Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TDSS removal tool wont allow PC to reboot


  • This topic is locked This topic is locked
37 replies to this topic

#1 andpinger

andpinger

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:10:34 AM

Posted 09 March 2012 - 03:56 PM

This is my first post on this website as I have run into quite a problem. Recently I was infected with a TDSS redirect virus and my efforts to remove it with microsoft security essentials/ microsoft defender offline were unsuccessful. So after reading a good deal about the virus on line, a PC mag article linked me to the symantec website (http://www.symantec.com/security_response/writeup.jsp?docid=2010-090608-3309-99) which had a download for a TDSS virus removal tool. After more research I decided to download the tool and try it out. I downloaded it and ran it ... it stated that my computer was infected and then that it had cleaned it. I resumed a scan which showed no problems and resumed my normal activity. Great! However, not 20 minutes later, my computer was struck with a Blue Screen of Death and it restarted.

It jumps to a screen that says "Windows failed to start. A recent hardware or software change might be the cause" I am given the options of launching startup repair or starting windows normally (which doesn't work). Launching the startup repair only results in stating that my computer has a problem which cannot be fixed and tells me to contact the system administrator or computer manufacturer to fix the PC. Then it gives me the option to shut off.

Also important to note: I actually had the BSoD and Windows failed to restart before I had used the TDSS killer when my computer was infected. However I turned the PC off and on and then it resumed normal activity.

Additionally I have tried booting the PC in safe mode and in the last known good configuration... neither of which worked.

So... what should I do?
Thank you so much for any assistance.

BC AdBot (Login to Remove)

 


#2 andpinger

andpinger
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:10:34 AM

Posted 10 March 2012 - 12:41 AM

This is my first post on this website as I have run into quite a problem. Recently I was infected with a TDSS redirect virus and my efforts to remove it with microsoft security essentials/ microsoft defender offline were unsuccessful. So after reading a good deal about the virus on line, a PC mag article linked me to the symantec website (http://www.symantec.com/security_response/writeup.jsp?docid=2010-090608-3309-99) which had a download for a TDSS virus removal tool. After more research I decided to download the tool and try it out. I downloaded it and ran it ... it stated that my computer was infected and then that it had cleaned it. I resumed a scan which showed no problems and resumed my normal activity. Great! However, not 20 minutes later, my computer was struck with a Blue Screen of Death and it restarted.

It jumps to a screen that says "Windows failed to start. A recent hardware or software change might be the cause" I am given the options of launching startup repair or starting windows normally (which doesn't work). Launching the startup repair only results in stating that my computer has a problem which cannot be fixed and tells me to contact the system administrator or computer manufacturer to fix the PC. Then it gives me the option to shut off.

Also important to note: I actually had the BSoD and Windows failed to restart before I had used the TDSS killer when my computer was infected. However I turned the PC off and on and then it resumed normal activity.

Additionally I have tried booting the PC in safe mode and in the last known good configuration... neither of which worked.

So... what should I do?
Thank you so much for any assistance.



Edit: By the way, I am running a Dell Inspiron 1545 with windows 7 64bit.

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:34 AM

Posted 10 March 2012 - 01:51 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 andpinger

andpinger
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:10:34 AM

Posted 10 March 2012 - 02:25 PM

OK thank you very much for the help. All steps have been followed and here is the log of the scan results:




Scan result of Farbar Recovery Scan Tool Version: 07-03-2012 01
Ran by SYSTEM at 10-03-2012 05:09:07
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [384296 2010-04-05] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-02-25] (IDT, Inc.)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [165912 2010-02-21] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [387608 2010-02-21] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [365592 2010-02-21] (Intel Corporation)
HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [4968960 2009-07-16] (Dell Inc.)
HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [3180624 2009-07-02] (Dell Inc.)
HKLM\...\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1436736 2011-06-15] (Microsoft Corporation)
HKLM-x32\...\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m [1807680 2010-02-09] ()
HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [498160 2009-10-15] ()
HKLM-x32\...\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [206064 2009-05-21] (SupportSoft, Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421160 2011-03-07] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [35736 2011-01-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [932288 2010-11-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-04-08] (Sun Microsystems, Inc.)
HKU\Henry\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-03-10] (Google Inc.)
HKU\Henry\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [3883856 2009-07-26] (Microsoft Corporation)
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [559616 2011-10-10] (Dell)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

==================== Services (Whitelisted) ======

2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
2 BBUpdate; "C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE" [249648 2011-10-13] (Microsoft Corporation)
3 GamesAppService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe" [206072 2010-10-12] (WildTangent, Inc.)
3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe" [227232 2010-01-15] (McAfee, Inc.)
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\STacSV64.exe [244736 2010-02-25] (IDT, Inc.)
2 MsMpSvc; "c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe" [x]
3 NisSrv; "c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe" [x]

========================== Drivers (Whitelisted) =============


========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-03-10 05:08 - 2012-03-10 05:09 - 0000000 ____D C:\FRST
2012-03-08 23:36 - 2012-03-08 23:10 - 0000000 ____D C:\Windows\Microsoft Antimalware
2012-03-08 22:55 - 2012-03-08 22:55 - 0065536 __ASH C:\Windows\System32\config\components{fce154ea-6999-11e1-8c4a-bba92b0fc529}.TxR.blf
2012-03-08 19:19 - 2012-03-08 19:19 - 0000162 ___AH C:\Users\Henry\My Documents\~$ral removal.docx
2012-03-08 19:19 - 2012-03-08 19:19 - 0000162 ___AH C:\Users\Henry\Documents\~$ral removal.docx
2012-03-08 18:49 - 2009-07-13 19:14 - 0020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe
2012-03-08 18:33 - 2012-03-08 18:33 - 0013584 ____A C:\Users\Henry\My Documents\viral removal.docx
2012-03-08 18:33 - 2012-03-08 18:33 - 0013584 ____A C:\Users\Henry\Documents\viral removal.docx
2012-03-08 18:13 - 2012-03-08 18:13 - 0000000 ____D C:\Windows\Sun
2012-03-05 21:49 - 2012-03-05 22:02 - 0000000 ____D C:\Program Files (x86)\PC Tools Security
2012-03-05 21:49 - 2012-03-05 21:49 - 0000000 ____D C:\Users\Henry\Application Data\PC Tools
2012-03-05 21:49 - 2012-03-05 21:49 - 0000000 ____D C:\Users\Henry\AppData\Roaming\PC Tools
2012-03-05 21:31 - 2012-03-05 21:49 - 0000000 ____D C:\Users\All Users\PC Tools
2012-03-05 21:31 - 2012-03-05 21:49 - 0000000 ____D C:\Users\All Users\Application Data\PC Tools
2012-03-05 21:31 - 2012-03-05 21:49 - 0000000 ____D C:\ProgramData\PC Tools
2012-03-05 21:31 - 2012-03-05 21:31 - 0000000 ____D C:\Users\Henry\Application Data\TestApp
2012-03-05 21:31 - 2012-03-05 21:31 - 0000000 ____D C:\Users\Henry\AppData\Roaming\TestApp
2012-03-05 14:56 - 2012-03-05 14:56 - 0001899 ____A C:\Users\Henry\Desktop\Microsoft Security Essentials.lnk
2012-03-03 19:56 - 2012-03-09 08:08 - 0000000 ____D C:\Users\All Users\McAfee Security Scan
2012-03-03 19:56 - 2012-03-09 08:08 - 0000000 ____D C:\Users\All Users\Application Data\McAfee Security Scan
2012-03-03 19:56 - 2012-03-09 08:08 - 0000000 ____D C:\ProgramData\McAfee Security Scan
2012-03-03 19:56 - 2012-03-03 20:03 - 0001866 ____A C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2012-03-03 19:56 - 2012-03-03 20:03 - 0001866 ____A C:\Users\All Users\Desktop\McAfee Security Scan Plus.lnk
2012-03-03 19:56 - 2012-03-03 20:03 - 0001864 ____A C:\Users\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
2012-03-03 19:56 - 2012-03-03 20:03 - 0000000 ____D C:\Program Files (x86)\McAfee Security Scan
2012-03-03 19:40 - 2012-03-03 19:40 - 0001092 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-03-03 19:40 - 2012-03-03 19:40 - 0001092 ____A C:\Users\All Users\Desktop\Mozilla Firefox.lnk
2012-02-26 03:07 - 2012-02-26 03:07 - 0013431 ____A C:\Users\Henry\My Documents\shopping list.docx
2012-02-26 03:07 - 2012-02-26 03:07 - 0013431 ____A C:\Users\Henry\Documents\shopping list.docx
2012-02-16 10:28 - 2011-12-14 01:43 - 17790464 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-02-16 10:28 - 2011-12-14 01:16 - 10887168 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-02-16 10:28 - 2011-12-14 01:11 - 2308096 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-02-16 10:28 - 2011-12-14 01:04 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-02-16 10:28 - 2011-12-14 01:04 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-02-16 10:28 - 2011-12-14 01:03 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-02-16 10:28 - 2011-12-14 01:03 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-02-16 10:28 - 2011-12-14 01:01 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-02-16 10:28 - 2011-12-14 01:00 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-02-16 10:28 - 2011-12-14 00:59 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-02-16 10:28 - 2011-12-14 00:57 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-02-16 10:28 - 2011-12-14 00:57 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-02-16 10:28 - 2011-12-14 00:53 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-02-16 10:28 - 2011-12-13 21:30 - 12282368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-02-16 10:28 - 2011-12-13 21:10 - 9705472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-02-16 10:28 - 2011-12-13 21:04 - 1798656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-02-16 10:28 - 2011-12-13 20:57 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-02-16 10:28 - 2011-12-13 20:57 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-02-16 10:28 - 2011-12-13 20:56 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-02-16 10:28 - 2011-12-13 20:55 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-02-16 10:28 - 2011-12-13 20:54 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-02-16 10:28 - 2011-12-13 20:53 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-02-16 10:28 - 2011-12-13 20:52 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-02-16 10:28 - 2011-12-13 20:50 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-02-16 10:28 - 2011-12-13 20:50 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-02-16 10:28 - 2011-12-13 20:47 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-02-16 09:40 - 2012-01-13 22:02 - 3143168 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-02-16 09:40 - 2012-01-04 03:59 - 14164480 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-02-16 09:40 - 2012-01-04 03:58 - 0509952 ____A (Microsoft Corporation) C:\Windows\System32\ntshrui.dll
2012-02-16 09:40 - 2012-01-04 03:03 - 12868096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-02-16 09:40 - 2012-01-04 03:03 - 0442880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2012-02-16 09:40 - 2012-01-03 00:24 - 0515584 ____A (Microsoft Corporation) C:\Windows\System32\timedate.cpl
2012-02-16 09:40 - 2012-01-02 23:44 - 0478208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2012-02-16 09:40 - 2011-12-27 21:59 - 0499200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2012-02-16 09:40 - 2011-12-16 02:42 - 0634368 ____A (Microsoft Corporation) C:\Windows\System32\msvcrt.dll
2012-02-16 09:40 - 2011-12-16 01:59 - 0690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll

============ 3 Months Modified Files and Folders =============

2012-03-10 05:09 - 2012-03-10 05:08 - 0000000 ____D C:\FRST
2012-03-09 08:08 - 2012-03-03 19:56 - 0000000 ____D C:\Users\All Users\McAfee Security Scan
2012-03-09 08:08 - 2012-03-03 19:56 - 0000000 ____D C:\Users\All Users\Application Data\McAfee Security Scan
2012-03-09 08:08 - 2012-03-03 19:56 - 0000000 ____D C:\ProgramData\McAfee Security Scan
2012-03-09 08:08 - 2011-04-24 19:57 - 0000000 ____D C:\Users\Henry\Application Data\FinalTorrent
2012-03-09 08:08 - 2011-04-24 19:57 - 0000000 ____D C:\Users\Henry\AppData\Roaming\FinalTorrent
2012-03-09 08:08 - 2011-03-10 19:32 - 0000000 ____D C:\Users\Henry\Application Data\Roxio
2012-03-09 08:08 - 2011-03-10 19:32 - 0000000 ____D C:\Users\Henry\AppData\Roaming\Roxio
2012-03-09 08:08 - 2011-03-10 19:16 - 0000000 ____D C:\users\Henry
2012-03-09 08:08 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\registration
2012-03-09 08:07 - 2010-08-07 12:08 - 0000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2012-03-08 23:10 - 2012-03-08 23:36 - 0000000 ____D C:\Windows\Microsoft Antimalware
2012-03-08 22:55 - 2012-03-08 22:55 - 0065536 __ASH C:\Windows\System32\config\components{fce154ea-6999-11e1-8c4a-bba92b0fc529}.TxR.blf
2012-03-08 22:53 - 2011-11-04 11:03 - 0000000 ____D C:\Users\Henry\Tracing
2012-03-08 22:52 - 2010-08-07 12:35 - 0000000 ____D C:\Users\Default\Local Settings\SoftThinks
2012-03-08 22:52 - 2010-08-07 12:35 - 0000000 ____D C:\Users\Default\Local Settings\Application Data\SoftThinks
2012-03-08 22:52 - 2010-08-07 12:35 - 0000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2012-03-08 22:52 - 2010-08-07 12:35 - 0000000 ____D C:\Users\Default User\Local Settings\SoftThinks
2012-03-08 22:52 - 2010-08-07 12:35 - 0000000 ____D C:\Users\Default User\Local Settings\Application Data\SoftThinks
2012-03-08 22:52 - 2010-08-07 12:35 - 0000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2012-03-08 22:51 - 2011-03-10 17:53 - 3190050816 __ASH C:\hiberfil.sys
2012-03-08 19:19 - 2012-03-08 19:19 - 0000162 ___AH C:\Users\Henry\My Documents\~$ral removal.docx
2012-03-08 19:19 - 2012-03-08 19:19 - 0000162 ___AH C:\Users\Henry\Documents\~$ral removal.docx
2012-03-08 19:02 - 2009-07-13 23:10 - 1916420 ____A C:\Windows\WindowsUpdate.log
2012-03-08 19:01 - 2011-04-24 19:48 - 0000392 ____A C:\Windows\Tasks\FinalTorrent Update Checker.job
2012-03-08 18:58 - 2011-03-10 20:17 - 0000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-03-08 18:56 - 2009-07-13 22:45 - 0014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-03-08 18:56 - 2009-07-13 22:45 - 0014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-03-08 18:52 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\config\TxR
2012-03-08 18:48 - 2009-07-13 23:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-03-08 18:48 - 2009-07-13 22:51 - 0066661 ____A C:\Windows\setupact.log
2012-03-08 18:47 - 2010-08-07 12:12 - 0000000 ____D C:\Program Files (x86)\Windows Live
2012-03-08 18:47 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\sysprep
2012-03-08 18:47 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\AppCompat
2012-03-08 18:33 - 2012-03-08 18:33 - 0013584 ____A C:\Users\Henry\My Documents\viral removal.docx
2012-03-08 18:33 - 2012-03-08 18:33 - 0013584 ____A C:\Users\Henry\Documents\viral removal.docx
2012-03-08 18:13 - 2012-03-08 18:13 - 0000000 ____D C:\Windows\Sun
2012-03-06 12:09 - 2011-03-10 20:17 - 0000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-03-05 22:02 - 2012-03-05 21:49 - 0000000 ____D C:\Program Files (x86)\PC Tools Security
2012-03-05 22:02 - 2011-09-23 22:28 - 0000000 ____D C:\Windows\Minidump
2012-03-05 21:49 - 2012-03-05 21:49 - 0000000 ____D C:\Users\Henry\Application Data\PC Tools
2012-03-05 21:49 - 2012-03-05 21:49 - 0000000 ____D C:\Users\Henry\AppData\Roaming\PC Tools
2012-03-05 21:49 - 2012-03-05 21:31 - 0000000 ____D C:\Users\All Users\PC Tools
2012-03-05 21:49 - 2012-03-05 21:31 - 0000000 ____D C:\Users\All Users\Application Data\PC Tools
2012-03-05 21:49 - 2012-03-05 21:31 - 0000000 ____D C:\ProgramData\PC Tools
2012-03-05 21:31 - 2012-03-05 21:31 - 0000000 ____D C:\Users\Henry\Application Data\TestApp
2012-03-05 21:31 - 2012-03-05 21:31 - 0000000 ____D C:\Users\Henry\AppData\Roaming\TestApp
2012-03-05 14:56 - 2012-03-05 14:56 - 0001899 ____A C:\Users\Henry\Desktop\Microsoft Security Essentials.lnk
2012-03-03 22:04 - 2011-03-10 20:16 - 0000000 ____D C:\Users\Henry\Local Settings\Google
2012-03-03 22:04 - 2011-03-10 20:16 - 0000000 ____D C:\Users\Henry\Local Settings\Application Data\Google
2012-03-03 22:04 - 2011-03-10 20:16 - 0000000 ____D C:\Users\Henry\AppData\Local\Google
2012-03-03 20:03 - 2012-03-03 19:56 - 0001866 ____A C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2012-03-03 20:03 - 2012-03-03 19:56 - 0001866 ____A C:\Users\All Users\Desktop\McAfee Security Scan Plus.lnk
2012-03-03 20:03 - 2012-03-03 19:56 - 0001864 ____A C:\Users\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
2012-03-03 20:03 - 2012-03-03 19:56 - 0000000 ____D C:\Program Files (x86)\McAfee Security Scan
2012-03-03 19:58 - 2011-08-18 20:24 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-03-03 19:40 - 2012-03-03 19:40 - 0001092 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-03-03 19:40 - 2012-03-03 19:40 - 0001092 ____A C:\Users\All Users\Desktop\Mozilla Firefox.lnk
2012-03-03 19:39 - 2011-04-19 21:35 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-03-03 16:14 - 2011-03-14 15:37 - 0000000 ____D C:\Program Files (x86)\SafeConnect
2012-03-03 08:58 - 2009-07-13 23:13 - 0729816 ____A C:\Windows\System32\PerfStringBackup.INI
2012-02-26 03:07 - 2012-02-26 03:07 - 0013431 ____A C:\Users\Henry\My Documents\shopping list.docx
2012-02-26 03:07 - 2012-02-26 03:07 - 0013431 ____A C:\Users\Henry\Documents\shopping list.docx
2012-02-16 23:07 - 2011-03-10 19:32 - 0000402 __ASH C:\Users\Henry\My Documents\desktop.ini
2012-02-16 23:07 - 2011-03-10 19:32 - 0000174 ___SH C:\Users\Henry\Start Menu\Programs\Startup\desktop.ini
2012-02-16 23:07 - 2011-03-10 19:32 - 0000174 ___SH C:\Users\Henry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-16 20:42 - 2010-08-07 12:15 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-02-16 20:42 - 2009-07-13 22:45 - 0349016 ____A C:\Windows\System32\FNTCACHE.DAT
2012-02-16 10:39 - 2011-03-14 23:18 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-02-16 10:39 - 2011-03-14 23:18 - 0000000 ____D C:\Users\All Users\Application Data\Microsoft Help
2012-02-16 10:39 - 2011-03-14 23:18 - 0000000 ____D C:\ProgramData\Microsoft Help
2012-02-16 10:30 - 2011-08-08 17:15 - 54585368 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-02-16 09:38 - 2011-03-10 19:17 - 0000000 ____D C:\Users\Henry\Local Settings\SoftThinks
2012-02-16 09:38 - 2011-03-10 19:17 - 0000000 ____D C:\Users\Henry\Local Settings\Application Data\SoftThinks
2012-02-16 09:38 - 2011-03-10 19:17 - 0000000 ____D C:\Users\Henry\AppData\Local\SoftThinks
2012-01-31 06:44 - 2011-03-10 21:03 - 0279656 ____A (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-01-30 16:44 - 2012-01-30 16:44 - 0684297 ____A C:\Users\Henry\Desktop\unhide.exe
2012-01-29 21:35 - 2011-12-22 16:15 - 0000000 ____D C:\Users\Henry\Application Data\My Battle for Middle-earth Files
2012-01-29 21:35 - 2011-12-22 16:15 - 0000000 ____D C:\Users\Henry\AppData\Roaming\My Battle for Middle-earth Files
2012-01-29 21:35 - 2011-12-13 21:41 - 0000000 ____D C:\Users\Henry\Application Data\Skype
2012-01-29 21:35 - 2011-12-13 21:41 - 0000000 ____D C:\Users\Henry\AppData\Roaming\Skype
2012-01-29 21:35 - 2011-03-31 19:14 - 0000000 ____D C:\Users\Henry\Application Data\Creative
2012-01-29 21:35 - 2011-03-31 19:14 - 0000000 ____D C:\Users\Henry\AppData\Roaming\Creative
2012-01-29 21:35 - 2011-03-10 19:32 - 0000000 ____D C:\Users\Henry\Local Settings\Stardock_Corporation
2012-01-29 21:35 - 2011-03-10 19:32 - 0000000 ____D C:\Users\Henry\Local Settings\Application Data\Stardock_Corporation
2012-01-29 21:35 - 2011-03-10 19:32 - 0000000 ____D C:\Users\Henry\AppData\Local\Stardock_Corporation
2012-01-29 21:35 - 2011-03-10 18:36 - 0000000 ____D C:\Windows\SMINST
2012-01-29 21:27 - 2011-03-14 23:18 - 0000000 ____D C:\Users\Henry\Local Settings\Microsoft Help
2012-01-29 21:27 - 2011-03-14 23:18 - 0000000 ____D C:\Users\Henry\Local Settings\Application Data\Microsoft Help
2012-01-29 21:27 - 2011-03-14 23:18 - 0000000 ____D C:\Users\Henry\AppData\Local\Microsoft Help
2012-01-29 21:27 - 2010-08-07 12:04 - 0000000 ____D C:\Users\All Users\WildTangent
2012-01-29 21:27 - 2010-08-07 12:04 - 0000000 ____D C:\Users\All Users\Application Data\WildTangent
2012-01-29 21:27 - 2010-08-07 12:04 - 0000000 ____D C:\ProgramData\WildTangent
2012-01-29 21:26 - 2011-09-06 20:40 - 0000000 ____D C:\Users\All Users\Hewlett-Packard
2012-01-29 21:26 - 2011-09-06 20:40 - 0000000 ____D C:\Users\All Users\Application Data\Hewlett-Packard
2012-01-29 21:26 - 2011-09-06 20:40 - 0000000 ____D C:\ProgramData\Hewlett-Packard
2012-01-29 21:26 - 2010-08-07 14:19 - 0000000 ____D C:\dell
2012-01-29 21:24 - 2011-04-19 21:35 - 0000000 ____D C:\Users\Henry\Application Data\Mozilla
2012-01-29 21:24 - 2011-04-19 21:35 - 0000000 ____D C:\Users\Henry\AppData\Roaming\Mozilla
2012-01-29 21:24 - 2011-03-10 20:00 - 0000000 ____D C:\Users\Henry\Application Data\Macromedia
2012-01-29 21:24 - 2011-03-10 20:00 - 0000000 ____D C:\Users\Henry\Application Data\Adobe
2012-01-29 21:24 - 2011-03-10 20:00 - 0000000 ____D C:\Users\Henry\AppData\Roaming\Macromedia
2012-01-29 21:24 - 2011-03-10 20:00 - 0000000 ____D C:\Users\Henry\AppData\Roaming\Adobe
2012-01-29 21:24 - 2011-03-10 19:32 - 0000000 ____D C:\Users\Henry\Local Settings\SupportSoft
2012-01-29 21:24 - 2011-03-10 19:32 - 0000000 ____D C:\Users\Henry\Local Settings\Application Data\SupportSoft
2012-01-29 21:24 - 2011-03-10 19:32 - 0000000 ____D C:\Users\Henry\AppData\Local\SupportSoft
2012-01-29 21:24 - 2011-03-10 19:17 - 0000000 ____D C:\Users\Henry\AppData\LocalLow
2012-01-29 21:24 - 2009-07-14 01:44 - 0000000 ___RD C:\Users\Public\Recorded TV
2012-01-29 21:24 - 2009-07-13 21:20 - 0000000 ___RD C:\users\Public
2012-01-29 21:18 - 2011-03-12 13:19 - 0000000 ____D C:\Users\Henry\Local Settings\Application Data\Adobe
2012-01-29 21:18 - 2011-03-12 13:19 - 0000000 ____D C:\Users\Henry\Local Settings\Adobe
2012-01-29 21:18 - 2011-03-12 13:19 - 0000000 ____D C:\Users\Henry\AppData\Local\Adobe
2012-01-29 21:16 - 2011-03-10 21:32 - 0000000 ____D C:\Users\All Users\Application Data\Apple Computer
2012-01-29 21:16 - 2011-03-10 21:32 - 0000000 ____D C:\Users\All Users\Application Data\Apple
2012-01-29 21:16 - 2011-03-10 21:32 - 0000000 ____D C:\Users\All Users\Apple Computer
2012-01-29 21:16 - 2011-03-10 21:32 - 0000000 ____D C:\Users\All Users\Apple
2012-01-29 21:16 - 2011-03-10 21:32 - 0000000 ____D C:\ProgramData\Apple Computer
2012-01-29 21:16 - 2011-03-10 21:32 - 0000000 ____D C:\ProgramData\Apple
2012-01-29 21:16 - 2011-03-10 20:16 - 0000000 ____D C:\Users\All Users\Google
2012-01-29 21:16 - 2011-03-10 20:16 - 0000000 ____D C:\Users\All Users\Application Data\Google
2012-01-29 21:16 - 2011-03-10 20:16 - 0000000 ____D C:\ProgramData\Google
2012-01-29 21:16 - 2010-08-07 12:20 - 0000000 ____D C:\Users\All Users\Uninstall
2012-01-29 21:16 - 2010-08-07 12:20 - 0000000 ____D C:\Users\All Users\McAfee
2012-01-29 21:16 - 2010-08-07 12:20 - 0000000 ____D C:\Users\All Users\Application Data\Uninstall
2012-01-29 21:16 - 2010-08-07 12:20 - 0000000 ____D C:\Users\All Users\Application Data\McAfee
2012-01-29 21:16 - 2010-08-07 12:20 - 0000000 ____D C:\ProgramData\Uninstall
2012-01-29 21:16 - 2010-08-07 12:20 - 0000000 ____D C:\ProgramData\McAfee
2012-01-29 21:16 - 2010-08-07 12:19 - 0000000 ____D C:\Users\All Users\Macrovision
2012-01-29 21:16 - 2010-08-07 12:19 - 0000000 ____D C:\Users\All Users\Application Data\Macrovision
2012-01-29 21:16 - 2010-08-07 12:19 - 0000000 ____D C:\ProgramData\Macrovision
2012-01-29 21:16 - 2010-08-07 12:15 - 0000000 ____D C:\Users\All Users\Skype
2012-01-29 21:16 - 2010-08-07 12:15 - 0000000 ____D C:\Users\All Users\Application Data\Skype
2012-01-29 21:16 - 2010-08-07 12:15 - 0000000 ____D C:\ProgramData\Skype
2012-01-29 21:16 - 2010-08-07 12:10 - 0000000 ____D C:\Users\All Users\SupportSoft
2012-01-29 21:16 - 2010-08-07 12:10 - 0000000 ____D C:\Users\All Users\Application Data\SupportSoft
2012-01-29 21:16 - 2010-08-07 12:10 - 0000000 ____D C:\ProgramData\SupportSoft
2012-01-29 21:16 - 2010-08-07 12:01 - 0000000 ____D C:\Users\All Users\Application Data\Adobe
2012-01-29 21:16 - 2010-08-07 12:01 - 0000000 ____D C:\Users\All Users\Adobe
2012-01-29 21:16 - 2010-08-07 12:01 - 0000000 ____D C:\ProgramData\Adobe
2012-01-29 21:16 - 2010-08-07 12:00 - 0000000 ____D C:\Users\All Users\Dell
2012-01-29 21:16 - 2010-08-07 12:00 - 0000000 ____D C:\Users\All Users\Application Data\Dell
2012-01-29 21:16 - 2010-08-07 12:00 - 0000000 ____D C:\ProgramData\Dell
2012-01-29 16:12 - 2011-03-10 19:31 - 0000000 ____D C:\Users\Henry\Local Settings\VirtualStore
2012-01-29 16:12 - 2011-03-10 19:31 - 0000000 ____D C:\Users\Henry\Local Settings\Application Data\VirtualStore
2012-01-29 16:12 - 2011-03-10 19:31 - 0000000 ____D C:\Users\Henry\AppData\Local\VirtualStore
2012-01-29 16:11 - 2012-01-29 16:11 - 0000344 ____A C:\Users\All Users\jOBwnUiqJifJwn
2012-01-29 16:11 - 2012-01-29 16:11 - 0000344 ____A C:\Users\All Users\Application Data\jOBwnUiqJifJwn
2012-01-29 16:11 - 2012-01-29 16:11 - 0000344 ____A C:\ProgramData\jOBwnUiqJifJwn
2012-01-29 16:11 - 2012-01-29 16:11 - 0000280 ____A C:\Users\All Users\Application Data\~jOBwnUiqJifJwn
2012-01-29 16:11 - 2012-01-29 16:11 - 0000280 ____A C:\Users\All Users\~jOBwnUiqJifJwn
2012-01-29 16:11 - 2012-01-29 16:11 - 0000280 ____A C:\ProgramData\~jOBwnUiqJifJwn
2012-01-29 16:11 - 2012-01-29 16:11 - 0000192 ____A C:\Users\All Users\Application Data\~jOBwnUiqJifJwnr
2012-01-29 16:11 - 2012-01-29 16:11 - 0000192 ____A C:\Users\All Users\~jOBwnUiqJifJwnr
2012-01-29 16:11 - 2012-01-29 16:11 - 0000192 ____A C:\ProgramData\~jOBwnUiqJifJwnr
2012-01-13 22:02 - 2012-02-16 09:40 - 3143168 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-01-12 19:01 - 2012-01-12 19:01 - 0160874 ____A C:\Users\Henry\My Documents\REBELUTION.pdf
2012-01-12 19:01 - 2012-01-12 19:01 - 0160874 ____A C:\Users\Henry\Documents\REBELUTION.pdf
2012-01-12 08:41 - 2010-08-07 13:49 - 0045110 ____A C:\Windows\PFRO.log
2012-01-12 00:50 - 2011-03-13 10:16 - 0000000 ____D C:\Users\Henry\My Documents\College Stuff
2012-01-12 00:50 - 2011-03-13 10:16 - 0000000 ____D C:\Users\Henry\Documents\College Stuff
2012-01-04 12:25 - 2012-01-04 12:23 - 0013542 __ASH C:\Users\Henry\Local Settings\Application Data\781ls12ic70w76406206uoiloe2j441rif4go01852m
2012-01-04 12:25 - 2012-01-04 12:23 - 0013542 __ASH C:\Users\Henry\Local Settings\781ls12ic70w76406206uoiloe2j441rif4go01852m
2012-01-04 12:25 - 2012-01-04 12:23 - 0013542 __ASH C:\Users\Henry\AppData\Local\781ls12ic70w76406206uoiloe2j441rif4go01852m
2012-01-04 12:25 - 2012-01-04 12:23 - 0013542 __ASH C:\Users\All Users\Application Data\781ls12ic70w76406206uoiloe2j441rif4go01852m
2012-01-04 12:25 - 2012-01-04 12:23 - 0013542 __ASH C:\Users\All Users\781ls12ic70w76406206uoiloe2j441rif4go01852m
2012-01-04 12:25 - 2012-01-04 12:23 - 0013542 __ASH C:\ProgramData\781ls12ic70w76406206uoiloe2j441rif4go01852m
2012-01-04 03:59 - 2012-02-16 09:40 - 14164480 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-01-04 03:58 - 2012-02-16 09:40 - 0509952 ____A (Microsoft Corporation) C:\Windows\System32\ntshrui.dll
2012-01-04 03:03 - 2012-02-16 09:40 - 12868096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-01-04 03:03 - 2012-02-16 09:40 - 0442880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2012-01-03 00:24 - 2012-02-16 09:40 - 0515584 ____A (Microsoft Corporation) C:\Windows\System32\timedate.cpl
2012-01-02 23:44 - 2012-02-16 09:40 - 0478208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2011-12-29 19:16 - 2011-12-29 19:13 - 0012836 __ASH C:\Users\Henry\Local Settings\Application Data\6hr2y60ufg8g00htgqo2026hf832cru67o0h
2011-12-29 19:16 - 2011-12-29 19:13 - 0012836 __ASH C:\Users\Henry\Local Settings\6hr2y60ufg8g00htgqo2026hf832cru67o0h
2011-12-29 19:16 - 2011-12-29 19:13 - 0012836 __ASH C:\Users\Henry\AppData\Local\6hr2y60ufg8g00htgqo2026hf832cru67o0h
2011-12-29 19:16 - 2011-12-29 19:13 - 0012836 __ASH C:\Users\All Users\Application Data\6hr2y60ufg8g00htgqo2026hf832cru67o0h
2011-12-29 19:16 - 2011-12-29 19:13 - 0012836 __ASH C:\Users\All Users\6hr2y60ufg8g00htgqo2026hf832cru67o0h
2011-12-29 19:16 - 2011-12-29 19:13 - 0012836 __ASH C:\ProgramData\6hr2y60ufg8g00htgqo2026hf832cru67o0h
2011-12-27 21:59 - 2012-02-16 09:40 - 0499200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2011-12-24 09:58 - 2011-12-22 21:16 - 0000000 ____D C:\Users\Henry\Local Settings\appobjext
2011-12-24 09:58 - 2011-12-22 21:16 - 0000000 ____D C:\Users\Henry\Local Settings\Application Data\appobjext
2011-12-24 09:58 - 2011-12-22 21:16 - 0000000 ____D C:\Users\Henry\AppData\Local\appobjext
2011-12-22 19:40 - 2011-12-22 19:39 - 2450688 ____A C:\Users\Henry\Desktop\doom.zip
2011-12-22 19:17 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\rescache
2011-12-22 14:54 - 2011-12-22 14:54 - 0002212 ____A C:\Users\Public\Desktop\The Battle for Middle-earth ™.lnk
2011-12-22 14:54 - 2011-12-22 14:54 - 0002212 ____A C:\Users\All Users\Desktop\The Battle for Middle-earth ™.lnk
2011-12-22 11:04 - 2011-12-22 11:04 - 0000000 ____D C:\Program Files (x86)\EA GAMES
2011-12-22 10:55 - 2011-12-22 10:55 - 0000000 ____D C:\Program Files (x86)\WildGames
2011-12-22 10:52 - 2011-12-22 10:52 - 0002618 ____A C:\Users\Public\Desktop\WildTangent Games App - dell.lnk
2011-12-22 10:52 - 2011-12-22 10:52 - 0002618 ____A C:\Users\All Users\Desktop\WildTangent Games App - dell.lnk
2011-12-22 10:52 - 2011-12-22 10:52 - 0000000 ____D C:\Program Files (x86)\WildTangent Games
2011-12-19 20:44 - 2011-04-24 19:48 - 0002046 ____A C:\Users\Henry\Desktop\FinalTorrent.lnk
2011-12-16 02:42 - 2012-02-16 09:40 - 0634368 ____A (Microsoft Corporation) C:\Windows\System32\msvcrt.dll
2011-12-16 01:59 - 2012-02-16 09:40 - 0690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
2011-12-15 23:16 - 2011-12-15 23:16 - 0006906 ____A C:\Users\Henry\My Documents\Chitown Christmas.pdf
2011-12-15 23:16 - 2011-12-15 23:16 - 0006906 ____A C:\Users\Henry\Documents\Chitown Christmas.pdf
2011-12-14 01:43 - 2012-02-16 10:28 - 17790464 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2011-12-14 01:16 - 2012-02-16 10:28 - 10887168 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2011-12-14 01:11 - 2012-02-16 10:28 - 2308096 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2011-12-14 01:04 - 2012-02-16 10:28 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2011-12-14 01:04 - 2012-02-16 10:28 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2011-12-14 01:03 - 2012-02-16 10:28 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2011-12-14 01:03 - 2012-02-16 10:28 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2011-12-14 01:01 - 2012-02-16 10:28 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2011-12-14 01:00 - 2012-02-16 10:28 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2011-12-14 00:59 - 2012-02-16 10:28 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2011-12-14 00:57 - 2012-02-16 10:28 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2011-12-14 00:57 - 2012-02-16 10:28 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2011-12-14 00:53 - 2012-02-16 10:28 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2011-12-13 21:44 - 2011-12-13 21:44 - 0000000 ____D C:\Windows\System32\Macromed
2011-12-13 21:30 - 2012-02-16 10:28 - 12282368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2011-12-13 21:10 - 2012-02-16 10:28 - 9705472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2011-12-13 21:04 - 2012-02-16 10:28 - 1798656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2011-12-13 20:57 - 2012-02-16 10:28 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2011-12-13 20:57 - 2012-02-16 10:28 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2011-12-13 20:56 - 2012-02-16 10:28 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2011-12-13 20:55 - 2012-02-16 10:28 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2011-12-13 20:54 - 2012-02-16 10:28 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2011-12-13 20:53 - 2012-02-16 10:28 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2011-12-13 20:52 - 2012-02-16 10:28 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2011-12-13 20:50 - 2012-02-16 10:28 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2011-12-13 20:50 - 2012-02-16 10:28 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2011-12-13 20:47 - 2012-02-16 10:28 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 14%
Total physical RAM: 4056.36 MB
Available physical RAM: 3482.31 MB
Total Pagefile: 4054.51 MB
Available Pagefile: 3467.76 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:283.4 GB) (Free:190.62 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:8.01 GB) NTFS ==>[System with boot components (obtained from reading drive)]
6 Drive h: () (Removable) (Total:0.47 GB) (Free:0.47 GB) FAT
7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 Online 483 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 14 GB 40 MB
Partition 3 Primary 283 GB 14 GB

======================================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 FAT Partition 39 MB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D RECOVERY NTFS Partition 14 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C OS NTFS Partition 283 GB Healthy

======================================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 483 MB 118 KB

======================================================================================================

Disk: 2
Partition 1
Type : 06
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H FAT Removable 483 MB Healthy

======================================================================================================
==========================================================
TDL4: custom:26000022


==========================================================

Last Boot: 2012-02-29 17:13

======================= End Of Log ==========================

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:34 AM

Posted 11 March 2012 - 10:22 PM

Hello

I would like you to run the fix below and when it is complete I need you to rerun combofix and send me the report.

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

TDL4: custom:26000022
CMD: bootrec /FixMbr


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 andpinger

andpinger
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:10:34 AM

Posted 12 March 2012 - 12:56 AM

OK I am slightly confused with your instructions. I created the fixlist.txt file. However, you stated to "run the fix below and when it is complete, rerun the combofix". I'm not quite sure how to apply/run this text file. Honestly I think I missed something... I ran the FRST64 tool and clicked fix... the following is the log. So what do I have to do to run the first fix?



Fix result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 11-03-2012
Ran by SYSTEM at 2012-03-11 15:26:51 R:1
Running from G:\

==============================================


The operation completed successfully.
The operation completed successfully.

========= bootrec /FixMbr =========

˙ūT h e o p e r a t i o n c o m p l e t e d s u c c e s s f u l l y .

========= End of CMD: =========


==== End of Fixlog ====

#7 andpinger

andpinger
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:10:34 AM

Posted 12 March 2012 - 01:17 AM

OK my computer actually seems fixed right now... Is that it? Was I supposed to do something else with the fix list? Or is that it? Once again thank you so much.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:34 AM

Posted 12 March 2012 - 01:39 AM

Hello

the worst part should be over but I want to do some more checks to be sure

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 andpinger

andpinger
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:10:34 AM

Posted 12 March 2012 - 08:44 PM

OK so I ran the combofix. It seems as if it deleted some infected files. My computer seems to be running fine.
Here is the log:



ComboFix 12-03-12.03 - Henry 03/12/2012 20:59:08.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4056.2567 [GMT -4:00]
Running from: c:\users\Henry\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Henry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
c:\windows\svchost.exe
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((((( Files Created from 2012-02-13 to 2012-03-13 )))))))))))))))))))))))))))))))
.
.
2012-03-13 01:10 . 2012-03-13 01:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-13 00:30 . 2012-02-08 03:14 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{20DD2B28-6ED1-4458-9AD7-5066FA3521DB}\mpengine.dll
2012-03-10 11:08 . 2012-03-11 20:02 -------- d-----w- C:\FRST
2012-03-09 05:36 . 2012-03-09 05:10 -------- d-----w- c:\windows\Microsoft Antimalware
2012-03-09 00:13 . 2012-03-09 00:13 -------- d-----w- c:\windows\Sun
2012-03-08 21:53 . 2012-03-08 21:53 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\11BF.tmp
2012-03-08 21:53 . 2012-03-08 21:53 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\11BE.tmp
2012-03-06 03:49 . 2012-03-06 04:02 -------- d-----w- c:\program files (x86)\PC Tools Security
2012-03-06 03:49 . 2012-03-06 03:56 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-03-06 03:49 . 2012-03-06 03:49 -------- d-----w- c:\users\Henry\AppData\Roaming\PC Tools
2012-03-06 03:31 . 2012-03-06 03:49 -------- d-----w- c:\programdata\PC Tools
2012-03-06 03:31 . 2012-03-06 03:31 -------- d-----w- c:\users\Henry\AppData\Roaming\TestApp
2012-02-16 16:28 . 2011-12-14 06:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-16 15:40 . 2012-01-04 09:58 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-16 15:40 . 2012-01-04 09:03 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-16 15:40 . 2011-12-16 08:42 634368 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-16 15:40 . 2011-12-16 07:59 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-16 15:40 . 2012-01-14 04:02 3143168 ----a-w- c:\windows\system32\win32k.sys
2012-02-16 15:40 . 2012-01-03 06:24 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-16 15:40 . 2012-01-03 05:44 478208 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-16 15:40 . 2011-12-28 03:59 499200 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-04 01:58 . 2011-08-19 02:24 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-10 17:26 . 2012-02-10 17:28 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1380881C-4FA7-4C2B-A5CE-079D1D508166}\gapaengine.dll
2012-02-08 03:14 . 2011-03-12 17:55 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-01-31 12:44 . 2011-03-11 03:03 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-03-11 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-10 559616]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SafeConnect.lnk - c:\program files (x86)\SafeConnect\scClient.exe [2011-7-20 296088]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-11 136176]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-11 136176]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe [2009-03-02 89600]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 SCManager;SafeConnect Manager;c:\program files (x86)\SafeConnect\scManager.sys servicestart [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-13 c:\windows\Tasks\FinalTorrent Update Checker.job
- c:\program files (x86)\FinalTorrent\FTCheckForUpdates.exe [2011-04-25 20:50]
.
2012-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-11 02:16]
.
2012-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-11 02:16]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-04-05 384296]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-02-25 487424]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-02-21 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-02-21 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-02-21 365592]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-07-02 3180624]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 136.242.25.21 136.242.25.25
FF - ProfilePath - c:\users\Henry\AppData\Roaming\Mozilla\Firefox\Profiles\0n1044ty.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\SafeConnect\scManager.sys
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
.
**************************************************************************
.
Completion time: 2012-03-12 21:37:02 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-13 01:36
.
Pre-Run: 204,773,281,792 bytes free
Post-Run: 205,306,224,640 bytes free
.
- - End Of File - - 7A9AB209D9B21E3414FBC727C2C0A271

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:34 AM

Posted 12 March 2012 - 09:05 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:34 AM

Posted 14 March 2012 - 11:33 PM

Hello


Just checking in on you as it has been a couple of days since I have heard from you.

Are you having any troubles or just need more time?




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 andpinger

andpinger
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:10:34 AM

Posted 15 March 2012 - 06:37 PM

I am just going to need a tad bit more of time... I apologize I have been extremely busy with school and all. I will post the logs later tonight.

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:34 AM

Posted 15 March 2012 - 08:56 PM

no problem that is why I am just checking on you


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 andpinger

andpinger
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:10:34 AM

Posted 17 March 2012 - 12:42 AM

Ok I ran the TDSS killer and here is the log... It seems as if no threats were detected.


01:35:27.0318 3328 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
01:35:27.0568 3328 ============================================================
01:35:27.0568 3328 Current date / time: 2012/03/17 01:35:27.0568
01:35:27.0568 3328 SystemInfo:
01:35:27.0568 3328
01:35:27.0568 3328 OS Version: 6.1.7600 ServicePack: 0.0
01:35:27.0568 3328 Product type: Workstation
01:35:27.0568 3328 ComputerName: HENRY-PC
01:35:27.0568 3328 UserName: Henry
01:35:27.0568 3328 Windows directory: C:\Windows
01:35:27.0568 3328 System windows directory: C:\Windows
01:35:27.0568 3328 Running under WOW64
01:35:27.0568 3328 Processor architecture: Intel x64
01:35:27.0568 3328 Number of processors: 2
01:35:27.0568 3328 Page size: 0x1000
01:35:27.0568 3328 Boot type: Normal boot
01:35:27.0568 3328 ============================================================
01:35:28.0098 3328 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
01:35:28.0114 3328 \Device\Harddisk0\DR0:
01:35:28.0114 3328 MBR used
01:35:28.0114 3328 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
01:35:28.0114 3328 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x236CE2B0
01:35:28.0145 3328 Initialize success
01:35:28.0145 3328 ============================================================
01:35:30.0017 2916 ============================================================
01:35:30.0017 2916 Scan started
01:35:30.0017 2916 Mode: Manual;
01:35:30.0017 2916 ============================================================
01:35:30.0220 2916 1394ohci (69aa89a20dee08bfa650aab6ce37bd10) C:\Windows\system32\DRIVERS\1394ohci.sys
01:35:30.0235 2916 1394ohci - ok
01:35:30.0298 2916 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
01:35:30.0298 2916 ACPI - ok
01:35:30.0376 2916 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
01:35:30.0376 2916 AcpiPmi - ok
01:35:30.0485 2916 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
01:35:30.0485 2916 adp94xx - ok
01:35:30.0594 2916 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
01:35:30.0594 2916 adpahci - ok
01:35:30.0672 2916 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
01:35:30.0688 2916 adpu320 - ok
01:35:30.0812 2916 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
01:35:30.0812 2916 AFD - ok
01:35:30.0906 2916 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
01:35:30.0906 2916 agp440 - ok
01:35:31.0000 2916 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
01:35:31.0000 2916 aliide - ok
01:35:31.0031 2916 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
01:35:31.0046 2916 amdide - ok
01:35:31.0124 2916 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
01:35:31.0124 2916 AmdK8 - ok
01:35:31.0202 2916 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
01:35:31.0202 2916 AmdPPM - ok
01:35:31.0296 2916 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
01:35:31.0296 2916 amdsata - ok
01:35:31.0390 2916 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
01:35:31.0390 2916 amdsbs - ok
01:35:31.0483 2916 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
01:35:31.0483 2916 amdxata - ok
01:35:31.0577 2916 ApfiltrService (98449a2957778a6f025c418438a380f4) C:\Windows\system32\DRIVERS\Apfiltr.sys
01:35:31.0592 2916 ApfiltrService - ok
01:35:31.0686 2916 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
01:35:31.0686 2916 AppID - ok
01:35:31.0811 2916 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
01:35:31.0811 2916 arc - ok
01:35:31.0889 2916 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
01:35:31.0889 2916 arcsas - ok
01:35:31.0982 2916 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
01:35:31.0998 2916 AsyncMac - ok
01:35:32.0092 2916 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
01:35:32.0092 2916 atapi - ok
01:35:32.0216 2916 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
01:35:32.0232 2916 b06bdrv - ok
01:35:32.0326 2916 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
01:35:32.0326 2916 b57nd60a - ok
01:35:32.0466 2916 BCM42RLY (e001dd475a7c27ebe5a0db45c11bad71) C:\Windows\system32\drivers\BCM42RLY.sys
01:35:32.0466 2916 BCM42RLY - ok
01:35:32.0606 2916 BCM43XX (37394d3553e220fb732c21e217e1bd8b) C:\Windows\system32\DRIVERS\bcmwl664.sys
01:35:32.0653 2916 BCM43XX - ok
01:35:32.0809 2916 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
01:35:32.0809 2916 Beep - ok
01:35:32.0918 2916 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
01:35:32.0918 2916 blbdrive - ok
01:35:33.0012 2916 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
01:35:33.0012 2916 bowser - ok
01:35:33.0106 2916 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
01:35:33.0106 2916 BrFiltLo - ok
01:35:33.0184 2916 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
01:35:33.0184 2916 BrFiltUp - ok
01:35:33.0293 2916 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
01:35:33.0293 2916 BridgeMP - ok
01:35:33.0308 2916 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
01:35:33.0308 2916 Brserid - ok
01:35:33.0386 2916 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
01:35:33.0402 2916 BrSerWdm - ok
01:35:33.0480 2916 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
01:35:33.0480 2916 BrUsbMdm - ok
01:35:33.0558 2916 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
01:35:33.0558 2916 BrUsbSer - ok
01:35:33.0636 2916 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
01:35:33.0636 2916 BTHMODEM - ok
01:35:33.0683 2916 catchme - ok
01:35:33.0761 2916 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
01:35:33.0761 2916 cdfs - ok
01:35:33.0870 2916 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
01:35:33.0870 2916 cdrom - ok
01:35:33.0964 2916 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
01:35:33.0979 2916 circlass - ok
01:35:34.0057 2916 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
01:35:34.0057 2916 CLFS - ok
01:35:34.0166 2916 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
01:35:34.0182 2916 CmBatt - ok
01:35:34.0198 2916 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
01:35:34.0198 2916 cmdide - ok
01:35:34.0307 2916 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
01:35:34.0307 2916 CNG - ok
01:35:34.0400 2916 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
01:35:34.0400 2916 Compbatt - ok
01:35:34.0494 2916 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
01:35:34.0494 2916 CompositeBus - ok
01:35:34.0572 2916 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
01:35:34.0572 2916 crcdisk - ok
01:35:34.0712 2916 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys
01:35:34.0712 2916 CtClsFlt - ok
01:35:34.0822 2916 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
01:35:34.0822 2916 DfsC - ok
01:35:34.0868 2916 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
01:35:34.0884 2916 discache - ok
01:35:35.0009 2916 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
01:35:35.0009 2916 Disk - ok
01:35:35.0134 2916 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
01:35:35.0134 2916 drmkaud - ok
01:35:35.0227 2916 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
01:35:35.0243 2916 DXGKrnl - ok
01:35:35.0399 2916 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
01:35:35.0477 2916 ebdrv - ok
01:35:35.0570 2916 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
01:35:35.0586 2916 elxstor - ok
01:35:35.0664 2916 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
01:35:35.0664 2916 ErrDev - ok
01:35:35.0742 2916 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
01:35:35.0758 2916 exfat - ok
01:35:35.0820 2916 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
01:35:35.0820 2916 fastfat - ok
01:35:35.0914 2916 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
01:35:35.0914 2916 fdc - ok
01:35:36.0007 2916 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
01:35:36.0007 2916 FileInfo - ok
01:35:36.0085 2916 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
01:35:36.0085 2916 Filetrace - ok
01:35:36.0163 2916 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
01:35:36.0163 2916 flpydisk - ok
01:35:36.0194 2916 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
01:35:36.0194 2916 FltMgr - ok
01:35:36.0288 2916 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
01:35:36.0304 2916 FsDepends - ok
01:35:36.0382 2916 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
01:35:36.0382 2916 Fs_Rec - ok
01:35:36.0491 2916 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
01:35:36.0491 2916 fvevol - ok
01:35:36.0569 2916 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
01:35:36.0569 2916 gagp30kx - ok
01:35:36.0694 2916 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
01:35:36.0709 2916 GEARAspiWDM - ok
01:35:36.0834 2916 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
01:35:36.0834 2916 hcw85cir - ok
01:35:36.0928 2916 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
01:35:36.0928 2916 HDAudBus - ok
01:35:36.0943 2916 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
01:35:36.0943 2916 HidBatt - ok
01:35:37.0021 2916 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
01:35:37.0021 2916 HidBth - ok
01:35:37.0099 2916 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
01:35:37.0099 2916 HidIr - ok
01:35:37.0208 2916 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
01:35:37.0208 2916 HidUsb - ok
01:35:37.0318 2916 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
01:35:37.0318 2916 HpSAMD - ok
01:35:37.0411 2916 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
01:35:37.0427 2916 HTTP - ok
01:35:37.0505 2916 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
01:35:37.0505 2916 hwpolicy - ok
01:35:37.0583 2916 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
01:35:37.0583 2916 i8042prt - ok
01:35:37.0692 2916 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
01:35:37.0692 2916 iaStor - ok
01:35:37.0801 2916 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
01:35:37.0801 2916 iaStorV - ok
01:35:38.0035 2916 igfx (44a4cfdf95dec95cfe8a5c111a2cbf71) C:\Windows\system32\DRIVERS\igdkmd64.sys
01:35:38.0191 2916 igfx - ok
01:35:38.0269 2916 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
01:35:38.0285 2916 iirsp - ok
01:35:38.0300 2916 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
01:35:38.0300 2916 intelide - ok
01:35:38.0378 2916 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
01:35:38.0378 2916 intelppm - ok
01:35:38.0456 2916 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:35:38.0456 2916 IpFilterDriver - ok
01:35:38.0534 2916 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
01:35:38.0534 2916 IPMIDRV - ok
01:35:38.0612 2916 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
01:35:38.0612 2916 IPNAT - ok
01:35:38.0706 2916 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
01:35:38.0706 2916 IRENUM - ok
01:35:38.0800 2916 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
01:35:38.0800 2916 isapnp - ok
01:35:38.0862 2916 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
01:35:38.0862 2916 iScsiPrt - ok
01:35:38.0940 2916 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
01:35:38.0940 2916 kbdclass - ok
01:35:39.0034 2916 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
01:35:39.0034 2916 kbdhid - ok
01:35:39.0112 2916 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
01:35:39.0112 2916 KSecDD - ok
01:35:39.0143 2916 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
01:35:39.0143 2916 KSecPkg - ok
01:35:39.0236 2916 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
01:35:39.0236 2916 ksthunk - ok
01:35:39.0361 2916 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
01:35:39.0361 2916 lltdio - ok
01:35:39.0470 2916 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
01:35:39.0470 2916 LSI_FC - ok
01:35:39.0564 2916 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
01:35:39.0564 2916 LSI_SAS - ok
01:35:39.0658 2916 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
01:35:39.0658 2916 LSI_SAS2 - ok
01:35:39.0751 2916 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
01:35:39.0751 2916 LSI_SCSI - ok
01:35:39.0829 2916 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
01:35:39.0829 2916 luafv - ok
01:35:39.0860 2916 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
01:35:39.0860 2916 megasas - ok
01:35:39.0938 2916 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
01:35:39.0954 2916 MegaSR - ok
01:35:40.0032 2916 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
01:35:40.0032 2916 Modem - ok
01:35:40.0110 2916 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
01:35:40.0110 2916 monitor - ok
01:35:40.0219 2916 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
01:35:40.0219 2916 mouclass - ok
01:35:40.0313 2916 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
01:35:40.0313 2916 mouhid - ok
01:35:40.0391 2916 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
01:35:40.0391 2916 mountmgr - ok
01:35:40.0516 2916 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
01:35:40.0531 2916 MpFilter - ok
01:35:40.0609 2916 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
01:35:40.0609 2916 mpio - ok
01:35:40.0718 2916 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
01:35:40.0718 2916 MpNWMon - ok
01:35:40.0796 2916 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
01:35:40.0796 2916 mpsdrv - ok
01:35:40.0828 2916 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
01:35:40.0843 2916 MRxDAV - ok
01:35:40.0921 2916 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
01:35:40.0921 2916 mrxsmb - ok
01:35:40.0968 2916 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:35:40.0968 2916 mrxsmb10 - ok
01:35:41.0046 2916 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:35:41.0062 2916 mrxsmb20 - ok
01:35:41.0140 2916 msahci (bccf16d5fb1109162380e3e28dc9e4e5) C:\Windows\system32\DRIVERS\msahci.sys
01:35:41.0140 2916 msahci - ok
01:35:41.0218 2916 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
01:35:41.0218 2916 msdsm - ok
01:35:41.0327 2916 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
01:35:41.0327 2916 Msfs - ok
01:35:41.0405 2916 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
01:35:41.0405 2916 mshidkmdf - ok
01:35:41.0436 2916 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
01:35:41.0436 2916 msisadrv - ok
01:35:41.0530 2916 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
01:35:41.0545 2916 MSKSSRV - ok
01:35:41.0639 2916 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
01:35:41.0639 2916 MSPCLOCK - ok
01:35:41.0717 2916 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
01:35:41.0717 2916 MSPQM - ok
01:35:41.0795 2916 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
01:35:41.0795 2916 MsRPC - ok
01:35:41.0873 2916 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
01:35:41.0888 2916 mssmbios - ok
01:35:41.0951 2916 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
01:35:41.0966 2916 MSTEE - ok
01:35:42.0029 2916 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
01:35:42.0029 2916 MTConfig - ok
01:35:42.0122 2916 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
01:35:42.0122 2916 Mup - ok
01:35:42.0232 2916 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
01:35:42.0247 2916 NativeWifiP - ok
01:35:42.0356 2916 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
01:35:42.0372 2916 NDIS - ok
01:35:42.0450 2916 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
01:35:42.0450 2916 NdisCap - ok
01:35:42.0559 2916 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
01:35:42.0559 2916 NdisTapi - ok
01:35:42.0637 2916 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
01:35:42.0637 2916 Ndisuio - ok
01:35:42.0715 2916 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
01:35:42.0715 2916 NdisWan - ok
01:35:42.0809 2916 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
01:35:42.0809 2916 NDProxy - ok
01:35:42.0902 2916 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
01:35:42.0902 2916 NetBIOS - ok
01:35:42.0980 2916 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
01:35:42.0996 2916 NetBT - ok
01:35:43.0105 2916 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
01:35:43.0105 2916 nfrd960 - ok
01:35:43.0136 2916 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
01:35:43.0136 2916 NisDrv - ok
01:35:43.0246 2916 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
01:35:43.0246 2916 Npfs - ok
01:35:43.0324 2916 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
01:35:43.0324 2916 nsiproxy - ok
01:35:43.0402 2916 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
01:35:43.0433 2916 Ntfs - ok
01:35:43.0495 2916 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
01:35:43.0511 2916 Null - ok
01:35:43.0604 2916 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
01:35:43.0604 2916 nvraid - ok
01:35:43.0682 2916 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
01:35:43.0698 2916 nvstor - ok
01:35:43.0776 2916 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
01:35:43.0776 2916 nv_agp - ok
01:35:43.0854 2916 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
01:35:43.0854 2916 ohci1394 - ok
01:35:43.0963 2916 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
01:35:43.0963 2916 Parport - ok
01:35:44.0041 2916 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
01:35:44.0041 2916 partmgr - ok
01:35:44.0119 2916 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
01:35:44.0135 2916 pci - ok
01:35:44.0197 2916 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
01:35:44.0197 2916 pciide - ok
01:35:44.0291 2916 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
01:35:44.0291 2916 pcmcia - ok
01:35:44.0369 2916 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
01:35:44.0369 2916 pcw - ok
01:35:44.0400 2916 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
01:35:44.0416 2916 PEAUTH - ok
01:35:44.0556 2916 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
01:35:44.0556 2916 PptpMiniport - ok
01:35:44.0634 2916 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
01:35:44.0634 2916 Processor - ok
01:35:44.0759 2916 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
01:35:44.0759 2916 Psched - ok
01:35:44.0837 2916 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
01:35:44.0837 2916 PxHlpa64 - ok
01:35:44.0946 2916 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
01:35:44.0977 2916 ql2300 - ok
01:35:45.0055 2916 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
01:35:45.0055 2916 ql40xx - ok
01:35:45.0133 2916 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
01:35:45.0133 2916 QWAVEdrv - ok
01:35:45.0211 2916 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
01:35:45.0211 2916 RasAcd - ok
01:35:45.0305 2916 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
01:35:45.0305 2916 RasAgileVpn - ok
01:35:45.0398 2916 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
01:35:45.0398 2916 Rasl2tp - ok
01:35:45.0476 2916 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
01:35:45.0476 2916 RasPppoe - ok
01:35:45.0586 2916 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
01:35:45.0586 2916 RasSstp - ok
01:35:45.0664 2916 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
01:35:45.0664 2916 rdbss - ok
01:35:45.0742 2916 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
01:35:45.0742 2916 rdpbus - ok
01:35:45.0820 2916 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
01:35:45.0820 2916 RDPCDD - ok
01:35:45.0929 2916 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
01:35:45.0929 2916 RDPENCDD - ok
01:35:46.0022 2916 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
01:35:46.0022 2916 RDPREFMP - ok
01:35:46.0054 2916 RDPWD (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys
01:35:46.0085 2916 RDPWD - ok
01:35:46.0194 2916 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
01:35:46.0194 2916 rdyboost - ok
01:35:46.0303 2916 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
01:35:46.0303 2916 rspndr - ok
01:35:46.0397 2916 RSUSBSTOR (4a25dc970c58104602ed274dacafd784) C:\Windows\system32\Drivers\RtsUStor.sys
01:35:46.0397 2916 RSUSBSTOR - ok
01:35:46.0444 2916 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
01:35:46.0444 2916 sbp2port - ok
01:35:46.0522 2916 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
01:35:46.0537 2916 scfilter - ok
01:35:46.0662 2916 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
01:35:46.0678 2916 secdrv - ok
01:35:46.0756 2916 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
01:35:46.0756 2916 Serenum - ok
01:35:46.0849 2916 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
01:35:46.0849 2916 Serial - ok
01:35:46.0943 2916 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
01:35:46.0943 2916 sermouse - ok
01:35:47.0036 2916 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
01:35:47.0036 2916 sffdisk - ok
01:35:47.0114 2916 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
01:35:47.0114 2916 sffp_mmc - ok
01:35:47.0208 2916 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
01:35:47.0208 2916 sffp_sd - ok
01:35:47.0286 2916 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
01:35:47.0286 2916 sfloppy - ok
01:35:47.0395 2916 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
01:35:47.0395 2916 SiSRaid2 - ok
01:35:47.0473 2916 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
01:35:47.0473 2916 SiSRaid4 - ok
01:35:47.0567 2916 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
01:35:47.0567 2916 Smb - ok
01:35:47.0676 2916 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
01:35:47.0676 2916 spldr - ok
01:35:47.0785 2916 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
01:35:47.0785 2916 srv - ok
01:35:47.0894 2916 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
01:35:47.0894 2916 srv2 - ok
01:35:47.0972 2916 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
01:35:47.0972 2916 srvnet - ok
01:35:48.0097 2916 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
01:35:48.0097 2916 stexstor - ok
01:35:48.0191 2916 STHDA (f3f6c17f70eba268cdbe4f9704e3eac5) C:\Windows\system32\DRIVERS\stwrt64.sys
01:35:48.0206 2916 STHDA - ok
01:35:48.0284 2916 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
01:35:48.0284 2916 swenum - ok
01:35:48.0425 2916 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
01:35:48.0456 2916 Tcpip - ok
01:35:48.0596 2916 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
01:35:48.0612 2916 TCPIP6 - ok
01:35:48.0690 2916 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
01:35:48.0690 2916 tcpipreg - ok
01:35:48.0768 2916 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
01:35:48.0768 2916 TDPIPE - ok
01:35:48.0846 2916 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
01:35:48.0862 2916 TDTCP - ok
01:35:48.0940 2916 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
01:35:48.0940 2916 tdx - ok
01:35:49.0018 2916 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
01:35:49.0018 2916 TermDD - ok
01:35:49.0111 2916 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
01:35:49.0111 2916 tssecsrv - ok
01:35:49.0220 2916 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
01:35:49.0220 2916 tunnel - ok
01:35:49.0298 2916 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
01:35:49.0298 2916 uagp35 - ok
01:35:49.0392 2916 udfs (31ba4a33afab6a69ea092b18017f737f) C:\Windows\system32\DRIVERS\udfs.sys
01:35:49.0392 2916 udfs - ok
01:35:49.0501 2916 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
01:35:49.0501 2916 uliagpkx - ok
01:35:49.0595 2916 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
01:35:49.0595 2916 umbus - ok
01:35:49.0673 2916 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
01:35:49.0673 2916 UmPass - ok
01:35:49.0751 2916 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys
01:35:49.0766 2916 USBAAPL64 - ok
01:35:49.0844 2916 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys
01:35:49.0844 2916 usbccgp - ok
01:35:49.0922 2916 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
01:35:49.0938 2916 usbcir - ok
01:35:50.0016 2916 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\DRIVERS\usbehci.sys
01:35:50.0032 2916 usbehci - ok
01:35:50.0125 2916 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
01:35:50.0125 2916 usbhub - ok
01:35:50.0156 2916 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys
01:35:50.0156 2916 usbohci - ok
01:35:50.0250 2916 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
01:35:50.0250 2916 usbprint - ok
01:35:50.0344 2916 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
01:35:50.0344 2916 usbscan - ok
01:35:50.0437 2916 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
01:35:50.0437 2916 USBSTOR - ok
01:35:50.0515 2916 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\DRIVERS\usbuhci.sys
01:35:50.0515 2916 usbuhci - ok
01:35:50.0609 2916 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys
01:35:50.0624 2916 usbvideo - ok
01:35:50.0718 2916 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
01:35:50.0718 2916 vdrvroot - ok
01:35:50.0827 2916 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
01:35:50.0827 2916 vga - ok
01:35:50.0905 2916 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
01:35:50.0905 2916 VgaSave - ok
01:35:50.0999 2916 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
01:35:51.0014 2916 vhdmp - ok
01:35:51.0077 2916 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
01:35:51.0077 2916 viaide - ok
01:35:51.0155 2916 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
01:35:51.0155 2916 volmgr - ok
01:35:51.0248 2916 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
01:35:51.0248 2916 volmgrx - ok
01:35:51.0342 2916 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
01:35:51.0358 2916 volsnap - ok
01:35:51.0436 2916 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
01:35:51.0451 2916 vsmraid - ok
01:35:51.0529 2916 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
01:35:51.0529 2916 vwifibus - ok
01:35:51.0623 2916 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
01:35:51.0623 2916 vwififlt - ok
01:35:51.0701 2916 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
01:35:51.0717 2916 WacomPen - ok
01:35:51.0810 2916 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
01:35:51.0810 2916 WANARP - ok
01:35:51.0826 2916 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
01:35:51.0826 2916 Wanarpv6 - ok
01:35:51.0935 2916 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
01:35:51.0935 2916 Wd - ok
01:35:52.0029 2916 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
01:35:52.0044 2916 Wdf01000 - ok
01:35:52.0153 2916 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
01:35:52.0153 2916 WfpLwf - ok
01:35:52.0231 2916 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
01:35:52.0231 2916 WimFltr - ok
01:35:52.0294 2916 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
01:35:52.0294 2916 WIMMount - ok
01:35:52.0419 2916 WinUsb (4d52c872018af7e18d078978dcc3f6f2) C:\Windows\system32\DRIVERS\WinUsb.sys
01:35:52.0419 2916 WinUsb - ok
01:35:52.0528 2916 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
01:35:52.0528 2916 WmiAcpi - ok
01:35:52.0637 2916 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
01:35:52.0637 2916 ws2ifsl - ok
01:35:52.0731 2916 WudfPf (c63907207b837a5c05cf6d1606aa0008) C:\Windows\system32\drivers\WudfPf.sys
01:35:52.0746 2916 WudfPf - ok
01:35:52.0840 2916 WUDFRd (d885a873d733020f8b9b9ff4b1666158) C:\Windows\system32\DRIVERS\WUDFRd.sys
01:35:52.0840 2916 WUDFRd - ok
01:35:52.0949 2916 yukonw7 (79d9ce9614c955dd31aa2556b4014662) C:\Windows\system32\DRIVERS\yk62x64.sys
01:35:52.0949 2916 yukonw7 - ok
01:35:52.0980 2916 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
01:35:53.0058 2916 \Device\Harddisk0\DR0 - ok
01:35:53.0058 2916 Boot (0x1200) (0437f2279a05ddd37b790bc9884941c7) \Device\Harddisk0\DR0\Partition0
01:35:53.0058 2916 \Device\Harddisk0\DR0\Partition0 - ok
01:35:53.0074 2916 Boot (0x1200) (e45be5079215d9aa2329bec2cea0c5f3) \Device\Harddisk0\DR0\Partition1
01:35:53.0089 2916 \Device\Harddisk0\DR0\Partition1 - ok
01:35:53.0089 2916 ============================================================
01:35:53.0089 2916 Scan finished
01:35:53.0089 2916 ============================================================
01:35:53.0105 4168 Detected object count: 0
01:35:53.0105 4168 Actual detected object count: 0

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:34 AM

Posted 17 March 2012 - 12:52 AM

OK run aswMBR now for me


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users