerie
Administrator - Elevation successful

========== filefind ==========

Searching for "netbt.sys"
C:\Windows\System32\drivers\netbt.sys --a---- 185856 bytes [05:28 11/08/2009] [04:45 11/04/2009] ECD64230A59CBD93C85F1CD1CAB9F3F6
C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6001.18000_none_6064c861f7442765\netbt.sys --a---- 184320 bytes [02:24 21/01/2008] [02:24 21/01/2008] 7C5FEE5B1C5728507CD96FB4A13E7A02
C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6002.18005_none_6250416df465f2b1\netbt.sys --a---- 185856 bytes [05:28 11/08/2009] [04:45 11/04/2009] ECD64230A59CBD93C85F1CD1CAB9F3F6

Invalid Context: dir /s

No Context: C:\Windows\$NtUninstallKB36723$

-= EOF =-

#22 User is offline   RPMcMurphy 

  • Bleeping *^#@%~
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 2,398
  • Joined: 16-May 10
  • Gender:Male

Posted 09 February 2012 - 07:30 PM

Pleaese do this next:

After running those commands does your original keyboard work again?

Please do this next:

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt 

Folder: C:\Windows\$NtUninstallKB36723$
Replace: C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6001.18000_none_6064c861f7442765\netbt.sys  C:\Windows\System32\DRIVERS\netbt.sys
2011-12-09 08:41 - 2011-12-04 20:38 - 0010090 __ASH C:\Users\Valerie\AppData\Local\u1ii01w6mq7doc
2011-12-09 08:41 - 2011-12-04 20:38 - 0010090 __ASH C:\Users\All Users\u1ii01w6mq7doc
2011-12-09 08:41 - 2011-12-04 20:38 - 0010090 __ASH C:\Users\All Users\Application Data\u1ii01w6mq7doc
2011-12-09 08:41 - 2011-12-04 20:38 - 0010090 __ASH C:\ProgramData\u1ii01w6mq7doc


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options again.
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press the Fix button just once and wait.
  • The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Please include the following in your next post:
  • The contents of the FixLog.txt file from your flash drive

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member

The help you receive here is free. If you wish to show your appreciation, then you may Posted Image

#23 User is offline   wingvc 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 20
  • Joined: 22-January 12

Posted 09 February 2012 - 09:34 PM

Yes, the keyboard is working. Yay!

Here is the FixLog.txt file:

Fix result of Farbar Recovery Tool (FRST written by farbar) Version: 28-01-2012
Ran by SYSTEM at 2012-02-09 20:17:23 R:1
Running from E:\

==============================================


========================= Folder: C:\Windows\$NtUninstallKB36723$ ========================

2008-01-19 00:45 - 2008-01-05 03:22 - 0262144 ____N () C:\Windows\$NtUninstallKB36723$\BCD-Template
2008-01-19 00:44 - 2009-03-25 18:54 - 7864320 ____A () C:\Windows\$NtUninstallKB36723$\COMPONENTS
2008-01-19 00:44 - 2008-01-19 00:44 - 0000000 ____A () C:\Windows\$NtUninstallKB36723$\COMPONENTS.LOG
2008-01-19 00:44 - 2009-03-25 18:54 - 0262144 ___AH () C:\Windows\$NtUninstallKB36723$\COMPONENTS.LOG1
2008-01-19 00:44 - 2008-01-19 00:44 - 0000000 ___AH () C:\Windows\$NtUninstallKB36723$\COMPONENTS.LOG2
2009-03-25 18:53 - 2009-03-25 18:54 - 5087232 ____A () C:\Windows\$NtUninstallKB36723$\COMPONENTS.SAV
2008-01-19 02:02 - 2008-02-05 05:27 - 0065536 __ASH () C:\Windows\$NtUninstallKB36723$\COMPONENTS{7d5ec6b6-c5bc-11dc-a02b-0019bbe6a65a}.TM.blf
2008-01-19 02:02 - 2008-02-05 05:25 - 0524288 __ASH () C:\Windows\$NtUninstallKB36723$\COMPONENTS{7d5ec6b6-c5bc-11dc-a02b-0019bbe6a65a}.TMContainer00000000000000000001.regtrans-ms
2008-01-19 02:02 - 2008-02-05 05:27 - 0524288 __ASH () C:\Windows\$NtUninstallKB36723$\COMPONENTS{7d5ec6b6-c5bc-11dc-a02b-0019bbe6a65a}.TMContainer00000000000000000002.regtrans-ms
2008-01-19 00:44 - 2009-03-25 18:54 - 0262144 ____A () C:\Windows\$NtUninstallKB36723$\DEFAULT
2008-01-19 00:44 - 2008-01-19 00:44 - 0000000 ____A () C:\Windows\$NtUninstallKB36723$\DEFAULT.LOG
2008-01-19 00:44 - 2009-03-25 18:54 - 0021504 ___AH () C:\Windows\$NtUninstallKB36723$\DEFAULT.LOG1
2008-01-19 00:44 - 2008-01-19 00:44 - 0000000 ___AH () C:\Windows\$NtUninstallKB36723$\DEFAULT.LOG2
2009-03-25 18:53 - 2009-03-25 18:54 - 0024576 ____A () C:\Windows\$NtUninstallKB36723$\DEFAULT.SAV
2008-01-19 02:02 - 2008-02-05 05:27 - 0065536 __ASH () C:\Windows\$NtUninstallKB36723$\DEFAULT{7d5ec6a6-c5bc-11dc-a02b-0019bbe6a65a}.TM.blf
2008-01-19 02:02 - 2008-02-05 05:27 - 0524288 __ASH () C:\Windows\$NtUninstallKB36723$\DEFAULT{7d5ec6a6-c5bc-11dc-a02b-0019bbe6a65a}.TMContainer00000000000000000001.regtrans-ms
2008-01-19 02:02 - 2008-01-19 02:02 - 0524288 __ASH () C:\Windows\$NtUninstallKB36723$\DEFAULT{7d5ec6a6-c5bc-11dc-a02b-0019bbe6a65a}.TMContainer00000000000000000002.regtrans-ms
2008-01-19 00:45 - 2008-01-19 00:45 - 0000000 ____D () C:\Windows\$NtUninstallKB36723$\Journal
2008-01-19 00:45 - 2008-01-19 00:45 - 0000000 ____D () C:\Windows\$NtUninstallKB36723$\RegBack
2008-01-19 00:44 - 2009-03-25 18:54 - 0008192 ____A () C:\Windows\$NtUninstallKB36723$\SAM
2008-01-19 00:44 - 2009-03-25 18:54 - 0005120 ___AH () C:\Windows\$NtUninstallKB36723$\SAM.LOG1
2008-01-19 00:44 - 2008-01-19 00:44 - 0000000 ___AH () C:\Windows\$NtUninstallKB36723$\SAM.LOG2
2008-01-19 02:02 - 2008-02-05 05:27 - 0065536 __ASH () C:\Windows\$NtUninstallKB36723$\SAM{7d5ec6f6-c5bc-11dc-a02b-0019bbe6a65a}.TM.blf
2008-01-19 02:02 - 2008-02-05 05:27 - 0524288 __ASH () C:\Windows\$NtUninstallKB36723$\SAM{7d5ec6f6-c5bc-11dc-a02b-0019bbe6a65a}.TMContainer00000000000000000001.regtrans-ms
2008-01-19 02:02 - 2008-01-19 02:02 - 0524288 __ASH () C:\Windows\$NtUninstallKB36723$\SAM{7d5ec6f6-c5bc-11dc-a02b-0019bbe6a65a}.TMContainer00000000000000000002.regtrans-ms
2008-01-19 00:44 - 2009-03-25 18:54 - 0008192 ____A () C:\Windows\$NtUninstallKB36723$\SECURITY
2008-01-19 00:44 - 2008-01-19 00:44 - 0000000 ____A () C:\Windows\$NtUninstallKB36723$\SECURITY.LOG
2008-01-19 00:44 - 2009-03-25 18:54 - 0005120 ___AH () C:\Windows\$NtUninstallKB36723$\SECURITY.LOG1
2008-01-19 00:44 - 2008-01-19 00:44 - 0000000 ___AH () C:\Windows\$NtUninstallKB36723$\SECURITY.LOG2
2009-03-25 18:53 - 2009-03-25 18:54 - 0008192 ____A () C:\Windows\$NtUninstallKB36723$\SECURITY.SAV
2008-01-19 02:02 - 2008-02-05 05:27 - 0065536 __ASH () C:\Windows\$NtUninstallKB36723$\SECURITY{7d5ec700-c5bc-11dc-a02b-0019bbe6a65a}.TM.blf
2008-01-19 02:02 - 2008-02-05 05:27 - 0524288 __ASH () C:\Windows\$NtUninstallKB36723$\SECURITY{7d5ec700-c5bc-11dc-a02b-0019bbe6a65a}.TMContainer00000000000000000001.regtrans-ms
2008-01-19 02:02 - 2008-01-19 02:02 - 0524288 __ASH () C:\Windows\$NtUninstallKB36723$\SECURITY{7d5ec700-c5bc-11dc-a02b-0019bbe6a65a}.TMContainer00000000000000000002.regtrans-ms
2008-01-19 00:44 - 2009-03-25 18:54 - 3932160 ____A () C:\Windows\$NtUninstallKB36723$\SOFTWARE
2008-01-19 00:44 - 2008-01-19 00:44 - 0000000 ____A () C:\Windows\$NtUninstallKB36723$\SOFTWARE.LOG
2008-01-19 00:44 - 2009-03-25 18:54 - 0262144 ___AH () C:\Windows\$NtUninstallKB36723$\SOFTWARE.LOG1
2008-01-19 00:44 - 2008-01-19 00:44 - 0000000 ___AH () C:\Windows\$NtUninstallKB36723$\SOFTWARE.LOG2
2009-03-25 18:53 - 2009-03-25 18:54 - 3739648 ____A () C:\Windows\$NtUninstallKB36723$\SOFTWARE.SAV
2008-01-19 02:02 - 2008-02-05 05:27 - 0065536 __ASH () C:\Windows\$NtUninstallKB36723$\SOFTWARE{7d5ec712-c5bc-11dc-a02b-0019bbe6a65a}.TM.blf
2008-01-19 02:02 - 2008-02-05 05:27 - 0524288 __ASH () C:\Windows\$NtUninstallKB36723$\SOFTWARE{7d5ec712-c5bc-11dc-a02b-0019bbe6a65a}.TMContainer00000000000000000001.regtrans-ms
2008-01-19 02:02 - 2008-01-19 02:02 - 0524288 __ASH () C:\Windows\$NtUninstallKB36723$\SOFTWARE{7d5ec712-c5bc-11dc-a02b-0019bbe6a65a}.TMContainer00000000000000000002.regtrans-ms
2008-01-19 00:44 - 2009-03-25 18:54 - 1835008 ____A () C:\Windows\$NtUninstallKB36723$\SYSTEM
2008-01-19 00:44 - 2008-01-19 00:44 - 0000000 ____A () C:\Windows\$NtUninstallKB36723$\SYSTEM.LOG
2008-01-19 00:44 - 2009-03-25 18:54 - 0262144 ___AH () C:\Windows\$NtUninstallKB36723$\SYSTEM.LOG1
2008-01-19 00:44 - 2008-01-19 00:44 - 0000000 ___AH () C:\Windows\$NtUninstallKB36723$\SYSTEM.LOG2
2009-03-25 18:53 - 2009-03-25 18:54 - 1638400 ____A () C:\Windows\$NtUninstallKB36723$\SYSTEM.SAV
2008-01-19 00:45 - 2008-01-19 02:04 - 0000000 ____D () C:\Windows\$NtUninstallKB36723$\systemprofile
2008-01-19 02:02 - 2008-02-05 05:27 - 0065536 __ASH () C:\Windows\$NtUninstallKB36723$\SYSTEM{7d5ec724-c5bc-11dc-a02b-0019bbe6a65a}.TM.blf
2008-01-19 02:02 - 2008-02-05 05:27 - 0524288 __ASH () C:\Windows\$NtUninstallKB36723$\SYSTEM{7d5ec724-c5bc-11dc-a02b-0019bbe6a65a}.TMContainer00000000000000000001.regtrans-ms
2008-01-19 02:02 - 2008-01-19 02:02 - 0524288 __ASH () C:\Windows\$NtUninstallKB36723$\SYSTEM{7d5ec724-c5bc-11dc-a02b-0019bbe6a65a}.TMContainer00000000000000000002.regtrans-ms
2008-01-19 00:45 - 2008-01-19 00:45 - 0000000 ____D () C:\Windows\$NtUninstallKB36723$\TxR
2008-01-19 00:45 - 2009-03-25 20:53 - 0000000 ___SD () C:\Windows\$NtUninstallKB36723$\systemprofile\AppData
2008-01-19 02:04 - 2008-02-05 05:27 - 0262144 ____A () C:\Windows\$NtUninstallKB36723$\systemprofile\ntuser.dat
2008-01-19 02:04 - 2008-02-05 05:27 - 0009216 ___AH () C:\Windows\$NtUninstallKB36723$\systemprofile\ntuser.dat.LOG1
2008-01-19 02:04 - 2008-01-19 02:04 - 0000000 ___AH () C:\Windows\$NtUninstallKB36723$\systemprofile\ntuser.dat.LOG2
2008-01-19 02:04 - 2008-02-05 05:27 - 0065536 __ASH () C:\Windows\$NtUninstallKB36723$\systemprofile\ntuser.dat{bd7ba8db-c675-11dc-a02b-0019bbe6a65a}.TM.blf
2008-01-19 02:04 - 2008-02-05 05:27 - 0524288 __ASH () C:\Windows\$NtUninstallKB36723$\systemprofile\ntuser.dat{bd7ba8db-c675-11dc-a02b-0019bbe6a65a}.TMContainer00000000000000000001.regtrans-ms
2008-01-19 02:04 - 2008-01-19 02:04 - 0524288 __ASH () C:\Windows\$NtUninstallKB36723$\systemprofile\ntuser.dat{bd7ba8db-c675-11dc-a02b-0019bbe6a65a}.TMContainer00000000000000000002.regtrans-ms
2008-01-19 00:45 - 2008-01-19 00:45 - 0000000 ____D () C:\Windows\$NtUninstallKB36723$\systemprofile\AppData\Local
2009-03-25 20:53 - 2009-03-25 20:53 - 0000000 ____D () C:\Windows\$NtUninstallKB36723$\systemprofile\AppData\LocalLow
2009-03-25 20:53 - 2009-03-25 20:53 - 0000000 ___SD () C:\Windows\$NtUninstallKB36723$\systemprofile\AppData\Roaming
2009-03-25 20:53 - 2009-03-25 20:53 - 0000006 __ASH () C:\Windows\$NtUninstallKB36723$\systemprofile\AppData\LocalLow\desktop.ini
2009-03-25 20:53 - 2009-03-25 20:53 - 0000000 ___SD () C:\Windows\$NtUninstallKB36723$\systemprofile\AppData\Roaming\Microsoft
2009-03-25 20:53 - 2009-03-25 20:53 - 0000000 ___SD () C:\Windows\$NtUninstallKB36723$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates
2009-03-25 20:53 - 2009-03-25 20:53 - 0000000 ___SD () C:\Windows\$NtUninstallKB36723$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My
2009-03-25 20:53 - 2009-03-25 20:53 - 0000000 ___SD () C:\Windows\$NtUninstallKB36723$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
2009-03-25 20:53 - 2009-03-25 20:53 - 0000000 ___SD () C:\Windows\$NtUninstallKB36723$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
2009-03-25 20:53 - 2009-03-25 20:53 - 0000000 ___SD () C:\Windows\$NtUninstallKB36723$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
====== End of Folder: ======
C:\Windows\System32\DRIVERS\netbt.sys moved successfully.
C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6001.18000_none_6064c861f7442765\netbt.sys copied successfully to C:\Windows\System32\DRIVERS\netbt.sys
C:\Users\Valerie\AppData\Local\u1ii01w6mq7doc moved successfully.
C:\Users\All Users\u1ii01w6mq7doc moved successfully.
C:\Users\All Users\Application Data\u1ii01w6mq7doc not found.
C:\ProgramData\u1ii01w6mq7doc not found.

==== End of Fixlog ====

#24 User is offline   RPMcMurphy 

  • Bleeping *^#@%~
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 2,398
  • Joined: 16-May 10
  • Gender:Male

Posted 09 February 2012 - 10:29 PM

We need to run one more fix with FRST. Delete the existing fixlist.txt and Fixlog.txt from the flash drive, then do this next:

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt 

2008-01-19 00:45 - 2008-01-05 03:22 - 0262144 ____N () C:\Windows\$NtUninstallKB36723$\BCD-Template
2008-01-19 00:44 - 2009-03-25 18:54 - 7864320 ____A () C:\Windows\$NtUninstallKB36723$\COMPONENTS
2008-01-19 00:44 - 2008-01-19 00:44 - 0000000 ____A () C:\Windows\$NtUninstallKB36723$\COMPONENTS.LOG
2008-01-19 00:44 - 2009-03-25 18:54 - 0262144 ___AH () C:\Windows\$NtUninstallKB36723$\COMPONENTS.LOG1
2008-01-19 00:44 - 2008-01-19 00:44 - 0000000 ___AH () C:\Windows\$NtUninstallKB36723$\COMPONENTS.LOG2
2009-03-25 18:53 - 2009-03-25 18:54 - 5087232 ____A () C:\Windows\$NtUninstallKB36723$\COMPONENTS.SAV
2008-01-19 02:02 - 2008-02-05 05:27 - 0065536 __ASH () C:\Windows\$NtUninstallKB36723$\COMPONENTS{7d5ec6b6-c5bc-11dc-a02b-0019bbe6a65a}.TM.blf
2008-01-19 02:02 - 2008-02-05 05:25 - 0524288 __ASH () C:\Windows\$NtUninstallKB36723$\COMPONENTS{7d5ec6b6-c5bc-11dc-a02b-0019bbe6a65a}.TMContainer00000000000000000001.regtrans-ms
2008-01-19 02:02 - 2008-02-05 05:27 - 0524288 __ASH () C:\Windows\$NtUninstallKB36723$\COMPONENTS{7d5ec6b6-c5bc-11dc-a02b-0019bbe6a65a}.TMContainer00000000000000000002.regtrans-ms
2008-01-19 00:44 - 2009-03-25 18:54 - 0262144 ____A () C:\Windows\$NtUninstallKB36723$\DEFAULT
2008-01-19 00:44 - 2008-01-19 00:44 - 0000000 ____A () C:\Windows\$NtUninstallKB36723$\DEFAULT.LOG
2008-01-19 00:44 - 2009-03-25 18:54 - 0021504 ___AH () C:\Windows\$NtUninstallKB36723$\DEFAULT.LOG1
2008-01-19 00:44 - 2008-01-19 00:44 - 0000000 ___AH () C:\Windows\$NtUninstallKB36723$\DEFAULT.LOG2
2009-03-25 18:53 - 2009-03-25 18:54 - 0024576 ____A () C:\Windows\$NtUninstallKB36723$\DEFAULT.SAV
2008-01-19 02:02 - 2008-02-05 05:27 - 0065536 __ASH () C:\Windows\$NtUninstallKB36723$\DEFAULT{7d5ec6a6-c5bc-11dc-a02b-0019bbe6a65a}.TM.blf
2008-01-19 02:02 - 2008-02-05 05:27 - 0524288 __ASH () C:\Windows\$NtUninstallKB36723$\DEFAULT{7d5ec6a6-c5bc-11dc-a02b-0019bbe6a65a}.TMContainer00000000000000000001.regtrans-ms
2008-01-19 02:02 - 2008-01-19 02:02 - 0524288 __ASH () C:\Windows\$NtUninstallKB36723$\DEFAULT{7d5ec6a6-c5bc-11dc-a02b-0019bbe6a65a}.TMContainer00000000000000000002.regtrans-ms
2008-01-19 00:45 - 2008-01-19 00:45 - 0000000 ____D () C:\Windows\$NtUninstallKB36723$\Journal
2008-01-19 00:45 - 2008-01-19 00:45 - 0000000 ____D () C:\Windows\$NtUninstallKB36723$\RegBack
2008-01-19 00:44 - 2009-03-25 18:54 - 0008192 ____A () C:\Windows\$NtUninstallKB36723$\SAM
2008-01-19 00:44 - 2009-03-25 18:54 - 0005120 ___AH () C:\Windows\$NtUninstallKB36723$\SAM.LOG1
2008-01-19 00:44 - 2008-01-19 00:44 - 0000000 ___AH () C:\Windows\$NtUninstallKB36723$\SAM.LOG2
2008-01-19 02:02 - 2008-02-05 05:27 - 0065536 __ASH () C:\Windows\$NtUninstallKB36723$\SAM{7d5ec6f6-c5bc-11dc-a02b-0019bbe6a65a}.TM.blf
2008-01-19 02:02 - 2008-02-05 05:27 - 0524288 __ASH () C:\Windows\$NtUninstallKB36723$\SAM{7d5ec6f6-c5bc-11dc-a02b-0019bbe6a65a}.TMContainer00000000000000000001.regtrans-ms
2008-01-19 02:02 - 2008-01-19 02:02 - 0524288 __ASH () C:\Windows\$NtUninstallKB36723$\SAM{7d5ec6f6-c5bc-11dc-a02b-0019bbe6a65a}.TMContainer00000000000000000002.regtrans-ms
2008-01-19 00:44 - 2009-03-25 18:54 - 0008192 ____A () C:\Windows\$NtUninstallKB36723$\SECURITY
2008-01-19 00:44 - 2008-01-19 00:44 - 0000000 ____A () C:\Windows\$NtUninstallKB36723$\SECURITY.LOG
2008-01-19 00:44 - 2009-03-25 18:54 - 0005120 ___AH () C:\Windows\$NtUninstallKB36723$\SECURITY.LOG1
2008-01-19 00:44 - 2008-01-19 00:44 - 0000000 ___AH () C:\Windows\$NtUninstallKB36723$\SECURITY.LOG2
2009-03-25 18:53 - 2009-03-25 18:54 - 0008192 ____A () C:\Windows\$NtUninstallKB36723$\SECURITY.SAV
2008-01-19 02:02 - 2008-02-05 05:27 - 0065536 __ASH () C:\Windows\$NtUninstallKB36723$\SECURITY{7d5ec700-c5bc-11dc-a02b-0019bbe6a65a}.TM.blf
2008-01-19 02:02 - 2008-02-05 05:27 - 0524288 __ASH () C:\Windows\$NtUninstallKB36723$\SECURITY{7d5ec700-c5bc-11dc-a02b-0019bbe6a65a}.TMContainer00000000000000000001.regtrans-ms
2008-01-19 02:02 - 2008-01-19 02:02 - 0524288 __ASH () C:\Windows\$NtUninstallKB36723$\SECURITY{7d5ec700-c5bc-11dc-a02b-0019bbe6a65a}.TMContainer00000000000000000002.regtrans-ms
2008-01-19 00:44 - 2009-03-25 18:54 - 3932160 ____A () C:\Windows\$NtUninstallKB36723$\SOFTWARE
2008-01-19 00:44 - 2008-01-19 00:44 - 0000000 ____A () C:\Windows\$NtUninstallKB36723$\SOFTWARE.LOG
2008-01-19 00:44 - 2009-03-25 18:54 - 0262144 ___AH () C:\Windows\$NtUninstallKB36723$\SOFTWARE.LOG1
2008-01-19 00:44 - 2008-01-19 00:44 - 0000000 ___AH () C:\Windows\$NtUninstallKB36723$\SOFTWARE.LOG2
2009-03-25 18:53 - 2009-03-25 18:54 - 3739648 ____A () C:\Windows\$NtUninstallKB36723$\SOFTWARE.SAV
2008-01-19 02:02 - 2008-02-05 05:27 - 0065536 __ASH () C:\Windows\$NtUninstallKB36723$\SOFTWARE{7d5ec712-c5bc-11dc-a02b-0019bbe6a65a}.TM.blf
2008-01-19 02:02 - 2008-02-05 05:27 - 0524288 __ASH () C:\Windows\$NtUninstallKB36723$\SOFTWARE{7d5ec712-c5bc-11dc-a02b-0019bbe6a65a}.TMContainer00000000000000000001.regtrans-ms
2008-01-19 02:02 - 2008-01-19 02:02 - 0524288 __ASH () C:\Windows\$NtUninstallKB36723$\SOFTWARE{7d5ec712-c5bc-11dc-a02b-0019bbe6a65a}.TMContainer00000000000000000002.regtrans-ms
2008-01-19 00:44 - 2009-03-25 18:54 - 1835008 ____A () C:\Windows\$NtUninstallKB36723$\SYSTEM
2008-01-19 00:44 - 2008-01-19 00:44 - 0000000 ____A () C:\Windows\$NtUninstallKB36723$\SYSTEM.LOG
2008-01-19 00:44 - 2009-03-25 18:54 - 0262144 ___AH () C:\Windows\$NtUninstallKB36723$\SYSTEM.LOG1
2008-01-19 00:44 - 2008-01-19 00:44 - 0000000 ___AH () C:\Windows\$NtUninstallKB36723$\SYSTEM.LOG2
2009-03-25 18:53 - 2009-03-25 18:54 - 1638400 ____A () C:\Windows\$NtUninstallKB36723$\SYSTEM.SAV
2008-01-19 00:45 - 2008-01-19 02:04 - 0000000 ____D () C:\Windows\$NtUninstallKB36723$\systemprofile
2008-01-19 02:02 - 2008-02-05 05:27 - 0065536 __ASH () C:\Windows\$NtUninstallKB36723$\SYSTEM{7d5ec724-c5bc-11dc-a02b-0019bbe6a65a}.TM.blf
2008-01-19 02:02 - 2008-02-05 05:27 - 0524288 __ASH () C:\Windows\$NtUninstallKB36723$\SYSTEM{7d5ec724-c5bc-11dc-a02b-0019bbe6a65a}.TMContainer00000000000000000001.regtrans-ms
2008-01-19 02:02 - 2008-01-19 02:02 - 0524288 __ASH () C:\Windows\$NtUninstallKB36723$\SYSTEM{7d5ec724-c5bc-11dc-a02b-0019bbe6a65a}.TMContainer00000000000000000002.regtrans-ms
2008-01-19 00:45 - 2008-01-19 00:45 - 0000000 ____D () C:\Windows\$NtUninstallKB36723$\TxR
2008-01-19 00:45 - 2009-03-25 20:53 - 0000000 ___SD () C:\Windows\$NtUninstallKB36723$\systemprofile\AppData
2008-01-19 02:04 - 2008-02-05 05:27 - 0262144 ____A () C:\Windows\$NtUninstallKB36723$\systemprofile\ntuser.dat
2008-01-19 02:04 - 2008-02-05 05:27 - 0009216 ___AH () C:\Windows\$NtUninstallKB36723$\systemprofile\ntuser.dat.LOG1
2008-01-19 02:04 - 2008-01-19 02:04 - 0000000 ___AH () C:\Windows\$NtUninstallKB36723$\systemprofile\ntuser.dat.LOG2
2008-01-19 02:04 - 2008-02-05 05:27 - 0065536 __ASH () C:\Windows\$NtUninstallKB36723$\systemprofile\ntuser.dat{bd7ba8db-c675-11dc-a02b-0019bbe6a65a}.TM.blf
2008-01-19 02:04 - 2008-02-05 05:27 - 0524288 __ASH () C:\Windows\$NtUninstallKB36723$\systemprofile\ntuser.dat{bd7ba8db-c675-11dc-a02b-0019bbe6a65a}.TMContainer00000000000000000001.regtrans-ms
2008-01-19 02:04 - 2008-01-19 02:04 - 0524288 __ASH () C:\Windows\$NtUninstallKB36723$\systemprofile\ntuser.dat{bd7ba8db-c675-11dc-a02b-0019bbe6a65a}.TMContainer00000000000000000002.regtrans-ms
2008-01-19 00:45 - 2008-01-19 00:45 - 0000000 ____D () C:\Windows\$NtUninstallKB36723$\systemprofile\AppData\Local
2009-03-25 20:53 - 2009-03-25 20:53 - 0000000 ____D () C:\Windows\$NtUninstallKB36723$\systemprofile\AppData\LocalLow
2009-03-25 20:53 - 2009-03-25 20:53 - 0000000 ___SD () C:\Windows\$NtUninstallKB36723$\systemprofile\AppData\Roaming
2009-03-25 20:53 - 2009-03-25 20:53 - 0000006 __ASH () C:\Windows\$NtUninstallKB36723$\systemprofile\AppData\LocalLow\desktop.ini
2009-03-25 20:53 - 2009-03-25 20:53 - 0000000 ___SD () C:\Windows\$NtUninstallKB36723$\systemprofile\AppData\Roaming\Microsoft
2009-03-25 20:53 - 2009-03-25 20:53 - 0000000 ___SD () C:\Windows\$NtUninstallKB36723$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates
2009-03-25 20:53 - 2009-03-25 20:53 - 0000000 ___SD () C:\Windows\$NtUninstallKB36723$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My
2009-03-25 20:53 - 2009-03-25 20:53 - 0000000 ___SD () C:\Windows\$NtUninstallKB36723$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
2009-03-25 20:53 - 2009-03-25 20:53 - 0000000 ___SD () C:\Windows\$NtUninstallKB36723$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
2009-03-25 20:53 - 2009-03-25 20:53 - 0000000 ___SD () C:\Windows\$NtUninstallKB36723$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options again.

  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press the Fix button just once and wait.
  • The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.


Please include the following in your next post:
  • The contents of the FixLog.txt file from your flash drive

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member

The help you receive here is free. If you wish to show your appreciation, then you may Posted Image

#25 User is offline   wingvc 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 20
  • Joined: 22-January 12

Posted 10 February 2012 - 08:58 AM

Here is the new FixLog txt:

Fix result of Farbar Recovery Tool (FRST written by farbar) Version: 28-01-2012
Ran by SYSTEM at 2012-02-10 07:54:04 R:2
Running from E:\

==============================================

C:\Windows\$NtUninstallKB36723$\BCD-Template moved successfully.
Could not move C:\Windows\$NtUninstallKB36723$\COMPONENTS.
C:\Windows\$NtUninstallKB36723$\COMPONENTS.LOG moved successfully.
C:\Windows\$NtUninstallKB36723$\COMPONENTS.LOG1 moved successfully.
C:\Windows\$NtUninstallKB36723$\COMPONENTS.LOG2 moved successfully.
C:\Windows\$NtUninstallKB36723$\COMPONENTS.SAV moved successfully.
C:\Windows\$NtUninstallKB36723$\COMPONENTS{7d5ec6b6-c5bc-11dc-a02b-0019bbe6a65a}.TM.blf moved successfully.
C:\Windows\$NtUninstallKB36723$\COMPONENTS{7d5ec6b6-c5bc-11dc-a02b-0019bbe6a65a}.TMContainer00000000000000000001.regtrans-ms moved successfully.
C:\Windows\$NtUninstallKB36723$\COMPONENTS{7d5ec6b6-c5bc-11dc-a02b-0019bbe6a65a}.TMContainer00000000000000000002.regtrans-ms moved successfully.
Could not move C:\Windows\$NtUninstallKB36723$\DEFAULT.
C:\Windows\$NtUninstallKB36723$\DEFAULT.LOG moved successfully.
C:\Windows\$NtUninstallKB36723$\DEFAULT.LOG1 moved successfully.
C:\Windows\$NtUninstallKB36723$\DEFAULT.LOG2 moved successfully.
C:\Windows\$NtUninstallKB36723$\DEFAULT.SAV moved successfully.
C:\Windows\$NtUninstallKB36723$\DEFAULT{7d5ec6a6-c5bc-11dc-a02b-0019bbe6a65a}.TM.blf moved successfully.
C:\Windows\$NtUninstallKB36723$\DEFAULT{7d5ec6a6-c5bc-11dc-a02b-0019bbe6a65a}.TMContainer00000000000000000001.regtrans-ms moved successfully.
C:\Windows\$NtUninstallKB36723$\DEFAULT{7d5ec6a6-c5bc-11dc-a02b-0019bbe6a65a}.TMContainer00000000000000000002.regtrans-ms moved successfully.
C:\Windows\$NtUninstallKB36723$\Journal moved successfully.
C:\Windows\$NtUninstallKB36723$\RegBack moved successfully.
Could not move C:\Windows\$NtUninstallKB36723$\SAM.
C:\Windows\$NtUninstallKB36723$\SAM.LOG1 moved successfully.
C:\Windows\$NtUninstallKB36723$\SAM.LOG2 moved successfully.
C:\Windows\$NtUninstallKB36723$\SAM{7d5ec6f6-c5bc-11dc-a02b-0019bbe6a65a}.TM.blf moved successfully.
C:\Windows\$NtUninstallKB36723$\SAM{7d5ec6f6-c5bc-11dc-a02b-0019bbe6a65a}.TMContainer00000000000000000001.regtrans-ms moved successfully.
C:\Windows\$NtUninstallKB36723$\SAM{7d5ec6f6-c5bc-11dc-a02b-0019bbe6a65a}.TMContainer00000000000000000002.regtrans-ms moved successfully.
Could not move C:\Windows\$NtUninstallKB36723$\SECURITY.
C:\Windows\$NtUninstallKB36723$\SECURITY.LOG moved successfully.
C:\Windows\$NtUninstallKB36723$\SECURITY.LOG1 moved successfully.
C:\Windows\$NtUninstallKB36723$\SECURITY.LOG2 moved successfully.
C:\Windows\$NtUninstallKB36723$\SECURITY.SAV moved successfully.
C:\Windows\$NtUninstallKB36723$\SECURITY{7d5ec700-c5bc-11dc-a02b-0019bbe6a65a}.TM.blf moved successfully.
C:\Windows\$NtUninstallKB36723$\SECURITY{7d5ec700-c5bc-11dc-a02b-0019bbe6a65a}.TMContainer00000000000000000001.regtrans-ms moved successfully.
C:\Windows\$NtUninstallKB36723$\SECURITY{7d5ec700-c5bc-11dc-a02b-0019bbe6a65a}.TMContainer00000000000000000002.regtrans-ms moved successfully.
Could not move C:\Windows\$NtUninstallKB36723$\SOFTWARE.
C:\Windows\$NtUninstallKB36723$\SOFTWARE.LOG moved successfully.
C:\Windows\$NtUninstallKB36723$\SOFTWARE.LOG1 moved successfully.
C:\Windows\$NtUninstallKB36723$\SOFTWARE.LOG2 moved successfully.
C:\Windows\$NtUninstallKB36723$\SOFTWARE.SAV moved successfully.
C:\Windows\$NtUninstallKB36723$\SOFTWARE{7d5ec712-c5bc-11dc-a02b-0019bbe6a65a}.TM.blf moved successfully.
C:\Windows\$NtUninstallKB36723$\SOFTWARE{7d5ec712-c5bc-11dc-a02b-0019bbe6a65a}.TMContainer00000000000000000001.regtrans-ms moved successfully.
C:\Windows\$NtUninstallKB36723$\SOFTWARE{7d5ec712-c5bc-11dc-a02b-0019bbe6a65a}.TMContainer00000000000000000002.regtrans-ms moved successfully.
C:\Windows\$NtUninstallKB36723$\SYSTEM moved successfully.
C:\Windows\$NtUninstallKB36723$\SYSTEM.LOG moved successfully.
C:\Windows\$NtUninstallKB36723$\SYSTEM.LOG1 moved successfully.
C:\Windows\$NtUninstallKB36723$\SYSTEM.LOG2 moved successfully.
C:\Windows\$NtUninstallKB36723$\SYSTEM.SAV moved successfully.
C:\Windows\$NtUninstallKB36723$\systemprofile moved successfully.
C:\Windows\$NtUninstallKB36723$\SYSTEM{7d5ec724-c5bc-11dc-a02b-0019bbe6a65a}.TM.blf moved successfully.
C:\Windows\$NtUninstallKB36723$\SYSTEM{7d5ec724-c5bc-11dc-a02b-0019bbe6a65a}.TMContainer00000000000000000001.regtrans-ms moved successfully.
C:\Windows\$NtUninstallKB36723$\SYSTEM{7d5ec724-c5bc-11dc-a02b-0019bbe6a65a}.TMContainer00000000000000000002.regtrans-ms moved successfully.
C:\Windows\$NtUninstallKB36723$\TxR moved successfully.
Could not move C:\Windows\$NtUninstallKB36723$\systemprofile\AppData.
C:\Windows\$NtUninstallKB36723$\systemprofile\ntuser.dat not found.
C:\Windows\$NtUninstallKB36723$\systemprofile\ntuser.dat.LOG1 not found.
C:\Windows\$NtUninstallKB36723$\systemprofile\ntuser.dat.LOG2 not found.
C:\Windows\$NtUninstallKB36723$\systemprofile\ntuser.dat{bd7ba8db-c675-11dc-a02b-0019bbe6a65a}.TM.blf not found.
C:\Windows\$NtUninstallKB36723$\systemprofile\ntuser.dat{bd7ba8db-c675-11dc-a02b-0019bbe6a65a}.TMContainer00000000000000000001.regtrans-ms not found.
C:\Windows\$NtUninstallKB36723$\systemprofile\ntuser.dat{bd7ba8db-c675-11dc-a02b-0019bbe6a65a}.TMContainer00000000000000000002.regtrans-ms not found.
C:\Windows\$NtUninstallKB36723$\systemprofile\AppData\Local not found.
C:\Windows\$NtUninstallKB36723$\systemprofile\AppData\LocalLow not found.
Could not move C:\Windows\$NtUninstallKB36723$\systemprofile\AppData\Roaming.
C:\Windows\$NtUninstallKB36723$\systemprofile\AppData\LocalLow\desktop.ini not found.
Could not move C:\Windows\$NtUninstallKB36723$\systemprofile\AppData\Roaming\Microsoft.
Could not move C:\Windows\$NtUninstallKB36723$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates.
Could not move C:\Windows\$NtUninstallKB36723$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My.
C:\Windows\$NtUninstallKB36723$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates not found.
C:\Windows\$NtUninstallKB36723$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs not found.
C:\Windows\$NtUninstallKB36723$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs not found.

==== End of Fixlog ====

Thanks again for your help!

#26 User is offline   RPMcMurphy 

  • Bleeping *^#@%~
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 2,398
  • Joined: 16-May 10
  • Gender:Male

Posted 10 February 2012 - 02:25 PM

Please try this now:

Posted Image Delete your existing copy of Combofix and download a new one from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • If you have trouble, stop and post back. Do not try to repeatedly run comboFix!
  • When finished, it will produce a report for you.
.
Note: If after running ComboFix you receive a message stating, "Illegal Operation Attempted on a registery key that has been marked for deletion" rebooting your computer will resolve the problem.

Please include the following in your next post:
  • ComboFix log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member

The help you receive here is free. If you wish to show your appreciation, then you may Posted Image

#27 User is offline   wingvc 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 20
  • Joined: 22-January 12

Posted 13 February 2012 - 05:27 PM

I deleted the older version of ComboFix and then downloaded the new version you linked. I tried running it but it made it to the part where it says it is scanning and that it should take less than 10 minutes but could take more. It sat at that point for quite a long while (several hours), without completing or generating a report. Should I try running it in safe mode like we did before?

#28 User is offline   RPMcMurphy 

  • Bleeping *^#@%~
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 2,398
  • Joined: 16-May 10
  • Gender:Male

Posted 13 February 2012 - 05:55 PM

Yes, please.
Threads are closed after 5 days of inactivity.

ASAP & UNITE Member

The help you receive here is free. If you wish to show your appreciation, then you may Posted Image

#29 User is offline   wingvc 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 20
  • Joined: 22-January 12

Posted 14 February 2012 - 12:44 AM

No luck. It acted the same as it did in regular mode. Scanning for a really long time without completing or generating a log. Bummer!

#30 User is offline   RPMcMurphy 

  • Bleeping *^#@%~
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 2,398
  • Joined: 16-May 10
  • Gender:Male

Posted 14 February 2012 - 11:00 AM

OK, thanks for trying. I have another fix for you to run with FRST:

Delete the existing fixlist.txt and Fixlog.txt from the flash drive, then do this:

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt 

2 USBVCD; C:\Windows\System32\aliide.dll [5632 2008-01-20] (Oak Technology Inc.)
NETSVC: USBVCD
C:\Windows\System32\aliide.dll

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options again.

  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press the Fix button just once and wait.
  • The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Please include the following in your next post:
  • The contents of the FixLog.txt file from your flash drive

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member

The help you receive here is free. If you wish to show your appreciation, then you may Posted Image

Share this topic:


  • 3 Pages +
  • 1
  • 2
  • 3
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users