Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MBR virus Troj/MBRoot-k / BOO/Sherwil has come back


  • This topic is locked This topic is locked
18 replies to this topic

#1 Kiendas

Kiendas

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:52 PM

Posted 21 November 2011 - 11:16 AM

======Hi. Long time reader, first time poster. I need help to remove a MBRoot virus while keeping my data, please. Thanks.=======

Last week Avira detected "a virus". But I told Avira to remove it, and at first I thought it had, but - nope.

So I decided I better keep the network cable disconnected as much as possible. Then I disabled Avira to install Sophos to see if it would work any better. Did a full scan. It detected Troj/MBRoot-k in a MBR. (I assume MBRoot is the same as Mebroot??) But Sophos was not able to remove it either.

Tried the Dr Web rootkit-removal program, it didn't find anything wrong. Tried running GMER. It didn't find any virus. Start wondering about false positives, but no, that doesn't make sense.. I think this is what MBR viruses do.

Decided to physically disconnect internal 1TB D Drive (documents, media, etc ) and reformat 500GB C Drive (operating system, applications) and reinstall windows (Vista 64bit). No big loss, just applications I barely use that I can reinstall later.

So, 36 hours later I have a fresh copy of Windows installed and several hundred windows updates complete. (Well, I was doing some other things at the time-- eating, sleeping, moving furniture around..) Then install Firefox. Reinstall Avira. Avira completes a full drive/system/memory/rootkit scan. All clean. Shut down computer.

I make mistake of reconnecting D Drive. Turn on computer. Avira Antivirus immediately detects a virus (BOO/Sherwil-- Avira's name for MBRoot-k? Is there some way to cross-reference these? I can find next to no information by searching this virus name...) in the MBR of D Drive. Hadn't thought of that. Or at least, didn't think it could spread from there, with no OS or booting from that drive. Back to the drawing board.
And Computers 101.

So I figure I better copy some of the more important, recent files from the D drive to a thumb drive as a backup. Then look some more on the internets and discover that Avira has a Boot Wizard MBR cleaner that burns itself to a disc which you can boot from and fix the boot record. Download that. Burn it to disc. Reboot.

Avira Boot Wizard runs from disc. Finds no virus, fixes nothing, though tells me "The boot record is unknown" for my drives. Hmm. That sounds not good.

Reboot into Windows. Avira Antivirus tells me it has now found the MBR virus on the D drive and the C drive. Right.


Any recommendations? I've already got a blank OS, so I don't mind losing it again. Probably will get Windows 7 just so I can skip a bunch of updates and services packs (I hope). Also an external hard drive for backups? I want to save my data from my D drive.


Options? What do you think? Should I:

A. If I install Ubuntu, or have access to a computer with Ubuntu, can I hook up the data drive to it, and the new external drive... copy all the data to the external... and reformat all the internal drives, reinstall Windows, and copy the data back to a blank D drive? Will that work? And be safe, because it's not running windows? -OR- is this the kinda virus that has encrypted my data or MBR or partitions in some way so that I can only load my data while the virus is running, in Windows? Because that would suck...

Or B. Just connect the external drive to the Windows computer, copy the D drive data over, disconnect it, reformat the internal drives, reinstall windows, and reconnect the external drive and copy the data back over. Is the virus unable to spread to a drive that's not connected at boot -OR- is the virus able to jump to the external drive and back to the D drive easily, so long as I'm running windows? (Speaking of which, is my thumb drive backup now infected, and spreadable, or...?)

Or C. ????? Is there some way to just fix the MBR of all the drives, to eliminate this/these virus? Any other ideas?

Thanks!!1one

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,856 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:04:52 PM

Posted 22 November 2011 - 01:08 AM

Hello,

Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.

If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 Kiendas

Kiendas
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:52 PM

Posted 23 November 2011 - 12:33 AM

To start with, I mistyped the virus name above -- it should be BOO/Shertwil-L.

Oops.

But I had searched for this virus name too, and Google really has no idea on either of them..

Other than that, as suggested, here is the DDS log:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 
Internet Explorer: 9.0.8112.16421
Run by J at 18:28:13 on 2011-11-22
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.2.1033.18.4029.2798 [GMT -6:00]
.
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
mRun: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
TCP: DhcpNameServer = 172.16.1.254
TCP: Interfaces\{A4B2FFFC-8757-41AF-B80B-085850C485EB} : DhcpNameServer = 172.16.1.254
mRun-x64: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\J\AppData\Roaming\Mozilla\Firefox\Profiles\ev0e7ymy.default\
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-11-20 86224]
R2 AntiVirService;Avira Realtime Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-11-20 110032]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2011-11-20 21504]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 hcw18bda;Hauppauge WinTV 418 Driver;C:\Windows\system32\drivers\hcw18bda.sys --> C:\Windows\system32\drivers\hcw18bda.sys [?]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2011-11-20 19968]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2011-11-20 89920]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2011-11-23 00:18:35	69000	----a-w-	C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1FA02D08-0640-45E0-B45A-B60D48A5A148}\offreg.dll
2011-11-23 00:02:46	8570192	----a-w-	C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1FA02D08-0640-45E0-B45A-B60D48A5A148}\mpengine.dll
2011-11-21 04:43:01	--------	d-----w-	C:\Users\J\AppData\Roaming\Avira
2011-11-21 04:40:29	97312	----a-w-	C:\Windows\System32\drivers\avgntflt.sys
2011-11-21 04:40:29	27760	----a-w-	C:\Windows\System32\drivers\avkmgr.sys
2011-11-21 04:40:28	--------	d-----w-	C:\ProgramData\Avira
2011-11-21 04:40:28	--------	d-----w-	C:\Program Files (x86)\Avira
2011-11-21 04:06:25	876032	----a-w-	C:\Windows\SysWow64\XpsPrint.dll
2011-11-21 04:06:25	1653760	----a-w-	C:\Windows\System32\XpsPrint.dll
2011-11-21 03:57:32	--------	d-----w-	C:\Windows\SysWow64\spool
2011-11-21 03:57:32	--------	d-----w-	C:\Program Files (x86)\Windows Portable Devices
2011-11-21 03:57:31	--------	d-----w-	C:\Program Files\Windows Portable Devices
2011-11-21 03:53:43	37888	----a-w-	C:\Windows\System32\BthMtpContextHandler.dll
2011-11-21 03:31:34	92672	----a-w-	C:\Windows\SysWow64\UIAnimation.dll
2011-11-21 03:31:34	103424	----a-w-	C:\Windows\System32\UIAnimation.dll
2011-11-21 03:31:33	3815424	----a-w-	C:\Windows\System32\UIRibbon.dll
2011-11-21 03:31:33	3023360	----a-w-	C:\Windows\SysWow64\UIRibbon.dll
2011-11-21 03:31:33	1164800	----a-w-	C:\Windows\SysWow64\UIRibbonRes.dll
2011-11-21 03:31:33	1164800	----a-w-	C:\Windows\System32\UIRibbonRes.dll
2011-11-21 03:23:59	451072	----a-w-	C:\Windows\System32\winsrv.dll
2011-11-21 03:23:28	893440	----a-w-	C:\Program Files\Common Files\System\wab32.dll
2011-11-21 03:23:28	707584	----a-w-	C:\Program Files (x86)\Common Files\System\wab32.dll
2011-11-21 03:23:28	50688	----a-w-	C:\Program Files\Windows Mail\wabimp.dll
2011-11-21 03:17:58	73216	----a-w-	C:\Windows\System32\MSDvbNP.ax
2011-11-21 03:17:58	69632	----a-w-	C:\Windows\SysWow64\Mpeg2Data.ax
2011-11-21 03:17:58	57856	----a-w-	C:\Windows\SysWow64\MSDvbNP.ax
2011-11-21 03:17:58	375808	----a-w-	C:\Windows\System32\psisdecd.dll
2011-11-21 03:17:58	293376	----a-w-	C:\Windows\SysWow64\psisdecd.dll
2011-11-21 03:17:58	289792	----a-w-	C:\Windows\System32\psisrndr.ax
2011-11-21 03:17:58	217088	----a-w-	C:\Windows\SysWow64\psisrndr.ax
2011-11-21 03:17:58	100352	----a-w-	C:\Windows\System32\Mpeg2Data.ax
2011-11-21 00:45:24	--------	d-----w-	C:\Windows\SysWow64\vi-VN
2011-11-21 00:45:24	--------	d-----w-	C:\Windows\SysWow64\eu-ES
2011-11-21 00:45:24	--------	d-----w-	C:\Windows\SysWow64\ca-ES
2011-11-21 00:45:24	--------	d-----w-	C:\Windows\System32\vi-VN
2011-11-21 00:45:24	--------	d-----w-	C:\Windows\System32\eu-ES
2011-11-21 00:45:24	--------	d-----w-	C:\Windows\System32\ca-ES
2011-11-21 00:23:10	--------	d-----w-	C:\Windows\System32\EventProviders
2011-11-20 22:46:33	32256	----a-w-	C:\Windows\System32\Apphlpdm.dll
2011-11-20 22:46:33	28672	----a-w-	C:\Windows\SysWow64\Apphlpdm.dll
2011-11-20 22:46:32	4240384	----a-w-	C:\Windows\SysWow64\GameUXLegacyGDFs.dll
2011-11-20 22:46:32	4240384	----a-w-	C:\Windows\System32\GameUXLegacyGDFs.dll
2011-11-20 19:04:10	18904	----a-w-	C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
2011-11-20 19:04:10	18904	----a-w-	C:\Windows\System32\StructuredQuerySchemaTrivial.bin
2011-11-20 18:50:51	358904	----a-w-	C:\Program Files\Internet Explorer\msdbg2.dll
2011-11-20 18:50:51	355832	----a-w-	C:\Program Files (x86)\Internet Explorer\pdm.dll
2011-11-20 18:50:51	265720	----a-w-	C:\Program Files (x86)\Internet Explorer\msdbg2.dll
2011-11-20 18:50:50	537088	----a-w-	C:\Program Files\Internet Explorer\pdm.dll
2011-11-20 18:08:06	12240896	----a-w-	C:\Windows\SysWow64\NlsLexicons0007.dll
2011-11-20 18:08:06	12240896	----a-w-	C:\Windows\System32\NlsLexicons0007.dll
2011-11-20 18:06:59	754688	----a-w-	C:\Windows\SysWow64\propsys.dll
2011-11-20 18:05:59	83456	----a-w-	C:\Windows\SysWow64\wlgpclnt.dll
2011-11-20 18:03:44	99176	----a-w-	C:\Windows\SysWow64\PresentationHostProxy.dll
2011-11-20 18:03:44	49472	----a-w-	C:\Windows\SysWow64\netfxperf.dll
2011-11-20 18:03:44	48960	----a-w-	C:\Windows\System32\netfxperf.dll
2011-11-20 18:03:44	444752	----a-w-	C:\Windows\System32\mscoree.dll
2011-11-20 18:03:44	320352	----a-w-	C:\Windows\System32\PresentationHost.exe
2011-11-20 18:03:44	297808	----a-w-	C:\Windows\SysWow64\mscoree.dll
2011-11-20 18:03:44	295264	----a-w-	C:\Windows\SysWow64\PresentationHost.exe
2011-11-20 18:03:44	1942856	----a-w-	C:\Windows\System32\dfshim.dll
2011-11-20 18:03:44	1130824	----a-w-	C:\Windows\SysWow64\dfshim.dll
2011-11-20 18:03:44	109912	----a-w-	C:\Windows\System32\PresentationHostProxy.dll
2011-11-20 17:52:00	731136	----a-w-	C:\Windows\System32\mstsc.exe
2011-11-20 17:52:00	2425344	----a-w-	C:\Windows\System32\mstscax.dll
2011-11-20 17:52:00	2067968	----a-w-	C:\Windows\SysWow64\mstscax.dll
2011-11-20 17:50:59	317952	----a-w-	C:\Windows\SysWow64\MP4SDECD.DLL
2011-11-20 17:44:23	1398784	----a-w-	C:\Windows\System32\mfc42.dll
2011-11-20 17:44:23	1360384	----a-w-	C:\Windows\System32\mfc42u.dll
2011-11-20 17:44:23	1136640	----a-w-	C:\Windows\SysWow64\mfc42.dll
2011-11-20 17:44:22	1162240	----a-w-	C:\Windows\SysWow64\mfc42u.dll
2011-11-20 17:43:57	621568	----a-w-	C:\Windows\System32\usp10.dll
2011-11-20 17:43:57	502272	----a-w-	C:\Windows\SysWow64\usp10.dll
2011-11-20 17:43:56	85504	----a-w-	C:\Windows\System32\csrsrv.dll
2011-11-20 17:41:40	867328	----a-w-	C:\Windows\SysWow64\wmpmde.dll
2011-11-20 17:41:40	1090048	----a-w-	C:\Windows\System32\wmpmde.dll
2011-11-20 17:41:39	28672	----a-w-	C:\Windows\System32\dnscacheugc.exe
2011-11-20 17:41:39	25088	----a-w-	C:\Windows\SysWow64\dnscacheugc.exe
2011-11-20 17:41:39	117760	----a-w-	C:\Windows\System32\dnsrslvr.dll
2011-11-20 17:24:36	--------	d-----w-	C:\PerfLogs
2011-11-20 16:34:36	3765288	----a-w-	C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Default\MpEngine.dll
2011-11-20 16:34:34	25656	----a-w-	C:\Windows\System32\BOOTVID.DLL
2011-11-20 16:34:20	705536	----a-w-	C:\Windows\SysWow64\imagesp1.dll
2011-11-20 16:34:20	705536	----a-w-	C:\Windows\System32\imagesp1.dll
2011-11-20 16:34:20	24576	----a-w-	C:\Windows\System32\iashost.exe
2011-11-20 16:34:13	141312	----a-w-	C:\Windows\System32\sstpsvc.dll
2011-11-20 16:34:12	2935808	----a-w-	C:\Windows\System32\xpssvcs.dll
2011-11-20 16:34:09	1584184	----a-w-	C:\Program Files\Windows Defender\MSASCui.exe
2011-11-20 16:34:08	532480	----a-w-	C:\Program Files\Common Files\System\Ole DB\msdasql.dll
2011-11-20 16:34:06	65536	----a-w-	C:\Windows\bfsvc.exe
2011-11-20 16:34:06	55296	----a-w-	C:\Windows\System32\lpremove.exe
2011-11-20 16:34:06	1099832	----a-w-	C:\Program Files\Windows Defender\MpRtMon.dll
2011-11-20 16:32:59	8531968	----a-w-	C:\Program Files\Common Files\Microsoft Shared\ink\mshwusa.dll
2011-11-20 16:31:59	5709824	----a-w-	C:\Program Files (x86)\Common Files\Microsoft Shared\ink\mshwfra.dll
2011-11-20 16:30:59	176128	----a-w-	C:\Windows\System32\sqmapi.dll
2011-11-20 16:30:59	145408	----a-w-	C:\Windows\System32\SmiInstaller.dll
2011-11-20 16:30:51	46592	----a-w-	C:\Windows\System32\mspatcha.dll
2011-11-20 16:30:51	459776	----a-w-	C:\Windows\System32\msdelta.dll
2011-11-20 16:30:51	403968	----a-w-	C:\Windows\System32\dpx.dll
2011-11-20 14:45:07	442368	----a-w-	C:\Windows\System32\winhttp.dll
2011-11-20 14:45:07	377344	----a-w-	C:\Windows\SysWow64\winhttp.dll
2011-11-20 14:44:07	28160	----a-w-	C:\Windows\System32\drivers\en-US\http.sys.mui
2011-11-20 09:22:38	0	----a-w-	C:\Windows\ativpsrm.bin
2011-11-20 07:31:23	1418752	----a-w-	C:\Program Files (x86)\Windows Media Player\setup_wm.exe
2011-11-20 07:31:22	372736	----a-w-	C:\Windows\System32\unregmp2.exe
2011-11-20 07:31:22	310784	----a-w-	C:\Windows\SysWow64\unregmp2.exe
2011-11-20 07:31:22	1486848	----a-w-	C:\Program Files\Windows Media Player\setup_wm.exe
2011-11-20 07:13:53	23552	----a-w-	C:\Windows\SysWow64\lpk.dll
2011-11-20 07:13:53	14336	----a-w-	C:\Windows\System32\dciman32.dll
2011-11-20 07:13:53	10240	----a-w-	C:\Windows\SysWow64\dciman32.dll
2011-11-20 07:13:52	32768	----a-w-	C:\Windows\System32\lpk.dll
2011-11-20 07:07:18	772608	----a-w-	C:\Windows\System32\localspl.dll
2011-11-20 07:07:18	623616	----a-w-	C:\Windows\SysWow64\localspl.dll
2011-11-20 07:05:35	677376	----a-w-	C:\Windows\SysWow64\rpcrt4.dll
2011-11-20 07:05:35	1305600	----a-w-	C:\Windows\System32\rpcrt4.dll
2011-11-20 07:03:40	656896	----a-w-	C:\Windows\System32\kerberos.dll
2011-11-20 07:03:40	499712	----a-w-	C:\Windows\SysWow64\kerberos.dll
2011-11-20 07:01:48	29696	----a-w-	C:\Windows\System32\drivers\tunnel.sys
2011-11-20 07:01:48	225280	----a-w-	C:\Windows\System32\iphlpsvc.dll
2011-11-20 07:01:47	40448	----a-w-	C:\Windows\System32\drivers\tcpipreg.sys
2011-11-20 07:01:47	18432	----a-w-	C:\Windows\System32\drivers\TUNMP.SYS
2011-11-20 07:00:02	441856	----a-w-	C:\Windows\System32\WSDApi.dll
2011-11-20 07:00:02	355328	----a-w-	C:\Windows\SysWow64\WSDApi.dll
2011-11-20 06:55:59	818688	----a-w-	C:\Windows\System32\WMSPDMOD.DLL
2011-11-20 06:55:59	604672	----a-w-	C:\Windows\SysWow64\WMSPDMOD.DLL
2011-11-20 06:53:05	7680	----a-w-	C:\Windows\SysWow64\kbd106n.dll
2011-11-20 06:53:05	7680	----a-w-	C:\Windows\System32\kbd106n.dll
2011-11-20 06:50:49	44544	----a-w-	C:\Windows\System32\printcom.dll
2011-11-20 06:50:49	37888	----a-w-	C:\Windows\SysWow64\printcom.dll
2011-11-20 06:34:04	280576	----a-w-	C:\Windows\System32\rastls.dll
2011-11-20 06:34:04	243712	----a-w-	C:\Windows\SysWow64\rastls.dll
2011-11-20 06:25:45	89088	----a-w-	C:\Windows\System32\CmdRtr64.DLL
2011-11-20 06:25:45	73728	----a-w-	C:\Windows\SysWow64\CmdRtr.DLL
2011-11-20 06:25:45	190976	----a-w-	C:\Windows\System32\APOMgr64.DLL
2011-11-20 06:25:45	148480	----a-w-	C:\Windows\SysWow64\APOMngr.DLL
2011-11-20 06:25:30	8570192	----a-w-	C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-11-20 06:25:26	270720	------w-	C:\Windows\System32\MpSigStub.exe
2011-11-20 06:08:53	84480	----a-w-	C:\Windows\SysWow64\INETRES.dll
2011-11-20 06:08:53	84480	----a-w-	C:\Windows\System32\INETRES.dll
2011-11-20 06:02:43	--------	d-sh--w-	C:\Windows\Installer
2011-11-20 05:41:59	--------	d-----w-	C:\Windows\Panther
2011-11-20 05:41:43	--------	d-sh--w-	C:\Boot
2011-11-20 05:31:59	1797120	----a-w-	C:\Windows\System32\msxml6.dll
2011-11-20 05:31:59	1401856	----a-w-	C:\Windows\SysWow64\msxml6.dll
2011-11-20 05:31:58	2048	----a-w-	C:\Windows\SysWow64\msxml3r.dll
2011-11-20 05:31:58	2048	----a-w-	C:\Windows\System32\msxml3r.dll
2011-11-20 05:31:57	2048	----a-w-	C:\Windows\SysWow64\msxml6r.dll
2011-11-20 05:31:56	2048	----a-w-	C:\Windows\System32\msxml6r.dll
2011-11-20 05:30:54	53248	----a-w-	C:\Windows\SysWow64\tsgqec.dll
2011-11-20 05:30:54	136192	----a-w-	C:\Windows\SysWow64\aaclient.dll
2011-11-20 05:30:53	45056	----a-w-	C:\Windows\System32\tsgqec.dll
2011-11-20 05:30:53	151552	----a-w-	C:\Windows\System32\aaclient.dll
2011-11-20 05:29:54	380928	----a-w-	C:\Windows\System32\polstore.dll
2011-11-20 05:29:54	100864	----a-w-	C:\Windows\System32\winipsec.dll
2011-11-20 05:25:10	880640	----a-w-	C:\Windows\System32\timedate.cpl
2011-11-20 05:25:10	714240	----a-w-	C:\Windows\SysWow64\timedate.cpl
2011-11-20 05:24:00	620032	----a-w-	C:\Windows\System32\drivers\http.sys
2011-11-20 05:24:00	33792	----a-w-	C:\Windows\System32\httpapi.dll
2011-11-20 05:24:00	32768	----a-w-	C:\Windows\System32\nshhttp.dll
2011-11-20 05:24:00	30720	----a-w-	C:\Windows\SysWow64\httpapi.dll
2011-11-20 05:24:00	24064	----a-w-	C:\Windows\SysWow64\nshhttp.dll
2011-11-20 05:15:33	49152	----a-w-	C:\Windows\System32\drivers\monitor.sys
2011-11-20 05:15:09	17920	----a-w-	C:\Windows\System32\hcrstco.dll
2011-11-20 05:15:09	10752	----a-w-	C:\Windows\System32\hccoin.dll
2011-11-20 05:11:07	60416	----a-w-	C:\Windows\System32\rrinstaller.exe
2011-11-20 05:11:07	2048	----a-w-	C:\Windows\System32\mferror.dll
2011-11-20 05:11:06	53248	----a-w-	C:\Windows\SysWow64\rrinstaller.exe
2011-11-20 05:11:06	24576	----a-w-	C:\Windows\SysWow64\mfpmp.exe
2011-11-20 05:11:06	2048	----a-w-	C:\Windows\SysWow64\mferror.dll
2011-11-20 05:10:32	205312	----a-w-	C:\Windows\System32\wdigest.dll
2011-11-20 05:10:32	175104	----a-w-	C:\Windows\SysWow64\wdigest.dll
2011-11-20 05:10:31	94720	----a-w-	C:\Windows\System32\secur32.dll
2011-11-20 05:10:31	77312	----a-w-	C:\Windows\SysWow64\secur32.dll
2011-11-20 05:10:31	515656	----a-w-	C:\Windows\System32\drivers\ksecdd.sys
2011-11-20 05:10:31	269312	----a-w-	C:\Windows\System32\msv1_0.dll
2011-11-20 05:10:31	218624	----a-w-	C:\Windows\SysWow64\msv1_0.dll
2011-11-20 05:10:31	1689600	----a-w-	C:\Windows\System32\lsasrv.dll
2011-11-20 05:10:31	11264	----a-w-	C:\Windows\System32\lsass.exe
2011-11-20 05:10:03	88576	----a-w-	C:\Windows\System32\atl.dll
2011-11-20 05:10:03	71680	----a-w-	C:\Windows\SysWow64\atl.dll
2011-11-20 05:06:34	82944	----a-w-	C:\Windows\System32\msasn1.dll
2011-11-20 05:06:34	60928	----a-w-	C:\Windows\SysWow64\msasn1.dll
2011-11-20 05:05:48	203264	----a-w-	C:\Windows\System32\wkssvc.dll
2011-11-20 05:05:24	98304	----a-w-	C:\Windows\SysWow64\cabview.dll
2011-11-20 05:05:24	104960	----a-w-	C:\Windows\System32\cabview.dll
2011-11-20 05:05:01	218624	----a-w-	C:\Windows\System32\wintrust.dll
2011-11-20 05:05:01	172032	----a-w-	C:\Windows\SysWow64\wintrust.dll
2011-11-20 05:02:55	72192	----a-w-	C:\Windows\System32\l3codeca.acm
2011-11-20 05:02:55	62464	----a-w-	C:\Windows\SysWow64\l3codeca.acm
2011-11-20 05:02:55	220672	----a-w-	C:\Windows\SysWow64\l3codecp.acm
2011-11-20 05:02:55	181760	----a-w-	C:\Windows\System32\l3codecp.acm
2011-11-20 04:57:17	68096	----a-w-	C:\Windows\SysWow64\wlanhlp.dll
2011-11-20 04:57:17	65024	----a-w-	C:\Windows\SysWow64\wlanapi.dll
2011-11-20 04:57:17	302592	----a-w-	C:\Windows\SysWow64\wlansec.dll
2011-11-20 04:57:17	293376	----a-w-	C:\Windows\SysWow64\wlanmsm.dll
2011-11-20 04:57:17	157184	----a-w-	C:\Windows\System32\L2SecHC.dll
2011-11-20 04:57:17	127488	----a-w-	C:\Windows\SysWow64\L2SecHC.dll
2011-11-20 04:57:16	97792	----a-w-	C:\Windows\System32\wlanhlp.dll
2011-11-20 04:57:16	86528	----a-w-	C:\Windows\System32\wlanapi.dll
2011-11-20 04:57:16	615936	----a-w-	C:\Windows\System32\wlansvc.dll
2011-11-20 04:57:16	376832	----a-w-	C:\Windows\System32\wlansec.dll
2011-11-20 04:57:16	353280	----a-w-	C:\Windows\System32\wlanmsm.dll
2011-11-20 04:57:14	15181	----a-w-	C:\Windows\System32\gatherWirelessInfo.vbs
2011-11-20 04:55:51	336896	----a-w-	C:\Program Files\Movie Maker\WMM2AE.dll
2011-11-20 04:55:51	26624	----a-w-	C:\Program Files\Movie Maker\WMM2EXT.dll
.
==================== Find3M  ====================
.
2011-11-20 17:16:58	82432	----a-w-	C:\Windows\SysWow64\axaltocm.dll
2011-11-20 17:16:58	134144	----a-w-	C:\Windows\System32\ifxcardm.dll
2011-11-20 17:16:58	101888	----a-w-	C:\Windows\SysWow64\ifxcardm.dll
2011-11-20 17:16:57	133632	----a-w-	C:\Windows\System32\axaltocm.dll
2011-11-20 07:15:51	2560	----a-w-	C:\Windows\apppatch\AcRes.dll
2011-11-20 05:21:22	460288	----a-w-	C:\Windows\System32\msdrm.dll
2011-11-20 05:08:57	9728	----a-w-	C:\Windows\SysWow64\TCPSVCS.EXE
2011-11-20 05:01:06	43520	----a-w-	C:\Windows\SysWow64\msdxm.tlb
2011-11-20 05:01:06	43520	----a-w-	C:\Windows\System32\msdxm.tlb
2011-11-20 05:01:06	368128	----a-w-	C:\Windows\System32\wmpdxm.dll
2011-11-20 05:01:06	313344	----a-w-	C:\Windows\SysWow64\wmpdxm.dll
2011-11-20 05:01:06	18432	----a-w-	C:\Windows\SysWow64\amcompat.tlb
2011-11-20 05:01:06	18432	----a-w-	C:\Windows\System32\amcompat.tlb
2011-11-20 05:01:05	7680	----a-w-	C:\Windows\SysWow64\spwmp.dll
2011-11-20 05:01:04	4096	----a-w-	C:\Windows\SysWow64\msdxm.ocx
2011-11-20 05:01:04	4096	----a-w-	C:\Windows\SysWow64\dxmasf.dll
2011-11-20 05:01:03	9216	----a-w-	C:\Windows\System32\spwmp.dll
2011-11-20 05:01:02	5120	----a-w-	C:\Windows\System32\msdxm.ocx
2011-11-20 05:01:02	5120	----a-w-	C:\Windows\System32\dxmasf.dll
2011-11-20 04:04:51	2621440	----a-w-	C:\Windows\System32\wucltux.dll
2011-11-20 04:04:33	98816	----a-w-	C:\Windows\System32\wudriver.dll
2011-11-20 04:04:33	87552	----a-w-	C:\Windows\SysWow64\wudriver.dll
2011-11-20 04:04:18	36864	----a-w-	C:\Windows\System32\wuapp.exe
2011-11-20 04:04:18	33792	----a-w-	C:\Windows\SysWow64\wuapp.exe
2011-11-20 04:04:18	185416	----a-w-	C:\Windows\System32\wuwebv.dll
2011-11-20 04:04:18	171608	----a-w-	C:\Windows\SysWow64\wuwebv.dll
2011-09-20 21:06:18	1426304	----a-w-	C:\Windows\System32\drivers\tcpip.sys
2011-09-06 13:56:50	2764288	----a-w-	C:\Windows\System32\win32k.sys
2011-08-25 16:20:38	735744	----a-w-	C:\Windows\System32\UIAutomationCore.dll
2011-08-25 16:19:32	847360	----a-w-	C:\Windows\System32\oleaut32.dll
2011-08-25 16:19:32	332288	----a-w-	C:\Windows\System32\oleacc.dll
2011-08-25 16:15:04	555520	----a-w-	C:\Windows\SysWow64\UIAutomationCore.dll
2011-08-25 16:14:01	563712	----a-w-	C:\Windows\SysWow64\oleaut32.dll
2011-08-25 16:14:01	238080	----a-w-	C:\Windows\SysWow64\oleacc.dll
2011-08-25 13:54:14	4096	----a-w-	C:\Windows\System32\oleaccrc.dll
2011-08-25 13:31:01	4096	----a-w-	C:\Windows\SysWow64\oleaccrc.dll
.
============= FINISH: 18:28:31.06 ===============



However, when I ran GMER, as per the instructions above, there were two issues:
1) The checkboxes for System, Sections, Devices, Modules, Processes, Threads, and Libraries were all grayed out (as well as IAT/EAT and Show All). I think at least the first batch of these were supposed to be checked, but I could not do so.
2) I ran the scan anyway, and on both drives. After 20 minutes or so it seems to have scanned all my files, but it reported that it had found nothing wrong. And the saved log file ends up being a 0kb file. .. I'm totally okay with there being nothing wrong... but Avira still tells me it detects this virus, initially and in particular on the data drive...


For fun, partial log from Avira:

Start of the scan: November-22-11 18:20

Starting master boot sector scan:
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!

Start scanning boot sectors:
Master boot sector HD0
[DETECTION] Contains code of the BOO/Shertwil.L boot sector virus
[NOTE] The boot sector has not been repaired!
Boot sector 'E:\'
[DETECTION] Contains code of the BOO/Shertwil.L boot sector virus
[NOTE] The boot sector has not been repaired!

Sooooo....

Why is it listing the drives as HD0, HD1, HD2, and E:\ when I.. don't have that many disks/drives?
Do I need to tell the dds/gmer scanners to check the boot sectors of non-system drives?
Is my system possibly not in all that much danger, at least for the moment, if my computer isn't actually booting from the E drive?
Can I safely fix the mbr of my data drive?


Or, ignoring all those questions-- What... should I do?


Thanks!

#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,788 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:52 PM

Posted 26 November 2011 - 10:11 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) ( 511KB ) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Please post the logs for my review.

#5 Kiendas

Kiendas
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:52 PM

Posted 28 November 2011 - 10:25 PM

Tried running the Avast program a couple of times. Gave me a friendly blue screen of death (Screenshot: http://qr.ai/i/2rpntgxgbgp4e2up.jpg) and rebooted my computer for me. No log generated (other than the blue screen log).

Ran the TDSSKiller. It found a virus. Clicking continue "cured" the virus. It seems to have worked.

\Device\Harddisk1\DR1 ( Rootkit.Boot.Wistler.a ) - User select action: Cure Restore

After rebooting, Avira didn't warn me about any virus while starting up, as it usually did.

So am I cured? (Thank you!)

I guess I will do a full Avira system scan now... but my question is: will it be good enough? Some previous system scans missed the virus.. (though the startup scan seemed to catch it most times).

So, is there any way to be sure the virus (and any stowaway friends) is gone?

Other than nuking the site from orbit?

..all paranoid now/still


Thanks!


20:54:14.0655 2116	TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
20:54:15.0202 2116	============================================================
20:54:15.0202 2116	Current date / time: 2011/11/28 20:54:15.0202
20:54:15.0202 2116	SystemInfo:
20:54:15.0202 2116	
20:54:15.0202 2116	OS Version: 6.0.6002 ServicePack: 2.0
20:54:15.0202 2116	Product type: Workstation
20:54:15.0202 2116	ComputerName: 
20:54:15.0202 2116	UserName: 
20:54:15.0202 2116	Windows directory: C:\Windows
20:54:15.0202 2116	System windows directory: C:\Windows
20:54:15.0202 2116	Running under WOW64
20:54:15.0202 2116	Processor architecture: Intel x64
20:54:15.0202 2116	Number of processors: 2
20:54:15.0202 2116	Page size: 0x1000
20:54:15.0202 2116	Boot type: Normal boot
20:54:15.0202 2116	============================================================
20:54:15.0968 2116	Initialize success
20:54:24.0843 3700	============================================================
20:54:24.0843 3700	Scan started
20:54:24.0843 3700	Mode: Manual; 
20:54:24.0843 3700	============================================================
20:54:25.0296 3700	ACPI            (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
20:54:25.0296 3700	ACPI - ok
20:54:25.0343 3700	adp94xx         (9137451d37ba1c325cd6c2def3d2d692) C:\Windows\system32\drivers\adp94xx.sys
20:54:25.0358 3700	adp94xx - ok
20:54:25.0374 3700	adpahci         (01f80898df5cc7df19b3b11351846263) C:\Windows\system32\drivers\adpahci.sys
20:54:25.0374 3700	adpahci - ok
20:54:25.0389 3700	adpu160m        (da001db13fff45dfe9109936e265b7cc) C:\Windows\system32\drivers\adpu160m.sys
20:54:25.0389 3700	adpu160m - ok
20:54:25.0405 3700	adpu320         (2b10c35c5b7c5c0c28f572e035319602) C:\Windows\system32\drivers\adpu320.sys
20:54:25.0405 3700	adpu320 - ok
20:54:25.0468 3700	AFD             (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
20:54:25.0468 3700	AFD - ok
20:54:25.0514 3700	agp440          (5ccdd13bc602ae33cd8b62d33c29ab72) C:\Windows\system32\drivers\agp440.sys
20:54:25.0514 3700	agp440 - ok
20:54:25.0530 3700	aic78xx         (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
20:54:25.0530 3700	aic78xx - ok
20:54:25.0546 3700	aliide          (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
20:54:25.0546 3700	aliide - ok
20:54:25.0577 3700	amdide          (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
20:54:25.0577 3700	amdide - ok
20:54:25.0593 3700	AmdK8           (de55dc52f7ceb89a967572d6b491ada2) C:\Windows\system32\drivers\amdk8.sys
20:54:25.0593 3700	AmdK8 - ok
20:54:25.0811 3700	amdkmdag        (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys
20:54:25.0858 3700	amdkmdag - ok
20:54:25.0889 3700	amdkmdap        (6b4e9261b613b047a9a145f328889968) C:\Windows\system32\DRIVERS\atikmpag.sys
20:54:25.0889 3700	amdkmdap - ok
20:54:25.0936 3700	arc             (2e8623f2fed998a97129a3db919551c8) C:\Windows\system32\drivers\arc.sys
20:54:25.0936 3700	arc - ok
20:54:25.0983 3700	arcsas          (741a003c041a3ec480a2e71af71e9654) C:\Windows\system32\drivers\arcsas.sys
20:54:25.0983 3700	arcsas - ok
20:54:26.0046 3700	AsyncMac        (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
20:54:26.0046 3700	AsyncMac - ok
20:54:26.0061 3700	atapi           (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
20:54:26.0061 3700	atapi - ok
20:54:26.0124 3700	avgntflt        (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
20:54:26.0124 3700	avgntflt - ok
20:54:26.0139 3700	avipbb          (d959309ececca73fc79f8ef8521346b2) C:\Windows\system32\DRIVERS\avipbb.sys
20:54:26.0139 3700	avipbb - ok
20:54:26.0155 3700	avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
20:54:26.0155 3700	avkmgr - ok
20:54:26.0249 3700	BFRD4G          (b6f7cd60edd460d88d27d9e7fb32b877) C:\Windows\system32\DRIVERS\BFRD4G.sys
20:54:26.0249 3700	BFRD4G - ok
20:54:26.0280 3700	bftpdskc64      (c94a3674dfb7ad99797216a58f1f0525) C:\Windows\system32\drivers\bftpdskc64.sys
20:54:26.0280 3700	bftpdskc64 - ok
20:54:26.0296 3700	bftpusbx64      (2ee89b72a054d30363bc79a8b9401750) C:\Windows\system32\drivers\bftpusbx64.sys
20:54:26.0296 3700	bftpusbx64 - ok
20:54:26.0311 3700	blbdrive - ok
20:54:26.0327 3700	bowser          (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
20:54:26.0327 3700	bowser - ok
20:54:26.0374 3700	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
20:54:26.0374 3700	BrFiltLo - ok
20:54:26.0389 3700	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
20:54:26.0389 3700	BrFiltUp - ok
20:54:26.0405 3700	Brserid         (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
20:54:26.0405 3700	Brserid - ok
20:54:26.0421 3700	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
20:54:26.0421 3700	BrSerWdm - ok
20:54:26.0421 3700	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
20:54:26.0421 3700	BrUsbMdm - ok
20:54:26.0436 3700	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
20:54:26.0436 3700	BrUsbSer - ok
20:54:26.0468 3700	BTHMODEM        (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
20:54:26.0468 3700	BTHMODEM - ok
20:54:26.0499 3700	cdfs            (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
20:54:26.0499 3700	cdfs - ok
20:54:26.0561 3700	cdrom           (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
20:54:26.0561 3700	cdrom - ok
20:54:26.0608 3700	circlass        (f28f00596824058bc61d5edf434c9b82) C:\Windows\system32\drivers\circlass.sys
20:54:26.0608 3700	circlass - ok
20:54:26.0655 3700	CLFS            (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
20:54:26.0655 3700	CLFS - ok
20:54:26.0733 3700	cmdide          (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
20:54:26.0733 3700	cmdide - ok
20:54:26.0733 3700	Compbatt        (0e77a445640bf310817f60941c50560c) C:\Windows\system32\drivers\compbatt.sys
20:54:26.0733 3700	Compbatt - ok
20:54:26.0749 3700	crcdisk         (b1192dcd5b9cf46beed0e2a9e5bcf59a) C:\Windows\system32\drivers\crcdisk.sys
20:54:26.0749 3700	crcdisk - ok
20:54:26.0811 3700	DfsC            (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
20:54:26.0811 3700	DfsC - ok
20:54:26.0858 3700	disk            (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
20:54:26.0858 3700	disk - ok
20:54:26.0921 3700	drmkaud         (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
20:54:26.0921 3700	drmkaud - ok
20:54:26.0968 3700	DXGKrnl         (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
20:54:26.0983 3700	DXGKrnl - ok
20:54:27.0014 3700	e1express       (17d40652ef3e55eeae187a89df40965a) C:\Windows\system32\DRIVERS\e1e6032e.sys
20:54:27.0030 3700	e1express - ok
20:54:27.0061 3700	E1G60           (d57fe09b575545738a73a0c193d0616a) C:\Windows\system32\DRIVERS\E1G6032E.sys
20:54:27.0061 3700	E1G60 - ok
20:54:27.0139 3700	Ecache          (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
20:54:27.0139 3700	Ecache - ok
20:54:27.0186 3700	elxstor         (3d6298aff3fe06c0616ce5d090a3eeaa) C:\Windows\system32\drivers\elxstor.sys
20:54:27.0186 3700	elxstor - ok
20:54:27.0233 3700	exfat           (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
20:54:27.0233 3700	exfat - ok
20:54:27.0249 3700	fastfat         (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
20:54:27.0249 3700	fastfat - ok
20:54:27.0327 3700	fdc             (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
20:54:27.0327 3700	fdc - ok
20:54:27.0389 3700	FileInfo        (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
20:54:27.0389 3700	FileInfo - ok
20:54:27.0436 3700	Filetrace       (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
20:54:27.0436 3700	Filetrace - ok
20:54:27.0468 3700	flpydisk        (12c3d1b4d0ce49e1ce343ba2f22f15e0) C:\Windows\system32\DRIVERS\flpydisk.sys
20:54:27.0468 3700	flpydisk - ok
20:54:27.0530 3700	FltMgr          (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
20:54:27.0530 3700	FltMgr - ok
20:54:27.0577 3700	Fs_Rec          (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
20:54:27.0577 3700	Fs_Rec - ok
20:54:27.0593 3700	gagp30kx        (b54520cc7b4b55134d7527b1cd3fc1f2) C:\Windows\system32\drivers\gagp30kx.sys
20:54:27.0593 3700	gagp30kx - ok
20:54:27.0639 3700	hcw18bda        (102205d9b78ddb2a60b9fe412f5378b3) C:\Windows\system32\drivers\hcw18bda.sys
20:54:27.0655 3700	hcw18bda - ok
20:54:27.0702 3700	HdAudAddService (68e732382b32417ff61fd663259b4b09) C:\Windows\system32\drivers\HdAudio.sys
20:54:27.0702 3700	HdAudAddService - ok
20:54:27.0749 3700	HDAudBus        (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:54:27.0749 3700	HDAudBus - ok
20:54:27.0764 3700	HidBth          (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
20:54:27.0780 3700	HidBth - ok
20:54:27.0780 3700	HidIr           (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
20:54:27.0780 3700	HidIr - ok
20:54:27.0827 3700	HidUsb          (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
20:54:27.0827 3700	HidUsb - ok
20:54:27.0874 3700	HpCISSs         (8edc820115df1e04763b2923676ea5b2) C:\Windows\system32\drivers\hpcisss.sys
20:54:27.0874 3700	HpCISSs - ok
20:54:27.0921 3700	HTTP            (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
20:54:27.0921 3700	HTTP - ok
20:54:27.0936 3700	i2omp           (f2901763845570ecac48e6a50ec50812) C:\Windows\system32\drivers\i2omp.sys
20:54:27.0936 3700	i2omp - ok
20:54:27.0983 3700	i8042prt        (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\drivers\i8042prt.sys
20:54:27.0983 3700	i8042prt - ok
20:54:28.0014 3700	iaStorV         (72c3ee7ea3cd75a772e62ae0e5df8b8c) C:\Windows\system32\drivers\iastorv.sys
20:54:28.0014 3700	iaStorV - ok
20:54:28.0030 3700	iirsp           (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
20:54:28.0030 3700	iirsp - ok
20:54:28.0077 3700	intelide        (36a266c673812878996f72b200203fbb) C:\Windows\system32\drivers\intelide.sys
20:54:28.0077 3700	intelide - ok
20:54:28.0093 3700	intelppm        (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
20:54:28.0108 3700	intelppm - ok
20:54:28.0139 3700	IpFilterDriver  (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:54:28.0139 3700	IpFilterDriver - ok
20:54:28.0186 3700	IpInIp - ok
20:54:28.0202 3700	IPMIDRV         (eacdbbe429c6d170bdeee0effcbc317b) C:\Windows\system32\drivers\ipmidrv.sys
20:54:28.0202 3700	IPMIDRV - ok
20:54:28.0249 3700	IPNAT           (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
20:54:28.0249 3700	IPNAT - ok
20:54:28.0296 3700	IRENUM          (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
20:54:28.0296 3700	IRENUM - ok
20:54:28.0311 3700	isapnp          (d3bb520b31f28c1a065cd058e762ee73) C:\Windows\system32\drivers\isapnp.sys
20:54:28.0327 3700	isapnp - ok
20:54:28.0374 3700	iScsiPrt        (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
20:54:28.0374 3700	iScsiPrt - ok
20:54:28.0405 3700	iteatapi        (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
20:54:28.0405 3700	iteatapi - ok
20:54:28.0436 3700	iteraid         (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
20:54:28.0436 3700	iteraid - ok
20:54:28.0514 3700	kbdclass        (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
20:54:28.0514 3700	kbdclass - ok
20:54:28.0546 3700	kbdhid          (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
20:54:28.0546 3700	kbdhid - ok
20:54:28.0577 3700	KSecDD          (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
20:54:28.0593 3700	KSecDD - ok
20:54:28.0624 3700	ksthunk         (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
20:54:28.0624 3700	ksthunk - ok
20:54:28.0671 3700	lltdio          (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
20:54:28.0671 3700	lltdio - ok
20:54:28.0702 3700	LSI_FC          (1572f8d999c0ab4376afdce058a78df9) C:\Windows\system32\drivers\lsi_fc.sys
20:54:28.0702 3700	LSI_FC - ok
20:54:28.0718 3700	LSI_SAS         (64470979c3e3c9ff60edfb5230c56e0e) C:\Windows\system32\drivers\lsi_sas.sys
20:54:28.0718 3700	LSI_SAS - ok
20:54:28.0749 3700	LSI_SCSI        (4ced7d3b54bfc5bbae75c4a73c7f7428) C:\Windows\system32\drivers\lsi_scsi.sys
20:54:28.0749 3700	LSI_SCSI - ok
20:54:28.0780 3700	luafv           (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
20:54:28.0796 3700	luafv - ok
20:54:28.0811 3700	megasas         (2f631c2939d5f2e8958935ee701d70d7) C:\Windows\system32\drivers\megasas.sys
20:54:28.0811 3700	megasas - ok
20:54:28.0843 3700	Modem           (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
20:54:28.0843 3700	Modem - ok
20:54:28.0889 3700	monitor         (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
20:54:28.0889 3700	monitor - ok
20:54:28.0921 3700	mouclass        (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
20:54:28.0936 3700	mouclass - ok
20:54:28.0952 3700	mouhid          (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
20:54:28.0952 3700	mouhid - ok
20:54:28.0983 3700	MountMgr        (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
20:54:28.0983 3700	MountMgr - ok
20:54:29.0030 3700	mpio            (ed48eac719ee28db773359eb1b06e2b5) C:\Windows\system32\drivers\mpio.sys
20:54:29.0030 3700	mpio - ok
20:54:29.0061 3700	mpsdrv          (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
20:54:29.0061 3700	mpsdrv - ok
20:54:29.0077 3700	Mraid35x        (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
20:54:29.0077 3700	Mraid35x - ok
20:54:29.0124 3700	MRxDAV          (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
20:54:29.0124 3700	MRxDAV - ok
20:54:29.0155 3700	mrxsmb          (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:54:29.0155 3700	mrxsmb - ok
20:54:29.0171 3700	mrxsmb10        (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:54:29.0171 3700	mrxsmb10 - ok
20:54:29.0186 3700	mrxsmb20        (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:54:29.0186 3700	mrxsmb20 - ok
20:54:29.0233 3700	msahci          (aa459f2ab3ab603c357ff117cae3d818) C:\Windows\system32\drivers\msahci.sys
20:54:29.0233 3700	msahci - ok
20:54:29.0249 3700	msdsm           (96d7c0a1b98434c6e4ff0c2e26a0e20a) C:\Windows\system32\drivers\msdsm.sys
20:54:29.0249 3700	msdsm - ok
20:54:29.0296 3700	Msfs            (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
20:54:29.0296 3700	Msfs - ok
20:54:29.0327 3700	msisadrv        (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
20:54:29.0327 3700	msisadrv - ok
20:54:29.0358 3700	MSKSSRV         (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
20:54:29.0358 3700	MSKSSRV - ok
20:54:29.0389 3700	MSPCLOCK        (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
20:54:29.0389 3700	MSPCLOCK - ok
20:54:29.0405 3700	MSPQM           (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
20:54:29.0405 3700	MSPQM - ok
20:54:29.0436 3700	MsRPC           (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
20:54:29.0436 3700	MsRPC - ok
20:54:29.0530 3700	mssmbios        (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
20:54:29.0530 3700	mssmbios - ok
20:54:29.0593 3700	MSTEE           (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
20:54:29.0593 3700	MSTEE - ok
20:54:29.0624 3700	Mup             (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
20:54:29.0624 3700	Mup - ok
20:54:29.0686 3700	NativeWifiP     (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
20:54:29.0686 3700	NativeWifiP - ok
20:54:29.0749 3700	NDIS            (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
20:54:29.0764 3700	NDIS - ok
20:54:29.0999 3700	NdisTapi        (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
20:54:29.0999 3700	NdisTapi - ok
20:54:30.0030 3700	Ndisuio         (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
20:54:30.0030 3700	Ndisuio - ok
20:54:30.0077 3700	NdisWan         (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
20:54:30.0077 3700	NdisWan - ok
20:54:30.0124 3700	NDProxy         (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
20:54:30.0124 3700	NDProxy - ok
20:54:30.0155 3700	NetBIOS         (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
20:54:30.0155 3700	NetBIOS - ok
20:54:30.0202 3700	netbt           (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
20:54:30.0202 3700	netbt - ok
20:54:30.0233 3700	nfrd960         (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
20:54:30.0233 3700	nfrd960 - ok
20:54:30.0264 3700	Npfs            (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
20:54:30.0264 3700	Npfs - ok
20:54:30.0296 3700	nsiproxy        (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
20:54:30.0296 3700	nsiproxy - ok
20:54:30.0358 3700	Ntfs            (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
20:54:30.0374 3700	Ntfs - ok
20:54:30.0389 3700	Null            (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
20:54:30.0389 3700	Null - ok
20:54:30.0421 3700	nusb3hub        (0ebc9d13cd96c15b1b18d8678a609e4b) C:\Windows\system32\DRIVERS\nusb3hub.sys
20:54:30.0421 3700	nusb3hub - ok
20:54:30.0452 3700	nusb3xhc        (7bdec000d56d485021d9c1e63c2f81ca) C:\Windows\system32\DRIVERS\nusb3xhc.sys
20:54:30.0452 3700	nusb3xhc - ok
20:54:30.0468 3700	nvraid          (840eeb44dc49317a6161961f7682cd99) C:\Windows\system32\drivers\nvraid.sys
20:54:30.0468 3700	nvraid - ok
20:54:30.0483 3700	nvstor          (94c5334040a5d500897f4c5fd12aeede) C:\Windows\system32\drivers\nvstor.sys
20:54:30.0483 3700	nvstor - ok
20:54:30.0499 3700	nv_agp          (aa1b6c86a4763502e20b65c025f39bad) C:\Windows\system32\drivers\nv_agp.sys
20:54:30.0499 3700	nv_agp - ok
20:54:30.0514 3700	NwlnkFlt - ok
20:54:30.0546 3700	NwlnkFwd - ok
20:54:30.0593 3700	ohci1394        (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
20:54:30.0593 3700	ohci1394 - ok
20:54:30.0639 3700	P17             (634347adebc790b8f07654a3ea8034fd) C:\Windows\system32\drivers\P17.sys
20:54:30.0655 3700	P17 - ok
20:54:30.0686 3700	Parport         (4c6a7fd04ddf4db88791048382e3edb1) C:\Windows\system32\DRIVERS\parport.sys
20:54:30.0686 3700	Parport - ok
20:54:30.0702 3700	partmgr         (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
20:54:30.0702 3700	partmgr - ok
20:54:30.0718 3700	pci             (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
20:54:30.0718 3700	pci - ok
20:54:30.0749 3700	pciide          (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
20:54:30.0749 3700	pciide - ok
20:54:30.0796 3700	pcmcia          (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
20:54:30.0796 3700	pcmcia - ok
20:54:30.0827 3700	PEAUTH          (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
20:54:30.0827 3700	PEAUTH - ok
20:54:30.0905 3700	PptpMiniport    (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
20:54:30.0905 3700	PptpMiniport - ok
20:54:30.0952 3700	Processor       (6bc78e5f12cbb74e7930aaaa4a0db387) C:\Windows\system32\drivers\processr.sys
20:54:30.0952 3700	Processor - ok
20:54:31.0030 3700	PSched          (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
20:54:31.0046 3700	PSched - ok
20:54:31.0077 3700	ql2300          (4a29d25704917161bad9b4659a248dfd) C:\Windows\system32\drivers\ql2300.sys
20:54:31.0077 3700	ql2300 - ok
20:54:31.0124 3700	ql40xx          (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
20:54:31.0124 3700	ql40xx - ok
20:54:31.0171 3700	QWAVEdrv        (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
20:54:31.0171 3700	QWAVEdrv - ok
20:54:31.0218 3700	RasAcd          (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
20:54:31.0218 3700	RasAcd - ok
20:54:31.0249 3700	Rasl2tp         (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:54:31.0249 3700	Rasl2tp - ok
20:54:31.0280 3700	RasPppoe        (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
20:54:31.0280 3700	RasPppoe - ok
20:54:31.0311 3700	RasSstp         (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
20:54:31.0311 3700	RasSstp - ok
20:54:31.0358 3700	rdbss           (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
20:54:31.0358 3700	rdbss - ok
20:54:31.0389 3700	RDPCDD          (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:54:31.0389 3700	RDPCDD - ok
20:54:31.0436 3700	rdpdr           (2d98dda8edce73df99854bf3692ccc87) C:\Windows\system32\drivers\rdpdr.sys
20:54:31.0436 3700	rdpdr - ok
20:54:31.0468 3700	RDPENCDD        (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
20:54:31.0468 3700	RDPENCDD - ok
20:54:31.0514 3700	RDPWD           (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
20:54:31.0514 3700	RDPWD - ok
20:54:31.0624 3700	rspndr          (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
20:54:31.0624 3700	rspndr - ok
20:54:31.0655 3700	sbp2port        (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
20:54:31.0655 3700	sbp2port - ok
20:54:31.0686 3700	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:54:31.0686 3700	secdrv - ok
20:54:31.0733 3700	Serenum         (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys
20:54:31.0733 3700	Serenum - ok
20:54:31.0749 3700	Serial          (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys
20:54:31.0749 3700	Serial - ok
20:54:31.0780 3700	sermouse        (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
20:54:31.0780 3700	sermouse - ok
20:54:31.0811 3700	sffdisk         (541b32f8d6b2dcb92ec43bab267e79ea) C:\Windows\system32\drivers\sffdisk.sys
20:54:31.0811 3700	sffdisk - ok
20:54:31.0811 3700	sffp_mmc        (446e7cca3325c7e0ae0fde7f73cdd9c2) C:\Windows\system32\drivers\sffp_mmc.sys
20:54:31.0811 3700	sffp_mmc - ok
20:54:31.0843 3700	sffp_sd         (67edc221348911e895af51c57d9a3725) C:\Windows\system32\drivers\sffp_sd.sys
20:54:31.0843 3700	sffp_sd - ok
20:54:31.0843 3700	sfloppy         (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
20:54:31.0843 3700	sfloppy - ok
20:54:31.0874 3700	SiSRaid2        (08dda16573fa44f8b13afe74597ad2e5) C:\Windows\system32\drivers\sisraid2.sys
20:54:31.0874 3700	SiSRaid2 - ok
20:54:31.0889 3700	SiSRaid4        (c52259e9daaf3890d572d87ffee0979e) C:\Windows\system32\drivers\sisraid4.sys
20:54:31.0889 3700	SiSRaid4 - ok
20:54:31.0936 3700	Smb             (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
20:54:31.0936 3700	Smb - ok
20:54:31.0983 3700	spldr           (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
20:54:31.0983 3700	spldr - ok
20:54:31.0999 3700	srv             (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
20:54:32.0014 3700	srv - ok
20:54:32.0030 3700	srv2            (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
20:54:32.0030 3700	srv2 - ok
20:54:32.0046 3700	srvnet          (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
20:54:32.0046 3700	srvnet - ok
20:54:32.0093 3700	swenum          (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
20:54:32.0093 3700	swenum - ok
20:54:32.0139 3700	Symc8xx         (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
20:54:32.0139 3700	Symc8xx - ok
20:54:32.0155 3700	Sym_hi          (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
20:54:32.0155 3700	Sym_hi - ok
20:54:32.0186 3700	Sym_u3          (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
20:54:32.0186 3700	Sym_u3 - ok
20:54:32.0264 3700	Tcpip           (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\drivers\tcpip.sys
20:54:32.0264 3700	Tcpip - ok
20:54:32.0343 3700	Tcpip6          (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\DRIVERS\tcpip.sys
20:54:32.0343 3700	Tcpip6 - ok
20:54:32.0374 3700	tcpipreg        (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
20:54:32.0374 3700	tcpipreg - ok
20:54:32.0405 3700	TDPIPE          (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
20:54:32.0405 3700	TDPIPE - ok
20:54:32.0436 3700	TDTCP           (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
20:54:32.0436 3700	TDTCP - ok
20:54:32.0499 3700	tdx             (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
20:54:32.0499 3700	tdx - ok
20:54:32.0530 3700	TermDD          (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
20:54:32.0530 3700	TermDD - ok
20:54:32.0608 3700	tssecsrv        (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:54:32.0608 3700	tssecsrv - ok
20:54:32.0655 3700	tunmp           (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
20:54:32.0655 3700	tunmp - ok
20:54:32.0702 3700	tunnel          (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
20:54:32.0702 3700	tunnel - ok
20:54:32.0733 3700	uagp35          (e4722dfbd6232acf17543ef2c2dce8d2) C:\Windows\system32\drivers\uagp35.sys
20:54:32.0733 3700	uagp35 - ok
20:54:32.0780 3700	udfs            (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
20:54:32.0780 3700	udfs - ok
20:54:32.0827 3700	uliagpkx        (5663d7696abbe71f8c9d915c5374118a) C:\Windows\system32\drivers\uliagpkx.sys
20:54:32.0827 3700	uliagpkx - ok
20:54:32.0843 3700	uliahci         (6030b68e86a30d1b315b51c4d7778b16) C:\Windows\system32\drivers\uliahci.sys
20:54:32.0843 3700	uliahci - ok
20:54:32.0858 3700	UlSata          (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
20:54:32.0858 3700	UlSata - ok
20:54:32.0874 3700	ulsata2         (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
20:54:32.0874 3700	ulsata2 - ok
20:54:32.0905 3700	umbus           (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
20:54:32.0905 3700	umbus - ok
20:54:32.0952 3700	usbccgp         (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
20:54:32.0952 3700	usbccgp - ok
20:54:32.0983 3700	usbcir          (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
20:54:32.0983 3700	usbcir - ok
20:54:33.0014 3700	usbehci         (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
20:54:33.0014 3700	usbehci - ok
20:54:33.0046 3700	usbhub          (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
20:54:33.0046 3700	usbhub - ok
20:54:33.0061 3700	usbohci         (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
20:54:33.0061 3700	usbohci - ok
20:54:33.0093 3700	usbprint        (acfee697af477021bb3ec78c5431fed2) C:\Windows\system32\drivers\usbprint.sys
20:54:33.0093 3700	usbprint - ok
20:54:33.0124 3700	USBSTOR         (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:54:33.0124 3700	USBSTOR - ok
20:54:33.0155 3700	usbuhci         (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
20:54:33.0155 3700	usbuhci - ok
20:54:33.0202 3700	vga             (2998dc48905e9b4821ad8fd75b3e070c) C:\Windows\system32\DRIVERS\vgapnp.sys
20:54:33.0202 3700	vga - ok
20:54:33.0233 3700	VgaSave         (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
20:54:33.0233 3700	VgaSave - ok
20:54:33.0264 3700	viaide          (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
20:54:33.0264 3700	viaide - ok
20:54:33.0296 3700	volmgr          (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
20:54:33.0296 3700	volmgr - ok
20:54:33.0327 3700	volmgrx         (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
20:54:33.0327 3700	volmgrx - ok
20:54:33.0358 3700	volsnap         (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
20:54:33.0358 3700	volsnap - ok
20:54:33.0374 3700	vsmraid         (410ae2c141142c58bc617fc2c677f8b0) C:\Windows\system32\drivers\vsmraid.sys
20:54:33.0389 3700	vsmraid - ok
20:54:33.0405 3700	WacomPen        (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
20:54:33.0405 3700	WacomPen - ok
20:54:33.0452 3700	Wanarp          (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
20:54:33.0452 3700	Wanarp - ok
20:54:33.0468 3700	Wanarpv6        (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
20:54:33.0468 3700	Wanarpv6 - ok
20:54:33.0483 3700	Wd              (59b501b0a04c9672142b7ffa2bdbf663) C:\Windows\system32\drivers\wd.sys
20:54:33.0483 3700	Wd - ok
20:54:33.0530 3700	Wdf01000        (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
20:54:33.0530 3700	Wdf01000 - ok
20:54:33.0624 3700	WmiAcpi         (ae34218455d5dc12d1e45de85f160346) C:\Windows\system32\drivers\wmiacpi.sys
20:54:33.0624 3700	WmiAcpi - ok
20:54:33.0686 3700	ws2ifsl         (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
20:54:33.0686 3700	ws2ifsl - ok
20:54:33.0780 3700	WUDFRd          (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:54:33.0780 3700	WUDFRd - ok
20:54:33.0796 3700	MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
20:54:33.0811 3700	\Device\Harddisk0\DR0 - ok
20:54:33.0811 3700	MBR (0x1B8)     (b063715a99df88097c82b8d06cec3fd0) \Device\Harddisk1\DR1
20:54:33.0811 3700	\Device\Harddisk1\DR1 ( Rootkit.Boot.Wistler.a ) - infected
20:54:33.0811 3700	\Device\Harddisk1\DR1 - detected Rootkit.Boot.Wistler.a (0)
20:54:33.0843 3700	MBR (0x1B8)     (0792f22bcc85cfd3b28324561fffcabb) \Device\Harddisk2\DR2
20:54:33.0843 3700	\Device\Harddisk2\DR2 - ok
20:54:33.0858 3700	Boot (0x1200)   (94b414fa377fec6e8b8e706fb080a543) \Device\Harddisk0\DR0\Partition0
20:54:33.0858 3700	\Device\Harddisk0\DR0\Partition0 - ok
20:54:33.0858 3700	Boot (0x1200)   (2dcb555ab9aaafcd30e8a5f5dd164a83) \Device\Harddisk1\DR1\Partition0
20:54:33.0858 3700	\Device\Harddisk1\DR1\Partition0 - ok
20:54:33.0858 3700	============================================================
20:54:33.0858 3700	Scan finished
20:54:33.0858 3700	============================================================
20:54:33.0874 3892	Detected object count: 1
20:54:33.0874 3892	Actual detected object count: 1
20:55:28.0093 3892	\Device\Harddisk1\DR1 - processing error
20:56:02.0343 3892	\Device\Harddisk1\DR1 - will be restored on reboot
20:56:02.0343 3892	\Device\Harddisk1\DR1 ( Rootkit.Boot.Wistler.a ) - User select action: Cure Restore 
20:56:07.0421 3912	Deinitialize success


#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,788 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:52 PM

Posted 29 November 2011 - 09:32 AM

I would like to see the result of these scans.

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html
==

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

#7 Kiendas

Kiendas
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:52 PM

Posted 29 November 2011 - 09:01 PM

Hi.

Ran the first one, combofix. Don't know what it did exactly. It eventually completed, and gave a log, but there were a few issues along the way:

1) Combofix went through 50 some checks, then rebooted the computer. After logging back into Windows, Combofix continued running, however my anti-virus software, Avira, which I had temporarily disabled per the instructions you included, had turned itself back on after rebooting...

2) Soon after that, the re-enabled Avira blocked something from modifying my Hosts file. Combofix was running at that time, so I don't know if it had blocked combofix from doing something, or blocked something else??

3) An error window also popped up shortly after (red circle with white X).
The title of the window was: CSCRIPT.3XE - Bad Image
The message said: "C:\Windows\system32\vbscript.dll is either not designed to run on Windows or it contains an error. Try installing the program again using the original installation media or contact your system administrator or the software vendor for support." [OK]
I don't know if this only happened because Avira was running when combofix was trying to do something, or if it was a virus or a corrupted program or a bad windows install.... ???

4) Not sure if at all related, but now Avira won't open the command console properly.. Right-clicking the icon in the status bar and selecting Start Avira Anti-virus does nothing. Or, double click that icon, and I get a weird little error box titled "Avira Free Antivirus" that simply says: "onDblClick() failed"

Any idea what this is about? At this point, I probably should just reinstall windows again-again, I think......

Logs follow:

Combofix:

ComboFix 11-11-29.04 - j 29/11/2011  18:45:07.1.2 - x64
Running from: c:\users\j\Desktop\ComboFix.exe
.
.
(((((((((((((((((((((((((   Files Created from 2011-10-28 to 2011-11-30  )))))))))))))))))))))))))))))))
.
.
2011-11-30 00:51 . 2011-11-30 00:51	69000	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{30980D67-8451-44C9-9B3C-D00B795CC5D5}\offreg.dll
2011-11-30 00:50 . 2011-11-30 00:50	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-11-30 00:34 . 2011-10-18 07:27	8570192	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{30980D67-8451-44C9-9B3C-D00B795CC5D5}\mpengine.dll
2011-11-26 04:41 . 2011-11-26 04:41	--------	d-----w-	c:\program files (x86)\InstallShield Installation Information
2011-11-26 04:40 . 2011-11-26 04:40	--------	d-----w-	c:\program files (x86)\Renesas Electronics
2011-11-26 04:40 . 2011-11-26 04:40	--------	d-----w-	c:\programdata\Downloaded Installations
2011-11-25 03:32 . 2011-11-25 03:32	--------	d-----w-	c:\program files\BUFFALO
2011-11-25 03:32 . 2010-09-27 05:12	456056	----a-w-	c:\windows\UN091222.EXE
2011-11-25 03:32 . 2010-09-27 05:12	456056	----a-w-	c:\windows\UN091114.EXE
2011-11-25 03:32 . 2010-10-21 07:47	69760	----a-w-	c:\windows\system32\drivers\bftpdskc64.sys
2011-11-25 03:31 . 2010-10-21 07:47	20608	----a-w-	c:\windows\system32\drivers\bftpusbx64.sys
2011-11-25 03:31 . 2010-09-27 05:12	456056	----a-w-	c:\windows\UN091111.EXE
2011-11-25 03:31 . 2010-09-27 05:12	456056	----a-w-	c:\windows\UN091201.EXE
2011-11-25 03:29 . 2011-11-25 03:32	--------	d-----w-	c:\program files (x86)\BUFFALO
2011-11-25 02:49 . 2011-11-25 02:50	--------	d-----w-	c:\program files (x86)\Common Files\Adobe
2011-11-25 02:48 . 2011-11-25 02:48	--------	d-----w-	c:\program files (x86)\Common Files\Adobe AIR
2011-11-21 04:40 . 2011-10-19 22:56	27760	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2011-11-21 04:40 . 2011-10-19 22:56	97312	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2011-11-21 04:40 . 2011-10-19 22:56	130760	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-11-21 04:40 . 2011-11-21 04:40	--------	d-----w-	c:\programdata\Avira
2011-11-21 04:40 . 2011-11-21 04:40	--------	d-----w-	c:\program files (x86)\Avira
2011-11-21 04:06 . 2011-03-12 22:52	1653760	----a-w-	c:\windows\system32\XpsPrint.dll
2011-11-21 04:06 . 2011-03-12 21:55	876032	----a-w-	c:\windows\SysWow64\XpsPrint.dll
2011-11-21 03:57 . 2011-11-21 03:57	--------	d-----w-	c:\windows\SysWow64\spool
2011-11-21 03:57 . 2011-11-21 03:57	--------	d-----w-	c:\program files (x86)\Windows Portable Devices
2011-11-21 03:57 . 2011-11-21 03:57	--------	d-----w-	c:\program files\Windows Portable Devices
2011-11-21 03:53 . 2009-10-01 01:02	30208	----a-w-	c:\windows\SysWow64\WPDShextAutoplay.exe
2011-11-21 03:31 . 2009-09-10 02:05	103424	----a-w-	c:\windows\system32\UIAnimation.dll
2011-11-21 03:31 . 2009-09-10 02:00	92672	----a-w-	c:\windows\SysWow64\UIAnimation.dll
2011-11-21 03:31 . 2009-09-10 02:07	3815424	----a-w-	c:\windows\system32\UIRibbon.dll
2011-11-21 03:31 . 2009-09-10 02:06	1164800	----a-w-	c:\windows\system32\UIRibbonRes.dll
2011-11-21 03:31 . 2009-09-10 02:01	3023360	----a-w-	c:\windows\SysWow64\UIRibbon.dll
2011-11-21 03:31 . 2009-09-10 02:00	1164800	----a-w-	c:\windows\SysWow64\UIRibbonRes.dll
2011-11-21 03:23 . 2011-06-17 16:16	451072	----a-w-	c:\windows\system32\winsrv.dll
2011-11-21 03:23 . 2011-09-30 16:16	893440	----a-w-	c:\program files\Common Files\System\wab32.dll
2011-11-21 03:23 . 2011-09-30 16:16	50688	----a-w-	c:\program files\Windows Mail\wabimp.dll
2011-11-21 03:23 . 2011-09-30 15:57	707584	----a-w-	c:\program files (x86)\Common Files\System\wab32.dll
2011-11-21 03:17 . 2011-07-29 16:08	375808	----a-w-	c:\windows\system32\psisdecd.dll
2011-11-21 03:17 . 2011-07-29 16:08	289792	----a-w-	c:\windows\system32\psisrndr.ax
2011-11-21 03:17 . 2011-07-29 16:06	73216	----a-w-	c:\windows\system32\MSDvbNP.ax
2011-11-21 03:17 . 2011-07-29 16:06	100352	----a-w-	c:\windows\system32\Mpeg2Data.ax
2011-11-21 03:17 . 2011-07-29 16:01	293376	----a-w-	c:\windows\SysWow64\psisdecd.dll
2011-11-21 03:17 . 2011-07-29 16:01	217088	----a-w-	c:\windows\SysWow64\psisrndr.ax
2011-11-21 03:17 . 2011-07-29 16:00	57856	----a-w-	c:\windows\SysWow64\MSDvbNP.ax
2011-11-21 03:17 . 2011-07-29 16:00	69632	----a-w-	c:\windows\SysWow64\Mpeg2Data.ax
2011-11-21 02:55 . 2011-11-21 02:55	--------	d-----w-	c:\program files (x86)\Microsoft.NET
2011-11-21 00:45 . 2011-11-21 00:45	--------	d-----w-	c:\windows\SysWow64\ca-ES
2011-11-21 00:45 . 2011-11-21 00:45	--------	d-----w-	c:\windows\SysWow64\eu-ES
2011-11-21 00:45 . 2011-11-21 00:45	--------	d-----w-	c:\windows\SysWow64\vi-VN
2011-11-21 00:45 . 2011-11-21 00:45	--------	d-----w-	c:\windows\system32\ca-ES
2011-11-21 00:45 . 2011-11-21 00:45	--------	d-----w-	c:\windows\system32\eu-ES
2011-11-21 00:45 . 2011-11-21 00:45	--------	d-----w-	c:\windows\system32\vi-VN
2011-11-21 00:23 . 2011-11-21 00:23	--------	d-----w-	c:\windows\system32\EventProviders
2011-11-20 22:46 . 2011-03-03 15:59	32256	----a-w-	c:\windows\system32\Apphlpdm.dll
2011-11-20 22:46 . 2011-03-03 15:40	28672	----a-w-	c:\windows\SysWow64\Apphlpdm.dll
2011-11-20 22:46 . 2011-03-03 14:00	4240384	----a-w-	c:\windows\system32\GameUXLegacyGDFs.dll
2011-11-20 22:46 . 2011-03-03 13:35	4240384	----a-w-	c:\windows\SysWow64\GameUXLegacyGDFs.dll
2011-11-20 19:04 . 2008-05-27 04:59	18904	----a-w-	c:\windows\SysWow64\StructuredQuerySchemaTrivial.bin
2011-11-20 19:04 . 2008-05-27 04:59	18904	----a-w-	c:\windows\system32\StructuredQuerySchemaTrivial.bin
2011-11-20 18:50 . 2009-01-08 01:20	358904	----a-w-	c:\program files\Internet Explorer\msdbg2.dll
2011-11-20 18:50 . 2009-01-08 01:20	355832	----a-w-	c:\program files (x86)\Internet Explorer\pdm.dll
2011-11-20 18:50 . 2009-01-08 01:20	265720	----a-w-	c:\program files (x86)\Internet Explorer\msdbg2.dll
2011-11-20 18:50 . 2009-01-08 01:20	537088	----a-w-	c:\program files\Internet Explorer\pdm.dll
2011-11-20 18:08 . 2009-04-11 06:12	12240896	----a-w-	c:\windows\system32\NlsLexicons0007.dll
2011-11-20 18:08 . 2009-04-11 05:03	12240896	----a-w-	c:\windows\SysWow64\NlsLexicons0007.dll
2011-11-20 18:06 . 2009-04-11 07:15	164840	----a-w-	c:\windows\system32\drivers\Classpnp.sys
2011-11-20 18:05 . 2009-04-11 07:11	235008	----a-w-	c:\windows\system32\mstask.dll
2011-11-20 18:03 . 2009-11-08 16:55	99176	----a-w-	c:\windows\SysWow64\PresentationHostProxy.dll
2011-11-20 18:03 . 2009-11-08 16:55	49472	----a-w-	c:\windows\SysWow64\netfxperf.dll
2011-11-20 18:03 . 2009-11-08 16:55	48960	----a-w-	c:\windows\system32\netfxperf.dll
2011-11-20 18:03 . 2009-11-08 16:55	444752	----a-w-	c:\windows\system32\mscoree.dll
2011-11-20 18:03 . 2009-11-08 16:55	320352	----a-w-	c:\windows\system32\PresentationHost.exe
2011-11-20 18:03 . 2009-11-08 16:55	297808	----a-w-	c:\windows\SysWow64\mscoree.dll
2011-11-20 18:03 . 2009-11-08 16:55	295264	----a-w-	c:\windows\SysWow64\PresentationHost.exe
2011-11-20 18:03 . 2009-11-08 16:55	1942856	----a-w-	c:\windows\system32\dfshim.dll
2011-11-20 18:03 . 2009-11-08 16:55	1130824	----a-w-	c:\windows\SysWow64\dfshim.dll
2011-11-20 18:03 . 2009-11-08 16:55	109912	----a-w-	c:\windows\system32\PresentationHostProxy.dll
2011-11-20 17:52 . 2010-12-17 17:34	2425344	----a-w-	c:\windows\system32\mstscax.dll
2011-11-20 17:52 . 2010-12-17 15:45	2067968	----a-w-	c:\windows\SysWow64\mstscax.dll
2011-11-20 17:52 . 2010-12-17 15:41	731136	----a-w-	c:\windows\system32\mstsc.exe
2011-11-20 17:50 . 2010-04-05 17:33	295424	----a-w-	c:\windows\system32\MP4SDECD.DLL
2011-11-20 17:44 . 2011-03-10 17:18	1360384	----a-w-	c:\windows\system32\mfc42u.dll
2011-11-20 17:44 . 2011-03-10 17:18	1398784	----a-w-	c:\windows\system32\mfc42.dll
2011-11-20 17:44 . 2011-03-10 17:03	1136640	----a-w-	c:\windows\SysWow64\mfc42.dll
2011-11-20 17:44 . 2011-03-10 17:03	1162240	----a-w-	c:\windows\SysWow64\mfc42u.dll
2011-11-20 17:43 . 2010-04-16 17:07	621568	----a-w-	c:\windows\system32\usp10.dll
2011-11-20 17:43 . 2010-04-16 16:46	502272	----a-w-	c:\windows\SysWow64\usp10.dll
2011-11-20 17:43 . 2011-04-20 15:58	85504	----a-w-	c:\windows\system32\csrsrv.dll
2011-11-20 17:41 . 2010-08-20 16:57	1090048	----a-w-	c:\windows\system32\wmpmde.dll
2011-11-20 17:41 . 2010-08-20 16:05	867328	----a-w-	c:\windows\SysWow64\wmpmde.dll
2011-11-20 17:41 . 2011-03-02 16:12	117760	----a-w-	c:\windows\system32\dnsrslvr.dll
2011-11-20 17:41 . 2009-05-04 10:21	28672	----a-w-	c:\windows\system32\dnscacheugc.exe
2011-11-20 17:41 . 2009-05-04 09:59	25088	----a-w-	c:\windows\SysWow64\dnscacheugc.exe
2011-11-20 17:24 . 2011-11-20 17:24	--------	d-----w-	C:\PerfLogs
2011-11-20 16:34 . 2008-01-19 08:07	25656	----a-w-	c:\windows\system32\BOOTVID.DLL
2011-11-20 16:34 . 2008-01-19 08:00	24576	----a-w-	c:\windows\system32\iashost.exe
2011-11-20 16:34 . 2008-01-19 07:55	705536	----a-w-	c:\windows\system32\imagesp1.dll
2011-11-20 16:34 . 2008-01-19 07:29	705536	----a-w-	c:\windows\SysWow64\imagesp1.dll
2011-11-20 16:34 . 2008-01-19 08:04	141312	----a-w-	c:\windows\system32\sstpsvc.dll
2011-11-20 16:34 . 2008-01-19 08:04	2935808	----a-w-	c:\windows\system32\xpssvcs.dll
2011-11-20 16:34 . 2008-01-19 08:07	1584184	----a-w-	c:\program files\Windows Defender\MSASCui.exe
2011-11-20 16:34 . 2008-01-19 08:02	532480	----a-w-	c:\program files\Common Files\System\Ole DB\msdasql.dll
2011-11-20 16:34 . 2008-01-19 08:07	1099832	----a-w-	c:\program files\Windows Defender\MpRtMon.dll
2011-11-20 16:34 . 2008-01-19 08:00	55296	----a-w-	c:\windows\system32\lpremove.exe
2011-11-20 16:34 . 2008-01-19 08:00	65536	----a-w-	c:\windows\bfsvc.exe
2011-11-20 16:32 . 2008-01-19 08:03	33280	----a-w-	c:\windows\system32\profprov.dll
2011-11-20 16:31 . 2008-01-19 08:04	1319424	----a-w-	c:\windows\system32\TMM.dll
2011-11-20 16:30 . 2008-01-19 08:04	176128	----a-w-	c:\windows\system32\sqmapi.dll
2011-11-20 16:30 . 2008-01-19 08:04	145408	----a-w-	c:\windows\system32\SmiInstaller.dll
2011-11-20 16:30 . 2008-01-19 08:02	46592	----a-w-	c:\windows\system32\mspatcha.dll
2011-11-20 16:30 . 2008-01-19 08:02	459776	----a-w-	c:\windows\system32\msdelta.dll
2011-11-20 16:30 . 2008-01-19 08:01	403968	----a-w-	c:\windows\system32\dpx.dll
2011-11-20 14:45 . 2011-11-20 14:45	442368	----a-w-	c:\windows\system32\winhttp.dll
2011-11-20 14:45 . 2011-11-20 14:45	377344	----a-w-	c:\windows\SysWow64\winhttp.dll
2011-11-20 14:44 . 2011-11-20 14:44	28160	----a-w-	c:\windows\system32\drivers\en-US\http.sys.mui
2011-11-20 09:22 . 2011-11-20 09:22	0	----a-w-	c:\windows\ativpsrm.bin
2011-11-20 07:31 . 2011-11-20 07:31	1418752	----a-w-	c:\program files (x86)\Windows Media Player\setup_wm.exe
2011-11-20 07:31 . 2011-11-20 07:31	372736	----a-w-	c:\windows\system32\unregmp2.exe
2011-11-20 07:31 . 2011-11-20 07:31	310784	----a-w-	c:\windows\SysWow64\unregmp2.exe
2011-11-20 07:31 . 2011-11-20 07:31	1486848	----a-w-	c:\program files\Windows Media Player\setup_wm.exe
2011-11-20 07:13 . 2011-11-20 07:13	23552	----a-w-	c:\windows\SysWow64\lpk.dll
2011-11-20 07:13 . 2011-11-20 07:13	14336	----a-w-	c:\windows\system32\dciman32.dll
2011-11-20 07:13 . 2011-11-20 07:13	10240	----a-w-	c:\windows\SysWow64\dciman32.dll
2011-11-20 07:13 . 2011-11-20 07:13	32768	----a-w-	c:\windows\system32\lpk.dll
2011-11-20 07:07 . 2011-11-20 07:07	772608	----a-w-	c:\windows\system32\localspl.dll
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-20 17:16 . 2006-11-02 12:46	134144	----a-w-	c:\windows\system32\ifxcardm.dll
2011-11-20 17:16 . 2006-11-02 12:39	82432	----a-w-	c:\windows\SysWow64\axaltocm.dll
2011-11-20 17:16 . 2006-11-02 12:39	101888	----a-w-	c:\windows\SysWow64\ifxcardm.dll
2011-11-20 17:16 . 2006-11-02 12:46	133632	----a-w-	c:\windows\system32\axaltocm.dll
2011-11-20 07:15 . 2011-11-20 07:15	2560	----a-w-	c:\windows\apppatch\AcRes.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"P17RunE"="P17RunE.dll" [2008-03-28 14848]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-19 258512]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"BuffaloTools"="c:\program files (x86)\BUFFALO\BuffaloTools\BuffaloTools.exe" [2011-03-29 169336]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"Backup Utility TaskTray Tool"="c:\program files (x86)\BUFFALO\Backup_Utility\BUTray.exe" [2011-03-29 2712952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 bftpusbx64;BUFFALO TurboPC USB Filter;c:\windows\system32\drivers\bftpusbx64.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
S0 BFRD4G;BUFFALO RAM Disk Driver;c:\windows\system32\DRIVERS\BFRD4G.sys [x]
S0 bftpdskc64;BUFFALO TurboPC Cache Filter;c:\windows\system32\drivers\bftpdskc64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-19 86224]
S2 BFBackupUtilityService;Backup Utility Service;c:\program files (x86)\BUFFALO\Backup_Utility\BUService.exe [2010-08-20 320888]
S2 BFBackupUtilityVSSService;Backup Utility VSS Service;c:\program files (x86)\BUFFALO\Backup_Utility\BUVSSService64.exe [2010-04-28 359288]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 hcw18bda;Hauppauge WinTV 418 Driver;c:\windows\system32\drivers\hcw18bda.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 172.16.1.254
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\j\AppData\Roaming\Mozilla\Firefox\Profiles\ev0e7ymy.default\
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
.
.
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\windows\SysWOW64\rundll32.exe
.
**************************************************************************
.
Completion time: 2011-11-29  19:13:03 - machine was rebooted
ComboFix-quarantined-files.txt  2011-11-30 01:13
.
Pre-Run: 135,088,619,520 bytes free
Post-Run: 134,935,445,504 bytes free
.
- - End Of File - - F8576C2CBB1E30C54DA024A312551BD1


...
...

SecurityCheck:

Results of screen317's Security Check version 0.99.28  
 Windows Vista  x64 (UAC is enabled)  
 [url=http://support.microsoft.com/kb/935791][color=red][b]Out of date service pack!![/color][/url][/b] 
 Internet Explorer 9  
[b]`````````````````````````````` 
[u]Antivirus/Firewall Check:[/u][/b] 
 Windows Firewall Enabled!  
 Avira Free Antivirus    
 [size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size] 
 Avira successfully updated! 
[b]``````````````````````````````` 
[u]Anti-malware/Other Utilities Check:[/u][/b] 
 Adobe Reader X (10.1.1) 
 Mozilla Firefox (8.0.) 
[b]```````````````````````````````` 
Process Check:  
[u]objlist.exe by Laurent[/u][/b] 
 Windows Defender MSASCui.exe 
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
 Windows Defender MSASCui.exe   
[b]``````````End of Log````````````[/b] 


#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,788 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:52 PM

Posted 30 November 2011 - 08:49 AM

You may have a variant of the latest ZeroAccess infection that creates a hidden partition.
Formatting and reinstalling windows with this partition will not solve your Master Boot record.


  • Do the following:
  • Click on the Start button and then choose Control Panel.
  • Click on the System and Security link.

    Note: If you're viewing the Large icons or Small icons view of Control Panel, you won't see this link so just click on the Administrative Tools icon and skip to Step 4.
  • In the System and Security window, click on the Administrative Tools heading located near the bottom of the window.
  • In the Administrative Tools window, double-click on the Computer Management icon.
  • When Computer Management opens, click on Disk Management on the left side of the window, located under Storage.
After a brief loading period, Disk Management should now appear on the right side of the Computer Management window.

Note: If you don't see Disk Management listed, you may need to click on the |> icon to the left of the Storage icon.

Take a screen Shot of the Disk Management Window and attach the screen shot to your reply.

To do print screen follow these steps:

* Press Alt and Print Screen button on your keyboard
* Open Paint program
* From the menu choose Edit then Paste
* Now save the picture and attach it here for me to review.

#9 Kiendas

Kiendas
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:52 PM

Posted 30 November 2011 - 10:23 PM

Well. Seems we keep going in circles here.

I try to run the Computer Management program and instead it gives me this error:

C:\windows\system32\mmcbase.DLL is either not designed to run on Windows or it contains an error. Try installing the program again using the original installation media or contact your system administrator or the software vendor for support.


Is this just the result of a corrupted system file, or is it an active virus blocking me?

What do you recommend now?

Really, I've backed up the files I need, so I don't mind losing everything on these drives-- if I repartition, reformat, reinstall windows-- will that clean the MBR, the hidden partitions, and the hard drives completely... so I can reinstall the O/S, restore my data from backups, and get on with my life?


Thanks again for your help.

#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,788 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:52 PM

Posted 01 December 2011 - 08:50 AM

Really, I've backed up the files I need, so I don't mind losing everything on these drives-- if I repartition, reformat, reinstall windows-- will that clean the MBR, the hidden partitions, and the hard drives completely.

In one work No. A special tool is needed to remove a partition.

Reinstalling windows may correct the error with mmcbase.DLL.

With the following tool we can check if you have a good copy on the computer.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2


If your operating system is 64 bit download this tool:
SystemLook_x64.exe
  • Double-click SystemLook.exe to run it.
  • Copy and paste the content of the following bold text into the main textfield:


    :filefind
    mmcbase.DLL

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

#11 Kiendas

Kiendas
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:52 PM

Posted 01 December 2011 - 07:08 PM

I'm 64 bit, so ran SystemLook_x64.exe

Here's the log:

SystemLook 30.07.11 by jpshortstuff
Log created at 18:05 on 01/12/2011 by Jaryn
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== filefind ==========

Searching for "mmcbase.DLL"
C:\Windows\System32\mmcbase.dll	--a---- 301056 bytes	[16:32 20/11/2011]	[07:34 19/01/2008] 26D7F733F37E8E535DD106E5DE7DC3C6
C:\Windows\SysWOW64\mmcbase.dll	--a---- 301056 bytes	[16:32 20/11/2011]	[07:34 19/01/2008] 26D7F733F37E8E535DD106E5DE7DC3C6
C:\Windows\winsxs\amd64_microsoft-windows-m..-management-console_31bf3856ad364e35_6.0.6000.16386_none_695b249831149f1c\mmcbase.dll	--a---- 351232 bytes	[09:19 02/11/2006]	[11:18 02/11/2006] 70187356512BB0891DD3A55FB470D32C
C:\Windows\winsxs\amd64_microsoft-windows-m..-management-console_31bf3856ad364e35_6.0.6001.18000_none_6b91e6942dffaff0\mmcbase.dll	--a---- 0 bytes	[16:32 20/11/2011]	[08:02 19/01/2008] D41D8CD98F00B204E9800998ECF8427E
C:\Windows\winsxs\amd64_microsoft-windows-m..-management-console_31bf3856ad364e35_6.0.6002.18005_none_6d7d5fa02b217b3c\mmcbase.dll	--a---- 0 bytes	[16:32 20/11/2011]	[08:02 19/01/2008] D41D8CD98F00B204E9800998ECF8427E
C:\Windows\winsxs\x86_microsoft-windows-m..-management-console_31bf3856ad364e35_6.0.6000.16386_none_0d3c891478b72de6\mmcbase.dll	--a---- 300544 bytes	[12:18 02/11/2006]	[09:46 02/11/2006] E2533721A311C8EA230FFB19B2760376
C:\Windows\winsxs\x86_microsoft-windows-m..-management-console_31bf3856ad364e35_6.0.6001.18000_none_0f734b1075a23eba\mmcbase.dll	--a---- 301056 bytes	[16:32 20/11/2011]	[07:34 19/01/2008] 26D7F733F37E8E535DD106E5DE7DC3C6
C:\Windows\winsxs\x86_microsoft-windows-m..-management-console_31bf3856ad364e35_6.0.6002.18005_none_115ec41c72c40a06\mmcbase.dll	--a---- 301056 bytes	[16:32 20/11/2011]	[07:34 19/01/2008] 26D7F733F37E8E535DD106E5DE7DC3C6

-= EOF =-


#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,788 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:52 PM

Posted 02 December 2011 - 09:39 AM

The files all look good. So the problem may be elsewere.

Run this command sfc /scannow

How to here.
How to use the System File Checker tool to troubleshoot missing or corrupted system files on Windows Vista or on Windows 7
http://support.microsoft.com/kb/929833
===

If the command fails to run try the elevated prompt.

Open Windows SEARCH and type in CMD and it will come up with the
CMD.exe command
Right click the file name an use RUN AS ADMINISTRATOR option

Type sfc /scannow and hit the Enter key.

Follow the instructions.
===

You can take a picture of your partition table with this too. Do not try to repair anything.

Preferably from a clean computer, I need you to download: gparted-live-0.10.0-3.iso (115.1 MB)
Windows Vista 64-Bit (x64) Recovery Environment

Create a bootable CD, 1 for Gparted and 1 for the Windows Vista Recovery Enviroment, from the ISO images. You can use ImgBurn do this.

Now boot off of the newly created Gparted CD.

Posted Image
You should be here...
Press ENTER

Posted Image
By default, "do not touch keymap" is highlighted. Leave this setting alone and just press ENTER.

Posted Image
Choose your language and press ENTER. English is default [33]

Posted Image
Once again, at this prompt, press ENTER

You will now be taken to the main GUI screen below
Posted Image

Take a screen Shot of the Disk Management Window and attach the screen shot to your reply.

Exit the tool.

#13 Kiendas

Kiendas
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:52 PM

Posted 03 December 2011 - 12:05 AM

Here is the log from the first step. I removed the uninteresting lines from the log, leaving for us a big pile of corrupted files.
I didn't try to manually recover any of the files, I only did the scan.
In some cases it seems it repaired the file on its own, but in others it looks like it was unable.
For instance, "Could not reproject corrupted file; ... source file in store is also corrupted"
But at the end, it still says All files and registry keys listed in this transaction have been successfully repaired
Why is that??

I'll see about the second step tonight or tomorrow, the burning the bootable partition-scan cd..

Thanks.


2011-12-02 22:37:48, Info                  CSI    0000008a [SR] Cannot repair member file [l:32{16}]"comdlg32.dll.mui" of Microsoft-Windows-comdlg32.Resources, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture = [l:10{5}]"zh-HK", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-12-02 22:37:56, Info                  CSI    000000a4 [SR] Repaired file \SystemRoot\WinSxS\Manifests\\[l:32{16}]"comdlg32.dll.mui" by copying from backup
2011-12-02 22:37:56, Info                  CSI    000000a6 [SR] Repairing corrupted file [ml:520{260},l:58{29}]"\??\C:\Windows\System32\zh-HK"\[l:32{16}]"comdlg32.dll.mui" from store
2011-12-02 22:37:57, Info                  CSI    000000af [SR] Verify complete

2011-12-02 22:40:29, Info                  CSI    00000126 [SR] Cannot repair member file [l:22{11}]"mmcbase.dll" of Microsoft-Windows-Microsoft-Management-Console, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-12-02 22:40:31, Info                  CSI    00000128 [SR] Cannot repair member file [l:22{11}]"mmcbase.dll" of Microsoft-Windows-Microsoft-Management-Console, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-12-02 22:40:31, Info                  CSI    00000129 [SR] This component was referenced by [l:164{82}]"Package_27_for_KB948465~31bf3856ad364e35~amd64~~6.0.1.18005.948465-126_neutral_GDR"
2011-12-02 22:40:31, Info                  CSI    0000012c [SR] Could not reproject corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:22{11}]"mmcbase.dll"; source file in store is also corrupted
2011-12-02 22:40:33, Info                  CSI    0000012e [SR] Verify complete

2011-12-02 22:40:33, Info                  CSI    0000012f [SR] Verifying 100 (0x0000000000000064) components
2011-12-02 22:40:33, Info                  CSI    00000130 [SR] Beginning Verify and Repair transaction
2011-12-02 22:40:37, Info                  CSI    00000132 [SR] Cannot repair member file [l:20{10}]"msdaps.dll" of Microsoft-Windows-Microsoft-Data-Access-Components-(MDAC)-Oledb-Interface-Remoting-PS, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-12-02 22:40:37, Info                  CSI    00000134 [SR] Cannot repair member file [l:20{10}]"msdaps.dll" of Microsoft-Windows-Microsoft-Data-Access-Components-(MDAC)-Oledb-Interface-Remoting-PS, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-12-02 22:40:37, Info                  CSI    00000135 [SR] This component was referenced by [l:164{82}]"Package_30_for_KB936330~31bf3856ad364e35~amd64~~6.0.1.18000.936330-185_neutral_GDR"
2011-12-02 22:40:37, Info                  CSI    00000138 [SR] Could not reproject corrupted file [ml:520{260},l:94{47}]"\??\C:\Program Files\Common Files\System\Ole DB"\[l:20{10}]"msdaps.dll"; source file in store is also corrupted
2011-12-02 22:40:38, Info                  CSI    0000013a [SR] Verify complete
2011-12-02 22:40:38, Info                  CSI    0000013b [SR] Verifying 100 (0x0000000000000064) components
2011-12-02 22:40:38, Info                  CSI    0000013c [SR] Beginning Verify and Repair transaction
2011-12-02 22:40:41, Info                  CSI    0000013e [SR] Cannot repair member file [l:20{10}]"wmploc.DLL" of Microsoft-Windows-MediaPlayer-Core, Version = 6.0.6002.18311, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-12-02 22:40:45, Info                  CSI    00000140 [SR] Cannot repair member file [l:20{10}]"wmploc.DLL" of Microsoft-Windows-MediaPlayer-Core, Version = 6.0.6002.18311, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-12-02 22:40:45, Info                  CSI    00000141 [SR] This component was referenced by [l:162{81}]"Package_148_for_KB2378111~31bf3856ad364e35~amd64~~6.0.1.3.2378111-508_neutral_GDR"
2011-12-02 22:40:45, Info                  CSI    00000144 [SR] Could not reproject corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:20{10}]"wmploc.DLL"; source file in store is also corrupted
2011-12-02 22:40:49, Info                  CSI    0000014c [SR] Verify complete
2011-12-02 22:40:49, Info                  CSI    0000014d [SR] Verifying 100 (0x0000000000000064) components
2011-12-02 22:40:49, Info                  CSI    0000014e [SR] Beginning Verify and Repair transaction
2011-12-02 22:40:55, Info                  CSI    00000150 [SR] Cannot repair member file [l:24{12}]"msinfo32.exe" of Microsoft-Windows-MSInfo32-Exe-Common, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-12-02 22:40:58, Info                  CSI    0000015d [SR] Cannot repair member file [l:24{12}]"msinfo32.exe" of Microsoft-Windows-MSInfo32-Exe-Common, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-12-02 22:40:58, Info                  CSI    0000015e [SR] This component was referenced by [l:164{82}]"Package_27_for_KB948465~31bf3856ad364e35~amd64~~6.0.1.18005.948465-126_neutral_GDR"
2011-12-02 22:40:58, Info                  CSI    00000161 [SR] Could not reproject corrupted file [ml:520{260},l:114{57}]"\??\C:\Program Files\Common Files\Microsoft Shared\MSInfo"\[l:24{12}]"msinfo32.exe"; source file in store is also corrupted
2011-12-02 22:41:01, Info                  CSI    00000168 [SR] Verify complete
2011-12-02 22:41:01, Info                  CSI    00000169 [SR] Verifying 100 (0x0000000000000064) components
2011-12-02 22:41:01, Info                  CSI    0000016a [SR] Beginning Verify and Repair transaction
2011-12-02 22:41:04, Info                  CSI    0000016c [SR] Cannot repair member file [l:32{16}]"fwpuclnt.dll.mui" of Microsoft-Windows-Network-Security.Resources, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture = [l:10{5}]"en-US", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-12-02 22:41:14, Info                  CSI    0000016e [SR] Cannot repair member file [l:32{16}]"fwpuclnt.dll.mui" of Microsoft-Windows-Network-Security.Resources, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture = [l:10{5}]"en-US", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-12-02 22:41:14, Info                  CSI    0000016f [SR] This component was referenced by [l:168{84}]"Package_45_for_KB936330~31bf3856ad364e35~amd64~en-US~6.0.1.18000.936330-61_en-us_GDR"
2011-12-02 22:41:14, Info                  CSI    00000172 [SR] Could not reproject corrupted file [ml:520{260},l:58{29}]"\??\C:\Windows\System32\en-US"\[l:32{16}]"fwpuclnt.dll.mui"; source file in store is also corrupted
2011-12-02 22:41:21, Info                  CSI    00000174 [SR] Verify complete
2011-12-02 22:41:21, Info                  CSI    00000175 [SR] Verifying 100 (0x0000000000000064) components
2011-12-02 22:41:21, Info                  CSI    00000176 [SR] Beginning Verify and Repair transaction
2011-12-02 22:41:25, Info                  CSI    00000178 [SR] Cannot repair member file [l:26{13}]"ntdll.dll.mui" of Microsoft-Windows-Ntdll.Resources, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture = [l:10{5}]"en-US", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-12-02 22:41:29, Info                  CSI    00000179 [SR] Repaired file \SystemRoot\WinSxS\Manifests\\[l:26{13}]"ntdll.dll.mui" by copying from backup
2011-12-02 22:41:29, Info                  CSI    0000017b [SR] Repairing corrupted file [ml:520{260},l:58{29}]"\??\C:\Windows\System32\en-US"\[l:26{13}]"ntdll.dll.mui" from store
2011-12-02 22:41:30, Info                  CSI    0000017d [SR] Verify complete

2011-12-02 22:42:09, Info                  CSI    00000195 [SR] Beginning Verify and Repair transaction
2011-12-02 22:42:16, Info                  CSI    00000197 [SR] Cannot repair member file [l:24{12}]"FreeCell.exe" of Microsoft-Windows-Shell-InboxGames-FreeCell, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-12-02 22:42:24, Info                  CSI    00000199 [SR] Cannot repair member file [l:24{12}]"FreeCell.exe" of Microsoft-Windows-Shell-InboxGames-FreeCell, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-12-02 22:42:24, Info                  CSI    0000019a [SR] This component was referenced by [l:164{82}]"Package_68_for_KB948465~31bf3856ad364e35~amd64~~6.0.1.18005.948465-257_neutral_GDR"
2011-12-02 22:42:24, Info                  CSI    0000019d [SR] Could not reproject corrupted file [ml:520{260},l:90{45}]"\??\C:\Program Files\Microsoft Games\FreeCell"\[l:24{12}]"FreeCell.exe"; source file in store is also corrupted
2011-12-02 22:42:26, Info                  CSI    0000019f [SR] Verify complete
2011-12-02 22:42:27, Info                  CSI    000001a0 [SR] Verifying 100 (0x0000000000000064) components
2011-12-02 22:42:27, Info                  CSI    000001a1 [SR] Beginning Verify and Repair transaction
2011-12-02 22:42:27, Info                  CSI    000001a3 [SR] Cannot repair member file [l:26{13}]"Solitaire.exe" of Microsoft-Windows-Shell-InboxGames-Solitaire, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-12-02 22:42:29, Info                  CSI    000001a5 [SR] Cannot repair member file [l:30{15}]"MineSweeper.exe" of Microsoft-Windows-Shell-InboxGames-Minesweeper, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-12-02 22:42:30, Info                  CSI    000001a7 [SR] Cannot repair member file [l:30{15}]"PurblePlace.exe" of Microsoft-Windows-Shell-InboxGames-PurblePlace, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-12-02 22:42:33, Info                  CSI    000001a9 [SR] Cannot repair member file [l:30{15}]"MineSweeper.exe" of Microsoft-Windows-Shell-InboxGames-Minesweeper, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-12-02 22:42:33, Info                  CSI    000001aa [SR] This component was referenced by [l:164{82}]"Package_68_for_KB948465~31bf3856ad364e35~amd64~~6.0.1.18005.948465-259_neutral_GDR"
2011-12-02 22:42:33, Info                  CSI    000001ad [SR] Could not reproject corrupted file [ml:520{260},l:96{48}]"\??\C:\Program Files\Microsoft Games\Minesweeper"\[l:30{15}]"MineSweeper.exe"; source file in store is also corrupted
2011-12-02 22:42:33, Info                  CSI    000001af [SR] Cannot repair member file [l:30{15}]"PurblePlace.exe" of Microsoft-Windows-Shell-InboxGames-PurblePlace, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-12-02 22:42:33, Info                  CSI    000001b0 [SR] This component was referenced by [l:164{82}]"Package_68_for_KB948465~31bf3856ad364e35~amd64~~6.0.1.18005.948465-260_neutral_GDR"
2011-12-02 22:42:34, Info                  CSI    000001b3 [SR] Could not reproject corrupted file [ml:520{260},l:98{49}]"\??\C:\Program Files\Microsoft Games\Purble Place"\[l:30{15}]"PurblePlace.exe"; source file in store is also corrupted
2011-12-02 22:42:35, Info                  CSI    000001b5 [SR] Cannot repair member file [l:26{13}]"Solitaire.exe" of Microsoft-Windows-Shell-InboxGames-Solitaire, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-12-02 22:42:35, Info                  CSI    000001b6 [SR] This component was referenced by [l:164{82}]"Package_68_for_KB948465~31bf3856ad364e35~amd64~~6.0.1.18005.948465-261_neutral_GDR"
2011-12-02 22:42:35, Info                  CSI    000001b9 [SR] Could not reproject corrupted file [ml:520{260},l:92{46}]"\??\C:\Program Files\Microsoft Games\Solitaire"\[l:26{13}]"Solitaire.exe"; source file in store is also corrupted
2011-12-02 22:42:35, Info                  CSI    000001bb [SR] Verify complete
2011-12-02 22:42:36, Info                  CSI    000001bc [SR] Verifying 100 (0x0000000000000064) components
2011-12-02 22:42:36, Info                  CSI    000001bd [SR] Beginning Verify and Repair transaction
2011-12-02 22:42:36, Info                  CSI    000001bf [SR] Cannot repair member file [l:24{12}]"vbscript.dll" of Microsoft-Windows-Scripting-VBScript, Version = 9.1.8112.16421, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-12-02 22:42:37, Info                  CSI    000001c1 [SR] Cannot repair member file [l:24{12}]"schtasks.exe" of Microsoft-Windows-ScTasks, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-12-02 22:42:39, Info                  CSI    000001c3 [SR] Cannot repair member file [l:22{11}]"poqexec.exe" of Microsoft-Windows-ServicingStack, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-12-02 22:42:44, Info                  CSI    000001c5 [SR] Cannot repair member file [l:24{12}]"schtasks.exe" of Microsoft-Windows-ScTasks, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-12-02 22:42:44, Info                  CSI    000001c6 [SR] This component was referenced by [l:164{82}]"Package_30_for_KB936330~31bf3856ad364e35~amd64~~6.0.1.18000.936330-185_neutral_GDR"
2011-12-02 22:42:44, Info                  CSI    000001c9 [SR] Could not reproject corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:24{12}]"schtasks.exe"; source file in store is also corrupted
2011-12-02 22:42:44, Info                  CSI    000001cb [SR] Cannot repair member file [l:24{12}]"vbscript.dll" of Microsoft-Windows-Scripting-VBScript, Version = 9.1.8112.16421, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-12-02 22:42:44, Info                  CSI    000001cc [SR] This component was referenced by [l:228{114}]"Microsoft-Windows-InternetExplorer-VistaPlus-Update~31bf3856ad364e35~amd64~~9.1.8112.16421.Internet-Explorer-amd64"
2011-12-02 22:42:44, Info                  CSI    000001cf [SR] Could not reproject corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:24{12}]"vbscript.dll"; source file in store is also corrupted
2011-12-02 22:42:45, Info                  CSI    000001d1 [SR] Cannot repair member file [l:22{11}]"poqexec.exe" of Microsoft-Windows-ServicingStack, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-12-02 22:42:45, Info                  CSI    000001d2 [SR] This component was referenced by [l:158{79}]"Package_1_for_KB955430~31bf3856ad364e35~amd64~~6.0.1.18005.955430-2_neutral_GDR"
2011-12-02 22:42:46, Info                  CSI    000001d4 [SR] Verify complete


2011-12-02 22:43:34, Info                  CSI    000001eb [SR] Beginning Verify and Repair transaction
2011-12-02 22:43:36, Info                  CSI    000001ed [SR] Cannot repair member file [l:20{10}]"unimdm.tsp" of Microsoft-Windows-Unimodem-Core-TSP, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-12-02 22:43:42, Info                  CSI    000001f0 [SR] Cannot repair member file [l:20{10}]"unimdm.tsp" of Microsoft-Windows-Unimodem-Core-TSP, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-12-02 22:43:42, Info                  CSI    000001f1 [SR] This component was referenced by [l:164{82}]"Package_27_for_KB948465~31bf3856ad364e35~amd64~~6.0.1.18005.948465-126_neutral_GDR"
2011-12-02 22:43:42, Info                  CSI    000001f4 [SR] Could not reproject corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:20{10}]"unimdm.tsp"; source file in store is also corrupted
2011-12-02 22:43:42, Info                  CSI    000001f6 [SR] Verify complete

2011-12-02 22:44:01, Info                  CSI    00000204 [SR] Beginning Verify and Repair transaction
2011-12-02 22:44:04, Info                  CSI    00000206 [SR] Cannot repair member file [l:22{11}]"wlanhlp.dll" of Microsoft-Windows-Wlansvc, Version = 6.0.6002.18064, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-12-02 22:44:09, Info                  CSI    00000208 [SR] Cannot repair member file [l:24{12}]"wmipcima.dll" of Microsoft-Windows-WMI-Win32-Provider, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-12-02 22:44:10, Info                  CSI    0000020a [SR] Cannot repair member file [l:24{12}]"wmipcima.dll" of Microsoft-Windows-WMI-Win32-Provider, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-12-02 22:44:10, Info                  CSI    0000020b [SR] This component was referenced by [l:164{82}]"Package_30_for_KB936330~31bf3856ad364e35~amd64~~6.0.1.18000.936330-185_neutral_GDR"
2011-12-02 22:44:10, Info                  CSI    0000020e [SR] Could not reproject corrupted file [ml:520{260},l:56{28}]"\??\C:\Windows\System32\wbem"\[l:24{12}]"wmipcima.dll"; source file in store is also corrupted
2011-12-02 22:44:12, Info                  CSI    00000210 [SR] Cannot repair member file [l:22{11}]"wlanhlp.dll" of Microsoft-Windows-Wlansvc, Version = 6.0.6002.18064, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-12-02 22:44:12, Info                  CSI    00000211 [SR] This component was referenced by [l:152{76}]"Package_5_for_KB970710~31bf3856ad364e35~amd64~~6.0.1.1.970710-14_neutral_GDR"
2011-12-02 22:44:12, Info                  CSI    00000214 [SR] Could not reproject corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:22{11}]"wlanhlp.dll"; source file in store is also corrupted
2011-12-02 22:44:12, Info                  CSI    00000216 [SR] Verify complete

2011-12-02 22:44:40, Info                  CSI    00000228 [SR] Beginning Verify and Repair transaction
2011-12-02 22:44:45, Info                  CSI    0000022a [SR] Cannot repair member file [l:24{12}]"AuthFWGP.dll" of Networking-MPSSVC-Admin, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-12-02 22:44:46, Info                  CSI    0000022c [SR] Repairing corrupted file [ml:520{260},l:102{51}]"\??\C:\Windows\Microsoft.NET\Framework64\v2.0.50727"\[l:58{29}]"System.EnterpriseServices.tlb" from store
2011-12-02 22:44:47, Info                  CSI    0000022e [SR] Cannot repair member file [l:24{12}]"AuthFWGP.dll" of Networking-MPSSVC-Admin, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-12-02 22:44:47, Info                  CSI    0000022f [SR] This component was referenced by [l:164{82}]"Package_30_for_KB936330~31bf3856ad364e35~amd64~~6.0.1.18000.936330-185_neutral_GDR"
2011-12-02 22:44:47, Info                  CSI    00000232 [SR] Could not reproject corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:24{12}]"AuthFWGP.dll"; source file in store is also corrupted
2011-12-02 22:44:48, Info                  CSI    00000234 [SR] Verify complete
2011-12-02 22:44:48, Info                  CSI    00000235 [SR] Verifying 100 (0x0000000000000064) components
2011-12-02 22:44:48, Info                  CSI    00000236 [SR] Beginning Verify and Repair transaction
2011-12-02 22:45:04, Info                  CSI    00000238 [SR] Cannot repair member file [l:28{14}]"XWPR_A.DLL.mui" of prnxx001.inf.Resources, Version = 6.0.6000.16386, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture = [l:10{5}]"en-US", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-12-02 22:45:05, Info                  CSI    0000023a [SR] Cannot repair member file [l:28{14}]"XWPR_A.DLL.mui" of prnxx001.inf.Resources, Version = 6.0.6000.16386, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture = [l:10{5}]"en-US", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-12-02 22:45:05, Info                  CSI    0000023b [SR] This component was referenced by [l:266{133}]"Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~amd64~en-US~6.0.6000.16386.Windows Foundation Language Pack"
2011-12-02 22:45:05, Info                  CSI    0000023e [SR] Could not reproject corrupted file [ml:520{260},l:98{49}]"\??\C:\Windows\System32\spool\drivers\x64\3\en-US"\[l:28{14}]"XWPR_A.DLL.mui"; source file in store is also corrupted
2011-12-02 22:45:06, Info                  CSI    00000240 [SR] Verify complete


2011-12-02 22:45:34, Info                  CSI    0000025b [SR] Beginning Verify and Repair transaction
2011-12-02 22:45:36, Info                  CSI    0000025d [SR] Cannot repair member file [l:24{12}]"sysglobl.dll" of sysglobl, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_MSIL (8), Culture neutral, VersionScope neutral, PublicKeyToken = {l:8 b:b03f5f7f11d50a3a}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-12-02 22:45:40, Info                  CSI    0000025f [SR] Cannot repair member file [l:24{12}]"sysglobl.dll" of sysglobl, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_MSIL (8), Culture neutral, VersionScope neutral, PublicKeyToken = {l:8 b:b03f5f7f11d50a3a}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-12-02 22:45:40, Info                  CSI    00000260 [SR] This component was referenced by [l:164{82}]"Package_27_for_KB948465~31bf3856ad364e35~amd64~~6.0.1.18005.948465-126_neutral_GDR"
2011-12-02 22:45:40, Info                  CSI    00000263 [SR] Could not reproject corrupted file [ml:520{260},l:98{49}]"\??\C:\Windows\Microsoft.NET\Framework\v2.0.50727"\[l:24{12}]"sysglobl.dll"; source file in store is also corrupted
2011-12-02 22:45:40, Info                  CSI    00000265 [SR] Verify complete



2011-12-02 22:46:17, Info                  CSI    00000280 [SR] Beginning Verify and Repair transaction
2011-12-02 22:46:20, Info                  CSI    00000282 [SR] Cannot repair member file [l:20{10}]"mshwuk.dll" of Microsoft-Windows-TabletPC-CoreInkRecognition.en-gb, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 (10), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-12-02 22:46:27, Info                  CSI    00000284 [SR] Cannot repair member file [l:20{10}]"mshwuk.dll" of Microsoft-Windows-TabletPC-CoreInkRecognition.en-gb, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 (10), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-12-02 22:46:27, Info                  CSI    00000285 [SR] This component was referenced by [l:164{82}]"Package_81_for_KB936330~31bf3856ad364e35~amd64~~6.0.1.18000.936330-353_neutral_GDR"
2011-12-02 22:46:27, Info                  CSI    00000288 [SR] Could not reproject corrupted file [ml:520{260},l:120{60}]"\??\C:\Program Files (x86)\Common Files\Microsoft Shared\Ink"\[l:20{10}]"mshwuk.dll"; source file in store is also corrupted
2011-12-02 22:46:32, Info                  CSI    00000292 [SR] Verify complete

2011-12-02 22:47:06, Info                  CSI    000002d8 [SR] Beginning Verify and Repair transaction
2011-12-02 22:47:08, Info                  CSI    000002da [SR] Cannot repair member file [l:20{10}]"dssenh.dll" of Microsoft-Windows-Diffie_Hellman_Software_CSP, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-12-02 22:47:10, Info                  CSI    000002dc [SR] Cannot repair member file [l:20{10}]"dssenh.dll" of Microsoft-Windows-Diffie_Hellman_Software_CSP, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-12-02 22:47:10, Info                  CSI    000002dd [SR] This component was referenced by [l:164{82}]"Package_30_for_KB936330~31bf3856ad364e35~amd64~~6.0.1.18000.936330-185_neutral_GDR"
2011-12-02 22:47:10, Info                  CSI    000002e0 [SR] Could not reproject corrupted file [ml:48{24},l:46{23}]"\??\C:\Windows\SysWOW64"\[l:20{10}]"dssenh.dll"; source file in store is also corrupted
2011-12-02 22:47:10, Info                  CSI    000002e2 [SR] Verify complete


2011-12-02 22:47:29, Info                  CSI    000002ff [SR] Beginning Verify and Repair transaction
2011-12-02 22:47:33, Info                  CSI    00000301 [SR] Cannot repair member file [l:32{16}]"getuname.dll.mui" of Microsoft-Windows-getuname.Resources, Version = 6.0.6000.16386, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"en-US", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-12-02 22:47:39, Info                  CSI    00000309 [SR] Cannot repair member file [l:32{16}]"getuname.dll.mui" of Microsoft-Windows-getuname.Resources, Version = 6.0.6000.16386, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"en-US", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-12-02 22:47:39, Info                  CSI    0000030a [SR] This component was referenced by [l:266{133}]"Microsoft-Windows-Client-Features-Package~31bf3856ad364e35~amd64~en-US~6.0.6000.16386.Microsoft-Windows-Client-Features-Language-Pack"
2011-12-02 22:47:39, Info                  CSI    0000030d [SR] Could not reproject corrupted file [ml:60{30},l:58{29}]"\??\C:\Windows\SysWOW64\en-US"\[l:32{16}]"getuname.dll.mui"; source file in store is also corrupted
2011-12-02 22:47:40, Info                  CSI    0000030f [SR] Verify complete

2011-12-02 22:47:58, Info                  CSI    00000324 [SR] Verifying 100 (0x0000000000000064) components
2011-12-02 22:47:58, Info                  CSI    00000325 [SR] Beginning Verify and Repair transaction
2011-12-02 22:48:02, Info                  CSI    00000327 [SR] Repairing corrupted file [ml:520{260},l:64{32}]"\??\C:\Windows\PolicyDefinitions"\[l:24{12}]"inetres.admx" from store
2011-12-02 22:48:03, Info                  CSI    0000032a [SR] Repairing corrupted file [ml:520{260},l:76{38}]"\??\C:\Windows\PolicyDefinitions\en-US"\[l:24{12}]"InetRes.adml" from store
2011-12-02 22:48:03, Info                  CSI    0000032d [SR] Verify complete

2011-12-02 22:50:38, Info                  CSI    0000039e [SR] Verifying 35 (0x0000000000000023) components
2011-12-02 22:50:38, Info                  CSI    0000039f [SR] Beginning Verify and Repair transaction
2011-12-02 22:50:40, Info                  CSI    000003a1 [SR] Verify complete
2011-12-02 22:50:40, Info                  CSI    000003a2 [SR] Repairing 26 (0x000000000000001a) components
2011-12-02 22:50:40, Info                  CSI    000003a3 [SR] Beginning Verify and Repair transaction
2011-12-02 22:50:40, Info                  CSI    000003a5 [SR] Cannot repair member file [l:32{16}]"comdlg32.dll.mui" of Microsoft-Windows-comdlg32.Resources, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture = [l:10{5}]"zh-HK", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-12-02 22:50:40, Info                  CSI    000003a7 [SR] Cannot repair member file [l:22{11}]"mmcbase.dll" of Microsoft-Windows-Microsoft-Management-Console, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-12-02 22:50:40, Info                  CSI    000003a9 [SR] Cannot repair member file [l:20{10}]"msdaps.dll" of Microsoft-Windows-Microsoft-Data-Access-Components-(MDAC)-Oledb-Interface-Remoting-PS, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-12-02 22:50:41, Info                  CSI    000003ab [SR] Cannot repair member file [l:20{10}]"wmploc.DLL" of Microsoft-Windows-MediaPlayer-Core, Version = 6.0.6002.18311, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-12-02 22:50:41, Info                  CSI    000003ad [SR] Cannot repair member file [l:24{12}]"msinfo32.exe" of Microsoft-Windows-MSInfo32-Exe-Common, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-12-02 22:50:41, Info                  CSI    000003af [SR] Cannot repair member file [l:32{16}]"fwpuclnt.dll.mui" of Microsoft-Windows-Network-Security.Resources, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture = [l:10{5}]"en-US", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-12-02 22:50:41, Info                  CSI    000003b1 [SR] Cannot repair member file [l:26{13}]"ntdll.dll.mui" of Microsoft-Windows-Ntdll.Resources, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture = [l:10{5}]"en-US", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-12-02 22:50:41, Info                  CSI    000003b3 [SR] Cannot repair member file [l:24{12}]"FreeCell.exe" of Microsoft-Windows-Shell-InboxGames-FreeCell, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-12-02 22:50:41, Info                  CSI    000003b5 [SR] Cannot repair member file [l:30{15}]"MineSweeper.exe" of Microsoft-Windows-Shell-InboxGames-Minesweeper, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-12-02 22:50:42, Info                  CSI    000003b7 [SR] Cannot repair member file [l:30{15}]"PurblePlace.exe" of Microsoft-Windows-Shell-InboxGames-PurblePlace, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-12-02 22:50:42, Info                  CSI    000003b9 [SR] Cannot repair member file [l:26{13}]"Solitaire.exe" of Microsoft-Windows-Shell-InboxGames-Solitaire, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-12-02 22:50:42, Info                  CSI    000003bb [SR] Cannot repair member file [l:24{12}]"schtasks.exe" of Microsoft-Windows-ScTasks, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-12-02 22:50:42, Info                  CSI    000003bd [SR] Cannot repair member file [l:24{12}]"vbscript.dll" of Microsoft-Windows-Scripting-VBScript, Version = 9.1.8112.16421, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-12-02 22:50:42, Info                  CSI    000003bf [SR] Cannot repair member file [l:22{11}]"poqexec.exe" of Microsoft-Windows-ServicingStack, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-12-02 22:50:43, Info                  CSI    000003c1 [SR] Cannot repair member file [l:20{10}]"unimdm.tsp" of Microsoft-Windows-Unimodem-Core-TSP, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-12-02 22:50:43, Info                  CSI    000003c3 [SR] Cannot repair member file [l:24{12}]"wmipcima.dll" of Microsoft-Windows-WMI-Win32-Provider, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-12-02 22:50:43, Info                  CSI    000003c5 [SR] Cannot repair member file [l:22{11}]"wlanhlp.dll" of Microsoft-Windows-Wlansvc, Version = 6.0.6002.18064, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-12-02 22:50:43, Info                  CSI    000003c7 [SR] Cannot repair member file [l:24{12}]"AuthFWGP.dll" of Networking-MPSSVC-Admin, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-12-02 22:50:43, Info                  CSI    000003c9 [SR] Cannot repair member file [l:28{14}]"XWPR_A.DLL.mui" of prnxx001.inf.Resources, Version = 6.0.6000.16386, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture = [l:10{5}]"en-US", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-12-02 22:50:43, Info                  CSI    000003cb [SR] Cannot repair member file [l:24{12}]"sysglobl.dll" of sysglobl, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_MSIL (8), Culture neutral, VersionScope neutral, PublicKeyToken = {l:8 b:b03f5f7f11d50a3a}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-12-02 22:50:43, Info                  CSI    000003cd [SR] Cannot repair member file [l:20{10}]"mshwuk.dll" of Microsoft-Windows-TabletPC-CoreInkRecognition.en-gb, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 (10), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-12-02 22:50:43, Info                  CSI    000003cf [SR] Cannot repair member file [l:20{10}]"dssenh.dll" of Microsoft-Windows-Diffie_Hellman_Software_CSP, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-12-02 22:50:43, Info                  CSI    000003d1 [SR] Cannot repair member file [l:32{16}]"getuname.dll.mui" of Microsoft-Windows-getuname.Resources, Version = 6.0.6000.16386, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"en-US", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-12-02 22:50:43, Info                  CSI    000003d3 [SR] Cannot repair member file [l:32{16}]"fwpuclnt.dll.mui" of Microsoft-Windows-Network-Security.Resources, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture = [l:10{5}]"en-US", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-12-02 22:50:43, Info                  CSI    000003d4 [SR] This component was referenced by [l:168{84}]"Package_45_for_KB936330~31bf3856ad364e35~amd64~en-US~6.0.1.18000.936330-61_en-us_GDR"
2011-12-02 22:50:43, Info                  CSI    000003d7 [SR] Could not reproject corrupted file [ml:520{260},l:58{29}]"\??\C:\Windows\System32\en-US"\[l:32{16}]"fwpuclnt.dll.mui"; source file in store is also corrupted
2011-12-02 22:50:43, Info                  CSI    000003d9 [SR] Cannot repair member file [l:24{12}]"wmipcima.dll" of Microsoft-Windows-WMI-Win32-Provider, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-12-02 22:50:43, Info                  CSI    000003da [SR] This component was referenced by [l:164{82}]"Package_30_for_KB936330~31bf3856ad364e35~amd64~~6.0.1.18000.936330-185_neutral_GDR"
2011-12-02 22:50:43, Info                  CSI    000003dd [SR] Could not reproject corrupted file [ml:520{260},l:56{28}]"\??\C:\Windows\System32\wbem"\[l:24{12}]"wmipcima.dll"; source file in store is also corrupted
2011-12-02 22:50:43, Info                  CSI    000003de [SR] Repaired file \SystemRoot\WinSxS\Manifests\\[l:32{16}]"comdlg32.dll.mui" by copying from backup
2011-12-02 22:50:43, Info                  CSI    000003e0 [SR] Repairing corrupted file [ml:520{260},l:58{29}]"\??\C:\Windows\System32\zh-HK"\[l:32{16}]"comdlg32.dll.mui" from store
2011-12-02 22:50:43, Info                  CSI    000003e2 [SR] Cannot repair member file [l:22{11}]"mmcbase.dll" of Microsoft-Windows-Microsoft-Management-Console, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-12-02 22:50:43, Info                  CSI    000003e3 [SR] This component was referenced by [l:164{82}]"Package_27_for_KB948465~31bf3856ad364e35~amd64~~6.0.1.18005.948465-126_neutral_GDR"
2011-12-02 22:50:43, Info                  CSI    000003e6 [SR] Could not reproject corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:22{11}]"mmcbase.dll"; source file in store is also corrupted
2011-12-02 22:50:44, Info                  CSI    000003e7 [SR] Repaired file \SystemRoot\WinSxS\Manifests\\[l:26{13}]"ntdll.dll.mui" by copying from backup
2011-12-02 22:50:44, Info                  CSI    000003e9 [SR] Repairing corrupted file [ml:520{260},l:58{29}]"\??\C:\Windows\System32\en-US"\[l:26{13}]"ntdll.dll.mui" from store
2011-12-02 22:50:44, Info                  CSI    000003eb [SR] Cannot repair member file [l:24{12}]"schtasks.exe" of Microsoft-Windows-ScTasks, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-12-02 22:50:44, Info                  CSI    000003ec [SR] This component was referenced by [l:164{82}]"Package_30_for_KB936330~31bf3856ad364e35~amd64~~6.0.1.18000.936330-185_neutral_GDR"
2011-12-02 22:50:44, Info                  CSI    000003ef [SR] Could not reproject corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:24{12}]"schtasks.exe"; source file in store is also corrupted
2011-12-02 22:50:44, Info                  CSI    000003f1 [SR] Cannot repair member file [l:24{12}]"msinfo32.exe" of Microsoft-Windows-MSInfo32-Exe-Common, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-12-02 22:50:44, Info                  CSI    000003f2 [SR] This component was referenced by [l:164{82}]"Package_27_for_KB948465~31bf3856ad364e35~amd64~~6.0.1.18005.948465-126_neutral_GDR"
2011-12-02 22:50:44, Info                  CSI    000003f5 [SR] Could not reproject corrupted file [ml:520{260},l:114{57}]"\??\C:\Program Files\Common Files\Microsoft Shared\MSInfo"\[l:24{12}]"msinfo32.exe"; source file in store is also corrupted
2011-12-02 22:50:44, Info                  CSI    000003f7 [SR] Cannot repair member file [l:30{15}]"MineSweeper.exe" of Microsoft-Windows-Shell-InboxGames-Minesweeper, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-12-02 22:50:44, Info                  CSI    000003f8 [SR] This component was referenced by [l:164{82}]"Package_68_for_KB948465~31bf3856ad364e35~amd64~~6.0.1.18005.948465-259_neutral_GDR"
2011-12-02 22:50:44, Info                  CSI    000003fb [SR] Could not reproject corrupted file [ml:520{260},l:96{48}]"\??\C:\Program Files\Microsoft Games\Minesweeper"\[l:30{15}]"MineSweeper.exe"; source file in store is also corrupted
2011-12-02 22:50:44, Info                  CSI    000003fd [SR] Cannot repair member file [l:22{11}]"wlanhlp.dll" of Microsoft-Windows-Wlansvc, Version = 6.0.6002.18064, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-12-02 22:50:44, Info                  CSI    000003fe [SR] This component was referenced by [l:152{76}]"Package_5_for_KB970710~31bf3856ad364e35~amd64~~6.0.1.1.970710-14_neutral_GDR"
2011-12-02 22:50:44, Info                  CSI    00000401 [SR] Could not reproject corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:22{11}]"wlanhlp.dll"; source file in store is also corrupted
2011-12-02 22:50:44, Info                  CSI    00000403 [SR] Cannot repair member file [l:28{14}]"XWPR_A.DLL.mui" of prnxx001.inf.Resources, Version = 6.0.6000.16386, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture = [l:10{5}]"en-US", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-12-02 22:50:44, Info                  CSI    00000404 [SR] This component was referenced by [l:266{133}]"Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~amd64~en-US~6.0.6000.16386.Windows Foundation Language Pack"
2011-12-02 22:50:44, Info                  CSI    00000407 [SR] Could not reproject corrupted file [ml:520{260},l:98{49}]"\??\C:\Windows\System32\spool\drivers\x64\3\en-US"\[l:28{14}]"XWPR_A.DLL.mui"; source file in store is also corrupted
2011-12-02 22:50:44, Info                  CSI    00000409 [SR] Cannot repair member file [l:32{16}]"getuname.dll.mui" of Microsoft-Windows-getuname.Resources, Version = 6.0.6000.16386, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"en-US", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-12-02 22:50:44, Info                  CSI    0000040a [SR] This component was referenced by [l:266{133}]"Microsoft-Windows-Client-Features-Package~31bf3856ad364e35~amd64~en-US~6.0.6000.16386.Microsoft-Windows-Client-Features-Language-Pack"
2011-12-02 22:50:44, Info                  CSI    0000040d [SR] Could not reproject corrupted file [ml:60{30},l:58{29}]"\??\C:\Windows\SysWOW64\en-US"\[l:32{16}]"getuname.dll.mui"; source file in store is also corrupted
2011-12-02 22:50:44, Info                  CSI    0000040f [SR] Cannot repair member file [l:24{12}]"vbscript.dll" of Microsoft-Windows-Scripting-VBScript, Version = 9.1.8112.16421, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-12-02 22:50:44, Info                  CSI    00000410 [SR] This component was referenced by [l:228{114}]"Microsoft-Windows-InternetExplorer-VistaPlus-Update~31bf3856ad364e35~amd64~~9.1.8112.16421.Internet-Explorer-amd64"
2011-12-02 22:50:44, Info                  CSI    00000413 [SR] Could not reproject corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:24{12}]"vbscript.dll"; source file in store is also corrupted
2011-12-02 22:50:45, Info                  CSI    00000415 [SR] Repairing corrupted file [ml:520{260},l:64{32}]"\??\C:\Windows\PolicyDefinitions"\[l:24{12}]"inetres.admx" from store
2011-12-02 22:50:45, Info                  CSI    00000418 [SR] Cannot repair member file [l:24{12}]"FreeCell.exe" of Microsoft-Windows-Shell-InboxGames-FreeCell, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-12-02 22:50:45, Info                  CSI    00000419 [SR] This component was referenced by [l:164{82}]"Package_68_for_KB948465~31bf3856ad364e35~amd64~~6.0.1.18005.948465-257_neutral_GDR"
2011-12-02 22:50:45, Info                  CSI    0000041c [SR] Could not reproject corrupted file [ml:520{260},l:90{45}]"\??\C:\Program Files\Microsoft Games\FreeCell"\[l:24{12}]"FreeCell.exe"; source file in store is also corrupted
2011-12-02 22:50:45, Info                  CSI    0000041e [SR] Cannot repair member file [l:30{15}]"PurblePlace.exe" of Microsoft-Windows-Shell-InboxGames-PurblePlace, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-12-02 22:50:45, Info                  CSI    0000041f [SR] This component was referenced by [l:164{82}]"Package_68_for_KB948465~31bf3856ad364e35~amd64~~6.0.1.18005.948465-260_neutral_GDR"
2011-12-02 22:50:46, Info                  CSI    00000422 [SR] Could not reproject corrupted file [ml:520{260},l:98{49}]"\??\C:\Program Files\Microsoft Games\Purble Place"\[l:30{15}]"PurblePlace.exe"; source file in store is also corrupted
2011-12-02 22:50:46, Info                  CSI    00000424 [SR] Repairing corrupted file [ml:520{260},l:102{51}]"\??\C:\Windows\Microsoft.NET\Framework64\v2.0.50727"\[l:58{29}]"System.EnterpriseServices.tlb" from store
2011-12-02 22:50:46, Info                  CSI    00000426 [SR] Cannot repair member file [l:20{10}]"dssenh.dll" of Microsoft-Windows-Diffie_Hellman_Software_CSP, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-12-02 22:50:46, Info                  CSI    00000427 [SR] This component was referenced by [l:164{82}]"Package_30_for_KB936330~31bf3856ad364e35~amd64~~6.0.1.18000.936330-185_neutral_GDR"
2011-12-02 22:50:46, Info                  CSI    0000042a [SR] Could not reproject corrupted file [ml:48{24},l:46{23}]"\??\C:\Windows\SysWOW64"\[l:20{10}]"dssenh.dll"; source file in store is also corrupted
2011-12-02 22:50:46, Info                  CSI    0000042c [SR] Cannot repair member file [l:20{10}]"wmploc.DLL" of Microsoft-Windows-MediaPlayer-Core, Version = 6.0.6002.18311, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-12-02 22:50:46, Info                  CSI    0000042d [SR] This component was referenced by [l:162{81}]"Package_148_for_KB2378111~31bf3856ad364e35~amd64~~6.0.1.3.2378111-508_neutral_GDR"
2011-12-02 22:50:46, Info                  CSI    00000430 [SR] Could not reproject corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:20{10}]"wmploc.DLL"; source file in store is also corrupted
2011-12-02 22:50:46, Info                  CSI    00000432 [SR] Cannot repair member file [l:26{13}]"Solitaire.exe" of Microsoft-Windows-Shell-InboxGames-Solitaire, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-12-02 22:50:46, Info                  CSI    00000433 [SR] This component was referenced by [l:164{82}]"Package_68_for_KB948465~31bf3856ad364e35~amd64~~6.0.1.18005.948465-261_neutral_GDR"
2011-12-02 22:50:47, Info                  CSI    00000436 [SR] Could not reproject corrupted file [ml:520{260},l:92{46}]"\??\C:\Program Files\Microsoft Games\Solitaire"\[l:26{13}]"Solitaire.exe"; source file in store is also corrupted
2011-12-02 22:50:47, Info                  CSI    00000438 [SR] Cannot repair member file [l:22{11}]"poqexec.exe" of Microsoft-Windows-ServicingStack, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-12-02 22:50:47, Info                  CSI    00000439 [SR] This component was referenced by [l:158{79}]"Package_1_for_KB955430~31bf3856ad364e35~amd64~~6.0.1.18005.955430-2_neutral_GDR"
2011-12-02 22:50:47, Info                  CSI    0000043b [SR] Cannot repair member file [l:20{10}]"mshwuk.dll" of Microsoft-Windows-TabletPC-CoreInkRecognition.en-gb, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 (10), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-12-02 22:50:47, Info                  CSI    0000043c [SR] This component was referenced by [l:164{82}]"Package_81_for_KB936330~31bf3856ad364e35~amd64~~6.0.1.18000.936330-353_neutral_GDR"
2011-12-02 22:50:47, Info                  CSI    0000043f [SR] Could not reproject corrupted file [ml:520{260},l:120{60}]"\??\C:\Program Files (x86)\Common Files\Microsoft Shared\Ink"\[l:20{10}]"mshwuk.dll"; source file in store is also corrupted
2011-12-02 22:50:47, Info                  CSI    00000441 [SR] Cannot repair member file [l:20{10}]"msdaps.dll" of Microsoft-Windows-Microsoft-Data-Access-Components-(MDAC)-Oledb-Interface-Remoting-PS, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-12-02 22:50:47, Info                  CSI    00000442 [SR] This component was referenced by [l:164{82}]"Package_30_for_KB936330~31bf3856ad364e35~amd64~~6.0.1.18000.936330-185_neutral_GDR"
2011-12-02 22:50:47, Info                  CSI    00000445 [SR] Could not reproject corrupted file [ml:520{260},l:94{47}]"\??\C:\Program Files\Common Files\System\Ole DB"\[l:20{10}]"msdaps.dll"; source file in store is also corrupted
2011-12-02 22:50:47, Info                  CSI    00000447 [SR] Cannot repair member file [l:20{10}]"unimdm.tsp" of Microsoft-Windows-Unimodem-Core-TSP, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-12-02 22:50:47, Info                  CSI    00000448 [SR] This component was referenced by [l:164{82}]"Package_27_for_KB948465~31bf3856ad364e35~amd64~~6.0.1.18005.948465-126_neutral_GDR"
2011-12-02 22:50:47, Info                  CSI    0000044b [SR] Could not reproject corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:20{10}]"unimdm.tsp"; source file in store is also corrupted
2011-12-02 22:50:47, Info                  CSI    0000044d [SR] Cannot repair member file [l:24{12}]"AuthFWGP.dll" of Networking-MPSSVC-Admin, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-12-02 22:50:47, Info                  CSI    0000044e [SR] This component was referenced by [l:164{82}]"Package_30_for_KB936330~31bf3856ad364e35~amd64~~6.0.1.18000.936330-185_neutral_GDR"
2011-12-02 22:50:47, Info                  CSI    00000451 [SR] Could not reproject corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:24{12}]"AuthFWGP.dll"; source file in store is also corrupted
2011-12-02 22:50:47, Info                  CSI    00000453 [SR] Cannot repair member file [l:24{12}]"sysglobl.dll" of sysglobl, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_MSIL (8), Culture neutral, VersionScope neutral, PublicKeyToken = {l:8 b:b03f5f7f11d50a3a}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-12-02 22:50:47, Info                  CSI    00000454 [SR] This component was referenced by [l:164{82}]"Package_27_for_KB948465~31bf3856ad364e35~amd64~~6.0.1.18005.948465-126_neutral_GDR"
2011-12-02 22:50:47, Info                  CSI    00000457 [SR] Could not reproject corrupted file [ml:520{260},l:98{49}]"\??\C:\Windows\Microsoft.NET\Framework\v2.0.50727"\[l:24{12}]"sysglobl.dll"; source file in store is also corrupted
2011-12-02 22:50:47, Info                  CSI    00000459 [SR] Repairing corrupted file [ml:520{260},l:76{38}]"\??\C:\Windows\PolicyDefinitions\en-US"\[l:24{12}]"InetRes.adml" from store
2011-12-02 22:50:47, Info                  CSI    0000045c [SR] Repair complete
2011-12-02 22:50:48, Info                  CSI    0000045d [SR] Committing transaction
2011-12-02 22:50:48, Info                  CSI    00000461 [SR] Verify and Repair Transaction completed. All files and registry keys listed in this transaction  have been successfully repaired


#14 Kiendas

Kiendas
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:52 PM

Posted 03 December 2011 - 08:26 PM

Step 1 complete, in post above.


The screenshots from step 2 (gparted) are linked below..

Windows drive -- I see no extra partitions here to delete...
http://qr.ai/i/kjrcdca5pfl8q5f7

Data drive -- the data on this drive is backed up, though the virus was still around at the time I backed it up. But no extra partitions here either.
http://qr.ai/i/oyeq6zx7yt9wx83m

Ubuntu Drive -- there are some other partitions here, but they were always here (and 10Gib). But I think I should have reformatted and removed this drive right from the start. Maybe the virus is/was here, and wasn't being properly scanned from Windows.
http://qr.ai/i/1lpqngom43vywtq2

So. Does my computer have the all-clear? Or are there still all kinds of hidey-holes for a virus to jump out from. Assuming my external backup is solid, I'm a-okay with blanking all 3 drives. if that wil work.

Thanks.

#15 nasdaq

nasdaq

  • Malware Response Team
  • 38,788 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:52 PM

Posted 04 December 2011 - 09:24 AM

The logs are clean.

What is the remaining issues with this computer?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users