Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TDSSkiller deleted "\Device\Harddisk0\DR0" and now operating system won't boot!


  • This topic is locked This topic is locked
16 replies to this topic

#1 kaomoji

kaomoji

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 18 July 2012 - 12:22 PM

I initially had problems with repeated rebooting of my computer, and occasional BSOD's (specifically the STOP: 0x0000008E). After a little research on google, I found out that the source of my problems was most likely caused by something called a "rootkit". To check and see if it was in fact a rootkit, I downloaded a program called "GMER" and ran it on my computer before my machine could reboot, and get a blue screen again. It was successful in detecting as it said something like: "Disc \Device\Harddisk0\DR0 Sector 00: rootkit-like behavior". After finding out that this most likely meant my machine did have a rootkit, i realized that I had no way of fixing the issue with GMER (or at least I didn't know how) so I went on google again to find a program that could quarantine it. After searching, I came across a program by the name of "TDSSkiller". I downloaded this new program and ran it about 4 times total. The first time I ran it, it detected the Harddisk0\DR0 as well as some other viruses/malware, etc. so I chose to clean those files. After cleaning those files, I rescanned the computer to double check problems were still there, and It found the same file again "\Device\Harddisk0\DR0" as well as some different files, so this time I selected "quarantine" instead of clean. I repeated this one more time finding again nothing have been done to "\Device\Harddisk0\DR0", so I tried to quarantine it again. No luck, so on the 4th try, i selected to delete "\Device\Harddisk0\DR0" as well as 8 other files. This time the TDSSkiller asked me to restart my computer, which I did only to find out that my operating system would not boot up, and I couldn't even get into safe mode. It was only after all of this that I discovered your website "www.bleepingcomputer.com" on a computer that I have that does not currently have problems which I am using now. I came across a post by someone that had a problem almost identical to mine and tried to follow the Admin's instruction to fix my problem the same way.

That post can be found here: http://www.bleepingcomputer.com/forums/topic428312.html

One of the only differences was that i was unable to locate "c:\tdsskiller<timestamp>.txt" to find what tdsskiller did last to possibly cause the operating system to fail. However I am 90% sure that it was deleting "\Device\Harddisk0\DR0". I also tried using various options on a system recovery cd with no success, such as going into the command prompt and using "bootrec.exe, \FixMbr, \FixBoot". Like the admin in that post instructed, I created a log file using a program called "FRST.exe" I dont know if this will be useful, but here it is anyway for the computer that has problems (link below). I stopped following the admin's instructions when they said to type in the command prompt:
c:

bcdedit /export c:\bcdexport.txt

bcdedit /set {default} winpe no


I'm running Windows 7 32x.
Any help with my problem would be greatly appreciated, Thanks.

Attached Files

  • Attached File  FRST.txt   29.7KB   10 downloads

Edited by kaomoji, 18 July 2012 - 01:07 PM.


BC AdBot (Login to Remove)

 


#2 kaomoji

kaomoji
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 18 July 2012 - 05:53 PM

Here is the same log "FRST.txt" typed out, so you don't have to download it (just in case that is a problem).

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 16-07-2012 01
Ran by SYSTEM at 18-07-2012 01:40:48
Running from F:\
Windows 7 Professional (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [141848 2009-09-23] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [173592 2009-09-23] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [150552 2009-09-23] (Intel Corporation)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75

================================ Services (Whitelisted) ==================

2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)
2 NAUpdate; "C:\Program Files\Nero\Update\NASvc.exe" [503080 2010-05-04] (Nero AG)
2 NAV; "C:\Program Files\Norton AntiVirus\Engine\19.7.1.5\ccSvcHst.exe" /s "NAV" /m "C:\Program Files\Norton AntiVirus\Engine\19.7.1.5\diMaster.dll" /prefetch:1 [309688 2012-04-12] (Symantec Corporation)
3 NMIndexingService; "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" [262144 2006-12-23] (Nero AG)
2 SkypeUpdate; "C:\Program Files\Skype\Updater\Updater.exe" [160944 2012-07-03] (Skype Technologies)
2 StkASSrv; C:\Windows\System32\StkASv2K.exe [24576 2006-05-23] (Syntek America Inc.)
2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-09-28] (Ulead Systems, Inc.)
2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [x]
3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [x]
3 rpcapd; "C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini" [x]

========================== Drivers (Whitelisted) =============

0 02310049; C:\Windows\System32\drivers\00240933.sys [98992 2012-07-17] (Kaspersky Lab, GERT)
3 AVer88xHD; C:\Windows\System32\drivers\AVer88xHD.sys [459392 2009-06-25] (AVerMedia TECHNOLOGIES, Inc.)
1 BHDrvx86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\BASHDefs\20120711.002\BHDrvx86.sys [821920 2012-06-18] (Symantec Corporation)
1 ccSet_NAV; C:\Windows\system32\drivers\NAV\1307010.005\ccSetx86.sys [132744 2011-11-29] (Symantec Corporation)
3 CV2K1; C:\Windows\System32\DRIVERS\cv2k1.sys [19240 2006-12-07] (TamoSoft)
3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [80184 2011-11-24] (DEVGURU Co., LTD.(www.devguru.co.kr))
1 eeCtrl; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2012-05-30] (Symantec Corporation)
3 EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2012-05-30] (Symantec Corporation)
1 IDSVix86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\IPSDefs\20120715.001\IDSvix86.sys [382624 2012-06-14] (Symantec Corporation)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [22344 2012-07-03] (Malwarebytes Corporation)
3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2012-07-17] (Malwarebytes Corporation)
0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
1 MpKsl2d645391; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DD2BD32F-D151-40B8-A817-6DA63EECAFFD}\MpKsl2d645391.sys [29904 2012-07-17] (Microsoft Corporation)
1 MpKsl7015bed3; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DD2BD32F-D151-40B8-A817-6DA63EECAFFD}\MpKsl7015bed3.sys [29904 2012-07-17] (Microsoft Corporation)
1 MpKsl963da3f6; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DD2BD32F-D151-40B8-A817-6DA63EECAFFD}\MpKsl963da3f6.sys [29904 2012-07-17] (Microsoft Corporation)
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20120717.004\NAVENG.SYS [87928 2012-05-24] (Symantec Corporation)
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20120717.004\NAVEX15.SYS [1589752 2012-05-24] (Symantec Corporation)
3 NPF; C:\Windows\System32\drivers\npf.sys [30336 2003-04-04] (Politecnico di Torino)
3 RTL8023xp; C:\Windows\System32\DRIVERS\Rtnicxp.sys [43008 2009-07-13] (Realtek Semiconductor Corporation )
3 SRTSP; C:\Windows\System32\Drivers\NAV\1307010.005\SRTSP.SYS [574072 2012-03-28] (Symantec Corporation)
1 SRTSPX; C:\Windows\system32\drivers\NAV\1307010.005\SRTSPX.SYS [32888 2012-03-28] (Symantec Corporation)
3 SrvHsfPCI; C:\Windows\System32\DRIVERS\VSTBS23.SYS [266752 2009-07-13] (Conexant Systems, Inc.)
3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [181432 2011-11-24] (DEVGURU Co., LTD.(www.devguru.co.kr))
3 StkAMini; C:\Windows\System32\Drivers\StkAMini.sys [241628 2006-09-26] (Syntek America Inc.)
3 StkScan; C:\Windows\System32\Drivers\StkScan.sys [4772 2006-08-01] (Syntek America Inc.)
0 SymDS; C:\Windows\System32\drivers\NAV\1307010.005\SYMDS.SYS [340088 2011-07-25] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\NAV\1307010.005\SYMEFA.SYS [905336 2012-03-28] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [141944 2012-03-23] (Symantec Corporation)
1 SymIRON; C:\Windows\system32\drivers\NAV\1307010.005\Ironx86.SYS [149624 2012-03-28] (Symantec Corporation)
1 SymNetS; C:\Windows\System32\Drivers\NAV\1307010.005\SYMNETS.SYS [318584 2012-03-28] (Symantec Corporation)
3 xusb21; C:\Windows\System32\DRIVERS\xusb21.sys [66152 2009-08-21] (Microsoft Corporation)

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-18 00:18 - 2012-07-18 00:18 - 00000000 ____D C:\FRST
2012-07-17 21:14 - 2012-07-17 21:14 - 00098992 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\00240933.sys
2012-07-17 21:04 - 2012-07-17 21:07 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-07-17 21:03 - 2012-07-16 21:11 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Frank Carlson\Desktop\TDSSKiller.exe
2012-07-17 21:02 - 2012-07-17 21:02 - 02117152 ____A C:\Users\Frank Carlson\Downloads\tdsskiller.zip
2012-07-17 20:57 - 2012-07-17 20:57 - 00010416 ____A C:\Users\Frank Carlson\Desktop\log for malware 2.log
2012-07-17 20:12 - 2012-07-17 20:12 - 00144416 ____A C:\Windows\Minidump\071712-23119-01.dmp
2012-07-17 19:47 - 2012-07-17 19:47 - 00000000 ____D C:\$WINDOWS.~BT
2012-07-17 19:16 - 2012-07-17 19:46 - 00001890 ____A C:\Windows\diagwrn.xml
2012-07-17 19:16 - 2012-07-17 19:46 - 00001890 ____A C:\Windows\diagerr.xml
2012-07-17 19:11 - 2012-07-17 19:11 - 00011237 ____A C:\Users\Frank Carlson\Desktop\log for malware.log
2012-07-17 16:38 - 2012-07-17 16:39 - 00144416 ____A C:\Windows\Minidump\071712-25896-01.dmp
2012-07-17 16:28 - 2012-07-17 16:28 - 00144416 ____A C:\Windows\Minidump\071712-28626-01.dmp
2012-07-17 15:43 - 2012-07-17 15:43 - 00144416 ____A C:\Windows\Minidump\071712-25443-01.dmp
2012-07-17 15:41 - 2012-07-17 15:41 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2012-07-17 11:59 - 2012-07-17 11:59 - 00144416 ____A C:\Windows\Minidump\071712-29390-01.dmp
2012-07-17 02:27 - 2012-07-17 02:27 - 00144416 ____A C:\Windows\Minidump\071712-26894-01.dmp
2012-07-17 01:28 - 2012-07-17 01:28 - 00000000 ____D C:\Users\Frank Carlson\AppData\Roaming\Malwarebytes
2012-07-17 01:28 - 2012-07-17 01:28 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-07-17 01:28 - 2012-07-17 01:28 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-07-17 01:28 - 2012-07-03 12:46 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-17 01:27 - 2012-07-17 01:27 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Frank Carlson\Downloads\mbam-setup-1.62.0.1300.exe
2012-07-17 01:13 - 2012-07-17 01:13 - 00144416 ____A C:\Windows\Minidump\071712-24102-01.dmp
2012-07-17 01:07 - 2012-07-17 01:07 - 00144416 ____A C:\Windows\Minidump\071712-24211-01.dmp
2012-07-17 01:01 - 2012-07-17 01:01 - 00144416 ____A C:\Windows\Minidump\071712-32697-01.dmp
2012-07-17 00:55 - 2012-07-17 00:55 - 00144416 ____A C:\Windows\Minidump\071712-33212-01.dmp
2012-07-17 00:50 - 2012-07-17 00:50 - 00144416 ____A C:\Windows\Minidump\071712-35412-01.dmp
2012-07-17 00:33 - 2012-07-17 00:34 - 00144416 ____A C:\Windows\Minidump\071712-32136-01.dmp
2012-07-17 00:28 - 2012-07-17 00:28 - 00144416 ____A C:\Windows\Minidump\071712-29874-01.dmp
2012-07-17 00:22 - 2012-07-17 00:22 - 00144416 ____A C:\Windows\Minidump\071712-33899-01.dmp
2012-07-17 00:16 - 2012-07-17 00:16 - 00144416 ____A C:\Windows\Minidump\071712-30466-01.dmp
2012-07-17 00:11 - 2012-07-17 00:11 - 00144416 ____A C:\Windows\Minidump\071712-29686-01.dmp
2012-07-17 00:05 - 2012-07-17 00:05 - 00144416 ____A C:\Windows\Minidump\071712-29265-01.dmp
2012-07-16 23:59 - 2012-07-16 23:59 - 00144416 ____A C:\Windows\Minidump\071712-32385-01.dmp
2012-07-16 23:54 - 2012-07-16 23:54 - 00144416 ____A C:\Windows\Minidump\071712-33758-01.dmp
2012-07-16 23:48 - 2012-07-16 23:48 - 00144416 ____A C:\Windows\Minidump\071712-29421-01.dmp
2012-07-16 23:42 - 2012-07-16 23:42 - 00144416 ____A C:\Windows\Minidump\071712-29000-01.dmp
2012-07-16 23:37 - 2012-07-17 20:12 - 00000000 ____D C:\Windows\Minidump
2012-07-16 23:37 - 2012-07-17 20:11 - 318642622 ____A C:\Windows\MEMORY.DMP
2012-07-16 23:37 - 2012-07-16 23:37 - 00144416 ____A C:\Windows\Minidump\071712-34585-01.dmp
2012-07-16 17:20 - 2012-07-16 17:24 - 07617024 ____A (Datel Design & Development Ltd) C:\Users\Frank Carlson\Desktop\Turbofire_Controller_setup.exe
2012-07-15 21:17 - 2012-07-15 23:20 - 00000381 ____A C:\Users\Frank Carlson\Downloads\EvoCustomizer.log
2012-07-15 21:15 - 2012-07-15 21:15 - 03133952 ____A C:\Users\Frank Carlson\Downloads\EvoCustomizer-1.3.exe
2012-07-11 02:11 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-11 02:11 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-11 02:11 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-11 02:11 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-11 02:11 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-11 02:11 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-11 02:11 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-11 02:11 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-11 02:11 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-11 02:11 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-11 02:11 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-11 02:11 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-11 02:11 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-11 02:11 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-11 02:04 - 2012-06-11 18:40 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-10 22:28 - 2012-07-10 22:28 - 00001135 ____A C:\Users\Frank Carlson\Desktop\remixbox 1.0.1.lnk
2012-07-10 18:51 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-10 18:51 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-10 18:51 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-10 18:51 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-07-10 18:51 - 2012-06-01 20:45 - 00134000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-10 18:51 - 2012-06-01 20:45 - 00067440 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-10 18:51 - 2012-06-01 20:40 - 00369336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-10 18:51 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-10 18:51 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-10 18:51 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-07-05 15:05 - 2012-07-05 15:05 - 00001753 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-07-05 15:04 - 2012-07-05 15:04 - 00000000 ____D C:\Program Files\iPod
2012-06-22 10:17 - 2012-06-22 10:17 - 00000995 ____A C:\Users\Public\Desktop\TuneUp.lnk
2012-06-22 10:16 - 2012-06-22 10:17 - 00000000 ____D C:\Program Files\TuneUpMedia
2012-06-21 05:36 - 2012-06-02 14:19 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-21 05:36 - 2012-06-02 14:19 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-21 05:36 - 2012-06-02 14:19 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-21 05:36 - 2012-06-02 14:19 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-21 05:36 - 2012-06-02 14:19 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-21 05:36 - 2012-06-02 14:12 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-21 05:36 - 2012-06-02 14:12 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-21 05:35 - 2012-06-02 14:19 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-21 05:35 - 2012-06-02 14:12 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe

============ 3 Months Modified Files ========================

2012-07-17 21:14 - 2012-07-17 21:14 - 00098992 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\00240933.sys
2012-07-17 21:09 - 2011-04-17 23:23 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-17 21:02 - 2012-07-17 21:02 - 02117152 ____A C:\Users\Frank Carlson\Downloads\tdsskiller.zip
2012-07-17 20:57 - 2012-07-17 20:57 - 00010416 ____A C:\Users\Frank Carlson\Desktop\log for malware 2.log
2012-07-17 20:45 - 2012-04-08 23:21 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-17 20:39 - 2010-10-10 18:13 - 01322993 ____A C:\Windows\WindowsUpdate.log
2012-07-17 20:38 - 2009-07-13 20:34 - 00014592 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-17 20:38 - 2009-07-13 20:34 - 00014592 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-17 20:36 - 2011-04-17 23:23 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-17 20:36 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-17 20:35 - 2009-07-13 20:39 - 00000556 ____A C:\Windows\setupact.log
2012-07-17 20:12 - 2012-07-17 20:12 - 00144416 ____A C:\Windows\Minidump\071712-23119-01.dmp
2012-07-17 20:11 - 2012-07-16 23:37 - 318642622 ____A C:\Windows\MEMORY.DMP
2012-07-17 19:46 - 2012-07-17 19:16 - 00001890 ____A C:\Windows\diagwrn.xml
2012-07-17 19:46 - 2012-07-17 19:16 - 00001890 ____A C:\Windows\diagerr.xml
2012-07-17 19:46 - 2009-07-13 20:39 - 00000000 ____A C:\Windows\setuperr.log
2012-07-17 19:11 - 2012-07-17 19:11 - 00011237 ____A C:\Users\Frank Carlson\Desktop\log for malware.log
2012-07-17 16:39 - 2012-07-17 16:38 - 00144416 ____A C:\Windows\Minidump\071712-25896-01.dmp
2012-07-17 16:28 - 2012-07-17 16:28 - 00144416 ____A C:\Windows\Minidump\071712-28626-01.dmp
2012-07-17 16:21 - 2011-04-10 02:24 - 00026446 ____A C:\Windows\PFRO.log
2012-07-17 15:43 - 2012-07-17 15:43 - 00144416 ____A C:\Windows\Minidump\071712-25443-01.dmp
2012-07-17 15:41 - 2012-07-17 15:41 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2012-07-17 11:59 - 2012-07-17 11:59 - 00144416 ____A C:\Windows\Minidump\071712-29390-01.dmp
2012-07-17 02:27 - 2012-07-17 02:27 - 00144416 ____A C:\Windows\Minidump\071712-26894-01.dmp
2012-07-17 01:27 - 2012-07-17 01:27 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Frank Carlson\Downloads\mbam-setup-1.62.0.1300.exe
2012-07-17 01:13 - 2012-07-17 01:13 - 00144416 ____A C:\Windows\Minidump\071712-24102-01.dmp
2012-07-17 01:07 - 2012-07-17 01:07 - 00144416 ____A C:\Windows\Minidump\071712-24211-01.dmp
2012-07-17 01:01 - 2012-07-17 01:01 - 00144416 ____A C:\Windows\Minidump\071712-32697-01.dmp
2012-07-17 00:55 - 2012-07-17 00:55 - 00144416 ____A C:\Windows\Minidump\071712-33212-01.dmp
2012-07-17 00:50 - 2012-07-17 00:50 - 00144416 ____A C:\Windows\Minidump\071712-35412-01.dmp
2012-07-17 00:34 - 2012-07-17 00:33 - 00144416 ____A C:\Windows\Minidump\071712-32136-01.dmp
2012-07-17 00:28 - 2012-07-17 00:28 - 00144416 ____A C:\Windows\Minidump\071712-29874-01.dmp
2012-07-17 00:22 - 2012-07-17 00:22 - 00144416 ____A C:\Windows\Minidump\071712-33899-01.dmp
2012-07-17 00:16 - 2012-07-17 00:16 - 00144416 ____A C:\Windows\Minidump\071712-30466-01.dmp
2012-07-17 00:11 - 2012-07-17 00:11 - 00144416 ____A C:\Windows\Minidump\071712-29686-01.dmp
2012-07-17 00:05 - 2012-07-17 00:05 - 00144416 ____A C:\Windows\Minidump\071712-29265-01.dmp
2012-07-16 23:59 - 2012-07-16 23:59 - 00144416 ____A C:\Windows\Minidump\071712-32385-01.dmp
2012-07-16 23:54 - 2012-07-16 23:54 - 00144416 ____A C:\Windows\Minidump\071712-33758-01.dmp
2012-07-16 23:48 - 2012-07-16 23:48 - 00144416 ____A C:\Windows\Minidump\071712-29421-01.dmp
2012-07-16 23:42 - 2012-07-16 23:42 - 00144416 ____A C:\Windows\Minidump\071712-29000-01.dmp
2012-07-16 23:38 - 2009-07-13 20:53 - 00032538 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-16 23:37 - 2012-07-16 23:37 - 00144416 ____A C:\Windows\Minidump\071712-34585-01.dmp
2012-07-16 21:11 - 2012-07-17 21:03 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Frank Carlson\Desktop\TDSSKiller.exe
2012-07-16 17:24 - 2012-07-16 17:20 - 07617024 ____A (Datel Design & Development Ltd) C:\Users\Frank Carlson\Desktop\Turbofire_Controller_setup.exe
2012-07-15 23:20 - 2012-07-15 21:17 - 00000381 ____A C:\Users\Frank Carlson\Downloads\EvoCustomizer.log
2012-07-15 21:15 - 2012-07-15 21:15 - 03133952 ____A C:\Users\Frank Carlson\Downloads\EvoCustomizer-1.3.exe
2012-07-12 11:07 - 2011-05-11 16:03 - 00002290 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-07-11 22:45 - 2012-05-05 05:45 - 09822920 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerInstaller.exe
2012-07-11 22:45 - 2012-04-08 23:21 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-07-11 22:45 - 2011-06-03 21:24 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-07-11 19:53 - 2009-07-13 20:33 - 00445120 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-11 02:05 - 2011-04-10 21:51 - 57442464 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-10 22:28 - 2012-07-10 22:28 - 00001135 ____A C:\Users\Frank Carlson\Desktop\remixbox 1.0.1.lnk
2012-07-05 15:05 - 2012-07-05 15:05 - 00001753 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-07-03 12:46 - 2012-07-17 01:28 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-02 01:49 - 2011-09-01 09:43 - 00000890 ____A C:\Users\Frank Carlson\Desktop\alex vs peter.txt
2012-07-01 18:36 - 2010-10-10 19:24 - 00792468 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-22 10:17 - 2012-06-22 10:17 - 00000995 ____A C:\Users\Public\Desktop\TuneUp.lnk
2012-06-13 03:07 - 2012-06-13 03:07 - 00000981 ____A C:\Users\Frank Carlson\Desktop\NetTools.lnk
2012-06-13 03:04 - 2012-06-13 03:04 - 00463080 ____A (CNET Download.com) C:\Users\Frank Carlson\Downloads\cnet2_NetTools5_0_70_zip.exe
2012-06-11 18:40 - 2012-07-11 02:04 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-08 20:41 - 2012-07-10 18:51 - 12873728 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-05 21:05 - 2012-07-10 18:51 - 01390080 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 21:05 - 2012-07-10 18:51 - 01236992 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 21:03 - 2012-07-10 18:51 - 00805376 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-02 14:19 - 2012-06-21 05:36 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-21 05:36 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-21 05:36 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-21 05:36 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-21 05:36 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:19 - 2012-06-21 05:35 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 14:12 - 2012-06-21 05:36 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:12 - 2012-06-21 05:36 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 14:12 - 2012-06-21 05:35 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 01:07 - 2012-07-11 02:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 00:43 - 2012-07-11 02:11 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 00:33 - 2012-07-11 02:11 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 00:26 - 2012-07-11 02:11 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 00:25 - 2012-07-11 02:11 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 00:25 - 2012-07-11 02:11 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 00:23 - 2012-07-11 02:11 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 00:21 - 2012-07-11 02:11 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 00:20 - 2012-07-11 02:11 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 00:19 - 2012-07-11 02:11 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 00:19 - 2012-07-11 02:11 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 00:17 - 2012-07-11 02:11 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 00:16 - 2012-07-11 02:11 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 00:14 - 2012-07-11 02:11 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-01 20:45 - 2012-07-10 18:51 - 00134000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 20:45 - 2012-07-10 18:51 - 00067440 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 20:40 - 2012-07-10 18:51 - 00369336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 20:40 - 2012-07-10 18:51 - 00225280 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 20:39 - 2012-07-10 18:51 - 00219136 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 00:32 - 2011-08-22 21:25 - 00002310 ____A C:\Users\Public\Desktop\Norton AntiVirus.lnk
2012-05-18 16:37 - 2012-05-18 16:37 - 00002503 ____A C:\Users\Public\Desktop\Skype.lnk
2012-05-17 14:36 - 2012-05-17 14:36 - 00001815 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2012-05-11 01:02 - 2011-11-17 16:17 - 00002479 ____A C:\Users\Public\Desktop\Safari.lnk
2012-05-03 09:55 - 2012-05-03 09:55 - 00000921 ____A C:\Users\Public\Desktop\Batch PDF Merger.lnk
2012-05-03 09:54 - 2012-05-03 09:54 - 37370731 ____A C:\Users\Frank Carlson\Downloads\BatchPDFMerger-Setup23.exe
2012-05-03 09:52 - 2012-05-03 09:52 - 00463080 ____A (CNET Download.com) C:\Users\Frank Carlson\Downloads\cnet2_BatchPDFMerger-Setup23_exe.exe
2012-05-02 22:43 - 2012-05-02 22:43 - 00001147 ____A C:\Users\Frank Carlson\Desktop\rekordbox 1.5.4.lnk
2012-05-02 02:02 - 2011-04-09 02:34 - 00001945 ____A C:\Windows\epplauncher.mif
2012-04-30 20:44 - 2012-06-12 19:50 - 00164352 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-27 19:17 - 2012-06-12 19:50 - 00183808 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-25 20:45 - 2012-06-12 19:50 - 00129536 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 20:45 - 2012-06-12 19:50 - 00058880 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 20:41 - 2012-06-12 19:50 - 00008192 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-23 20:36 - 2012-06-12 19:50 - 01158656 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 20:36 - 2012-06-12 19:50 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 20:36 - 2012-06-12 19:50 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll


========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 20%
Total physical RAM: 2039.55 MB
Available physical RAM: 1628.7 MB
Total Pagefile: 2039.55 MB
Available Pagefile: 1635.67 MB
Total Virtual: 2047.88 MB
Available Virtual: 1979.22 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:297.99 GB) (Free:183.12 GB) NTFS
2 Drive e: (Repair disc Windows 7 32-bit) (CDROM) (Total:0.14 GB) (Free:0 GB) UDF
3 Drive f: () (Removable) (Total:3.7 GB) (Free:3.7 GB) FAT32
7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
8 Drive y: () (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 3796 MB 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 297 GB 101 MB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y NTFS Partition 100 MB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 297 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3792 MB 4096 KB

==================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FAT32 Removable 3792 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-08 01:08

======================= End Of Log ==========================

#3 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:49 PM

Posted 19 July 2012 - 12:01 PM

Hello kaomoji,

Welcome to the forum.

That is a pity we don't have the TDSSKiller log. Let's take a look at the MBR.

Download MBRFix. Save and extract its contents to the desktop. Once extracted, there will be three files in the folder. Copy just the MBRFix application to the USB drive.

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
cmd: f:\MbrFix /drive 0 savembr f:\MBRDUMP.txt
cmd: bcdedit /enum all
cmd: bcdedit /enum all /store y:\boot\BCD 
end

Now please enter System Recovery Options and select "Command Prompt".

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply. It will also produce another file, MBRDUMP.txt, on the flash drive that although it may look a text file, it is a hex file. You must attach this report on your reply instead of posting its contents.

#4 kaomoji

kaomoji
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 19 July 2012 - 10:58 PM

Hello, and thank you for your fast response!

I did everything exactly as you said, but when I went to press the "Fix" button just once on the FRST.exe program, it ran for about 5 seconds, then gave me this message:

cmd.exe - No Disc

There is no disc in the drive, please insert a disc into drive
\Device\Harddisk1\DR1

Cancel Try again Continue


so I select "Try again" as an option and about 5 seconds later it finished, and gave me the "Fixlog.txt", but when I went to go back to my other computer to check the flash drive, there was no file called "MBRDUMP.txt", actually no other files had been added at all for that matter. The only additional file that had been added to my flash drive was "Fixlog.txt". Here it is as follows:


Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 16-07-2012 01
Ran by SYSTEM at 2012-07-19 20:29:47 Run:1
Running from H:\

==============================================


========= f:\MbrFix /drive 0 savembr f:\MBRDUMP.txt =========

The device is not ready.

========= End of CMD: =========


========= bcdedit /enum all =========


Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=Y:
path \bootmgr
description Windows Boot Manager
locale en-US
inherit {globalsettings}
default {default}
resumeobject {fad677af-d4e4-11df-825a-81ccb4a7d7b5}
displayorder {default}
toolsdisplayorder {memdiag}
timeout 30

Windows Boot Loader
-------------------
identifier {default}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale en-US
inherit {bootloadersettings}
recoverysequence {fad677b1-d4e4-11df-825a-81ccb4a7d7b5}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {fad677af-d4e4-11df-825a-81ccb4a7d7b5}
nx OptIn

Windows Boot Loader
-------------------
identifier {fad677b1-d4e4-11df-825a-81ccb4a7d7b5}
device ramdisk=[C:]\Recovery\fad677b1-d4e4-11df-825a-81ccb4a7d7b5\Winre.wim,{fad677b2-d4e4-11df-825a-81ccb4a7d7b5}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[C:]\Recovery\fad677b1-d4e4-11df-825a-81ccb4a7d7b5\Winre.wim,{fad677b2-d4e4-11df-825a-81ccb4a7d7b5}
systemroot \windows
nx OptIn
winpe Yes

Resume from Hibernate
---------------------
identifier {fad677af-d4e4-11df-825a-81ccb4a7d7b5}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
pae No
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device partition=Y:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes

EMS Settings
------------
identifier {emssettings}
bootems Yes

Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {badmemory}

Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}

Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}

Device options
--------------
identifier {fad677b2-d4e4-11df-825a-81ccb4a7d7b5}
description Ramdisk Options
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\fad677b1-d4e4-11df-825a-81ccb4a7d7b5\boot.sdi

========= End of CMD: =========


========= bcdedit /enum all /store y:\boot\BCD =========


Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=Y:
path \bootmgr
description Windows Boot Manager
locale en-US
inherit {globalsettings}
default {default}
resumeobject {fad677af-d4e4-11df-825a-81ccb4a7d7b5}
displayorder {default}
toolsdisplayorder {memdiag}
timeout 30

Windows Boot Loader
-------------------
identifier {default}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale en-US
inherit {bootloadersettings}
recoverysequence {fad677b1-d4e4-11df-825a-81ccb4a7d7b5}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {fad677af-d4e4-11df-825a-81ccb4a7d7b5}
nx OptIn

Windows Boot Loader
-------------------
identifier {fad677b1-d4e4-11df-825a-81ccb4a7d7b5}
device ramdisk=[C:]\Recovery\fad677b1-d4e4-11df-825a-81ccb4a7d7b5\Winre.wim,{fad677b2-d4e4-11df-825a-81ccb4a7d7b5}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[C:]\Recovery\fad677b1-d4e4-11df-825a-81ccb4a7d7b5\Winre.wim,{fad677b2-d4e4-11df-825a-81ccb4a7d7b5}
systemroot \windows
nx OptIn
winpe Yes

Resume from Hibernate
---------------------
identifier {fad677af-d4e4-11df-825a-81ccb4a7d7b5}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
pae No
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device partition=Y:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes

EMS Settings
------------
identifier {emssettings}
bootems Yes

Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {badmemory}

Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}

Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}

Device options
--------------
identifier {fad677b2-d4e4-11df-825a-81ccb4a7d7b5}
description Ramdisk Options
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\fad677b1-d4e4-11df-825a-81ccb4a7d7b5\boot.sdi

========= End of CMD: =========


==== End of Fixlog ====

#5 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:49 PM

Posted 20 July 2012 - 05:08 AM

My script was based on the drive letter of the flash drive (F) when you run FRST, this time the drive letter was H. That is the reason the script didn't work. This time we take all possibilities into account.

Please replace the content of fixlist.txt with the following script and redo the previous post.

start
Folder: C:\TDSSKiller_Quarantine
if exist f:\mbrfix.exe  f:\MbrFix /drive 0 savembr f:\MBRDUMP.txt
if exist h:\mbrfix.exe  h:\MbrFix /drive 0 savembr h:\MBRDUMP.txt
if exist g:\mbrfix.exe  g:\MbrFix /drive 0 savembr g:\MBRDUMP.txt
end


#6 kaomoji

kaomoji
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 20 July 2012 - 07:14 AM

It seems to have worked this time with no error messages. However, before I did anything, I checked to see what was going on with the letter assignment to drive thing. I did this by restarting the computer multiple times with the flash drive in the exact same slot, and every time the computer was restarted, the computer assigned the flash drive a different letter almost every time (I have 7 removable storage disc drives so a random letter from E:\ to K:\ was assigned). I don't know if this info helps, or you already knew that, but I'd rather you have too much info then not enough.
Thank you for your continued assistance.
Here is the Log:



Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 16-07-2012 01
Ran by SYSTEM at 2012-07-20 04:48:01 Run:2
Running from H:\

==============================================


========================= Folder: C:\TDSSKiller_Quarantine ========================

2012-07-17 21:04 - 2012-07-17 21:04 - 0000000 ____D () C:\TDSSKiller_Quarantine\17.07.2012_22.03.14
2012-07-17 21:07 - 2012-07-17 21:14 - 0000000 ____D () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20
2012-07-17 21:04 - 2012-07-17 21:04 - 0000000 ____D () C:\TDSSKiller_Quarantine\17.07.2012_22.03.14\mbr0000
2012-07-17 21:04 - 2012-07-17 21:05 - 0000000 ____D () C:\TDSSKiller_Quarantine\17.07.2012_22.03.14\mbr0000\mbr0000
2012-07-17 21:04 - 2012-07-17 21:04 - 0000100 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.03.14\mbr0000\object.ini
2012-07-17 21:04 - 2012-07-17 21:05 - 0000000 ____D () C:\TDSSKiller_Quarantine\17.07.2012_22.03.14\mbr0000\tdlfs0000
2012-07-17 21:04 - 2012-07-17 21:04 - 0000118 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.03.14\mbr0000\mbr0000\object.ini
2012-07-17 21:04 - 2012-07-17 21:04 - 0000068 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.03.14\mbr0000\mbr0000\tsk0000.ini
2012-07-17 21:04 - 2012-07-17 21:04 - 0417168 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.03.14\mbr0000\mbr0000\tsk0001.dta
2012-07-17 21:04 - 2012-07-17 21:04 - 0000074 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.03.14\mbr0000\mbr0000\tsk0001.ini
2012-07-17 21:04 - 2012-07-17 21:04 - 0000150 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.03.14\mbr0000\tdlfs0000\object.ini
2012-07-17 21:04 - 2012-07-17 21:04 - 0000512 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.03.14\mbr0000\tdlfs0000\tsk0000.dta
2012-07-17 21:04 - 2012-07-17 21:04 - 0000154 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.03.14\mbr0000\tdlfs0000\tsk0000.ini
2012-07-17 21:04 - 2012-07-17 21:04 - 0031744 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.03.14\mbr0000\tdlfs0000\tsk0001.dta
2012-07-17 21:04 - 2012-07-17 21:04 - 0000164 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.03.14\mbr0000\tdlfs0000\tsk0001.ini
2012-07-17 21:04 - 2012-07-17 21:04 - 0003072 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.03.14\mbr0000\tdlfs0000\tsk0002.dta
2012-07-17 21:04 - 2012-07-17 21:04 - 0000166 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.03.14\mbr0000\tdlfs0000\tsk0002.ini
2012-07-17 21:04 - 2012-07-17 21:04 - 0000164 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.03.14\mbr0000\tdlfs0000\tsk0003.ini
2012-07-17 21:04 - 2012-07-17 21:04 - 0010240 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.03.14\mbr0000\tdlfs0000\tsk0004.dta
2012-07-17 21:04 - 2012-07-17 21:04 - 0000166 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.03.14\mbr0000\tdlfs0000\tsk0004.ini
2012-07-17 21:04 - 2012-07-17 21:04 - 0037376 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.03.14\mbr0000\tdlfs0000\tsk0005.dta
2012-07-17 21:04 - 2012-07-17 21:04 - 0000160 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.03.14\mbr0000\tdlfs0000\tsk0005.ini
2012-07-17 21:04 - 2012-07-17 21:04 - 0022528 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.03.14\mbr0000\tdlfs0000\tsk0006.dta
2012-07-17 21:04 - 2012-07-17 21:04 - 0000160 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.03.14\mbr0000\tdlfs0000\tsk0006.ini
2012-07-17 21:04 - 2012-07-17 21:04 - 0000226 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.03.14\mbr0000\tdlfs0000\tsk0007.dta
2012-07-17 21:04 - 2012-07-17 21:04 - 0000168 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.03.14\mbr0000\tdlfs0000\tsk0007.ini
2012-07-17 21:04 - 2012-07-17 21:04 - 0000193 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.03.14\mbr0000\tdlfs0000\tsk0008.dta
2012-07-17 21:04 - 2012-07-17 21:04 - 0000166 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.03.14\mbr0000\tdlfs0000\tsk0008.ini
2012-07-17 21:04 - 2012-07-17 21:04 - 0001233 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.03.14\mbr0000\tdlfs0000\tsk0009.dta
2012-07-17 21:04 - 2012-07-17 21:04 - 0000158 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.03.14\mbr0000\tdlfs0000\tsk0009.ini
2012-07-17 21:04 - 2012-07-17 21:04 - 0000158 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.03.14\mbr0000\tdlfs0000\tsk0010.ini
2012-07-17 21:04 - 2012-07-17 21:04 - 0000158 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.03.14\mbr0000\tdlfs0000\tsk0011.ini
2012-07-17 21:04 - 2012-07-17 21:04 - 0000070 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.03.14\mbr0000\tdlfs0000\tsk0012.dta
2012-07-17 21:04 - 2012-07-17 21:04 - 0000146 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.03.14\mbr0000\tdlfs0000\tsk0012.ini
2012-07-17 21:04 - 2012-07-17 21:04 - 0000028 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.03.14\mbr0000\tdlfs0000\tsk0013.dta
2012-07-17 21:04 - 2012-07-17 21:04 - 0000146 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.03.14\mbr0000\tdlfs0000\tsk0013.ini
2012-07-17 21:07 - 2012-07-17 21:07 - 0000000 ____D () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0000
2012-07-17 21:10 - 2012-07-17 21:11 - 0000000 ____D () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0001
2012-07-17 21:14 - 2012-07-17 21:14 - 0000000 ____D () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0002
2012-07-17 21:07 - 2012-07-17 21:07 - 0000000 ____D () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0000
2012-07-17 21:07 - 2012-07-17 21:07 - 0000000 ____D () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0001
2012-07-17 21:07 - 2012-07-17 21:07 - 0000000 ____D () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0002
2012-07-17 21:07 - 2012-07-17 21:07 - 0000000 ____D () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0003
2012-07-17 21:07 - 2012-07-17 21:07 - 0000000 ____D () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0004
2012-07-17 21:07 - 2012-07-17 21:07 - 0000000 ____D () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0005
2012-07-17 21:07 - 2012-07-17 21:07 - 0000000 ____D () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0006
2012-07-17 21:07 - 2012-07-17 21:07 - 0000000 ____D () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0007
2012-07-17 21:10 - 2012-07-17 21:10 - 0000000 ____D () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0008
2012-07-17 21:10 - 2012-07-17 21:10 - 0000000 ____D () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0009
2012-07-17 21:10 - 2012-07-17 21:10 - 0000000 ____D () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0010
2012-07-17 21:10 - 2012-07-17 21:10 - 0000000 ____D () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0011
2012-07-17 21:10 - 2012-07-17 21:10 - 0000000 ____D () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0012
2012-07-17 21:10 - 2012-07-17 21:10 - 0000000 ____D () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0013
2012-07-17 21:10 - 2012-07-17 21:10 - 0000000 ____D () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0014
2012-07-17 21:10 - 2012-07-17 21:10 - 0000000 ____D () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0015
2012-07-17 21:14 - 2012-07-17 21:14 - 0000000 ____D () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0016
2012-07-17 21:14 - 2012-07-17 21:14 - 0000000 ____D () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0017
2012-07-17 21:14 - 2012-07-17 21:14 - 0000000 ____D () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0018
2012-07-17 21:14 - 2012-07-17 21:14 - 0000000 ____D () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0019
2012-07-17 21:14 - 2012-07-17 21:14 - 0000000 ____D () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0020
2012-07-17 21:14 - 2012-07-17 21:14 - 0000000 ____D () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0021
2012-07-17 21:14 - 2012-07-17 21:14 - 0000000 ____D () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0022
2012-07-17 21:14 - 2012-07-17 21:14 - 0000000 ____D () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0023
2012-07-17 21:07 - 2012-07-17 21:08 - 0000000 ____D () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\tdlfs0000
2012-07-17 21:11 - 2012-07-17 21:11 - 0000000 ____D () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\tdlfs0001
2012-07-17 21:14 - 2012-07-17 21:14 - 0000000 ____D () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\tdlfs0002
2012-07-17 21:07 - 2012-07-17 21:07 - 0000000 ____D () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0000\mbr0000
2012-07-17 21:07 - 2012-07-17 21:07 - 0000100 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0000\object.ini
2012-07-17 21:07 - 2012-07-17 21:08 - 0000000 ____D () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0000\tdlfs0000
2012-07-17 21:07 - 2012-07-17 21:07 - 0000118 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0000\mbr0000\object.ini
2012-07-17 21:07 - 2012-07-17 21:07 - 0000068 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0000\mbr0000\tsk0000.ini
2012-07-17 21:07 - 2012-07-17 21:07 - 0417168 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0000\mbr0000\tsk0001.dta
2012-07-17 21:07 - 2012-07-17 21:07 - 0000074 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0000\mbr0000\tsk0001.ini
2012-07-17 21:07 - 2012-07-17 21:07 - 0000150 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0000\tdlfs0000\object.ini
2012-07-17 21:07 - 2012-07-17 21:07 - 0000512 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0000\tdlfs0000\tsk0000.dta
2012-07-17 21:07 - 2012-07-17 21:07 - 0000154 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0000\tdlfs0000\tsk0000.ini
2012-07-17 21:07 - 2012-07-17 21:07 - 0031744 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0000\tdlfs0000\tsk0001.dta
2012-07-17 21:07 - 2012-07-17 21:07 - 0000164 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0000\tdlfs0000\tsk0001.ini
2012-07-17 21:07 - 2012-07-17 21:07 - 0003072 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0000\tdlfs0000\tsk0002.dta
2012-07-17 21:07 - 2012-07-17 21:07 - 0000166 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0000\tdlfs0000\tsk0002.ini
2012-07-17 21:07 - 2012-07-17 21:07 - 0000164 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0000\tdlfs0000\tsk0003.ini
2012-07-17 21:07 - 2012-07-17 21:07 - 0010240 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0000\tdlfs0000\tsk0004.dta
2012-07-17 21:07 - 2012-07-17 21:07 - 0000166 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0000\tdlfs0000\tsk0004.ini
2012-07-17 21:07 - 2012-07-17 21:07 - 0037376 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0000\tdlfs0000\tsk0005.dta
2012-07-17 21:07 - 2012-07-17 21:07 - 0000160 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0000\tdlfs0000\tsk0005.ini
2012-07-17 21:07 - 2012-07-17 21:07 - 0022528 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0000\tdlfs0000\tsk0006.dta
2012-07-17 21:07 - 2012-07-17 21:07 - 0000160 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0000\tdlfs0000\tsk0006.ini
2012-07-17 21:07 - 2012-07-17 21:07 - 0000226 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0000\tdlfs0000\tsk0007.dta
2012-07-17 21:07 - 2012-07-17 21:07 - 0000168 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0000\tdlfs0000\tsk0007.ini
2012-07-17 21:07 - 2012-07-17 21:07 - 0000193 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0000\tdlfs0000\tsk0008.dta
2012-07-17 21:07 - 2012-07-17 21:07 - 0000166 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0000\tdlfs0000\tsk0008.ini
2012-07-17 21:07 - 2012-07-17 21:07 - 0001233 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0000\tdlfs0000\tsk0009.dta
2012-07-17 21:07 - 2012-07-17 21:07 - 0000158 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0000\tdlfs0000\tsk0009.ini
2012-07-17 21:07 - 2012-07-17 21:07 - 0000158 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0000\tdlfs0000\tsk0010.ini
2012-07-17 21:07 - 2012-07-17 21:07 - 0000158 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0000\tdlfs0000\tsk0011.ini
2012-07-17 21:07 - 2012-07-17 21:07 - 0000070 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0000\tdlfs0000\tsk0012.dta
2012-07-17 21:07 - 2012-07-17 21:07 - 0000146 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0000\tdlfs0000\tsk0012.ini
2012-07-17 21:07 - 2012-07-17 21:07 - 0000028 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0000\tdlfs0000\tsk0013.dta
2012-07-17 21:07 - 2012-07-17 21:07 - 0000146 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0000\tdlfs0000\tsk0013.ini
2012-07-17 21:10 - 2012-07-17 21:11 - 0000000 ____D () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0001\mbr0000
2012-07-17 21:10 - 2012-07-17 21:11 - 0000100 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0001\object.ini
2012-07-17 21:11 - 2012-07-17 21:11 - 0000000 ____D () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0001\tdlfs0000
2012-07-17 21:10 - 2012-07-17 21:11 - 0000118 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0001\mbr0000\object.ini
2012-07-17 21:10 - 2012-07-17 21:11 - 0000068 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0001\mbr0000\tsk0000.ini
2012-07-17 21:10 - 2012-07-17 21:10 - 0417168 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0001\mbr0000\tsk0001.dta
2012-07-17 21:10 - 2012-07-17 21:10 - 0000074 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0001\mbr0000\tsk0001.ini
2012-07-17 21:11 - 2012-07-17 21:11 - 0000150 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0001\tdlfs0000\object.ini
2012-07-17 21:11 - 2012-07-17 21:11 - 0000512 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0001\tdlfs0000\tsk0000.dta
2012-07-17 21:11 - 2012-07-17 21:11 - 0000154 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0001\tdlfs0000\tsk0000.ini
2012-07-17 21:11 - 2012-07-17 21:11 - 0031744 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0001\tdlfs0000\tsk0001.dta
2012-07-17 21:11 - 2012-07-17 21:11 - 0000164 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0001\tdlfs0000\tsk0001.ini
2012-07-17 21:11 - 2012-07-17 21:11 - 0003072 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0001\tdlfs0000\tsk0002.dta
2012-07-17 21:11 - 2012-07-17 21:11 - 0000166 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0001\tdlfs0000\tsk0002.ini
2012-07-17 21:11 - 2012-07-17 21:11 - 0000164 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0001\tdlfs0000\tsk0003.ini
2012-07-17 21:11 - 2012-07-17 21:11 - 0010240 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0001\tdlfs0000\tsk0004.dta
2012-07-17 21:11 - 2012-07-17 21:11 - 0000166 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0001\tdlfs0000\tsk0004.ini
2012-07-17 21:11 - 2012-07-17 21:11 - 0037376 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0001\tdlfs0000\tsk0005.dta
2012-07-17 21:11 - 2012-07-17 21:11 - 0000160 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0001\tdlfs0000\tsk0005.ini
2012-07-17 21:11 - 2012-07-17 21:11 - 0022528 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0001\tdlfs0000\tsk0006.dta
2012-07-17 21:11 - 2012-07-17 21:11 - 0000160 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0001\tdlfs0000\tsk0006.ini
2012-07-17 21:11 - 2012-07-17 21:11 - 0000226 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0001\tdlfs0000\tsk0007.dta
2012-07-17 21:11 - 2012-07-17 21:11 - 0000168 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0001\tdlfs0000\tsk0007.ini
2012-07-17 21:11 - 2012-07-17 21:11 - 0000193 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0001\tdlfs0000\tsk0008.dta
2012-07-17 21:11 - 2012-07-17 21:11 - 0000166 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0001\tdlfs0000\tsk0008.ini
2012-07-17 21:11 - 2012-07-17 21:11 - 0001233 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0001\tdlfs0000\tsk0009.dta
2012-07-17 21:11 - 2012-07-17 21:11 - 0000158 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0001\tdlfs0000\tsk0009.ini
2012-07-17 21:11 - 2012-07-17 21:11 - 0000158 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0001\tdlfs0000\tsk0010.ini
2012-07-17 21:11 - 2012-07-17 21:11 - 0000158 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0001\tdlfs0000\tsk0011.ini
2012-07-17 21:11 - 2012-07-17 21:11 - 0000070 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0001\tdlfs0000\tsk0012.dta
2012-07-17 21:11 - 2012-07-17 21:11 - 0000146 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0001\tdlfs0000\tsk0012.ini
2012-07-17 21:11 - 2012-07-17 21:11 - 0000028 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0001\tdlfs0000\tsk0013.dta
2012-07-17 21:11 - 2012-07-17 21:11 - 0000146 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0001\tdlfs0000\tsk0013.ini
2012-07-17 21:14 - 2012-07-17 21:15 - 0000000 ____D () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0002\mbr0000
2012-07-17 21:14 - 2012-07-17 21:14 - 0000100 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0002\object.ini
2012-07-17 21:14 - 2012-07-17 21:14 - 0000000 ____D () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0002\tdlfs0000
2012-07-17 21:14 - 2012-07-17 21:14 - 0000118 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0002\mbr0000\object.ini
2012-07-17 21:14 - 2012-07-17 21:14 - 0000068 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0002\mbr0000\tsk0000.ini
2012-07-17 21:14 - 2012-07-17 21:14 - 0417168 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0002\mbr0000\tsk0001.dta
2012-07-17 21:14 - 2012-07-17 21:14 - 0000074 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0002\mbr0000\tsk0001.ini
2012-07-17 21:14 - 2012-07-17 21:14 - 0000150 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0002\tdlfs0000\object.ini
2012-07-17 21:14 - 2012-07-17 21:14 - 0000512 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0002\tdlfs0000\tsk0000.dta
2012-07-17 21:14 - 2012-07-17 21:14 - 0000154 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0002\tdlfs0000\tsk0000.ini
2012-07-17 21:14 - 2012-07-17 21:14 - 0031744 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0002\tdlfs0000\tsk0001.dta
2012-07-17 21:14 - 2012-07-17 21:14 - 0000164 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0002\tdlfs0000\tsk0001.ini
2012-07-17 21:14 - 2012-07-17 21:14 - 0003072 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0002\tdlfs0000\tsk0002.dta
2012-07-17 21:14 - 2012-07-17 21:14 - 0000166 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0002\tdlfs0000\tsk0002.ini
2012-07-17 21:14 - 2012-07-17 21:14 - 0000164 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0002\tdlfs0000\tsk0003.ini
2012-07-17 21:14 - 2012-07-17 21:14 - 0010240 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0002\tdlfs0000\tsk0004.dta
2012-07-17 21:14 - 2012-07-17 21:14 - 0000166 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0002\tdlfs0000\tsk0004.ini
2012-07-17 21:14 - 2012-07-17 21:14 - 0037376 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0002\tdlfs0000\tsk0005.dta
2012-07-17 21:14 - 2012-07-17 21:14 - 0000160 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0002\tdlfs0000\tsk0005.ini
2012-07-17 21:14 - 2012-07-17 21:14 - 0022528 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0002\tdlfs0000\tsk0006.dta
2012-07-17 21:14 - 2012-07-17 21:14 - 0000160 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0002\tdlfs0000\tsk0006.ini
2012-07-17 21:14 - 2012-07-17 21:14 - 0000226 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0002\tdlfs0000\tsk0007.dta
2012-07-17 21:14 - 2012-07-17 21:14 - 0000168 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0002\tdlfs0000\tsk0007.ini
2012-07-17 21:14 - 2012-07-17 21:14 - 0000193 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0002\tdlfs0000\tsk0008.dta
2012-07-17 21:14 - 2012-07-17 21:14 - 0000166 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0002\tdlfs0000\tsk0008.ini
2012-07-17 21:14 - 2012-07-17 21:14 - 0001233 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0002\tdlfs0000\tsk0009.dta
2012-07-17 21:14 - 2012-07-17 21:14 - 0000158 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0002\tdlfs0000\tsk0009.ini
2012-07-17 21:14 - 2012-07-17 21:14 - 0003142 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0002\tdlfs0000\tsk0010.dta
2012-07-17 21:14 - 2012-07-17 21:14 - 0000158 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0002\tdlfs0000\tsk0010.ini
2012-07-17 21:14 - 2012-07-17 21:14 - 0003656 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0002\tdlfs0000\tsk0011.dta
2012-07-17 21:14 - 2012-07-17 21:14 - 0000158 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0002\tdlfs0000\tsk0011.ini
2012-07-17 21:14 - 2012-07-17 21:14 - 0000070 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0002\tdlfs0000\tsk0012.dta
2012-07-17 21:14 - 2012-07-17 21:14 - 0000146 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0002\tdlfs0000\tsk0012.ini
2012-07-17 21:14 - 2012-07-17 21:14 - 0000028 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0002\tdlfs0000\tsk0013.dta
2012-07-17 21:14 - 2012-07-17 21:14 - 0000146 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\mbr0002\tdlfs0000\tsk0013.ini
2012-07-17 21:07 - 2012-07-17 21:07 - 0000112 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0000\object.ini
2012-07-17 21:07 - 2012-07-17 21:07 - 0000000 ____D () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0000\svc0000
2012-07-17 21:07 - 2012-07-17 21:07 - 0000348 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0000\svc0000\object.ini
2012-07-17 21:07 - 2012-07-17 21:07 - 0262144 ____A (Nero AG) C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0000\svc0000\tsk0000.dta
2012-07-17 21:07 - 2012-07-17 21:07 - 0000282 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0000\svc0000\tsk0000.ini
2012-07-17 21:07 - 2012-07-17 21:07 - 0000112 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0001\object.ini
2012-07-17 21:07 - 2012-07-17 21:07 - 0000000 ____D () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0001\svc0000
2012-07-17 21:07 - 2012-07-17 21:07 - 0000260 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0001\svc0000\object.ini
2012-07-17 21:07 - 2012-07-17 21:07 - 0030336 ____A (Politecnico di Torino) C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0001\svc0000\tsk0000.dta
2012-07-17 21:07 - 2012-07-17 21:07 - 0000230 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0001\svc0000\tsk0000.ini
2012-07-17 21:07 - 2012-07-17 21:07 - 0000112 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0002\object.ini
2012-07-17 21:07 - 2012-07-17 21:07 - 0000000 ____D () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0002\svc0000
2012-07-17 21:07 - 2012-07-17 21:07 - 0000354 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0002\svc0000\object.ini
2012-07-17 21:07 - 2012-07-17 21:07 - 0077824 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0002\svc0000\tsk0000.dta
2012-07-17 21:07 - 2012-07-17 21:07 - 0000230 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0002\svc0000\tsk0000.ini
2012-07-17 21:07 - 2012-07-17 21:07 - 0000112 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0003\object.ini
2012-07-17 21:07 - 2012-07-17 21:07 - 0000000 ____D () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0003\svc0000
2012-07-17 21:07 - 2012-07-17 21:07 - 0000192 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0003\svc0000\object.ini
2012-07-17 21:07 - 2012-07-17 21:07 - 0059388 ____A (PowerISO Computing, Inc.) C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0003\svc0000\tsk0000.dta
2012-07-17 21:07 - 2012-07-17 21:07 - 0000236 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0003\svc0000\tsk0000.ini
2012-07-17 21:07 - 2012-07-17 21:07 - 0000112 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0004\object.ini
2012-07-17 21:07 - 2012-07-17 21:07 - 0000000 ____D () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0004\svc0000
2012-07-17 21:07 - 2012-07-17 21:07 - 0000280 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0004\svc0000\object.ini
2012-07-17 21:07 - 2012-07-17 21:07 - 0241628 ____A (Syntek America Inc.) C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0004\svc0000\tsk0000.dta
2012-07-17 21:07 - 2012-07-17 21:07 - 0000240 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0004\svc0000\tsk0000.ini
2012-07-17 21:07 - 2012-07-17 21:07 - 0000112 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0005\object.ini
2012-07-17 21:07 - 2012-07-17 21:07 - 0000000 ____D () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0005\svc0000
2012-07-17 21:07 - 2012-07-17 21:07 - 0000268 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0005\svc0000\object.ini
2012-07-17 21:07 - 2012-07-17 21:07 - 0024576 ____A (Syntek America Inc.) C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0005\svc0000\tsk0000.dta
2012-07-17 21:07 - 2012-07-17 21:07 - 0000224 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0005\svc0000\tsk0000.ini
2012-07-17 21:07 - 2012-07-17 21:07 - 0000112 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0006\object.ini
2012-07-17 21:07 - 2012-07-17 21:07 - 0000000 ____D () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0006\svc0000
2012-07-17 21:07 - 2012-07-17 21:07 - 0000276 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0006\svc0000\object.ini
2012-07-17 21:07 - 2012-07-17 21:07 - 0004772 ____A (Syntek America Inc.) C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0006\svc0000\tsk0000.dta
2012-07-17 21:07 - 2012-07-17 21:07 - 0000238 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0006\svc0000\tsk0000.ini
2012-07-17 21:07 - 2012-07-17 21:07 - 0000112 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0007\object.ini
2012-07-17 21:07 - 2012-07-17 21:07 - 0000000 ____D () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0007\svc0000
2012-07-17 21:07 - 2012-07-17 21:07 - 0000340 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0007\svc0000\object.ini
2012-07-17 21:07 - 2012-07-17 21:07 - 0049152 ____A (Ulead Systems, Inc.) C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0007\svc0000\tsk0000.dta
2012-07-17 21:07 - 2012-07-17 21:07 - 0000280 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0007\svc0000\tsk0000.ini
2012-07-17 21:10 - 2012-07-17 21:10 - 0000112 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0008\object.ini
2012-07-17 21:10 - 2012-07-17 21:10 - 0000000 ____D () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0008\svc0000
2012-07-17 21:10 - 2012-07-17 21:10 - 0000348 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0008\svc0000\object.ini
2012-07-17 21:10 - 2012-07-17 21:10 - 0262144 ____A (Nero AG) C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0008\svc0000\tsk0000.dta
2012-07-17 21:10 - 2012-07-17 21:10 - 0000282 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0008\svc0000\tsk0000.ini
2012-07-17 21:10 - 2012-07-17 21:10 - 0000112 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0009\object.ini
2012-07-17 21:10 - 2012-07-17 21:10 - 0000000 ____D () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0009\svc0000
2012-07-17 21:10 - 2012-07-17 21:10 - 0000260 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0009\svc0000\object.ini
2012-07-17 21:10 - 2012-07-17 21:10 - 0030336 ____A (Politecnico di Torino) C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0009\svc0000\tsk0000.dta
2012-07-17 21:10 - 2012-07-17 21:10 - 0000230 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0009\svc0000\tsk0000.ini
2012-07-17 21:10 - 2012-07-17 21:10 - 0000112 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0010\object.ini
2012-07-17 21:10 - 2012-07-17 21:10 - 0000000 ____D () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0010\svc0000
2012-07-17 21:10 - 2012-07-17 21:10 - 0000354 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0010\svc0000\object.ini
2012-07-17 21:10 - 2012-07-17 21:10 - 0077824 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0010\svc0000\tsk0000.dta
2012-07-17 21:10 - 2012-07-17 21:10 - 0000230 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0010\svc0000\tsk0000.ini
2012-07-17 21:10 - 2012-07-17 21:10 - 0000112 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0011\object.ini
2012-07-17 21:10 - 2012-07-17 21:10 - 0000000 ____D () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0011\svc0000
2012-07-17 21:10 - 2012-07-17 21:10 - 0000192 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0011\svc0000\object.ini
2012-07-17 21:10 - 2012-07-17 21:10 - 0059388 ____A (PowerISO Computing, Inc.) C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0011\svc0000\tsk0000.dta
2012-07-17 21:10 - 2012-07-17 21:10 - 0000236 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0011\svc0000\tsk0000.ini
2012-07-17 21:10 - 2012-07-17 21:10 - 0000112 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0012\object.ini
2012-07-17 21:10 - 2012-07-17 21:10 - 0000000 ____D () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0012\svc0000
2012-07-17 21:10 - 2012-07-17 21:10 - 0000280 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0012\svc0000\object.ini
2012-07-17 21:10 - 2012-07-17 21:10 - 0241628 ____A (Syntek America Inc.) C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0012\svc0000\tsk0000.dta
2012-07-17 21:10 - 2012-07-17 21:10 - 0000240 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0012\svc0000\tsk0000.ini
2012-07-17 21:10 - 2012-07-17 21:10 - 0000112 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0013\object.ini
2012-07-17 21:10 - 2012-07-17 21:10 - 0000000 ____D () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0013\svc0000
2012-07-17 21:10 - 2012-07-17 21:10 - 0000268 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0013\svc0000\object.ini
2012-07-17 21:10 - 2012-07-17 21:10 - 0024576 ____A (Syntek America Inc.) C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0013\svc0000\tsk0000.dta
2012-07-17 21:10 - 2012-07-17 21:10 - 0000224 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0013\svc0000\tsk0000.ini
2012-07-17 21:10 - 2012-07-17 21:10 - 0000112 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0014\object.ini
2012-07-17 21:10 - 2012-07-17 21:10 - 0000000 ____D () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0014\svc0000
2012-07-17 21:10 - 2012-07-17 21:10 - 0000276 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0014\svc0000\object.ini
2012-07-17 21:10 - 2012-07-17 21:10 - 0004772 ____A (Syntek America Inc.) C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0014\svc0000\tsk0000.dta
2012-07-17 21:10 - 2012-07-17 21:10 - 0000238 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0014\svc0000\tsk0000.ini
2012-07-17 21:10 - 2012-07-17 21:10 - 0000112 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0015\object.ini
2012-07-17 21:10 - 2012-07-17 21:10 - 0000000 ____D () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0015\svc0000
2012-07-17 21:10 - 2012-07-17 21:10 - 0000340 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0015\svc0000\object.ini
2012-07-17 21:10 - 2012-07-17 21:10 - 0049152 ____A (Ulead Systems, Inc.) C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0015\svc0000\tsk0000.dta
2012-07-17 21:10 - 2012-07-17 21:10 - 0000280 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0015\svc0000\tsk0000.ini
2012-07-17 21:14 - 2012-07-17 21:14 - 0000112 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0016\object.ini
2012-07-17 21:14 - 2012-07-17 21:14 - 0000000 ____D () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0016\svc0000
2012-07-17 21:14 - 2012-07-17 21:14 - 0000348 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0016\svc0000\object.ini
2012-07-17 21:14 - 2012-07-17 21:14 - 0262144 ____A (Nero AG) C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0016\svc0000\tsk0000.dta
2012-07-17 21:14 - 2012-07-17 21:14 - 0000282 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0016\svc0000\tsk0000.ini
2012-07-17 21:14 - 2012-07-17 21:14 - 0000112 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0017\object.ini
2012-07-17 21:14 - 2012-07-17 21:14 - 0000000 ____D () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0017\svc0000
2012-07-17 21:14 - 2012-07-17 21:14 - 0000260 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0017\svc0000\object.ini
2012-07-17 21:14 - 2012-07-17 21:14 - 0030336 ____A (Politecnico di Torino) C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0017\svc0000\tsk0000.dta
2012-07-17 21:14 - 2012-07-17 21:14 - 0000230 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0017\svc0000\tsk0000.ini
2012-07-17 21:14 - 2012-07-17 21:14 - 0000112 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0018\object.ini
2012-07-17 21:14 - 2012-07-17 21:14 - 0000000 ____D () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0018\svc0000
2012-07-17 21:14 - 2012-07-17 21:14 - 0000354 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0018\svc0000\object.ini
2012-07-17 21:14 - 2012-07-17 21:14 - 0077824 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0018\svc0000\tsk0000.dta
2012-07-17 21:14 - 2012-07-17 21:14 - 0000230 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0018\svc0000\tsk0000.ini
2012-07-17 21:14 - 2012-07-17 21:14 - 0000112 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0019\object.ini
2012-07-17 21:14 - 2012-07-17 21:14 - 0000000 ____D () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0019\svc0000
2012-07-17 21:14 - 2012-07-17 21:14 - 0000192 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0019\svc0000\object.ini
2012-07-17 21:14 - 2012-07-17 21:14 - 0059388 ____A (PowerISO Computing, Inc.) C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0019\svc0000\tsk0000.dta
2012-07-17 21:14 - 2012-07-17 21:14 - 0000236 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0019\svc0000\tsk0000.ini
2012-07-17 21:14 - 2012-07-17 21:14 - 0000112 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0020\object.ini
2012-07-17 21:14 - 2012-07-17 21:14 - 0000000 ____D () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0020\svc0000
2012-07-17 21:14 - 2012-07-17 21:14 - 0000280 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0020\svc0000\object.ini
2012-07-17 21:14 - 2012-07-17 21:14 - 0241628 ____A (Syntek America Inc.) C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0020\svc0000\tsk0000.dta
2012-07-17 21:14 - 2012-07-17 21:14 - 0000240 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0020\svc0000\tsk0000.ini
2012-07-17 21:14 - 2012-07-17 21:14 - 0000112 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0021\object.ini
2012-07-17 21:14 - 2012-07-17 21:14 - 0000000 ____D () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0021\svc0000
2012-07-17 21:14 - 2012-07-17 21:14 - 0000268 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0021\svc0000\object.ini
2012-07-17 21:14 - 2012-07-17 21:14 - 0024576 ____A (Syntek America Inc.) C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0021\svc0000\tsk0000.dta
2012-07-17 21:14 - 2012-07-17 21:14 - 0000224 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0021\svc0000\tsk0000.ini
2012-07-17 21:14 - 2012-07-17 21:14 - 0000112 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0022\object.ini
2012-07-17 21:14 - 2012-07-17 21:14 - 0000000 ____D () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0022\svc0000
2012-07-17 21:14 - 2012-07-17 21:14 - 0000276 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0022\svc0000\object.ini
2012-07-17 21:14 - 2012-07-17 21:14 - 0004772 ____A (Syntek America Inc.) C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0022\svc0000\tsk0000.dta
2012-07-17 21:14 - 2012-07-17 21:14 - 0000238 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0022\svc0000\tsk0000.ini
2012-07-17 21:14 - 2012-07-17 21:14 - 0000112 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0023\object.ini
2012-07-17 21:14 - 2012-07-17 21:14 - 0000000 ____D () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0023\svc0000
2012-07-17 21:14 - 2012-07-17 21:14 - 0000340 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0023\svc0000\object.ini
2012-07-17 21:14 - 2012-07-17 21:14 - 0049152 ____A (Ulead Systems, Inc.) C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0023\svc0000\tsk0000.dta
2012-07-17 21:14 - 2012-07-17 21:14 - 0000280 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\susp0023\svc0000\tsk0000.ini
2012-07-17 21:07 - 2012-07-17 21:07 - 0000150 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\tdlfs0000\object.ini
2012-07-17 21:07 - 2012-07-17 21:07 - 0000512 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\tdlfs0000\tsk0000.dta
2012-07-17 21:07 - 2012-07-17 21:07 - 0000154 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\tdlfs0000\tsk0000.ini
2012-07-17 21:07 - 2012-07-17 21:07 - 0031744 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\tdlfs0000\tsk0001.dta
2012-07-17 21:07 - 2012-07-17 21:07 - 0000164 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\tdlfs0000\tsk0001.ini
2012-07-17 21:07 - 2012-07-17 21:07 - 0003072 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\tdlfs0000\tsk0002.dta
2012-07-17 21:07 - 2012-07-17 21:07 - 0000166 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\tdlfs0000\tsk0002.ini
2012-07-17 21:07 - 2012-07-17 21:07 - 0000164 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\tdlfs0000\tsk0003.ini
2012-07-17 21:07 - 2012-07-17 21:07 - 0010240 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\tdlfs0000\tsk0004.dta
2012-07-17 21:07 - 2012-07-17 21:07 - 0000166 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\tdlfs0000\tsk0004.ini
2012-07-17 21:07 - 2012-07-17 21:07 - 0037376 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\tdlfs0000\tsk0005.dta
2012-07-17 21:07 - 2012-07-17 21:07 - 0000160 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\tdlfs0000\tsk0005.ini
2012-07-17 21:07 - 2012-07-17 21:07 - 0022528 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\tdlfs0000\tsk0006.dta
2012-07-17 21:07 - 2012-07-17 21:07 - 0000160 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\tdlfs0000\tsk0006.ini
2012-07-17 21:07 - 2012-07-17 21:07 - 0000226 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\tdlfs0000\tsk0007.dta
2012-07-17 21:07 - 2012-07-17 21:07 - 0000168 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\tdlfs0000\tsk0007.ini
2012-07-17 21:07 - 2012-07-17 21:07 - 0000193 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\tdlfs0000\tsk0008.dta
2012-07-17 21:07 - 2012-07-17 21:07 - 0000166 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\tdlfs0000\tsk0008.ini
2012-07-17 21:07 - 2012-07-17 21:07 - 0001233 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\tdlfs0000\tsk0009.dta
2012-07-17 21:07 - 2012-07-17 21:07 - 0000158 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\tdlfs0000\tsk0009.ini
2012-07-17 21:07 - 2012-07-17 21:07 - 0000158 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\tdlfs0000\tsk0010.ini
2012-07-17 21:07 - 2012-07-17 21:07 - 0000158 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\tdlfs0000\tsk0011.ini
2012-07-17 21:07 - 2012-07-17 21:07 - 0000070 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\tdlfs0000\tsk0012.dta
2012-07-17 21:07 - 2012-07-17 21:07 - 0000146 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\tdlfs0000\tsk0012.ini
2012-07-17 21:07 - 2012-07-17 21:07 - 0000028 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\tdlfs0000\tsk0013.dta
2012-07-17 21:07 - 2012-07-17 21:07 - 0000146 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\tdlfs0000\tsk0013.ini
2012-07-17 21:11 - 2012-07-17 21:11 - 0000150 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\tdlfs0001\object.ini
2012-07-17 21:11 - 2012-07-17 21:11 - 0000512 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\tdlfs0001\tsk0000.dta
2012-07-17 21:11 - 2012-07-17 21:11 - 0000154 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\tdlfs0001\tsk0000.ini
2012-07-17 21:11 - 2012-07-17 21:11 - 0031744 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\tdlfs0001\tsk0001.dta
2012-07-17 21:11 - 2012-07-17 21:11 - 0000164 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\tdlfs0001\tsk0001.ini
2012-07-17 21:11 - 2012-07-17 21:11 - 0003072 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\tdlfs0001\tsk0002.dta
2012-07-17 21:11 - 2012-07-17 21:11 - 0000166 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\tdlfs0001\tsk0002.ini
2012-07-17 21:11 - 2012-07-17 21:11 - 0000164 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\tdlfs0001\tsk0003.ini
2012-07-17 21:11 - 2012-07-17 21:11 - 0010240 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\tdlfs0001\tsk0004.dta
2012-07-17 21:11 - 2012-07-17 21:11 - 0000166 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\tdlfs0001\tsk0004.ini
2012-07-17 21:11 - 2012-07-17 21:11 - 0037376 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\tdlfs0001\tsk0005.dta
2012-07-17 21:11 - 2012-07-17 21:11 - 0000160 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\tdlfs0001\tsk0005.ini
2012-07-17 21:11 - 2012-07-17 21:11 - 0022528 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\tdlfs0001\tsk0006.dta
2012-07-17 21:11 - 2012-07-17 21:11 - 0000160 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\tdlfs0001\tsk0006.ini
2012-07-17 21:11 - 2012-07-17 21:11 - 0000226 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\tdlfs0001\tsk0007.dta
2012-07-17 21:11 - 2012-07-17 21:11 - 0000168 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\tdlfs0001\tsk0007.ini
2012-07-17 21:11 - 2012-07-17 21:11 - 0000193 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\tdlfs0001\tsk0008.dta
2012-07-17 21:11 - 2012-07-17 21:11 - 0000166 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\tdlfs0001\tsk0008.ini
2012-07-17 21:11 - 2012-07-17 21:11 - 0001233 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\tdlfs0001\tsk0009.dta
2012-07-17 21:11 - 2012-07-17 21:11 - 0000158 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\tdlfs0001\tsk0009.ini
2012-07-17 21:11 - 2012-07-17 21:11 - 0000158 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\tdlfs0001\tsk0010.ini
2012-07-17 21:11 - 2012-07-17 21:11 - 0000158 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\tdlfs0001\tsk0011.ini
2012-07-17 21:11 - 2012-07-17 21:11 - 0000070 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\tdlfs0001\tsk0012.dta
2012-07-17 21:11 - 2012-07-17 21:11 - 0000146 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\tdlfs0001\tsk0012.ini
2012-07-17 21:11 - 2012-07-17 21:11 - 0000028 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\tdlfs0001\tsk0013.dta
2012-07-17 21:11 - 2012-07-17 21:11 - 0000146 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\tdlfs0001\tsk0013.ini
2012-07-17 21:14 - 2012-07-17 21:14 - 0000150 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\tdlfs0002\object.ini
2012-07-17 21:14 - 2012-07-17 21:14 - 0000512 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\tdlfs0002\tsk0000.dta
2012-07-17 21:14 - 2012-07-17 21:14 - 0000154 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\tdlfs0002\tsk0000.ini
2012-07-17 21:14 - 2012-07-17 21:14 - 0031744 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\tdlfs0002\tsk0001.dta
2012-07-17 21:14 - 2012-07-17 21:14 - 0000164 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\tdlfs0002\tsk0001.ini
2012-07-17 21:14 - 2012-07-17 21:14 - 0003072 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\tdlfs0002\tsk0002.dta
2012-07-17 21:14 - 2012-07-17 21:14 - 0000166 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\tdlfs0002\tsk0002.ini
2012-07-17 21:14 - 2012-07-17 21:14 - 0010752 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\tdlfs0002\tsk0003.dta
2012-07-17 21:14 - 2012-07-17 21:14 - 0000164 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\tdlfs0002\tsk0003.ini
2012-07-17 21:14 - 2012-07-17 21:14 - 0010240 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\tdlfs0002\tsk0004.dta
2012-07-17 21:14 - 2012-07-17 21:14 - 0000166 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\tdlfs0002\tsk0004.ini
2012-07-17 21:14 - 2012-07-17 21:14 - 0037376 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\tdlfs0002\tsk0005.dta
2012-07-17 21:14 - 2012-07-17 21:14 - 0000160 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\tdlfs0002\tsk0005.ini
2012-07-17 21:14 - 2012-07-17 21:14 - 0022528 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\tdlfs0002\tsk0006.dta
2012-07-17 21:14 - 2012-07-17 21:14 - 0000160 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\tdlfs0002\tsk0006.ini
2012-07-17 21:14 - 2012-07-17 21:14 - 0000226 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\tdlfs0002\tsk0007.dta
2012-07-17 21:14 - 2012-07-17 21:14 - 0000168 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\tdlfs0002\tsk0007.ini
2012-07-17 21:14 - 2012-07-17 21:14 - 0000193 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\tdlfs0002\tsk0008.dta
2012-07-17 21:14 - 2012-07-17 21:14 - 0000166 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\tdlfs0002\tsk0008.ini
2012-07-17 21:14 - 2012-07-17 21:14 - 0001233 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\tdlfs0002\tsk0009.dta
2012-07-17 21:14 - 2012-07-17 21:14 - 0000158 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\tdlfs0002\tsk0009.ini
2012-07-17 21:14 - 2012-07-17 21:14 - 0003142 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\tdlfs0002\tsk0010.dta
2012-07-17 21:14 - 2012-07-17 21:14 - 0000158 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\tdlfs0002\tsk0010.ini
2012-07-17 21:14 - 2012-07-17 21:14 - 0003656 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\tdlfs0002\tsk0011.dta
2012-07-17 21:14 - 2012-07-17 21:14 - 0000158 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\tdlfs0002\tsk0011.ini
2012-07-17 21:14 - 2012-07-17 21:14 - 0000070 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\tdlfs0002\tsk0012.dta
2012-07-17 21:14 - 2012-07-17 21:14 - 0000146 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\tdlfs0002\tsk0012.ini
2012-07-17 21:14 - 2012-07-17 21:14 - 0000028 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\tdlfs0002\tsk0013.dta
2012-07-17 21:14 - 2012-07-17 21:14 - 0000146 ____A () C:\TDSSKiller_Quarantine\17.07.2012_22.05.20\tdlfs0002\tsk0013.ini

====== End of Folder: ======

==== End of Fixlog ====

#7 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:49 PM

Posted 20 July 2012 - 07:34 AM

Thank you for the feedback.

The log gives us an idea about what TDSSKiller did. But I made a mistake in the script and we didn't get the MBRDUMP.txt file we needed.

Please replace the content of fixlist.txt with the following script and repeat what you did and attach the MBRDUMP.txt to your post. We don't need the Fixlog.txt unless there will be no MBRDUMP.txt on the flash drive after the fix:

start
cmd: if exist f:\mbrfix.exe  f:\MbrFix /drive 0 savembr f:\MBRDUMP.txt
cmd: if exist h:\mbrfix.exe  h:\MbrFix /drive 0 savembr h:\MBRDUMP.txt
cmd: if exist g:\mbrfix.exe  g:\MbrFix /drive 0 savembr g:\MBRDUMP.txt
cmd: if exist e:\mbrfix.exe  e:\MbrFix /drive 0 savembr e:\MBRDUMP.txt
cmd: if exist j:\mbrfix.exe  j:\MbrFix /drive 0 savembr j:\MBRDUMP.txt
cmd: if exist k:\mbrfix.exe  k:\MbrFix /drive 0 savembr k:\MBRDUMP.txt
end


#8 kaomoji

kaomoji
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 20 July 2012 - 08:02 AM

This time I got the same error I received the first time I tried to get the "MBRDUMP.txt", except this time the message said "\Harddisk4\DR4" instead of "\Harddisk1\DR1" like it did the first time.

Message:

cmd.exe - No Disc

There is no disc in the drive, please insert a disc into drive
\Device\Harddisk4\DR4

Cancel Try again Continue


So I selected Try again twice this time and received this log, and what appears to be a failed "MBRDUMP.txt"


Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 16-07-2012 01
Ran by SYSTEM at 2012-07-20 05:46:32 Run:3
Running from H:\

==============================================


========= if exist f:\mbrfix.exe f:\MbrFix /drive 0 savembr f:\MBRDUMP.txt =========


========= End of CMD: =========


========= if exist h:\mbrfix.exe h:\MbrFix /drive 0 savembr h:\MBRDUMP.txt =========


========= End of CMD: =========


========= if exist g:\mbrfix.exe g:\MbrFix /drive 0 savembr g:\MBRDUMP.txt =========


========= End of CMD: =========


========= if exist e:\mbrfix.exe e:\MbrFix /drive 0 savembr e:\MBRDUMP.txt =========


========= End of CMD: =========


========= if exist j:\mbrfix.exe j:\MbrFix /drive 0 savembr j:\MBRDUMP.txt =========


========= End of CMD: =========


========= if exist k:\mbrfix.exe k:\MbrFix /drive 0 savembr k:\MBRDUMP.txt =========


========= End of CMD: =========


==== End of Fixlog ====

Attached Files



#9 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:49 PM

Posted 20 July 2012 - 10:06 AM

Well done. It is not failed, this is not a text file, we name it so in order to be attached/uploaded.

So the MBR dump confirmed our suspicious and the type of infection.

  • Please download ListParts
    Save it to your flash drive.
  • NOTICE: This script is written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Please download Attached File  fix.txt   120bytes   43 downloads
    Save it to your flash drive.
    Boot to System Recovery Options. Select "Command Prompt"

    If the driver letter of your flash drive is H type h:\listparts in the command prompt and press Enter. Press the Fix button just once and wait.

    When it is done restart the computer, let it boot normally and tell me how it went.


#10 kaomoji

kaomoji
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 20 July 2012 - 10:43 PM

It looks like it worked perfectly! my computer booted up normally, and I logged in with no problems. Repeated rebooting of my computer and blue screens appear to be gone as well.

Should I do anything else, or should I just go on using the computer and see if everything works the way it should?

#11 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:49 PM

Posted 21 July 2012 - 05:21 AM

Great. :thumbup2:

Let's check other things.

  • Open your Malwarebytes' Anti-Malware.
    • First update it, to do that under the Update tab press "Check for Updates".
    • Under Scanner tab select "Perform Quick Scan", then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the MBAM log.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

  • Please download MiniToolBox and save it to your desktop and run it.

    Checkmark following checkboxes:
    • Flush DNS
    • Report IE Proxy Settings
    • Report FF Proxy Settings
    • List content of Hosts
    • List installed programs.
    Click Go and post the result (Result.txt) that pops up. A copy of result.txt will be saved in the same directory the tool is run.


#12 kaomoji

kaomoji
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 21 July 2012 - 10:09 PM

Alright, It looks like only one file was found and deleted. MBAM deleted the file after a prompted restart, and there was no difficulty in removing the file. There were no further complications with anything else, or running MiniToolBox either. Here are the Logs:


Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.21.12

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Frank Carlson :: FRANKCARLSON-PC [administrator]

Protection: Enabled

7/21/2012 7:19:06 PM
mbam-log-2012-07-21 (19-19-06).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 192111
Time elapsed: 10 minute(s), 39 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Frank Carlson\AppData\Local\Temp\F75E.tmp (Trojan.Agent.EXPD1) -> Quarantined and deleted successfully.

(end)







MiniToolBox by Farbar Version: 15-07-2012
Ran by Frank Carlson (administrator) on 21-07-2012 at 19:46:03
Microsoft Windows 7 Professional Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

127.0.0.1 www.activate.nero.de
127.0.0.1 nero.com
127.0.0.1 www.nero.com
127.0.0.1 activate.nero.com
127.0.0.1 www.activate.nero.com
127.0.0.1 nero.de
127.0.0.1 www.nero.de
127.0.0.1 activate.nero.de
127.0.0.1 www.activate.nero.de


=========================== Installed Programs ============================

µTorrent (Version: 2.2.1)
Adobe AIR (Version: 2.6.0.19140)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.265)
Adobe Flash Player 11 Plugin (Version: 11.3.300.265)
Adobe Reader X (10.1.3) (Version: 10.1.3)
Apple Application Support (Version: 2.1.9)
Apple Mobile Device Support (Version: 5.2.0.6)
Apple Software Update (Version: 2.1.3.127)
Batch PDF Merger (Version: 2.1)
Bonjour (Version: 3.0.0.10)
calibre (Version: 0.8.13)
CenturyLink Installer (Version: 1.0)
CommView (Version: 6.0)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell Driver Download Manager (Version: 2.1.0.0)
Free Disc Burner version 3.0.4.426
Free DVD Video Burner version 3.1.0.602
Free YouTube Download 3 version 3.0.4.628
Free YouTube Download version 3.0.16.923
Free YouTube to MP3 Converter version 3.10.14.1206
Google Chrome (Version: 20.0.1132.57)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Update Helper (Version: 1.3.21.115)
gtkmm Runtime Environment 2.14 (Version: 2.14.3-2)
High-Definition Video Playback (Version: 7.1.13400.42.0)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.1930)
iTunes (Version: 10.6.3.25)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 31 (Version: 6.0.310)
Kurzweil 3000 v.12 (Version: 12.00.0000)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft VC9 runtime libraries (Version: 2.0.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Word 2010 (Version: 14.0.6029.1000)
Microsoft Xbox 360 Accessories 1.2 (Version: 1.20.146.0)
mIRC (Version: 7.19)
Mixed In Key 5.0 (Version: 5.0.872.0)
Mozilla Firefox 13.0.1 (x86 en-US) (Version: 13.0.1)
Mozilla Maintenance Service (Version: 13.0.1)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nero 10 ClipartPack (Version: 10.2.10000.11.0)
Nero 10 Menu TemplatePack 1 (Version: 10.2.10000.0.0)
Nero 10 Menu TemplatePack 2 (Version: 10.2.10000.0.0)
Nero 10 Menu TemplatePack 3 (Version: 10.2.10100.1.0)
Nero 10 Menu TemplatePack Basic (Version: 10.2.10000.0.0)
Nero 10 Movie ThemePack 1 (Version: 10.2.10000.11.0)
Nero 10 Movie ThemePack 2 (Version: 10.2.10100.1.0)
Nero 10 Movie ThemePack 3 (Version: 10.2.10100.1.0)
Nero 10 Movie ThemePack 4 (Version: 10.2.10100.1.0)
Nero 10 Movie ThemePack Basic (Version: 10.2.10000.0.0)
Nero 10 PiP EffectPack 1 (Version: 10.2.10000.0.0)
Nero 10 Sample ImagePack (Version: 10.2.10000.11.0)
Nero 10 Sample Videos (Version: 10.2.10000.11.0)
Nero 10 Video TransitionPack 1 (Version: 10.2.10000.0.0)
Nero 7 Premium (Version: 7.02.4160)
Nero BackItUp 10 (Version: 5.6.11000.11.100)
Nero BackItUp 10 Help (CHM) (Version: 10.5.10000)
Nero Burning ROM 10 (Version: 10.2.11000.12.100)
Nero BurningROM 10 Help (CHM) (Version: 10.5.10100)
Nero BurnRights 10 (Version: 4.2.10300.0.102)
Nero BurnRights 10 Help (CHM) (Version: 10.5.10000)
Nero Control Center 10 (Version: 10.2.10600.0.6)
Nero ControlCenter 10 Help (CHM) (Version: 10.5.10000)
Nero Core Components 10 (Version: 2.0.17400.8.2)
Nero CoverDesigner 10 (Version: 5.2.10700.7.100)
Nero CoverDesigner 10 Help (CHM) (Version: 10.5.10000)
Nero DiscCopy Gadget 10 (Version: 3.2.10500.7.100)
Nero DiscCopyGadget 10 Help (CHM) (Version: 10.5.10000)
Nero DiscSpeed 10 (Version: 6.2.10300.1.100)
Nero DiscSpeed 10 Help (CHM) (Version: 10.5.10000)
Nero Dolby Files 10 (Version: 2.0.12100.0.10)
Nero Express 10 (Version: 10.2.11100.12.100)
Nero Express 10 Help (CHM) (Version: 10.5.10100)
Nero InfoTool 10 (Version: 7.2.10300.5.100)
Nero InfoTool 10 Help (CHM) (Version: 10.5.10000)
Nero MediaHub 10 (Version: 1.2.12300.27.100)
Nero MediaHub 10 Help (CHM) (Version: 10.5.10000)
Nero Multimedia Suite 10 Platinum HD (Version: 10.5.10900)
Nero Recode 10 (Version: 4.8.10400.3.100)
Nero Recode 10 Help (CHM) (Version: 10.5.10000)
Nero RescueAgent 10 (Version: 3.2.10600.7.100)
Nero RescueAgent 10 Help (CHM) (Version: 10.5.10000)
Nero SoundTrax 10 (Version: 4.8.10200.1.100)
Nero SoundTrax 10 Help (CHM) (Version: 10.5.10000)
Nero StartSmart 10 (Version: 10.2.11100.10.100)
Nero StartSmart 10 Help (CHM) (Version: 10.5.10000)
Nero Update (Version: 1.0.0018)
Nero Vision 10 (Version: 7.2.14700.9.100)
Nero Vision 10 Help (CHM) (Version: 10.5.10000)
Nero WaveEditor 10 (Version: 5.8.10400.2.100)
Nero WaveEditor 10 Help (CHM) (Version: 10.5.10000)
NetTools 5.0 (Version: 5.0)
Norton AntiVirus (Version: 19.7.1.5)
PowerISO (Version: 4.7)
QuickTime (Version: 7.72.80.56)
rekordbox 1.5.4 (Version: 1.5.4)
remixbox 1.0.1 (Version: 1.0.1)
Safari (Version: 5.34.57.2)
SAMSUNG USB Driver for Mobile Phones (Version: 1.3.2360.0)
Skype Click to Call (Version: 5.9.9216)
Skype™ 5.10 (Version: 5.10.115)
TuneUp 2.4.6.4 (Version: 2.4.6.4)
Ulead VideoStudio SE DVD (Version: 10.0)
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
USB2.0 Capture Device (Version: 1.0.3.0)
Winamp (Version: 5.621 )
Winamp Detector Plug-in (Version: 1.0.0.1)
WinPcap 3.0
WinRAR 4.00 (32-bit) (Version: 4.00.0)
XPort 360

**** End of log ****

#13 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:49 PM

Posted 22 July 2012 - 09:51 AM

Looks good. :thumbup2:

  • Older Java versions have vulnerabilities that malicious sites can use to exploit and infect your system.
    Please update your Java to the latest version: http://www.java.com/en/download/help/java_update.xml

    Then go to start => Control Panel => open "Programs and Features" and uninstall any old Java.
  • To Clear the Java Runtime Environment (JRE) cache, do this:
    • Click Start > Settings > Control Panel.
    • Double-click the Java icon.
      -The Java Control Panel appears.
    • Click "Settings" under Temporary Internet Files.
      -The Temporary Files Settings dialog box appears.
    • Click "Delete Files".
      -The Delete Temporary Files dialog box appears.
      -There are three options on this window to clear the cache.
    • Make sure all the options are checked.
    • Click "OK" on Delete Temporary Files window.
      -Note: This deletes all the Downloaded Applications and Applets from the cache.
    • Click "OK" on Temporary Files Settings window.
    • Close the Java Control Panel.
    You can also view these instructions along with screenshots here.
  • This small application you may want to keep and use to keep the computer clean.
    Download CCleaner from here http://www.ccleaner.com/

    • Run the installer to install the application.
    • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
    • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
    • Click Run Cleaner.
    • Close CCleaner.
  • Finally please tell me how is the system running.


#14 kaomoji

kaomoji
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 22 July 2012 - 06:48 PM

Everything went well and it appears that my system is running excellent.
There was some small lag time between the moment I logged on, and when all of my desktop icon thumbnails would render, but that appears to be completely gone now after following your instructions on the last 2 posts. Everything looks and runs good at the moment.

#15 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:49 PM

Posted 23 July 2012 - 12:17 PM

Sounds good. :thumbup2:

  • Please delete FRST tool as we don't need it any more. Also go to C:\FRST and delete the entire FRST folder.
  • You may delete any tool or log we used from your computer.
  • Remove the old restore points and create a new restore point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Setting a new restore point AFTER cleaning your system will enable your computer to "roll-back" to a clean working state if needed. :
  • Go to Start => Right-click "Computer" and select "Properties".
  • In the left pane select "System Protection".
  • Press "Configure".
  • Select "Delete". Then press "Continue" close and "OK".
  • Select your drive (drive C) and press "Create".
    Fill in a name for the restore point and press "Create".
    After finished press "Close".
Recommendations:
  • I recommend using Site Advisor for safe surfing. It is a free extension both for Internet Explorer and Firefox. When you search a site it gives you an indication of how safe a site is.
  • I recommend installing this small application for safe surfing: Javacools© SpywareBlaster
    SpywareBlaster will add a large list of programs and sites into your Internet Explorer and Firefox settings and that will protect you from running and downloading known malicious programs.
  • Download and install it.
  • Update it manually by clicking on Updates in the left pane and then Check for Updates.
  • Then enable all the protections by clicking on Protection Status on the left pane. Then click on Enable All Protection.
  • The free version doesn't have an automatic update. Update it once in two or three weeks and enable all protection again.
Happy Surfing kaomoji.:)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users