Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cloud protection virus-cannot even boot anymore


  • This topic is locked This topic is locked
84 replies to this topic

#1 cds568

cds568

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Connecticut
  • Local time:01:18 AM

Posted 19 October 2011 - 07:58 AM

My daughter has a dell laptop inspirion with windows 7. She got the cloud protection virus and starting following the instructions for running removal of TDSS. We are not sure if the actual TDSS program ran or if could have been a imposter. Then her pc shut down unexpectedly . When we went to rebbot , when windows 7 starts to boot you see a quick flash of the blue screen of death and then it brings you to the windows repair disk startup. So you do this, it takes 15 minutes then it says it can't fix it automatically. She does not have a rescue or win7 disk, but I have one created on a newer Win7 dell desktop. Any safe mode attempt has the same result. Is there anything I can do at this point?

BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:18 AM

Posted 19 October 2011 - 10:35 AM

Hello cds568,

Welcome to Bleeping Computer. I will assist you with the issue.

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]

#3 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:18 AM

Posted 19 October 2011 - 12:04 PM

FYI: The topic is moved to the Malware Removal forum.

#4 cds568

cds568
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Connecticut
  • Local time:01:18 AM

Posted 19 October 2011 - 12:45 PM

Thank you for helping!!!!!!
I get a message that says if I try to attach the file it is too big and if I cut and paste, the post is too long.
How should I proceed?

#5 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:18 AM

Posted 19 October 2011 - 01:11 PM

To post the log:

#6 cds568

cds568
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Connecticut
  • Local time:01:18 AM

Posted 19 October 2011 - 01:19 PM

I successfully submitted the file.
Thanks!!

#7 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:18 AM

Posted 19 October 2011 - 02:01 PM

I have not ever seen so much malware on a log. The most part of the log consists of list of the malware on the machine. I couldn't even copy and paste or attach the fix to the topic.

Please download the attached fixlist.txt from here:
http://www.filedropper.com/fixlist

Save it to your flash drive.
Boot to System Recovery Options.

Run FRST64 and press the Fix button just once and wait. In this case you might have to wait some time until you get notified that the fix is done.
The tool will make a log on the flashdrive (Fixlog.txt) please upload it to my channel as you uploaded the previous log.

Also restart, let it boot normally and tell me how it went.

#8 cds568

cds568
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Connecticut
  • Local time:01:18 AM

Posted 19 October 2011 - 02:32 PM

I sent the fixlog.
When it went to restart normally it went to the windows repair screen. I selected Start Windows Normally and saw the flash of blue scree. It restarted to the windows repair screen which I am running now. Just got the message that it cannot repair it automatically. So I am in the same spot that I was.

#9 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:18 AM

Posted 19 October 2011 - 02:47 PM

Please run another scan and copy and paste the log. You should be able to post the log this time.

#10 cds568

cds568
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Connecticut
  • Local time:01:18 AM

Posted 19 October 2011 - 03:22 PM

Here is the log....PS- The malware got through an active up to date subscription of McAfee...
Scan result of Farbars's Recovery Tool (FRST written by farbar) Version 2.2.5
Ran by SYSTEM at 2011-10-19 16:16:26
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [357376 2009-09-16] (Alps Electric Co., Ltd.)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [8158240 2009-10-09] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [3189016 2009-10-01] (Dell Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [4968960 2009-07-16] (Dell Inc.)
HKLM-x32\...\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2009-09-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [140520 2009-06-24] (CyberLink Corp.)
HKLM-x32\...\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m [1779952 2009-07-07] ()
HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [498160 2009-10-15] ()
HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [206064 2009-05-21] (SupportSoft, Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-03-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [142120 2010-03-25] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35760 2009-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [948672 2009-12-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [1A:Stardock TrayMonitor] [x]
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [248552 2010-05-14] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [887976 2011-08-23] (Ask)
HKLM-x32\...\Run: [ISTray] "C:\Program Files (x86)\PC Tools Security\pctsGui.exe" /hideGUI [1589208 2011-01-13] (PC Tools)
HKU\Jenn\...\Run: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup [1774080 2010-07-18] (Exent Technologies Ltd.)
HKU\Jenn\...\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe /minimized [19071672 2010-10-31] (ooVoo LLC)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

==================== Services (Whitelisted) ======

2 IntuitUpdateService; "C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe" [13672 2010-08-23] (Intuit Inc.)
3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\3.0.229\McCHSvc.exe" [237008 2011-09-20] (McAfee, Inc.)
2 sdAuxService; C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe [366840 2010-03-15] (PC Tools)
2 sdCoreService; C:\Program Files (x86)\PC Tools Security\pctsSvc.exe [1150936 2010-11-19] (PC Tools)
2 btwdins; c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [x]
2 mfevtp; "C:\Windows\system32\mfevtps.exe" [x]

========================== Drivers (Whitelisted) =============

3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [156792 2011-03-13] (McAfee, Inc.)
0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [639216 2011-03-13] (McAfee, Inc.)
0 PCTCore; C:\Windows\System32\drivers\PCTCore64.sys [257232 2010-12-10] (PC Tools)
0 pctDS; C:\Windows\System32\drivers\pctDS64.sys [452872 2010-06-29] (PC Tools)
2 X5XSEx; \??\C:\Program Files (x86)\Free Ride Games\X5XSEx.Sys [55328 2010-03-10] (Exent Technologies Ltd.)

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2011-10-18 16:33 - 2011-10-18 16:33 - 0002292 ____A C:\TDSSKiller.2.6.10.0_18.10.2011_19.33.41_log.txt
2011-10-18 16:29 - 2011-10-18 16:33 - 0078278 ____A C:\TDSSKiller.2.6.10.0_18.10.2011_19.29.37_log.txt
2011-10-18 16:27 - 2011-10-18 16:28 - 1559856 ____A (Kaspersky Lab ZAO) C:\Users\Jenn\Downloads\death.com.exe
2011-10-18 15:52 - 2011-10-18 15:52 - 0002098 ____A C:\Users\Jenn\Desktop\Spyware Doctor.lnk
2011-10-18 14:41 - 2011-10-18 15:52 - 0000000 ____D C:\Program Files (x86)\PC Tools Security
2011-10-18 14:41 - 2011-10-18 14:41 - 0000000 ____D C:\Users\Jenn\AppData\Roaming\PC Tools
2011-10-18 14:41 - 2011-01-17 06:09 - 0334976 ____A (PC Tools) C:\Windows\System32\Drivers\pctgntdi64.sys
2011-10-18 14:41 - 2010-12-16 05:46 - 0092896 ____A (PC Tools) C:\Windows\System32\Drivers\pctplsg64.sys
2011-10-18 14:41 - 2010-12-16 05:43 - 0137704 ____A (PC Tools) C:\Windows\System32\Drivers\pctwfpfilter64.sys
2011-10-18 14:41 - 2010-12-10 10:24 - 0257232 ____A (PC Tools) C:\Windows\System32\Drivers\PCTCore64.sys
2011-10-18 14:41 - 2010-07-16 11:53 - 0816016 ____A (PC Tools) C:\Windows\System32\Drivers\pctEFA64.sys
2011-10-18 14:41 - 2010-06-29 07:35 - 0452872 ____A (PC Tools) C:\Windows\System32\Drivers\pctDS64.sys
2011-10-18 14:34 - 2011-10-18 14:41 - 0000000 ____D C:\Users\All Users\PC Tools
2011-10-18 14:34 - 2011-10-18 14:41 - 0000000 ____D C:\ProgramData\PC Tools
2011-10-18 14:34 - 2011-10-18 14:34 - 0512992 ____A C:\Users\Jenn\Downloads\sdasetup_revwire207.exe
2011-10-18 14:34 - 2011-10-18 14:34 - 0512992 ____A C:\Users\Jenn\Desktop\sdasetup_revwire207.exe
2011-10-18 14:22 - 2011-10-18 14:22 - 4188120 ____A (McAfee, Inc.) C:\Users\Jenn\Downloads\McAfeeSetup.exe
2011-10-18 11:32 - 2011-10-18 11:32 - 265245412 ____A C:\Windows\MEMORY.DMP
2011-10-18 11:32 - 2011-10-18 11:32 - 0271072 ____A C:\Windows\Minidump\101811-14648-01.dmp
2011-10-18 11:30 - 2011-10-18 16:32 - 0794642 ____A C:\Windows\ntbtlog.txt
2011-10-18 10:47 - 2011-10-18 10:47 - 0692520 ____A C:\Windows\Minidump\101811-15256-01.dmp
2011-10-17 16:44 - 2011-10-17 16:44 - 0734704 ____A C:\Windows\Minidump\101711-14180-01.dmp
2011-10-16 19:47 - 2011-10-16 19:47 - 3900592 ____A (AVG Technologies) C:\Users\Jenn\Downloads\avg_free_stb_all_2012_1831_cnet.exe
2011-10-16 15:39 - 2011-10-16 15:39 - 0692592 ____A C:\Windows\Minidump\101611-12105-01.dmp
2011-10-16 10:10 - 2011-10-16 10:10 - 0692304 ____A C:\Windows\Minidump\101611-12823-01.dmp
2011-10-16 08:48 - 2011-10-16 08:48 - 0011285 ____A C:\Users\Jenn\Documents\Resume.docx
2011-10-16 08:48 - 2011-10-16 08:48 - 0000162 ___AH C:\Users\Jenn\Documents\~$Resume.docx
2011-10-16 08:10 - 2011-10-16 08:10 - 0692520 ____A C:\Windows\Minidump\101611-13494-01.dmp
2011-10-15 18:15 - 2011-10-15 18:15 - 0692304 ____A C:\Windows\Minidump\101511-15990-01.dmp
2011-10-15 12:48 - 2011-10-15 12:48 - 0000000 __SHD C:\Windows\System32\%APPDATA%
2011-10-14 16:39 - 2011-10-14 16:39 - 0734704 ____A C:\Windows\Minidump\101411-16255-01.dmp
2011-10-14 11:52 - 2011-10-14 11:52 - 0684328 ____A C:\Windows\Minidump\101411-23540-01.dmp
2011-10-13 14:53 - 2011-10-16 19:48 - 0000000 ____D C:\Users\All Users\MFAData
2011-10-13 14:53 - 2011-10-16 19:48 - 0000000 ____D C:\ProgramData\MFAData
2011-10-13 14:49 - 2011-10-13 14:50 - 3900584 ____A (AVG Technologies) C:\Users\Jenn\Downloads\avg_isct_stb_all_2012_1831_ms.exe
2011-10-13 14:37 - 2011-10-13 14:37 - 0734488 ____A C:\Windows\Minidump\101311-16411-01.dmp
2011-10-13 12:50 - 2011-10-13 12:50 - 3435928 ____A (McAfee, Inc.) C:\Users\Jenn\Downloads\SecurityScan_Release.exe
2011-10-13 12:50 - 2011-10-13 12:50 - 0002172 ____A C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2011-10-12 18:42 - 2011-09-30 21:24 - 9326080 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2011-10-12 18:42 - 2011-09-30 20:42 - 5990912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2011-10-12 18:42 - 2011-09-30 19:21 - 1638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2011-10-12 18:42 - 2011-09-30 18:59 - 1638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2011-10-12 18:42 - 2011-09-05 19:07 - 3134976 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2011-10-12 18:42 - 2011-08-19 21:45 - 1197568 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2011-10-12 18:42 - 2011-08-19 21:44 - 1501184 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2011-10-12 18:42 - 2011-08-19 21:44 - 0134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2011-10-12 18:42 - 2011-08-19 21:42 - 1026560 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
2011-10-12 18:42 - 2011-08-19 21:41 - 0703488 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2011-10-12 18:42 - 2011-08-19 21:41 - 0097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2011-10-12 18:42 - 2011-08-19 21:41 - 0082944 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2011-10-12 18:42 - 2011-08-19 21:41 - 0064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2011-10-12 18:42 - 2011-08-19 21:41 - 0057856 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2011-10-12 18:42 - 2011-08-19 21:40 - 2458624 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2011-10-12 18:42 - 2011-08-19 21:40 - 12370944 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2011-10-12 18:42 - 2011-08-19 21:40 - 0445952 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2011-10-12 18:42 - 2011-08-19 21:40 - 0256000 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2011-10-12 18:42 - 2011-08-19 21:40 - 0247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2011-10-12 18:42 - 2011-08-19 21:37 - 0012288 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2011-10-12 18:42 - 2011-08-19 20:38 - 1230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2011-10-12 18:42 - 2011-08-19 20:38 - 0981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2011-10-12 18:42 - 2011-08-19 20:38 - 0132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2011-10-12 18:42 - 2011-08-19 20:36 - 0606208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstime.dll
2011-10-12 18:42 - 2011-08-19 20:35 - 2072576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2011-10-12 18:42 - 2011-08-19 20:35 - 10990080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2011-10-12 18:42 - 2011-08-19 20:35 - 0599552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2011-10-12 18:42 - 2011-08-19 20:35 - 0185856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2011-10-12 18:42 - 2011-08-19 20:35 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2011-10-12 18:42 - 2011-08-19 20:35 - 0067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2011-10-12 18:42 - 2011-08-19 20:35 - 0064512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2011-10-12 18:42 - 2011-08-19 20:35 - 0048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2011-10-12 18:42 - 2011-08-19 20:35 - 0044544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2011-10-12 18:42 - 2011-08-19 20:34 - 0381440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2011-10-12 18:42 - 2011-08-19 20:32 - 0012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2011-10-12 18:42 - 2011-08-19 20:20 - 0482816 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2011-10-12 18:42 - 2011-08-19 19:26 - 0386048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2011-10-12 18:40 - 2011-08-26 21:40 - 0861184 ____A (Microsoft Corporation) C:\Windows\System32\oleaut32.dll
2011-10-12 18:40 - 2011-08-26 21:40 - 0331776 ____A (Microsoft Corporation) C:\Windows\System32\oleacc.dll
2011-10-12 18:40 - 2011-08-26 20:43 - 0571904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2011-10-12 18:40 - 2011-08-26 20:43 - 0233472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\oleacc.dll
2011-10-12 18:40 - 2011-08-16 21:32 - 0613888 ____A (Microsoft Corporation) C:\Windows\System32\psisdecd.dll
2011-10-12 18:40 - 2011-08-16 21:27 - 0288256 ____A (Microsoft Corporation) C:\Windows\System32\MSNP.ax
2011-10-12 18:40 - 2011-08-16 21:27 - 0108032 ____A (Microsoft Corporation) C:\Windows\System32\psisrndr.ax
2011-10-12 18:40 - 2011-08-16 21:27 - 0104960 ____A (Microsoft Corporation) C:\Windows\System32\Mpeg2Data.ax
2011-10-12 18:40 - 2011-08-16 21:27 - 0075776 ____A (Microsoft Corporation) C:\Windows\System32\MSDvbNP.ax
2011-10-12 18:40 - 2011-08-16 20:26 - 0465408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\psisdecd.dll
2011-10-12 18:40 - 2011-08-16 20:22 - 0204288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSNP.ax
2011-10-12 18:40 - 2011-08-16 20:22 - 0075776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\psisrndr.ax
2011-10-12 18:40 - 2011-08-16 20:22 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Mpeg2Data.ax
2011-10-12 18:40 - 2011-08-16 20:22 - 0059904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSDvbNP.ax
2011-10-12 17:04 - 2011-10-18 14:27 - 0000000 ____D C:\Users\All Users\McAfee
2011-10-12 17:04 - 2011-10-18 14:27 - 0000000 ____D C:\ProgramData\McAfee
2011-10-12 16:38 - 2011-05-24 16:14 - 0270720 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2011-10-12 15:49 - 2011-10-12 15:49 - 0458608 ____A (McAfee Inc.) C:\Users\Jenn\Downloads\MVTInstaller.exe
2011-10-12 15:48 - 2011-10-12 15:49 - 1832544 ____A (McAfee, Inc.) C:\Users\Jenn\Downloads\MCPR.exe
2011-10-12 15:29 - 2011-10-12 15:29 - 0727576 ____A C:\Windows\Minidump\101211-13072-01.dmp
2011-10-12 15:00 - 2011-10-12 15:00 - 0700640 ____A C:\Windows\Minidump\101211-37580-01.dmp
2011-10-11 18:10 - 2011-10-11 18:10 - 0734632 ____A C:\Windows\Minidump\101111-13353-01.dmp
2011-10-11 14:32 - 2011-10-11 14:33 - 0692448 ____A C:\Windows\Minidump\101111-13026-01.dmp
2011-10-10 19:55 - 2011-10-10 19:55 - 0692448 ____A C:\Windows\Minidump\101011-16567-01.dmp
2011-10-10 13:04 - 2011-10-10 13:04 - 0700784 ____A C:\Windows\Minidump\101011-14492-01.dmp
2011-10-05 18:37 - 2011-10-05 18:37 - 0000000 ____D C:\Windows\system64
2011-10-02 18:44 - 2011-10-18 13:00 - 0000000 ____D C:\Users\Jenn\AppData\Local\ElevatedDiagnostics
2011-10-02 16:21 - 2011-10-02 18:33 - 0018638 ____A C:\Users\Jenn\Documents\Owen Meany.docx
2011-09-27 13:31 - 2011-09-27 13:55 - 0013500 ____A C:\Users\Jenn\Documents\APGAP reader.docx
2011-09-25 17:49 - 2011-09-25 18:10 - 0027866 ____A C:\Users\Jenn\Documents\Nurse project.docx


============ 3 Months Modified Files and Folders =============

2011-10-19 16:16 - 2011-10-19 12:36 - 0000000 ____D C:\FRST
2011-10-19 15:19 - 2010-02-18 19:39 - 0000000 ____D C:\users\Jenn
2011-10-18 16:33 - 2011-10-18 16:33 - 0002292 ____A C:\TDSSKiller.2.6.10.0_18.10.2011_19.33.41_log.txt
2011-10-18 16:33 - 2011-10-18 16:29 - 0078278 ____A C:\TDSSKiller.2.6.10.0_18.10.2011_19.29.37_log.txt
2011-10-18 16:32 - 2011-10-18 11:30 - 0794642 ____A C:\Windows\ntbtlog.txt
2011-10-18 16:28 - 2011-10-18 16:27 - 1559856 ____A (Kaspersky Lab ZAO) C:\Users\Jenn\Downloads\death.com.exe
2011-10-18 16:25 - 2010-02-08 01:10 - 3111534592 __ASH C:\hiberfil.sys
2011-10-18 15:52 - 2011-10-18 15:52 - 0002098 ____A C:\Users\Jenn\Desktop\Spyware Doctor.lnk
2011-10-18 15:52 - 2011-10-18 14:41 - 0000000 ____D C:\Program Files (x86)\PC Tools Security
2011-10-18 15:50 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2011-10-18 15:50 - 2009-07-13 20:51 - 0038957 ____A C:\Windows\setupact.log
2011-10-18 14:41 - 2011-10-18 14:41 - 0000000 ____D C:\Users\Jenn\AppData\Roaming\PC Tools
2011-10-18 14:41 - 2011-10-18 14:34 - 0000000 ____D C:\Users\All Users\PC Tools
2011-10-18 14:41 - 2011-10-18 14:34 - 0000000 ____D C:\ProgramData\PC Tools
2011-10-18 14:37 - 2009-07-13 21:13 - 0726444 ____A C:\Windows\System32\PerfStringBackup.INI
2011-10-18 14:34 - 2011-10-18 14:34 - 0512992 ____A C:\Users\Jenn\Downloads\sdasetup_revwire207.exe
2011-10-18 14:34 - 2011-10-18 14:34 - 0512992 ____A C:\Users\Jenn\Desktop\sdasetup_revwire207.exe
2011-10-18 14:27 - 2011-10-12 17:04 - 0000000 ____D C:\Users\All Users\McAfee
2011-10-18 14:27 - 2011-10-12 17:04 - 0000000 ____D C:\ProgramData\McAfee
2011-10-18 14:27 - 2009-07-13 21:10 - 1819892 ____A C:\Windows\WindowsUpdate.log
2011-10-18 14:22 - 2011-10-18 14:22 - 4188120 ____A (McAfee, Inc.) C:\Users\Jenn\Downloads\McAfeeSetup.exe
2011-10-18 14:16 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2011-10-18 14:14 - 2009-07-13 20:45 - 0014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2011-10-18 14:14 - 2009-07-13 20:45 - 0014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2011-10-18 13:00 - 2011-10-02 18:44 - 0000000 ____D C:\Users\Jenn\AppData\Local\ElevatedDiagnostics
2011-10-18 11:32 - 2011-10-18 11:32 - 265245412 ____A C:\Windows\MEMORY.DMP
2011-10-18 11:32 - 2011-10-18 11:32 - 0271072 ____A C:\Windows\Minidump\101811-14648-01.dmp
2011-10-18 11:32 - 2010-05-03 17:56 - 0000000 ____D C:\Windows\Minidump
2011-10-18 10:47 - 2011-10-18 10:47 - 0692520 ____A C:\Windows\Minidump\101811-15256-01.dmp
2011-10-17 17:12 - 2010-05-31 09:48 - 0000000 ____D C:\Users\Jenn\Documents\Stories
2011-10-17 16:44 - 2011-10-17 16:44 - 0734704 ____A C:\Windows\Minidump\101711-14180-01.dmp
2011-10-16 19:48 - 2011-10-13 14:53 - 0000000 ____D C:\Users\All Users\MFAData
2011-10-16 19:48 - 2011-10-13 14:53 - 0000000 ____D C:\ProgramData\MFAData
2011-10-16 19:47 - 2011-10-16 19:47 - 3900592 ____A (AVG Technologies) C:\Users\Jenn\Downloads\avg_free_stb_all_2012_1831_cnet.exe
2011-10-16 15:39 - 2011-10-16 15:39 - 0692592 ____A C:\Windows\Minidump\101611-12105-01.dmp
2011-10-16 15:39 - 2010-11-18 16:42 - 0000400 ___AH C:\Windows\Tasks\Norton Security Scan for Jenn.job
2011-10-16 10:10 - 2011-10-16 10:10 - 0692304 ____A C:\Windows\Minidump\101611-12823-01.dmp
2011-10-16 08:48 - 2011-10-16 08:48 - 0011285 ____A C:\Users\Jenn\Documents\Resume.docx
2011-10-16 08:48 - 2011-10-16 08:48 - 0000162 ___AH C:\Users\Jenn\Documents\~$Resume.docx
2011-10-16 08:10 - 2011-10-16 08:10 - 0692520 ____A C:\Windows\Minidump\101611-13494-01.dmp
2011-10-15 18:15 - 2011-10-15 18:15 - 0692304 ____A C:\Windows\Minidump\101511-15990-01.dmp
2011-10-15 12:48 - 2011-10-15 12:48 - 0000000 __SHD C:\Windows\System32\%APPDATA%
2011-10-14 16:39 - 2011-10-14 16:39 - 0734704 ____A C:\Windows\Minidump\101411-16255-01.dmp
2011-10-14 11:52 - 2011-10-14 11:52 - 0684328 ____A C:\Windows\Minidump\101411-23540-01.dmp
2011-10-13 14:50 - 2011-10-13 14:49 - 3900584 ____A (AVG Technologies) C:\Users\Jenn\Downloads\avg_isct_stb_all_2012_1831_ms.exe
2011-10-13 14:37 - 2011-10-13 14:37 - 0734488 ____A C:\Windows\Minidump\101311-16411-01.dmp
2011-10-13 12:50 - 2011-10-13 12:50 - 3435928 ____A (McAfee, Inc.) C:\Users\Jenn\Downloads\SecurityScan_Release.exe
2011-10-13 12:50 - 2011-10-13 12:50 - 0002172 ____A C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2011-10-13 12:50 - 2010-10-15 18:52 - 0002172 ____A C:\Users\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
2011-10-13 12:50 - 2010-10-15 18:51 - 0000000 ____D C:\Program Files (x86)\McAfee Security Scan
2011-10-13 00:16 - 2009-07-13 20:45 - 0320744 ____A C:\Windows\System32\FNTCACHE.DAT
2011-10-13 00:15 - 2010-02-07 23:35 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2011-10-12 16:55 - 2010-02-08 01:10 - 0807316 ____A C:\Windows\PFRO.log
2011-10-12 15:49 - 2011-10-12 15:49 - 0458608 ____A (McAfee Inc.) C:\Users\Jenn\Downloads\MVTInstaller.exe
2011-10-12 15:49 - 2011-10-12 15:48 - 1832544 ____A (McAfee, Inc.) C:\Users\Jenn\Downloads\MCPR.exe
2011-10-12 15:29 - 2011-10-12 15:29 - 0727576 ____A C:\Windows\Minidump\101211-13072-01.dmp
2011-10-12 15:00 - 2011-10-12 15:00 - 0700640 ____A C:\Windows\Minidump\101211-37580-01.dmp
2011-10-11 18:10 - 2011-10-11 18:10 - 0734632 ____A C:\Windows\Minidump\101111-13353-01.dmp
2011-10-11 14:33 - 2011-10-11 14:32 - 0692448 ____A C:\Windows\Minidump\101111-13026-01.dmp
2011-10-10 19:55 - 2011-10-10 19:55 - 0692448 ____A C:\Windows\Minidump\101011-16567-01.dmp
2011-10-10 18:05 - 2010-03-16 17:36 - 0000000 ____D C:\Program Files (x86)\Ask.com
2011-10-10 13:04 - 2011-10-10 13:04 - 0700784 ____A C:\Windows\Minidump\101011-14492-01.dmp
2011-10-05 18:37 - 2011-10-05 18:37 - 0000000 ____D C:\Windows\system64
2011-10-02 18:33 - 2011-10-02 16:21 - 0018638 ____A C:\Users\Jenn\Documents\Owen Meany.docx
2011-09-30 21:24 - 2011-10-12 18:42 - 9326080 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2011-09-30 20:42 - 2011-10-12 18:42 - 5990912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2011-09-30 19:21 - 2011-10-12 18:42 - 1638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2011-09-30 18:59 - 2011-10-12 18:42 - 1638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2011-09-27 13:55 - 2011-09-27 13:31 - 0013500 ____A C:\Users\Jenn\Documents\APGAP reader.docx
2011-09-25 18:10 - 2011-09-25 17:49 - 0027866 ____A C:\Users\Jenn\Documents\Nurse project.docx
2011-09-19 18:58 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\System32\FxsTmp
2011-09-19 18:45 - 2011-09-15 18:15 - 0018293 ____A C:\Users\Jenn\Documents\A dolls house essay.docx
2011-09-19 18:35 - 2011-09-15 17:11 - 0012909 ____A C:\Users\Jenn\Documents\A dolls house project.docx
2011-09-16 03:19 - 2011-09-16 03:19 - 0000162 ___AH C:\Users\Jenn\Documents\~$dolls house project.docx
2011-09-16 03:19 - 2011-09-16 03:19 - 0000162 ___AH C:\Users\Jenn\Documents\~$dolls house essay.docx
2011-09-16 00:02 - 2010-02-07 23:44 - 0000000 ____D C:\Users\All Users\Microsoft Help
2011-09-16 00:02 - 2010-02-07 23:44 - 0000000 ____D C:\ProgramData\Microsoft Help
2011-09-08 18:34 - 2011-09-08 18:34 - 0014635 ____A C:\Users\Jenn\Documents\Republican Debate.docx
2011-09-05 19:07 - 2011-10-12 18:42 - 3134976 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2011-09-05 14:12 - 2011-09-05 08:13 - 0022159 ____A C:\Users\Jenn\Documents\Ethan Frome Essay.docx
2011-09-03 18:45 - 2010-02-19 17:36 - 0000000 ____D C:\Users\Jenn\AppData\Roaming\Skype
2011-09-03 18:34 - 2010-02-19 17:40 - 0000000 ____D C:\Users\Jenn\AppData\Roaming\skypePM
2011-08-26 21:40 - 2011-10-12 18:40 - 0861184 ____A (Microsoft Corporation) C:\Windows\System32\oleaut32.dll
2011-08-26 21:40 - 2011-10-12 18:40 - 0331776 ____A (Microsoft Corporation) C:\Windows\System32\oleacc.dll
2011-08-26 20:43 - 2011-10-12 18:40 - 0571904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2011-08-26 20:43 - 2011-10-12 18:40 - 0233472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\oleacc.dll
2011-08-25 20:32 - 2011-08-25 20:32 - 0000000 ____A C:\Windows\PowerReg.dat
2011-08-25 20:32 - 2011-08-25 20:31 - 0000311 ____A C:\Windows\hegames.ini
2011-08-25 00:40 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\rescache
2011-08-19 21:45 - 2011-10-12 18:42 - 1197568 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2011-08-19 21:44 - 2011-10-12 18:42 - 1501184 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2011-08-19 21:44 - 2011-10-12 18:42 - 0134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2011-08-19 21:42 - 2011-10-12 18:42 - 1026560 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
2011-08-19 21:41 - 2011-10-12 18:42 - 0703488 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2011-08-19 21:41 - 2011-10-12 18:42 - 0097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2011-08-19 21:41 - 2011-10-12 18:42 - 0082944 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2011-08-19 21:41 - 2011-10-12 18:42 - 0064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2011-08-19 21:41 - 2011-10-12 18:42 - 0057856 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2011-08-19 21:40 - 2011-10-12 18:42 - 2458624 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2011-08-19 21:40 - 2011-10-12 18:42 - 12370944 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2011-08-19 21:40 - 2011-10-12 18:42 - 0445952 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2011-08-19 21:40 - 2011-10-12 18:42 - 0256000 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2011-08-19 21:40 - 2011-10-12 18:42 - 0247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2011-08-19 21:37 - 2011-10-12 18:42 - 0012288 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2011-08-19 20:38 - 2011-10-12 18:42 - 1230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2011-08-19 20:38 - 2011-10-12 18:42 - 0981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2011-08-19 20:38 - 2011-10-12 18:42 - 0132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2011-08-19 20:36 - 2011-10-12 18:42 - 0606208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstime.dll
2011-08-19 20:35 - 2011-10-12 18:42 - 2072576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2011-08-19 20:35 - 2011-10-12 18:42 - 10990080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2011-08-19 20:35 - 2011-10-12 18:42 - 0599552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2011-08-19 20:35 - 2011-10-12 18:42 - 0185856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2011-08-19 20:35 - 2011-10-12 18:42 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2011-08-19 20:35 - 2011-10-12 18:42 - 0067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2011-08-19 20:35 - 2011-10-12 18:42 - 0064512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2011-08-19 20:35 - 2011-10-12 18:42 - 0048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2011-08-19 20:35 - 2011-10-12 18:42 - 0044544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2011-08-19 20:34 - 2011-10-12 18:42 - 0381440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2011-08-19 20:32 - 2011-10-12 18:42 - 0012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2011-08-19 20:20 - 2011-10-12 18:42 - 0482816 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2011-08-19 19:26 - 2011-10-12 18:42 - 0386048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2011-08-16 21:32 - 2011-10-12 18:40 - 0613888 ____A (Microsoft Corporation) C:\Windows\System32\psisdecd.dll
2011-08-16 21:27 - 2011-10-12 18:40 - 0288256 ____A (Microsoft Corporation) C:\Windows\System32\MSNP.ax
2011-08-16 21:27 - 2011-10-12 18:40 - 0108032 ____A (Microsoft Corporation) C:\Windows\System32\psisrndr.ax
2011-08-16 21:27 - 2011-10-12 18:40 - 0104960 ____A (Microsoft Corporation) C:\Windows\System32\Mpeg2Data.ax
2011-08-16 21:27 - 2011-10-12 18:40 - 0075776 ____A (Microsoft Corporation) C:\Windows\System32\MSDvbNP.ax
2011-08-16 20:26 - 2011-10-12 18:40 - 0465408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\psisdecd.dll
2011-08-16 20:22 - 2011-10-12 18:40 - 0204288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSNP.ax
2011-08-16 20:22 - 2011-10-12 18:40 - 0075776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\psisrndr.ax
2011-08-16 20:22 - 2011-10-12 18:40 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Mpeg2Data.ax
2011-08-16 20:22 - 2011-10-12 18:40 - 0059904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSDvbNP.ax
2011-08-12 18:05 - 2011-08-10 20:13 - 0010160 ____A C:\Users\Jenn\AppData\Roaming\3D48.B94
2011-08-12 14:56 - 2011-08-12 14:56 - 0111204 ____A C:\Users\Jenn\Documents\Breakers Acceptance.docx
2011-08-12 14:55 - 2011-08-12 14:55 - 0111196 ____A C:\Users\Jenn\Documents\Breakers Acceptence.docx
2011-08-10 21:21 - 2011-08-10 21:19 - 5949053 ____A C:\Users\Jenn\Downloads\Adele - Turning Tables (With Lyrics).mp3
2011-08-10 21:18 - 2011-08-10 21:14 - 3539829 ____A C:\Users\Jenn\Downloads\Adele - Set Fire to the Rain Lyrics.mp3
2011-08-10 21:16 - 2011-08-10 21:09 - 5253786 ____A C:\Users\Jenn\Downloads\Avril Lavigne - What The Hell Lyrics on Screen HD.mp3
2011-08-10 21:16 - 2011-08-10 21:04 - 5676338 ____A C:\Users\Jenn\Downloads\mBRUkdQa6Is.mp3
2011-08-10 21:02 - 2011-08-10 21:00 - 5944673 ____A C:\Users\Jenn\Downloads\Christina Perri - Jar of Hearts.mp3
2011-08-10 21:02 - 2011-08-10 20:56 - 4921506 ____A C:\Users\Jenn\Downloads\Darius Rucker - I Got Nothin [MP3] [Lyrics].mp3
2011-08-10 20:56 - 2011-08-10 20:51 - 4908344 ____A C:\Users\Jenn\Downloads\Tonight Tonight By Hot Chelle Rae [Lyrics].mp3
2011-08-10 20:53 - 2011-08-10 20:49 - 4991099 ____A C:\Users\Jenn\Downloads\A Buncha Girls - Frankie Ballard (with lyrics).mp3
2011-08-10 20:47 - 2011-08-10 20:45 - 5201135 ____A C:\Users\Jenn\Downloads\_You Make Me Feel...._ Cobra Starship ft. Sabi(2).mp3
2011-08-10 20:47 - 2011-08-10 20:41 - 5164756 ____A C:\Users\Jenn\Downloads\Steve Holy - Love Dont Run with lyrics.mp3
2011-08-10 20:45 - 2011-08-10 20:38 - 5700166 ____A C:\Users\Jenn\Downloads\God Gave Me You- Blake Shelton.mp3
2011-08-10 20:37 - 2011-08-10 20:35 - 4376695 ____A C:\Users\Jenn\Downloads\Thompson Square - I Got You - With Lyrics.mp3
2011-08-10 20:35 - 2011-08-10 20:30 - 4813045 ____A C:\Users\Jenn\Downloads\Crazy Girl lyrics by Eli Young Band..mp3
2011-08-10 20:34 - 2011-08-10 20:27 - 6682578 ____A C:\Users\Jenn\Downloads\Keith Urban-Long Hot Summer.mp3
2011-08-10 20:25 - 2011-08-10 20:20 - 4931540 ____A C:\Users\Jenn\Downloads\Rodney Atkins - Take a Back Road - with lyrics(2).mp3
2011-08-10 20:24 - 2011-08-10 20:20 - 4921247 ____A C:\Users\Jenn\Downloads\Rodney Atkins - Take a Back Road - with lyrics.mp3
2011-08-10 20:24 - 2011-08-10 20:16 - 4627478 ____A C:\Users\Jenn\Downloads\Am I the Only One by Dierks Bentley.mp3
2011-08-10 20:15 - 2011-08-10 20:06 - 5335915 ____A C:\Users\Jenn\Downloads\yJu0U8oVYbE.mp3
2011-08-10 20:15 - 2011-08-10 19:59 - 4814295 ____A C:\Users\Jenn\Downloads\Nicki Minaj - Super Bass (Feat. Ester Dean) Lyrics Video.mp3
2011-08-10 20:14 - 2011-08-10 19:54 - 5923998 ____A C:\Users\Jenn\Downloads\Brad Paisley - Remind Me (Duet With Carrie Underwood).mp3
2011-08-10 20:03 - 2011-08-10 20:02 - 4804010 ____A C:\Users\Jenn\Downloads\Nicki Minaj - Super Bass (Feat. Ester Dean) Lyrics Video(2).mp3
2011-08-10 19:58 - 2011-08-10 19:57 - 5190832 ____A C:\Users\Jenn\Downloads\_You Make Me Feel...._ Cobra Starship ft. Sabi.mp3
2011-08-10 19:49 - 2011-08-10 19:47 - 5889508 ____A C:\Users\Jenn\Downloads\Scotty McCreery-I Love You This Big with lyrics.mp3
2011-08-10 19:47 - 2011-08-10 19:44 - 5312717 ____A C:\Users\Jenn\Downloads\_Just A Kiss_ Lyric Video.mp3
2011-08-07 21:59 - 2011-08-07 21:59 - 0000000 ____D C:\Users\All Users\GoBit Games
2011-08-07 21:59 - 2011-08-07 21:59 - 0000000 ____D C:\ProgramData\GoBit Games
2011-08-03 09:14 - 2011-08-03 09:14 - 0000000 ____D C:\Users\Jenn\AppData\Roaming\Shape games
2011-07-29 15:58 - 2011-07-27 20:10 - 0000120 ____A C:\Users\Jenn\AppData\Local\Dnogiriyiji.dat
2011-07-29 15:58 - 2011-07-27 20:10 - 0000000 ____A C:\Users\Jenn\AppData\Local\Egepa.bin
2011-07-27 20:10 - 2011-07-27 20:10 - 0000000 ____D C:\Users\Jenn\AppData\Local\{65C6915A-095A-49E0-85A2-9D4DAD350332}
2011-07-25 14:36 - 2009-07-13 21:08 - 0032584 ____A C:\Windows\Tasks\SCHEDLGU.TXT

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 15%
Total physical RAM: 3956.54 MB
Available physical RAM: 3361.7 MB
Total Pagefile: 3954.69 MB
Available Pagefile: 3345.84 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:58.59 GB) (Free:2.18 GB) NTFS
2 Drive d: () (Fixed) (Total:229.63 GB) (Free:228.62 GB) NTFS
5 Drive h: () (Removable) (Total:3.72 GB) (Free:1.98 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: (RECOVERY) (Fixed) (Total:9.77 GB) (Free:3.51 GB) NTFS

==========================================================

Last Boot: 2011-10-13 00:46

======================= End Of Log ==========================

#11 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:18 AM

Posted 19 October 2011 - 03:32 PM

At list we can read the log now.:)

Let's take a look at TDSSKiller logs.

  • Please tell me if startup repair gives you any indication of an error.

    Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

    start
    cmd: copy /y c:\tdss*.txt H:\
    cmd: bcdedit /enum all
    end
    

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
    Now please enter System Recovery Options.

    Run FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Edited by farbar, 19 October 2011 - 03:32 PM.
typo


#12 cds568

cds568
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Connecticut
  • Local time:01:18 AM

Posted 19 October 2011 - 03:42 PM

fixlog.txt:

Fix result of Farbars's Recovery Tool (FRST written by farbar version 2.2.5)
Ran by SYSTEM at 2011-10-19 16:37:09 R:2
Running from H:\

==============================================


========= copy /y c:\tdss*.txt H:\ =========

c:\TDSSKiller.2.6.10.0_18.10.2011_19.29.37_log.txt
c:\TDSSKiller.2.6.10.0_18.10.2011_19.33.41_log.txt
2 file(s) copied.

========= End of CMD: =========


========= bcdedit /enum all =========


Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=Y:
description Windows Boot Manager
locale en-US
inherit {globalsettings}
default {default}
resumeobject {48e98203-1491-11df-998d-0026b9238f57}
displayorder {default}
toolsdisplayorder {memdiag}
timeout 30

Windows Boot Loader
-------------------
identifier {default}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale en-US
inherit {bootloadersettings}
recoverysequence {current}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {48e98203-1491-11df-998d-0026b9238f57}
nx OptIn

Windows Boot Loader
-------------------
identifier {current}
device ramdisk=[Y:]\Recovery\WindowsRE\Winre.wim,{48e98206-1491-11df-998d-0026b9238f57}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[Y:]\Recovery\WindowsRE\Winre.wim,{48e98206-1491-11df-998d-0026b9238f57}
systemroot \windows
nx OptIn
winpe Yes

Resume from Hibernate
---------------------
identifier {48e98203-1491-11df-998d-0026b9238f57}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device partition=Y:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes

EMS Settings
------------
identifier {emssettings}
custom:26000022 Yes

Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {badmemory}

Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}

Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}

Device options
--------------
identifier {48e98206-1491-11df-998d-0026b9238f57}
description Ramdisk Options
ramdisksdidevice partition=Y:
ramdisksdipath \Recovery\WindowsRE\boot.sdi

========= End of CMD: =========


==== End of Fixlog ====

#13 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:18 AM

Posted 19 October 2011 - 03:47 PM

There are two file on your flash drive, please post them to your reply:

TDSSKiller.2.6.10.0_18.10.2011_19.29.37_log.txt
TDSSKiller.2.6.10.0_18.10.2011_19.33.41_log.txt


#14 cds568

cds568
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Connecticut
  • Local time:01:18 AM

Posted 19 October 2011 - 05:02 PM

TDSSKiller.2.6.10.0_18.10.2011_19.29.37_log.txt:

19:29:37.0828 2052 TDSS rootkit removing tool 2.6.10.0 Oct 17 2011 15:43:23
19:29:39.0830 2052 ============================================================
19:29:39.0831 2052 Current date / time: 2011/10/18 19:29:39.0830
19:29:39.0831 2052 SystemInfo:
19:29:39.0832 2052
19:29:39.0832 2052 OS Version: 6.1.7600 ServicePack: 0.0
19:29:39.0833 2052 Product type: Workstation
19:29:39.0834 2052 ComputerName: JENN-PC
19:29:39.0835 2052 UserName: Jenn
19:29:39.0836 2052 Windows directory: C:\Windows
19:29:39.0836 2052 System windows directory: C:\Windows
19:29:39.0836 2052 Running under WOW64
19:29:39.0836 2052 Processor architecture: Intel x64
19:29:39.0836 2052 Number of processors: 4
19:29:39.0836 2052 Page size: 0x1000
19:29:39.0837 2052 Boot type: Safe boot with network
19:29:39.0837 2052 ============================================================
19:29:41.0913 2052 Initialize success
19:29:58.0804 1096 ============================================================
19:29:58.0804 1096 Scan started
19:29:58.0804 1096 Mode: Manual;
19:29:58.0804 1096 ============================================================
19:30:00.0886 1096 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
19:30:00.0912 1096 1394ohci - ok
19:30:01.0008 1096 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
19:30:01.0031 1096 ACPI - ok
19:30:01.0115 1096 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
19:30:01.0122 1096 AcpiPmi - ok
19:30:01.0302 1096 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
19:30:01.0347 1096 adp94xx - ok
19:30:01.0481 1096 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
19:30:01.0506 1096 adpahci - ok
19:30:01.0612 1096 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
19:30:01.0627 1096 adpu320 - ok
19:30:01.0956 1096 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
19:30:01.0997 1096 AFD - ok
19:30:02.0048 1096 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
19:30:02.0059 1096 agp440 - ok
19:30:02.0248 1096 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
19:30:02.0260 1096 aliide - ok
19:30:02.0359 1096 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
19:30:02.0370 1096 amdide - ok
19:30:02.0500 1096 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
19:30:02.0512 1096 AmdK8 - ok
19:30:02.0553 1096 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
19:30:02.0564 1096 AmdPPM - ok
19:30:02.0684 1096 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
19:30:02.0701 1096 amdsata - ok
19:30:02.0796 1096 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
19:30:02.0828 1096 amdsbs - ok
19:30:02.0938 1096 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
19:30:02.0948 1096 amdxata - ok
19:30:03.0072 1096 ApfiltrService (8b522286c8d6a20133d12225b7759596) C:\Windows\system32\DRIVERS\Apfiltr.sys
19:30:03.0088 1096 ApfiltrService - ok
19:30:03.0246 1096 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
19:30:03.0256 1096 AppID - ok
19:30:03.0555 1096 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
19:30:03.0567 1096 arc - ok
19:30:03.0688 1096 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
19:30:03.0698 1096 arcsas - ok
19:30:03.0806 1096 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
19:30:03.0814 1096 AsyncMac - ok
19:30:03.0920 1096 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
19:30:03.0927 1096 atapi - ok
19:30:04.0191 1096 AtiHdmiService (506934df94e3197f4a1bbe8fbeab0ccd) C:\Windows\system32\drivers\AtiHdmi.sys
19:30:04.0202 1096 AtiHdmiService - ok
19:30:04.0657 1096 atikmdag (c9f90fee4fdc829382b9130a92fb744c) C:\Windows\system32\DRIVERS\atikmdag.sys
19:30:05.0008 1096 atikmdag - ok
19:30:05.0335 1096 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
19:30:05.0373 1096 b06bdrv - ok
19:30:05.0565 1096 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
19:30:05.0595 1096 b57nd60a - ok
19:30:05.0728 1096 BCM42RLY (e001dd475a7c27ebe5a0db45c11bad71) C:\Windows\system32\drivers\BCM42RLY.sys
19:30:05.0736 1096 BCM42RLY - ok
19:30:06.0056 1096 BCM43XX (37394d3553e220fb732c21e217e1bd8b) C:\Windows\system32\DRIVERS\bcmwl664.sys
19:30:06.0191 1096 BCM43XX - ok
19:30:06.0422 1096 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
19:30:06.0429 1096 Beep - ok
19:30:06.0656 1096 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
19:30:06.0664 1096 blbdrive - ok
19:30:06.0870 1096 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
19:30:06.0879 1096 bowser - ok
19:30:06.0920 1096 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:30:06.0928 1096 BrFiltLo - ok
19:30:07.0042 1096 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:30:07.0050 1096 BrFiltUp - ok
19:30:07.0189 1096 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
19:30:07.0216 1096 Brserid - ok
19:30:07.0300 1096 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
19:30:07.0310 1096 BrSerWdm - ok
19:30:07.0454 1096 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:30:07.0463 1096 BrUsbMdm - ok
19:30:07.0606 1096 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
19:30:07.0614 1096 BrUsbSer - ok
19:30:07.0734 1096 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
19:30:07.0746 1096 BthEnum - ok
19:30:07.0901 1096 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
19:30:07.0913 1096 BTHMODEM - ok
19:30:07.0994 1096 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
19:30:08.0005 1096 BthPan - ok
19:30:08.0190 1096 BTHPORT (21084ceb85280468c9aca3c805c0f8cf) C:\Windows\system32\Drivers\BTHport.sys
19:30:08.0224 1096 BTHPORT - ok
19:30:08.0352 1096 BTHUSB (8504842634dd144c075b6b0c982ccec4) C:\Windows\system32\Drivers\BTHUSB.sys
19:30:08.0362 1096 BTHUSB - ok
19:30:08.0499 1096 btwaudio (6bcfdc2b5b7f66d484486d4bd4b39a6b) C:\Windows\system32\drivers\btwaudio.sys
19:30:08.0510 1096 btwaudio - ok
19:30:08.0617 1096 btwavdt (82dc8b7c626e526681c1bebed2bc3ff9) C:\Windows\system32\DRIVERS\btwavdt.sys
19:30:08.0631 1096 btwavdt - ok
19:30:08.0745 1096 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
19:30:08.0758 1096 btwl2cap - ok
19:30:08.0834 1096 btwrchid (28e105ad3b79f440bf94780f507bf66a) C:\Windows\system32\DRIVERS\btwrchid.sys
19:30:08.0845 1096 btwrchid - ok
19:30:08.0967 1096 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
19:30:08.0979 1096 cdfs - ok
19:30:09.0041 1096 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
19:30:09.0055 1096 cdrom - ok
19:30:09.0173 1096 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
19:30:09.0182 1096 circlass - ok
19:30:09.0295 1096 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
19:30:09.0348 1096 CLFS - ok
19:30:09.0629 1096 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
19:30:09.0639 1096 CmBatt - ok
19:30:09.0714 1096 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
19:30:09.0723 1096 cmdide - ok
19:30:09.0816 1096 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
19:30:09.0868 1096 CNG - ok
19:30:09.0937 1096 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
19:30:09.0947 1096 Compbatt - ok
19:30:10.0079 1096 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
19:30:10.0087 1096 CompositeBus - ok
19:30:10.0172 1096 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
19:30:10.0180 1096 crcdisk - ok
19:30:10.0411 1096 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys
19:30:10.0437 1096 CtClsFlt - ok
19:30:10.0671 1096 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
19:30:10.0682 1096 DfsC - ok
19:30:10.0768 1096 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
19:30:10.0778 1096 discache - ok
19:30:10.0833 1096 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
19:30:10.0842 1096 Disk - ok
19:30:11.0052 1096 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
19:30:11.0059 1096 drmkaud - ok
19:30:11.0207 1096 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
19:30:11.0269 1096 DXGKrnl - ok
19:30:11.0522 1096 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
19:30:11.0818 1096 ebdrv - ok
19:30:12.0106 1096 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
19:30:12.0156 1096 elxstor - ok
19:30:12.0214 1096 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
19:30:12.0222 1096 ErrDev - ok
19:30:12.0418 1096 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
19:30:12.0443 1096 exfat - ok
19:30:12.0526 1096 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
19:30:12.0553 1096 fastfat - ok
19:30:12.0669 1096 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
19:30:12.0677 1096 fdc - ok
19:30:12.0837 1096 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
19:30:12.0847 1096 FileInfo - ok
19:30:12.0902 1096 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
19:30:12.0911 1096 Filetrace - ok
19:30:12.0968 1096 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
19:30:12.0976 1096 flpydisk - ok
19:30:13.0103 1096 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
19:30:13.0130 1096 FltMgr - ok
19:30:13.0232 1096 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
19:30:13.0241 1096 FsDepends - ok
19:30:13.0296 1096 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
19:30:13.0304 1096 Fs_Rec - ok
19:30:13.0403 1096 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
19:30:13.0430 1096 fvevol - ok
19:30:13.0489 1096 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:30:13.0499 1096 gagp30kx - ok
19:30:13.0679 1096 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:30:13.0685 1096 GEARAspiWDM - ok
19:30:13.0863 1096 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
19:30:13.0880 1096 hcw85cir - ok
19:30:13.0948 1096 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:30:13.0960 1096 HDAudBus - ok
19:30:14.0021 1096 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
19:30:14.0030 1096 HECIx64 - ok
19:30:14.0115 1096 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
19:30:14.0126 1096 HidBatt - ok
19:30:14.0182 1096 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
19:30:14.0197 1096 HidBth - ok
19:30:14.0238 1096 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
19:30:14.0246 1096 HidIr - ok
19:30:14.0386 1096 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
19:30:14.0397 1096 HidUsb - ok
19:30:14.0619 1096 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
19:30:14.0633 1096 HpSAMD - ok
19:30:14.0746 1096 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
19:30:14.0796 1096 HTTP - ok
19:30:14.0834 1096 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
19:30:14.0841 1096 hwpolicy - ok
19:30:14.0955 1096 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
19:30:14.0965 1096 i8042prt - ok
19:30:15.0060 1096 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
19:30:15.0101 1096 iaStorV - ok
19:30:15.0214 1096 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
19:30:15.0223 1096 iirsp - ok
19:30:15.0572 1096 IntcAzAudAddService (2a7cf87be453241fe0baa1c8651e7aa4) C:\Windows\system32\drivers\RTKVHD64.sys
19:30:15.0695 1096 IntcAzAudAddService - ok
19:30:15.0786 1096 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
19:30:15.0796 1096 intelide - ok
19:30:15.0888 1096 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
19:30:15.0897 1096 intelppm - ok
19:30:16.0018 1096 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:30:16.0028 1096 IpFilterDriver - ok
19:30:16.0143 1096 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
19:30:16.0154 1096 IPMIDRV - ok
19:30:16.0305 1096 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
19:30:16.0317 1096 IPNAT - ok
19:30:16.0498 1096 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
19:30:16.0507 1096 IRENUM - ok
19:30:16.0573 1096 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
19:30:16.0581 1096 isapnp - ok
19:30:16.0642 1096 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
19:30:16.0668 1096 iScsiPrt - ok
19:30:16.0727 1096 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
19:30:16.0736 1096 kbdclass - ok
19:30:16.0831 1096 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
19:30:16.0845 1096 kbdhid - ok
19:30:17.0023 1096 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
19:30:17.0034 1096 KSecDD - ok
19:30:17.0206 1096 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
19:30:17.0232 1096 KSecPkg - ok
19:30:17.0343 1096 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
19:30:17.0354 1096 ksthunk - ok
19:30:17.0637 1096 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
19:30:17.0647 1096 lltdio - ok
19:30:17.0902 1096 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:30:17.0914 1096 LSI_FC - ok
19:30:18.0054 1096 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:30:18.0065 1096 LSI_SAS - ok
19:30:18.0222 1096 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:30:18.0231 1096 LSI_SAS2 - ok
19:30:18.0286 1096 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:30:18.0297 1096 LSI_SCSI - ok
19:30:18.0364 1096 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
19:30:18.0376 1096 luafv - ok
19:30:18.0524 1096 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
19:30:18.0536 1096 megasas - ok
19:30:18.0599 1096 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
19:30:18.0624 1096 MegaSR - ok
19:30:18.0776 1096 mfeapfk (fb752feb1ed4e660ff51712892905c04) C:\Windows\system32\drivers\mfeapfk.sys
19:30:18.0803 1096 mfeapfk - ok
19:30:18.0926 1096 mfehidk (39030c98198f02a2f3a1c3166bf56253) C:\Windows\system32\drivers\mfehidk.sys
19:30:18.0974 1096 mfehidk - ok
19:30:19.0099 1096 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
19:30:19.0109 1096 Modem - ok
19:30:19.0212 1096 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
19:30:19.0222 1096 monitor - ok
19:30:19.0288 1096 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
19:30:19.0294 1096 mouclass - ok
19:30:19.0343 1096 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
19:30:19.0351 1096 mouhid - ok
19:30:19.0403 1096 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
19:30:19.0416 1096 mountmgr - ok
19:30:19.0478 1096 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
19:30:19.0502 1096 mpio - ok
19:30:19.0555 1096 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
19:30:19.0563 1096 mpsdrv - ok
19:30:19.0654 1096 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
19:30:19.0678 1096 MRxDAV - ok
19:30:19.0780 1096 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:30:19.0806 1096 mrxsmb - ok
19:30:19.0910 1096 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:30:19.0936 1096 mrxsmb10 - ok
19:30:20.0027 1096 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:30:20.0038 1096 mrxsmb20 - ok
19:30:20.0098 1096 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
19:30:20.0105 1096 msahci - ok
19:30:20.0213 1096 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
19:30:20.0228 1096 msdsm - ok
19:30:20.0421 1096 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
19:30:20.0428 1096 Msfs - ok
19:30:20.0469 1096 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
19:30:20.0477 1096 mshidkmdf - ok
19:30:20.0577 1096 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
19:30:20.0585 1096 msisadrv - ok
19:30:20.0709 1096 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
19:30:20.0718 1096 MSKSSRV - ok
19:30:20.0791 1096 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
19:30:20.0799 1096 MSPCLOCK - ok
19:30:20.0862 1096 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
19:30:20.0870 1096 MSPQM - ok
19:30:20.0975 1096 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
19:30:21.0004 1096 MsRPC - ok
19:30:21.0085 1096 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
19:30:21.0092 1096 mssmbios - ok
19:30:21.0184 1096 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
19:30:21.0192 1096 MSTEE - ok
19:30:21.0240 1096 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
19:30:21.0247 1096 MTConfig - ok
19:30:21.0334 1096 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
19:30:21.0344 1096 Mup - ok
19:30:21.0466 1096 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
19:30:21.0494 1096 NativeWifiP - ok
19:30:21.0610 1096 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
19:30:21.0685 1096 NDIS - ok
19:30:21.0784 1096 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
19:30:21.0794 1096 NdisCap - ok
19:30:21.0896 1096 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
19:30:21.0905 1096 NdisTapi - ok
19:30:21.0972 1096 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
19:30:21.0983 1096 Ndisuio - ok
19:30:22.0061 1096 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
19:30:22.0089 1096 NdisWan - ok
19:30:22.0153 1096 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
19:30:22.0166 1096 NDProxy - ok
19:30:22.0284 1096 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
19:30:22.0297 1096 NetBIOS - ok
19:30:22.0361 1096 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
19:30:22.0387 1096 NetBT - ok
19:30:22.0591 1096 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
19:30:22.0602 1096 nfrd960 - ok
19:30:22.0684 1096 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
19:30:22.0694 1096 Npfs - ok
19:30:22.0779 1096 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
19:30:22.0787 1096 nsiproxy - ok
19:30:22.0999 1096 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
19:30:23.0099 1096 Ntfs - ok
19:30:23.0159 1096 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
19:30:23.0167 1096 Null - ok
19:30:23.0249 1096 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
19:30:23.0276 1096 nvraid - ok
19:30:23.0376 1096 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
19:30:23.0403 1096 nvstor - ok
19:30:23.0474 1096 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
19:30:23.0488 1096 nv_agp - ok
19:30:23.0599 1096 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
19:30:23.0610 1096 ohci1394 - ok
19:30:23.0751 1096 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
19:30:23.0763 1096 Parport - ok
19:30:23.0853 1096 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
19:30:23.0862 1096 partmgr - ok
19:30:23.0973 1096 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
19:30:23.0998 1096 pci - ok
19:30:24.0054 1096 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
19:30:24.0062 1096 pciide - ok
19:30:24.0135 1096 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
19:30:24.0161 1096 pcmcia - ok
19:30:24.0290 1096 PCTCore (54e013b6d55b81c0aa1ebea80ff42383) C:\Windows\system32\drivers\PCTCore64.sys
19:30:24.0313 1096 PCTCore - ok
19:30:24.0433 1096 pctDS (ff43e3b1687e4e2140de6349ea5c7372) C:\Windows\system32\drivers\pctDS64.sys
19:30:24.0472 1096 pctDS - ok
19:30:24.0535 1096 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
19:30:24.0548 1096 pcw - ok
19:30:24.0632 1096 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
19:30:24.0685 1096 PEAUTH - ok
19:30:25.0103 1096 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
19:30:25.0114 1096 PptpMiniport - ok
19:30:25.0219 1096 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
19:30:25.0237 1096 Processor - ok
19:30:25.0411 1096 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
19:30:25.0424 1096 Psched - ok
19:30:25.0530 1096 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
19:30:25.0541 1096 PxHlpa64 - ok
19:30:25.0679 1096 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
19:30:25.0783 1096 ql2300 - ok
19:30:25.0892 1096 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
19:30:25.0913 1096 ql40xx - ok
19:30:26.0049 1096 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
19:30:26.0059 1096 QWAVEdrv - ok
19:30:26.0151 1096 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
19:30:26.0171 1096 RasAcd - ok
19:30:26.0310 1096 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:30:26.0318 1096 RasAgileVpn - ok
19:30:26.0488 1096 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:30:26.0501 1096 Rasl2tp - ok
19:30:26.0653 1096 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
19:30:26.0664 1096 RasPppoe - ok
19:30:26.0728 1096 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
19:30:26.0741 1096 RasSstp - ok
19:30:26.0852 1096 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
19:30:26.0891 1096 rdbss - ok
19:30:26.0953 1096 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
19:30:26.0963 1096 rdpbus - ok
19:30:27.0029 1096 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:30:27.0039 1096 RDPCDD - ok
19:30:27.0171 1096 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
19:30:27.0179 1096 RDPENCDD - ok
19:30:27.0271 1096 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
19:30:27.0280 1096 RDPREFMP - ok
19:30:27.0349 1096 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
19:30:27.0375 1096 RDPWD - ok
19:30:27.0474 1096 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
19:30:27.0501 1096 rdyboost - ok
19:30:27.0663 1096 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
19:30:27.0697 1096 RFCOMM - ok
19:30:27.0859 1096 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
19:30:27.0871 1096 rspndr - ok
19:30:27.0982 1096 RSUSBSTOR (502b316947ea887cddd325d4745eb7d0) C:\Windows\system32\Drivers\RtsUStor.sys
19:30:28.0011 1096 RSUSBSTOR - ok
19:30:28.0097 1096 RTL8167 (3b01789ee4eaee97f5eb46b711387d5e) C:\Windows\system32\DRIVERS\Rt64win7.sys
19:30:28.0127 1096 RTL8167 - ok
19:30:28.0330 1096 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
19:30:28.0342 1096 sbp2port - ok
19:30:28.0454 1096 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
19:30:28.0466 1096 scfilter - ok
19:30:28.0807 1096 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:30:28.0817 1096 secdrv - ok
19:30:29.0072 1096 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
19:30:29.0082 1096 Serenum - ok
19:30:29.0154 1096 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
19:30:29.0165 1096 Serial - ok
19:30:29.0274 1096 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
19:30:29.0286 1096 sermouse - ok
19:30:29.0554 1096 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
19:30:29.0564 1096 sffdisk - ok
19:30:29.0651 1096 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
19:30:29.0661 1096 sffp_mmc - ok
19:30:29.0781 1096 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
19:30:29.0790 1096 sffp_sd - ok
19:30:29.0910 1096 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
19:30:29.0918 1096 sfloppy - ok
19:30:30.0179 1096 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:30:30.0189 1096 SiSRaid2 - ok
19:30:30.0308 1096 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
19:30:30.0320 1096 SiSRaid4 - ok
19:30:30.0417 1096 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
19:30:30.0430 1096 Smb - ok
19:30:30.0585 1096 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
19:30:30.0595 1096 spldr - ok
19:30:30.0816 1096 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
19:30:30.0856 1096 srv - ok
19:30:30.0975 1096 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
19:30:31.0018 1096 srv2 - ok
19:30:31.0110 1096 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
19:30:31.0138 1096 srvnet - ok
19:30:31.0271 1096 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
19:30:31.0283 1096 stexstor - ok
19:30:31.0457 1096 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
19:30:31.0465 1096 swenum - ok
19:30:31.0801 1096 Tcpip (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\drivers\tcpip.sys
19:30:31.0871 1096 Tcpip - ok
19:30:32.0021 1096 TCPIP6 (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\DRIVERS\tcpip.sys
19:30:32.0092 1096 TCPIP6 - ok
19:30:32.0209 1096 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
19:30:32.0217 1096 tcpipreg - ok
19:30:32.0294 1096 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
19:30:32.0302 1096 TDPIPE - ok
19:30:32.0357 1096 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
19:30:32.0365 1096 TDTCP - ok
19:30:32.0452 1096 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
19:30:32.0462 1096 tdx - ok
19:30:32.0514 1096 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
19:30:32.0522 1096 TermDD - ok
19:30:32.0772 1096 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:30:32.0781 1096 tssecsrv - ok
19:30:33.0027 1096 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
19:30:33.0038 1096 tunnel - ok
19:30:33.0105 1096 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
19:30:33.0114 1096 uagp35 - ok
19:30:33.0167 1096 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
19:30:33.0195 1096 udfs - ok
19:30:33.0334 1096 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
19:30:33.0343 1096 uliagpkx - ok
19:30:33.0458 1096 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
19:30:33.0465 1096 umbus - ok
19:30:33.0583 1096 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
19:30:33.0591 1096 UmPass - ok
19:30:33.0722 1096 USBAAPL64 (5cf1ead086176dd3348e920a40bed03d) C:\Windows\system32\Drivers\usbaapl64.sys
19:30:33.0731 1096 USBAAPL64 - ok
19:30:33.0836 1096 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
19:30:33.0846 1096 usbccgp - ok
19:30:33.0943 1096 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
19:30:33.0954 1096 usbcir - ok
19:30:34.0027 1096 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\drivers\usbehci.sys
19:30:34.0038 1096 usbehci - ok
19:30:34.0196 1096 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
19:30:34.0221 1096 usbhub - ok
19:30:34.0285 1096 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
19:30:34.0296 1096 usbohci - ok
19:30:34.0394 1096 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
19:30:34.0404 1096 usbprint - ok
19:30:34.0527 1096 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
19:30:34.0538 1096 usbscan - ok
19:30:34.0649 1096 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:30:34.0659 1096 USBSTOR - ok
19:30:34.0720 1096 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
19:30:34.0730 1096 usbuhci - ok
19:30:34.0848 1096 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
19:30:34.0873 1096 usbvideo - ok
19:30:35.0035 1096 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
19:30:35.0045 1096 vdrvroot - ok
19:30:35.0149 1096 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
19:30:35.0156 1096 vga - ok
19:30:35.0220 1096 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
19:30:35.0228 1096 VgaSave - ok
19:30:35.0353 1096 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
19:30:35.0378 1096 vhdmp - ok
19:30:35.0459 1096 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
19:30:35.0466 1096 viaide - ok
19:30:35.0589 1096 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
19:30:35.0599 1096 volmgr - ok
19:30:35.0717 1096 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
19:30:35.0743 1096 volmgrx - ok
19:30:35.0803 1096 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
19:30:35.0829 1096 volsnap - ok
19:30:35.0913 1096 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
19:30:35.0938 1096 vsmraid - ok
19:30:36.0023 1096 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
19:30:36.0030 1096 vwifibus - ok
19:30:36.0093 1096 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
19:30:36.0103 1096 vwififlt - ok
19:30:36.0342 1096 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
19:30:36.0350 1096 WacomPen - ok
19:30:36.0465 1096 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
19:30:36.0474 1096 WANARP - ok
19:30:36.0534 1096 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
19:30:36.0543 1096 Wanarpv6 - ok
19:30:36.0799 1096 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
19:30:36.0807 1096 Wd - ok
19:30:36.0939 1096 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
19:30:36.0989 1096 Wdf01000 - ok
19:30:37.0414 1096 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
19:30:37.0429 1096 WfpLwf - ok
19:30:37.0542 1096 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
19:30:37.0549 1096 WIMMount - ok
19:30:37.0915 1096 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
19:30:37.0921 1096 WmiAcpi - ok
19:30:38.0169 1096 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
19:30:38.0176 1096 ws2ifsl - ok
19:30:38.0447 1096 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
19:30:38.0457 1096 WudfPf - ok
19:30:38.0545 1096 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:30:38.0557 1096 WUDFRd - ok
19:30:38.0745 1096 X5XSEx (2b7e07aa8770695ec4e153288843f894) C:\Program Files (x86)\Free Ride Games\X5XSEx.Sys
19:30:38.0753 1096 X5XSEx - ok
19:30:39.0008 1096 MBR (0x1B8) (6f9a1d528242bc09104b85e0becf5554) \Device\Harddisk0\DR0
19:30:39.0011 1096 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - infected
19:30:39.0011 1096 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.a (0)
19:30:39.0046 1096 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
19:30:39.0075 1096 \Device\Harddisk1\DR1 - ok
19:30:39.0117 1096 Boot (0x1200) (ce5930b5af712151cfbbdaa1e8996462) \Device\Harddisk0\DR0\Partition0
19:30:39.0121 1096 \Device\Harddisk0\DR0\Partition0 - ok
19:30:39.0179 1096 Boot (0x1200) (5fbeec304255b89f9f44bfbc42ea0a09) \Device\Harddisk0\DR0\Partition1
19:30:39.0183 1096 \Device\Harddisk0\DR0\Partition1 - ok
19:30:39.0243 1096 Boot (0x1200) (244752f0784caf884019be129cc7d5c8) \Device\Harddisk0\DR0\Partition2
19:30:39.0247 1096 \Device\Harddisk0\DR0\Partition2 - ok
19:30:39.0364 1096 Boot (0x1200) (65f25ef20f79a14178c0d80cb669ecf5) \Device\Harddisk1\DR1\Partition0
19:30:39.0367 1096 \Device\Harddisk1\DR1\Partition0 - ok
19:30:39.0380 1096 ============================================================
19:30:39.0380 1096 Scan finished
19:30:39.0381 1096 ============================================================
19:30:39.0595 1464 Detected object count: 1
19:30:39.0596 1464 Actual detected object count: 1
19:33:32.0205 1464 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - will be cured on reboot
19:33:32.0207 1464 \Device\Harddisk0\DR0 - ok
19:33:32.0214 1464 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - User select action: Cure
19:33:36.0447 1516 Deinitialize success

TDSSKiller.2.6.10.0_18.10.2011_19.33.41_log.txt:

19:33:41.0435 1724 TDSS rootkit removing tool 2.6.10.0 Oct 17 2011 15:43:23
19:33:41.0971 1724 ============================================================
19:33:41.0972 1724 Current date / time: 2011/10/18 19:33:41.0971
19:33:41.0972 1724 SystemInfo:
19:33:41.0972 1724
19:33:41.0973 1724 OS Version: 6.1.7600 ServicePack: 0.0
19:33:41.0973 1724 Product type: Workstation
19:33:41.0974 1724 ComputerName: JENN-PC
19:33:41.0975 1724 UserName: Jenn
19:33:41.0975 1724 Windows directory: C:\Windows
19:33:41.0975 1724 System windows directory: C:\Windows
19:33:41.0975 1724 Running under WOW64
19:33:41.0976 1724 Processor architecture: Intel x64
19:33:41.0976 1724 Number of processors: 4
19:33:41.0976 1724 Page size: 0x1000
19:33:41.0976 1724 Boot type: Safe boot with network
19:33:41.0976 1724 ============================================================
19:33:42.0478 1724 Initialize success
19:34:32.0799 1604 ============================================================
19:34:32.0800 1604 Scan started
19:34:32.0800 1604 Mode: Manual;
19:34:32.0800 1604 ============================================================

#15 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:18 AM

Posted 20 October 2011 - 01:27 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
cmd: bootrec /FixMbr
Control: 
end

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Also please restart and let it boot normally and tell me how it went.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users