Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 pro ( in repair loop)


  • This topic is locked This topic is locked
28 replies to this topic

#1 ffx2

ffx2

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:55 AM

Posted 17 December 2012 - 06:00 AM

Hi guys i have been trying to get this laptop to work for 5 days now

i had been following this (http://www.bleepingcomputer.com/forums/topic448339.html/page__pid__2654556)
but i take it the os and This script was written specifically for this user. :(

So hoping some 1 can help me plz.

Problem signature:
Problem Event Name : StartupRepairOffline

Problem Signature 01: 6.1.7600.16385
Problem Signature 02: 6.1.7600.16385
Problem Signature 03: unknown
Problem Signature 04: 21200561
Problem Signature 05: AutoFailover
Problem Signature 06: 43
Problem Signature 07: CorruptFile
OS Version: 6.1.7600.2.0.0.256.1
Locale ID: 1033

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-12-2012 (ATTENTION: FRST version is 6 days old)
Ran by SYSTEM at 17-12-2012 12:43:53
Running from G:\
Windows 7 Professional (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [9955872 2010-01-12] (Realtek Semiconductor)
HKLM\...\Run: [fspuip] %ProgramFiles%\FSP\fspuip.exe [3771392 2010-02-03] (Sentelic Corporation)
HKLM\...\Run: [Configuration Center] C:\Program Files\Configuration Center\bin\McaMaster.exe [1583104 2010-03-03] ()
HKLM\...\Run: [SideBar] %ProgramFiles%\Windows Sidebar\sidebar.exe /autoRun [1475584 2010-11-20] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2399632 2011-04-13] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [SBAMTray] "C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe" [3149704 2012-09-19] (GFI Software)
HKU\user\...\Run: [Google Update] "C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-05-08] (Google Inc.)
HKU\user\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17355912 2012-05-02] (Skype Technologies S.A.)
HKU\user\...\Policies\system: [DisableLockWorkstation] 0
Tcpip\Parameters: [DhcpNameServer] 192.1.1.7
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Pervasive.SQL Workgroup Engine.lnk
ShortcutTarget: Pervasive.SQL Workgroup Engine.lnk -> C:\PVSW\bin\w3dbsmgr.exe ()
Startup: C:\Users\user\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Services (Whitelisted) ===================

2 DCService.exe; C:\ProgramData\DatacardService\DCService.exe [229376 2010-05-08] ()
2 DcsService; "C:\Program Files\Configuration Center\bin\DeviceControlService.exe" [1039872 2010-02-24] (Intel Corporation)
2 gfi_lanss10_attservice; "C:\Program Files (x86)\GFI Software\VIPRE\LanGuard 10 Agent\lnssatt.exe" -service [115568 2012-09-12] (GFI Software Development Ltd.)
2 IronTreeDL; "C:\Program Files (x86)\Pastel IronTree\a5backup.exe" -start [163840 2010-03-02] (Attix5 Development (Pty) Ltd)
2 Micro Focus License Manager; "C:\Program Files (x86)\SYSPRO\Runtime\MFLMWin.exe" [394608 2008-11-20] (Micro Focus)
2 SBAMSvc; "C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe" [3677000 2012-09-19] (GFI Software)
2 SBPIMSvc; "C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe" [175496 2012-09-19] (GFI Software)

==================== Drivers (Whitelisted) =====================

3 AcpiPmi; C:\Windows\system32\drivers\acpipmi.sys [x]
3 adp94xx; C:\Windows\system32\DRIVERS\adp94xx.sys [x]
3 adpahci; C:\Windows\system32\DRIVERS\adpahci.sys [x]
3 adpu320; C:\Windows\system32\DRIVERS\adpu320.sys [x]
3 aliide; C:\Windows\system32\drivers\aliide.sys [x]
3 amdide; C:\Windows\system32\drivers\amdide.sys [x]
3 AmdK8; C:\Windows\system32\DRIVERS\amdk8.sys [x]
3 AmdPPM; C:\Windows\system32\DRIVERS\amdppm.sys [x]
3 amdsata; C:\Windows\system32\drivers\amdsata.sys [x]
3 amdsbs; C:\Windows\system32\DRIVERS\amdsbs.sys [x]
0 amdxata; C:\Windows\System32\drivers\amdxata.sys [x]
3 arc; C:\Windows\system32\DRIVERS\arc.sys [x]
3 arcsas; C:\Windows\system32\DRIVERS\arcsas.sys [x]
3 athr; C:\Windows\System32\DRIVERS\athrx.sys [x]
3 b06bdrv; C:\Windows\system32\DRIVERS\bxvbda.sys [x]
3 b57nd60a; C:\Windows\System32\DRIVERS\b57nd60a.sys [x]
1 blbdrive; C:\Windows\System32\DRIVERS\blbdrive.sys [x]
3 BrFiltLo; C:\Windows\system32\DRIVERS\BrFiltLo.sys [x]
3 BrFiltUp; C:\Windows\system32\DRIVERS\BrFiltUp.sys [x]
3 Brserid; C:\Windows\System32\Drivers\Brserid.sys [x]
3 BrSerWdm; C:\Windows\System32\Drivers\BrSerWdm.sys [x]
3 BrUsbMdm; C:\Windows\System32\Drivers\BrUsbMdm.sys [x]
3 BrUsbSer; C:\Windows\System32\Drivers\BrUsbSer.sys [x]
3 BTHMODEM; C:\Windows\system32\DRIVERS\bthmodem.sys [x]
3 BthPan; C:\Windows\System32\DRIVERS\bthpan.sys [x]
3 btusbflt; C:\Windows\System32\drivers\btusbflt.sys [x]
3 btwaudio; C:\Windows\System32\drivers\btwaudio.sys [x]
3 btwavdt; C:\Windows\System32\DRIVERS\btwavdt.sys [x]
3 btwl2cap; C:\Windows\System32\DRIVERS\btwl2cap.sys [x]
3 btwrchid; C:\Windows\System32\DRIVERS\btwrchid.sys [x]
3 circlass; C:\Windows\system32\DRIVERS\circlass.sys [x]
3 cmdide; C:\Windows\system32\drivers\cmdide.sys [x]
4 crcdisk; C:\Windows\system32\DRIVERS\crcdisk.sys [x]
3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [x]
3 elxstor; C:\Windows\system32\DRIVERS\elxstor.sys [x]
3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [x]
3 fdc; C:\Windows\system32\DRIVERS\fdc.sys [x]
3 flpydisk; C:\Windows\system32\DRIVERS\flpydisk.sys [x]
3 fspad_wlh64; C:\Windows\System32\DRIVERS\fspad_wlh64.sys [x]
3 gagp30kx; C:\Windows\system32\DRIVERS\gagp30kx.sys [x]
3 gfiark; C:\Windows\System32\drivers\gfiark.sys [x]
3 hcw85cir; C:\Windows\system32\drivers\hcw85cir.sys [x]
3 HECIx64; C:\Windows\System32\DRIVERS\HECIx64.sys [x]
3 HidBatt; C:\Windows\system32\DRIVERS\HidBatt.sys [x]
3 HidBth; C:\Windows\system32\DRIVERS\hidbth.sys [x]
3 HidIr; C:\Windows\system32\DRIVERS\hidir.sys [x]
3 HpSAMD; C:\Windows\system32\drivers\HpSAMD.sys [x]
3 huawei_enumerator; C:\Windows\System32\DRIVERS\ew_jubusenum.sys [x]
3 hwdatacard; C:\Windows\System32\DRIVERS\ewusbmdm.sys [x]
0 iaStor; C:\Windows\System32\DRIVERS\iaStor.sys [x]
3 iaStorV; C:\Windows\system32\drivers\iaStorV.sys [x]
3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [x]
3 iirsp; C:\Windows\system32\DRIVERS\iirsp.sys [x]
3 Impcd; C:\Windows\System32\DRIVERS\Impcd.sys [x]
3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKVHD64.sys [x]
3 intelide; C:\Windows\system32\drivers\intelide.sys [x]
3 IPMIDRV; C:\Windows\system32\drivers\IPMIDrv.sys [x]
3 IPMLEBL; C:\Windows\System32\Drivers\ipmlebl.sys [x]
3 L1E; C:\Windows\System32\DRIVERS\L1E62x64.sys [x]
3 LSI_FC; C:\Windows\system32\DRIVERS\lsi_fc.sys [x]
3 LSI_SAS; C:\Windows\system32\DRIVERS\lsi_sas.sys [x]
3 LSI_SAS2; C:\Windows\system32\DRIVERS\lsi_sas2.sys [x]
3 LSI_SCSI; C:\Windows\system32\DRIVERS\lsi_scsi.sys [x]
3 megasas; C:\Windows\system32\DRIVERS\megasas.sys [x]
3 MegaSR; C:\Windows\system32\DRIVERS\MegaSR.sys [x]
0 msahci; C:\Windows\System32\drivers\msahci.sys [x]
3 MTConfig; C:\Windows\system32\DRIVERS\MTConfig.sys [x]
3 nfrd960; C:\Windows\system32\DRIVERS\nfrd960.sys [x]
3 nvraid; C:\Windows\system32\drivers\nvraid.sys [x]
3 nvstor; C:\Windows\system32\drivers\nvstor.sys [x]
3 nv_agp; C:\Windows\system32\drivers\nv_agp.sys [x]
3 Parport; C:\Windows\system32\DRIVERS\parport.sys [x]
3 pcmcia; C:\Windows\system32\DRIVERS\pcmcia.sys [x]
3 Processor; C:\Windows\system32\DRIVERS\processr.sys [x]
3 ql2300; C:\Windows\system32\DRIVERS\ql2300.sys [x]
3 ql40xx; C:\Windows\system32\DRIVERS\ql40xx.sys [x]
3 s3cap; C:\Windows\system32\drivers\vms3cap.sys [x]
2 sbapifs; C:\Windows\System32\DRIVERS\sbapifs.sys [x]
1 SbFw; C:\Windows\System32\drivers\SbFw.sys [x]
3 SBFWIMCL; C:\Windows\System32\DRIVERS\sbfwim.sys [x]
3 SBFWIMCLMP; C:\Windows\System32\DRIVERS\SBFWIM.sys [x]
3 SbHips; C:\Windows\System32\drivers\sbhips.sys [x]
3 sbp2port; C:\Windows\system32\drivers\sbp2port.sys [x]
3 sbwtis; C:\Windows\System32\DRIVERS\sbwtis.sys [x]
2 secdrv; [x]
3 Serenum; C:\Windows\system32\DRIVERS\serenum.sys [x]
3 Serial; C:\Windows\system32\DRIVERS\serial.sys [x]
3 sfloppy; C:\Windows\system32\DRIVERS\sfloppy.sys [x]
3 SiSRaid2; C:\Windows\system32\DRIVERS\SiSRaid2.sys [x]
3 SiSRaid4; C:\Windows\system32\DRIVERS\sisraid4.sys [x]
3 stexstor; C:\Windows\system32\DRIVERS\stexstor.sys [x]
0 storflt; C:\Windows\System32\drivers\vmstorfl.sys [x]
3 storvsc; C:\Windows\system32\drivers\storvsc.sys [x]
3 swenum; C:\Windows\system32\drivers\swenum.sys [x]
3 uagp35; C:\Windows\system32\DRIVERS\uagp35.sys [x]
3 uliagpkx; C:\Windows\system32\drivers\uliagpkx.sys [x]
3 UmPass; C:\Windows\system32\DRIVERS\umpass.sys [x]
3 usbcir; C:\Windows\system32\drivers\usbcir.sys [x]
3 viaide; C:\Windows\system32\drivers\viaide.sys [x]
3 VKBD; C:\Windows\System32\DRIVERS\virkbd.sys [x]
0 vmbus; C:\Windows\System32\drivers\vmbus.sys [x]
3 VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [x]
3 vsmraid; C:\Windows\system32\DRIVERS\vsmraid.sys [x]
3 WacomPen; C:\Windows\system32\DRIVERS\wacompen.sys [x]
3 Wd; C:\Windows\system32\DRIVERS\wd.sys [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-12-15 06:24 - 2009-07-13 17:52 - 00021584 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\compbatt.sys
2012-12-14 05:34 - 2012-12-14 05:34 - 00001026 ____A C:\Users\user\Desktop\HP LaserJet 1018 - Shortcut.lnk
2012-12-14 03:22 - 2012-12-14 03:20 - 04063232 ___RA C:\Users\user\Gauteng GP Network.xls
2012-12-13 03:48 - 2012-12-13 06:13 - 00011176 ____A C:\Users\user\FRENCH ENGINEERING_339846 (Change Schedule).csv
2012-12-13 03:48 - 2012-12-13 03:49 - 00011176 ____A C:\Users\user\EF337100
2012-12-13 03:48 - 2012-12-13 03:48 - 00011176 ____A C:\Users\user\A5037100
2012-12-12 06:49 - 2012-11-13 23:06 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-12-12 06:49 - 2012-11-13 22:32 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-12-12 06:49 - 2012-11-13 22:11 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-12-12 06:49 - 2012-11-13 22:04 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-12-12 06:49 - 2012-11-13 22:04 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-12-12 06:49 - 2012-11-13 22:02 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-12-12 06:49 - 2012-11-13 22:02 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-12-12 06:49 - 2012-11-13 21:59 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-12-12 06:49 - 2012-11-13 21:58 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-12-12 06:49 - 2012-11-13 21:57 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-12-12 06:49 - 2012-11-13 21:57 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-12-12 06:49 - 2012-11-13 21:55 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-12-12 06:49 - 2012-11-13 21:55 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-12-12 06:49 - 2012-11-13 21:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-12-12 06:49 - 2012-11-13 21:52 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-12-12 06:49 - 2012-11-13 21:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-12-12 06:49 - 2012-11-13 18:48 - 12320256 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-12-12 06:49 - 2012-11-13 18:14 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-12-12 06:49 - 2012-11-13 18:09 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-12-12 06:49 - 2012-11-13 17:58 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-12-12 06:49 - 2012-11-13 17:57 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-12-12 06:49 - 2012-11-13 17:57 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-12-12 06:49 - 2012-11-13 17:55 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-12-12 06:49 - 2012-11-13 17:51 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-12-12 06:49 - 2012-11-13 17:49 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-12-12 06:49 - 2012-11-13 17:49 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-12-12 06:49 - 2012-11-13 17:48 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-12-12 06:49 - 2012-11-13 17:47 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-12-12 06:49 - 2012-11-13 17:46 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-12-12 06:49 - 2012-11-13 17:45 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-12-12 06:49 - 2012-11-13 17:44 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-12-12 06:49 - 2012-11-13 17:41 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-12-11 22:48 - 2012-11-21 19:26 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-12-11 22:48 - 2012-11-08 21:45 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-12-11 22:48 - 2012-11-08 20:42 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-12-11 22:48 - 2012-11-05 13:35 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2012-12-11 22:48 - 2012-11-05 12:41 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2012-12-11 22:48 - 2012-11-05 12:32 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2012-12-11 22:48 - 2012-11-05 12:32 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2012-12-11 22:48 - 2012-10-04 09:46 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2012-12-11 22:48 - 2012-10-04 09:46 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2012-12-11 22:48 - 2012-10-04 09:46 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2012-12-11 22:48 - 2012-10-04 09:45 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-12-11 22:48 - 2012-10-04 09:43 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2012-12-11 22:48 - 2012-10-04 09:41 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-12-11 22:48 - 2012-10-04 09:41 - 00424960 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-12-11 22:48 - 2012-10-04 09:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 09:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 09:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 09:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 08:47 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2012-12-11 22:48 - 2012-10-04 08:47 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2012-12-11 22:48 - 2012-10-04 08:47 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2012-12-11 22:48 - 2012-10-04 08:40 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 08:40 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 07:21 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-12-11 22:48 - 2012-10-04 06:46 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2012-12-11 22:48 - 2012-10-04 06:46 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2012-12-11 22:48 - 2012-10-04 06:46 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2012-12-11 22:48 - 2012-10-04 06:41 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 06:41 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 06:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 06:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-12-11 22:47 - 2012-11-01 21:59 - 00478208 ____A (Microsoft Corporation) C:\Windows\System32\dpnet.dll
2012-12-11 22:47 - 2012-11-01 21:11 - 00376832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2012-12-11 22:47 - 2012-10-04 06:46 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2012-12-11 04:56 - 2011-07-03 22:49 - 00000276 ____A C:\Users\user\Desktop\STD Bank - Copy - Copy.url
2012-12-06 06:03 - 2012-12-06 06:03 - 00163328 ____A C:\Users\user\Desktop\Recon Confirm Contribution Report FEW_201211_1.xls
2012-12-04 02:59 - 2012-12-04 03:24 - 00046080 ____A C:\Users\user\avbob.11.12.xls
2012-12-03 03:20 - 2012-12-03 03:21 - 02545672 ____A C:\Users\user\Downloads\lj1018-HB-pnp-win64-en (1).exe.ym9zas8.partial
2012-12-03 03:20 - 2012-12-03 03:20 - 03258096 ____A C:\Users\user\Downloads\lj1018-HB-pnp-win64-en.exe
2012-12-03 03:20 - 2007-12-09 16:00 - 00567296 ____A () C:\Windows\System32\ZSHP1018.EXE
2012-12-03 03:20 - 2007-12-09 16:00 - 00128380 ____A C:\Windows\System32\hp1018.img
2012-12-03 03:20 - 2007-12-09 16:00 - 00127488 ____A (Zenographics, Inc.) C:\Windows\System32\ZSPOOL.DLL
2012-12-03 03:20 - 2007-12-09 16:00 - 00115200 ____A (Zenographics, Inc.) C:\Windows\System32\ZLhp1018.DLL
2012-12-03 03:20 - 2007-12-09 16:00 - 00061952 ____A (Zenographics, Inc.) C:\Windows\System32\ZIMF.DLL
2012-12-03 03:20 - 2007-12-09 16:00 - 00049664 ____A (Zenographics, Inc.) C:\Windows\System32\ZTAG.DLL
2012-12-03 03:20 - 2007-12-09 16:00 - 00010632 ____A C:\Windows\System32\ZSHP1018.CHM
2012-12-03 03:17 - 2012-12-03 03:17 - 02974136 ____A C:\Users\user\Downloads\lj1018-HB-pnp-win32-en.exe
2012-12-03 02:37 - 2012-12-14 02:13 - 00286409 ____A C:\M1319.log
2012-12-03 02:26 - 2012-12-13 22:53 - 00002028 ____A C:\Windows\setupact.log
2012-12-03 02:26 - 2012-12-03 02:26 - 00000000 ____A C:\Windows\setuperr.log
2012-12-03 02:15 - 2012-12-03 02:15 - 00000828 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-12-03 02:15 - 2012-12-03 02:15 - 00000000 ____D C:\Program Files\CCleaner
2012-12-03 02:12 - 2012-12-03 02:12 - 00315436 ____A C:\Users\user\Downloads\Profwiz3.zip
2012-12-03 01:45 - 2012-12-03 01:45 - 00001026 ____A C:\Users\user\Desktop\hp LaserJet 1010 - Shortcut.lnk
2012-12-03 01:16 - 2012-12-03 01:18 - 20878730 ____A C:\Users\user\Downloads\lj1010serieshb-vista64.zip
2012-12-03 01:09 - 2012-12-03 01:09 - 00000000 ____D C:\lj1010 series
2012-11-27 00:19 - 2012-11-26 23:44 - 01455796 ___RA C:\Users\user\Desktop\app to add dependant.tiff
2012-11-26 23:15 - 2012-11-26 23:15 - 00053248 ____A C:\Users\user\DEPN JULY 2012.xls
2012-11-26 05:01 - 2010-06-09 22:27 - 00047616 ____A C:\Users\user\Desktop\Returns & Request for Credit.xls
2012-11-20 01:21 - 2012-11-20 01:21 - 00000730 ____A C:\Users\user\Desktop\Copy System Louisa.lnk
2012-11-19 05:52 - 2012-12-14 05:43 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-11-19 05:52 - 2012-12-12 01:43 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-11-19 05:52 - 2012-12-12 01:43 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-11-19 05:52 - 2012-11-19 05:52 - 00000000 ____D C:\Windows\System32\Macromed
2012-11-19 02:52 - 2012-11-19 02:52 - 00014336 ____A C:\Users\user\Desktop\Book1.xls


==================== One Month Modified Files and Folders =======

2012-12-17 12:04 - 2012-12-17 12:04 - 00000000 ____D C:\FRST
2012-12-14 06:20 - 2010-05-25 18:14 - 01966679 ____A C:\Windows\WindowsUpdate.log
2012-12-14 05:57 - 2011-07-03 23:02 - 00000000 ____D C:\Users\user\AppData\Roaming\Skype
2012-12-14 05:53 - 2012-10-01 00:38 - 00000112 ____A C:\Windows\System32\config\netlogon.ftl
2012-12-14 05:43 - 2012-11-19 05:52 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-12-14 05:34 - 2012-12-14 05:34 - 00001026 ____A C:\Users\user\Desktop\HP LaserJet 1018 - Shortcut.lnk
2012-12-14 05:27 - 2011-05-08 03:26 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-904651207-2848802423-1292378443-1000UA.job
2012-12-14 03:20 - 2012-12-14 03:22 - 04063232 ___RA C:\Users\user\Gauteng GP Network.xls
2012-12-14 02:33 - 2011-07-01 03:02 - 00000000 ____D C:\Users\user\Desktop\New Folder (3)
2012-12-14 02:31 - 2011-07-01 04:05 - 00000000 ____D C:\Premier
2012-12-14 02:13 - 2012-12-03 02:37 - 00286409 ____A C:\M1319.log
2012-12-14 01:48 - 2011-09-28 00:46 - 00000000 ____D C:\Users\user\Desktop\Clockings
2012-12-13 23:28 - 2011-05-08 03:26 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-904651207-2848802423-1292378443-1000Core.job
2012-12-13 23:01 - 2009-07-13 20:45 - 00010112 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-12-13 23:01 - 2009-07-13 20:45 - 00010112 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-12-13 22:57 - 2009-07-13 21:13 - 00726316 ____A C:\Windows\System32\PerfStringBackup.INI
2012-12-13 22:53 - 2012-12-03 02:26 - 00002028 ____A C:\Windows\setupact.log
2012-12-13 22:53 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-12-13 06:13 - 2012-12-13 03:48 - 00011176 ____A C:\Users\user\FRENCH ENGINEERING_339846 (Change Schedule).csv
2012-12-13 04:30 - 2012-04-12 23:48 - 00000000 ____D C:\Users\user\Desktop\UIF
2012-12-13 03:49 - 2012-12-13 03:48 - 00011176 ____A C:\Users\user\EF337100
2012-12-13 03:48 - 2012-12-13 03:48 - 00011176 ____A C:\Users\user\A5037100
2012-12-12 10:09 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2012-12-12 09:32 - 2009-07-13 20:45 - 00447936 ____A C:\Windows\System32\FNTCACHE.DAT
2012-12-12 01:43 - 2012-11-19 05:52 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-12-12 01:43 - 2012-11-19 05:52 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-12-11 01:16 - 2011-07-01 02:22 - 00000000 ____D C:\Users\user\YEAR.END
2012-12-11 00:57 - 2011-07-01 02:22 - 00000000 ____D C:\Users\user\MEDICAL.AID
2012-12-10 04:30 - 2011-07-01 02:22 - 00000000 ____D C:\Users\user\MONTH END
2012-12-10 00:43 - 2011-07-01 02:22 - 00019968 ____A C:\Users\user\mibfa.benefit.statements.fw..xls
2012-12-10 00:39 - 2012-02-12 23:13 - 00018944 ____A C:\Users\user\mibfa.benefit.statements.fw.n.s.xls
2012-12-10 00:33 - 2011-07-01 02:22 - 00018432 ____A C:\Users\user\mibfa.benefit.statements.fs..xls
2012-12-07 05:47 - 2011-07-01 02:22 - 00000000 ____D C:\Users\user\POP
2012-12-07 05:23 - 2011-07-01 03:02 - 00000000 ____D C:\Users\user\Desktop\New Folder (2)
2012-12-07 05:21 - 2011-07-01 02:22 - 00000000 ____D C:\Users\user\RETURNS
2012-12-07 00:44 - 2011-07-01 02:21 - 00000000 ____D C:\Users\user\FAW
2012-12-07 00:40 - 2011-07-01 02:21 - 00000000 ____D C:\Users\user\FORMS
2012-12-07 00:18 - 2011-07-01 02:21 - 00000000 ____D C:\Users\user\BANK
2012-12-06 06:03 - 2012-12-06 06:03 - 00163328 ____A C:\Users\user\Desktop\Recon Confirm Contribution Report FEW_201211_1.xls
2012-12-06 02:28 - 2011-07-01 02:22 - 00000000 ____D C:\Users\user\TRAVEL
2012-12-05 03:33 - 2011-12-21 04:54 - 00001446 ____A C:\Users\user\Desktop\kjooste (192.1.1.244) - Shortcut.lnk
2012-12-04 03:24 - 2012-12-04 02:59 - 00046080 ____A C:\Users\user\avbob.11.12.xls
2012-12-03 03:21 - 2012-12-03 03:20 - 02545672 ____A C:\Users\user\Downloads\lj1018-HB-pnp-win64-en (1).exe.ym9zas8.partial
2012-12-03 03:20 - 2012-12-03 03:20 - 03258096 ____A C:\Users\user\Downloads\lj1018-HB-pnp-win64-en.exe
2012-12-03 03:20 - 2011-10-20 03:41 - 00000000 ____D C:\Program Files\HP
2012-12-03 03:17 - 2012-12-03 03:17 - 02974136 ____A C:\Users\user\Downloads\lj1018-HB-pnp-win32-en.exe
2012-12-03 02:37 - 2011-10-20 03:13 - 00000000 ____D C:\Program Files (x86)\HP
2012-12-03 02:27 - 2012-10-01 00:42 - 00003078 _RASH C:\Users\All Users\ntuser.pol
2012-12-03 02:26 - 2012-12-03 02:26 - 00000000 ____A C:\Windows\setuperr.log
2012-12-03 02:24 - 2010-05-25 19:11 - 00000000 ____D C:\Windows\Panther
2012-12-03 02:15 - 2012-12-03 02:15 - 00000828 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-12-03 02:15 - 2012-12-03 02:15 - 00000000 ____D C:\Program Files\CCleaner
2012-12-03 02:13 - 2012-10-01 00:35 - 00360840 ____A (ForensiT Limited) C:\Windows\UserProfileMigrationService.exe
2012-12-03 02:12 - 2012-12-03 02:12 - 00315436 ____A C:\Users\user\Downloads\Profwiz3.zip
2012-12-03 01:45 - 2012-12-03 01:45 - 00001026 ____A C:\Users\user\Desktop\hp LaserJet 1010 - Shortcut.lnk
2012-12-03 01:36 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\FxsTmp
2012-12-03 01:18 - 2012-12-03 01:16 - 20878730 ____A C:\Users\user\Downloads\lj1010serieshb-vista64.zip
2012-12-03 01:09 - 2012-12-03 01:09 - 00000000 ____D C:\lj1010 series
2012-11-26 23:44 - 2012-11-27 00:19 - 01455796 ___RA C:\Users\user\Desktop\app to add dependant.tiff
2012-11-26 23:15 - 2012-11-26 23:15 - 00053248 ____A C:\Users\user\DEPN JULY 2012.xls
2012-11-21 19:26 - 2012-12-11 22:48 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-11-21 06:43 - 2012-08-03 00:11 - 00000000 ____D C:\Users\All Users\SYSPRO
2012-11-20 01:24 - 2012-02-29 08:31 - 00000000 ____D C:\Users\user\Desktop\New folder (4)
2012-11-20 01:21 - 2012-11-20 01:21 - 00000730 ____A C:\Users\user\Desktop\Copy System Louisa.lnk
2012-11-19 05:52 - 2012-11-19 05:52 - 00000000 ____D C:\Windows\System32\Macromed
2012-11-19 05:52 - 2010-05-25 18:51 - 00000000 ____D C:\Users\All Users\Adobe
2012-11-19 03:03 - 2011-07-01 02:21 - 00000000 ____D C:\Users\user\AWARDS
2012-11-19 02:52 - 2012-11-19 02:52 - 00014336 ____A C:\Users\user\Desktop\Book1.xls
2012-11-19 00:27 - 2012-08-16 22:33 - 00000000 ____D C:\Users\user\Desktop\Numsa


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================


==================== Memory info ===========================

Percentage of memory in use: 15%
Total physical RAM: 3894.78 MB
Available physical RAM: 3286.25 MB
Total Pagefile: 3892.93 MB
Available Pagefile: 3290.27 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Partitions =============================

1 Drive c: (SYSTEM) (Fixed) (Total:332.88 GB) (Free:250.42 GB) NTFS
2 Drive e: (DATA) (Fixed) (Total:124.78 GB) (Free:11.62 GB) NTFS
3 Drive f: (GRMCULXFRER_EN_DVD) (CDROM) (Total:3 GB) (Free:0 GB) UDF
4 Drive g: () (Removable) (Total:7.21 GB) (Free:7.2 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (BOOT) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 7386 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 8 GB 1024 KB
Partition 2 Primary 100 MB 8 GB
Partition 3 Primary 332 GB 8 GB
Partition 4 Primary 124 GB 340 GB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 RECOVERY NTFS Partition 8 GB Healthy Hidden

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y BOOT NTFS Partition 100 MB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C SYSTEM NTFS Partition 332 GB Healthy

=========================================================

Disk: 0
Partition 4
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E DATA NTFS Partition 124 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7382 MB 4032 KB

==================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G FAT32 Removable 7382 MB Healthy

=========================================================

Last Boot: 2012-12-05 00:11

==================== End Of Log =============================

Edited by hamluis, 18 December 2012 - 11:51 AM.
Moved from Win 7 to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


#2 ffx2

ffx2
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:55 AM

Posted 17 December 2012 - 11:34 AM

ListParts by Farbar Version: 30-10-2012
Ran by SYSTEM (administrator) on 17-12-2012 at 18:15:07
Windows 7 (X64)
Running From: G:\
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 13%
Total physical RAM: 3894.78 MB
Available physical RAM: 3386.88 MB
Total Pagefile: 3892.93 MB
Available Pagefile: 3386.5 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: (SYSTEM) (Fixed) (Total:332.88 GB) (Free:250.42 GB) NTFS
2 Drive e: (DATA) (Fixed) (Total:124.78 GB) (Free:11.62 GB) NTFS
3 Drive f: (GRMCULXFRER_EN_DVD) (CDROM) (Total:3 GB) (Free:0 GB) UDF
4 Drive g: () (Removable) (Total:7.21 GB) (Free:7.2 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (BOOT) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 7386 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 8 GB 1024 KB
Partition 2 Primary 100 MB 8 GB
Partition 3 Primary 332 GB 8 GB
Partition 4 Primary 124 GB 340 GB

======================================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 RECOVERY NTFS Partition 8 GB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y BOOT NTFS Partition 100 MB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C SYSTEM NTFS Partition 332 GB Healthy

======================================================================================================

Disk: 0
Partition 4
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E DATA NTFS Partition 124 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7382 MB 4032 KB

======================================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G FAT32 Removable 7382 MB Healthy

======================================================================================================

Windows Boot Manager
--------------------
identifier {9dea862c-5cdd-4e70-acc1-f32b344d4795}
device partition=Y:
description Windows Boot Manager
locale en-US
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
default {59f5e579-6874-11df-a776-dd62e3d566b6}
resumeobject {22222222-9bac-11de-81f9-c2d03e6e3f52}
displayorder {59f5e579-6874-11df-a776-dd62e3d566b6}
toolsdisplayorder {b2721d73-1db4-4c62-bf78-c548a880142d}
timeout 30
customactions 0x1000043000001
0x54000001
custom:54000001 {88888888-e888-11d4-8888-888888888881}

Windows Boot Loader
-------------------
identifier {59f5e579-6874-11df-a776-dd62e3d566b6}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale en-US
inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
recoverysequence {77fcc085-59f4-11e0-a48f-7071bc623d4e}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {22222222-9bac-11de-81f9-c2d03e6e3f52}
nx OptIn

Windows Boot Loader
-------------------
identifier {77fcc085-59f4-11e0-a48f-7071bc623d4e}
device ramdisk=[C:]\Recovery\77fcc085-59f4-11e0-a48f-7071bc623d4e\Winre.wim,{77fcc086-59f4-11e0-a48f-7071bc623d4e}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
osdevice ramdisk=[C:]\Recovery\77fcc085-59f4-11e0-a48f-7071bc623d4e\Winre.wim,{77fcc086-59f4-11e0-a48f-7071bc623d4e}
systemroot \windows
nx OptIn
winpe Yes
custom:46000010 Yes

Windows Boot Loader
-------------------
identifier {88888888-e888-11d4-8888-888888888881}
device ramdisk=[\Device\HarddiskVolume1]\Sources\Boot.wim,{88888888-f888-11d5-8888-888888888882}
path \windows\system32\boot\winload.exe
description XR4 Recovery
osdevice ramdisk=[\Device\HarddiskVolume1]\Sources\Boot.wim,{88888888-f888-11d5-8888-888888888882}
systemroot \windows
nx OptIn
detecthal Yes
winpe Yes

Resume from Hibernate
---------------------
identifier {22222222-9bac-11de-81f9-c2d03e6e3f52}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {1afa9c49-16ab-4a5c-901b-212802da9460}
filedevice partition=C:
filepath \hiberfil.sys
pae Yes
debugoptionenabled No

Resume from Hibernate
---------------------
identifier {59f5e578-6874-11df-a776-dd62e3d566b6}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {1afa9c49-16ab-4a5c-901b-212802da9460}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {b2721d73-1db4-4c62-bf78-c548a880142d}
device partition=Y:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
badmemoryaccess Yes

EMS Settings
------------
identifier {0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
bootems Yes

Debugger Settings
-----------------
identifier {4636856e-540f-4170-a130-a84776f4c654}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {5189b25c-5558-4bf2-bca4-289b11bd29e2}

Global Settings
---------------
identifier {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
inherit {4636856e-540f-4170-a130-a84776f4c654}
{0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
{5189b25c-5558-4bf2-bca4-289b11bd29e2}
extendedinput Yes

Boot Loader Settings
--------------------
identifier {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
{7ff607e0-4395-11db-b0de-0800200c9a66}

Hypervisor Settings
-------------------
identifier {7ff607e0-4395-11db-b0de-0800200c9a66}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {1afa9c49-16ab-4a5c-901b-212802da9460}
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}

Device options
--------------
identifier {77fcc086-59f4-11e0-a48f-7071bc623d4e}
description Ramdisk Options
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\77fcc085-59f4-11e0-a48f-7071bc623d4e\boot.sdi

Device options
--------------
identifier {88888888-f888-11d5-8888-888888888882}
description XR4 RAM DISK
ramdisksdidevice partition=\Device\HarddiskVolume1
ramdisksdipath \boot\boot.sdi


****** End Of Log ******

#3 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:03:55 AM

Posted 17 December 2012 - 12:59 PM

According to FRST, there seems to be quite a number of locked or missing files.

Reach the Command Prompt as you did before. Run the following command:

sfc /scannow /offbootdir=y:\ /offwindir=c:\windows

Please note that both, the back and forward slash are being used.

Let me know the outcome.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#4 ffx2

ffx2
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:55 AM

Posted 17 December 2012 - 01:27 PM

i get Windows Resource Protection could not start the repair service

Edited by ffx2, 17 December 2012 - 01:31 PM.


#5 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:03:55 AM

Posted 17 December 2012 - 01:51 PM

Lets check the syntax first:

sfc /scannow /offbootdir=y:\ /offwindir=c:\windows

Leave a space between the following arguments:

sfc
/scannow
/offbootdir=y:\
/offwindir=c:\windows


Keep me posted.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#6 ffx2

ffx2
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:55 AM

Posted 17 December 2012 - 02:00 PM

Same Error

#7 Julia G

Julia G

  • Members
  • 138 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:EUROPE
  • Local time:02:55 AM

Posted 17 December 2012 - 02:03 PM

Lets check the syntax first:

sfc /scannow /offbootdir=y:\ /offwindir=c:\windows

Leave a space between the following arguments:

sfc
/scannow
/offbootdir=y:\
/offwindir=c:\windows


Keep me posted.





Shouldn't it be sfc /scannow /offbootdir=c:\ /offwindir=c:\windows ? http://www.sevenforums.com/tutorials/139810-sfc-scannow-run-command-prompt-boot.html

#8 ffx2

ffx2
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:55 AM

Posted 17 December 2012 - 02:06 PM

sfc /scannow /offbootdir=c:\ /offwindir=c:\windows

Does not work as well

#9 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:03:55 AM

Posted 17 December 2012 - 02:15 PM

Lets try restoring the registry to an earlier date.

Download the enclosed file. [attachment=133314:fixlist.txt]

Save it next to FRST.

Run FRST as you did before, except that this time around click on the Fix button and wait.

The tool will make a log in the flashdrive (Fixlog.txt) please post it to your reply.

Once done, scan once again with FRST and post its report. Do not attempt to boot in Normal Mode yet.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#10 ffx2

ffx2
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:55 AM

Posted 17 December 2012 - 02:20 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-12-2012
Ran by SYSTEM at 2012-12-17 21:22:41 Run:4
Running from G:\

==============================================

DEFAULT hive was successfully copied to System32\config\HiveBackup
DEFAULT hive was successfully restored from registry back up.
SAM hive was successfully copied to System32\config\HiveBackup
SAM hive was successfully restored from registry back up.
SECURITY hive was successfully copied to System32\config\HiveBackup
SECURITY hive was successfully restored from registry back up.
SOFTWARE hive was successfully copied to System32\config\HiveBackup
SOFTWARE hive was successfully restored from registry back up.
SYSTEM hive was successfully copied to System32\config\HiveBackup
SYSTEM hive was successfully restored from registry back up.

==== End of Fixlog ====

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-12-2012 (ATTENTION: FRST version is 6 days old)
Ran by SYSTEM at 17-12-2012 21:23:12
Running from G:\
Windows 7 Professional (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [9955872 2010-01-12] (Realtek Semiconductor)
HKLM\...\Run: [fspuip] %ProgramFiles%\FSP\fspuip.exe [3771392 2010-02-03] (Sentelic Corporation)
HKLM\...\Run: [Configuration Center] C:\Program Files\Configuration Center\bin\McaMaster.exe [1583104 2010-03-03] ()
HKLM\...\Run: [SideBar] %ProgramFiles%\Windows Sidebar\sidebar.exe /autoRun [1475584 2010-11-20] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2399632 2011-04-13] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [SBAMTray] "C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe" [3149704 2012-09-19] (GFI Software)
HKU\user\...\Run: [Google Update] "C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-05-08] (Google Inc.)
HKU\user\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17355912 2012-05-02] (Skype Technologies S.A.)
HKU\user\...\Policies\system: [DisableLockWorkstation] 0
Tcpip\Parameters: [DhcpNameServer] 192.1.1.7
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Pervasive.SQL Workgroup Engine.lnk
ShortcutTarget: Pervasive.SQL Workgroup Engine.lnk -> C:\PVSW\bin\w3dbsmgr.exe ()
Startup: C:\Users\user\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Services (Whitelisted) ===================

2 DCService.exe; C:\ProgramData\DatacardService\DCService.exe [229376 2010-05-08] ()
2 DcsService; "C:\Program Files\Configuration Center\bin\DeviceControlService.exe" [1039872 2010-02-24] (Intel Corporation)
2 gfi_lanss10_attservice; "C:\Program Files (x86)\GFI Software\VIPRE\LanGuard 10 Agent\lnssatt.exe" -service [115568 2012-09-12] (GFI Software Development Ltd.)
2 IronTreeDL; "C:\Program Files (x86)\Pastel IronTree\a5backup.exe" -start [163840 2010-03-02] (Attix5 Development (Pty) Ltd)
2 Micro Focus License Manager; "C:\Program Files (x86)\SYSPRO\Runtime\MFLMWin.exe" [394608 2008-11-20] (Micro Focus)
2 SBAMSvc; "C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe" [3677000 2012-09-19] (GFI Software)
2 SBPIMSvc; "C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe" [175496 2012-09-19] (GFI Software)

==================== Drivers (Whitelisted) =====================

3 AcpiPmi; C:\Windows\system32\drivers\acpipmi.sys [x]
3 adp94xx; C:\Windows\system32\DRIVERS\adp94xx.sys [x]
3 adpahci; C:\Windows\system32\DRIVERS\adpahci.sys [x]
3 adpu320; C:\Windows\system32\DRIVERS\adpu320.sys [x]
3 aliide; C:\Windows\system32\drivers\aliide.sys [x]
3 amdide; C:\Windows\system32\drivers\amdide.sys [x]
3 AmdK8; C:\Windows\system32\DRIVERS\amdk8.sys [x]
3 AmdPPM; C:\Windows\system32\DRIVERS\amdppm.sys [x]
3 amdsata; C:\Windows\system32\drivers\amdsata.sys [x]
3 amdsbs; C:\Windows\system32\DRIVERS\amdsbs.sys [x]
0 amdxata; C:\Windows\System32\drivers\amdxata.sys [x]
3 arc; C:\Windows\system32\DRIVERS\arc.sys [x]
3 arcsas; C:\Windows\system32\DRIVERS\arcsas.sys [x]
3 athr; C:\Windows\System32\DRIVERS\athrx.sys [x]
3 b06bdrv; C:\Windows\system32\DRIVERS\bxvbda.sys [x]
3 b57nd60a; C:\Windows\System32\DRIVERS\b57nd60a.sys [x]
1 blbdrive; C:\Windows\System32\DRIVERS\blbdrive.sys [x]
3 BrFiltLo; C:\Windows\system32\DRIVERS\BrFiltLo.sys [x]
3 BrFiltUp; C:\Windows\system32\DRIVERS\BrFiltUp.sys [x]
3 Brserid; C:\Windows\System32\Drivers\Brserid.sys [x]
3 BrSerWdm; C:\Windows\System32\Drivers\BrSerWdm.sys [x]
3 BrUsbMdm; C:\Windows\System32\Drivers\BrUsbMdm.sys [x]
3 BrUsbSer; C:\Windows\System32\Drivers\BrUsbSer.sys [x]
3 BTHMODEM; C:\Windows\system32\DRIVERS\bthmodem.sys [x]
3 BthPan; C:\Windows\System32\DRIVERS\bthpan.sys [x]
3 btusbflt; C:\Windows\System32\drivers\btusbflt.sys [x]
3 btwaudio; C:\Windows\System32\drivers\btwaudio.sys [x]
3 btwavdt; C:\Windows\System32\DRIVERS\btwavdt.sys [x]
3 btwl2cap; C:\Windows\System32\DRIVERS\btwl2cap.sys [x]
3 btwrchid; C:\Windows\System32\DRIVERS\btwrchid.sys [x]
3 circlass; C:\Windows\system32\DRIVERS\circlass.sys [x]
3 cmdide; C:\Windows\system32\drivers\cmdide.sys [x]
4 crcdisk; C:\Windows\system32\DRIVERS\crcdisk.sys [x]
3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [x]
3 elxstor; C:\Windows\system32\DRIVERS\elxstor.sys [x]
3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [x]
3 fdc; C:\Windows\system32\DRIVERS\fdc.sys [x]
3 flpydisk; C:\Windows\system32\DRIVERS\flpydisk.sys [x]
3 fspad_wlh64; C:\Windows\System32\DRIVERS\fspad_wlh64.sys [x]
3 gagp30kx; C:\Windows\system32\DRIVERS\gagp30kx.sys [x]
3 hcw85cir; C:\Windows\system32\drivers\hcw85cir.sys [x]
3 HECIx64; C:\Windows\System32\DRIVERS\HECIx64.sys [x]
3 HidBatt; C:\Windows\system32\DRIVERS\HidBatt.sys [x]
3 HidBth; C:\Windows\system32\DRIVERS\hidbth.sys [x]
3 HidIr; C:\Windows\system32\DRIVERS\hidir.sys [x]
3 HpSAMD; C:\Windows\system32\drivers\HpSAMD.sys [x]
3 huawei_enumerator; C:\Windows\System32\DRIVERS\ew_jubusenum.sys [x]
3 hwdatacard; C:\Windows\System32\DRIVERS\ewusbmdm.sys [x]
0 iaStor; C:\Windows\System32\DRIVERS\iaStor.sys [x]
3 iaStorV; C:\Windows\system32\drivers\iaStorV.sys [x]
3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [x]
3 iirsp; C:\Windows\system32\DRIVERS\iirsp.sys [x]
3 Impcd; C:\Windows\System32\DRIVERS\Impcd.sys [x]
3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKVHD64.sys [x]
3 intelide; C:\Windows\system32\drivers\intelide.sys [x]
3 IPMIDRV; C:\Windows\system32\drivers\IPMIDrv.sys [x]
3 IPMLEBL; C:\Windows\System32\Drivers\ipmlebl.sys [x]
3 L1E; C:\Windows\System32\DRIVERS\L1E62x64.sys [x]
3 LSI_FC; C:\Windows\system32\DRIVERS\lsi_fc.sys [x]
3 LSI_SAS; C:\Windows\system32\DRIVERS\lsi_sas.sys [x]
3 LSI_SAS2; C:\Windows\system32\DRIVERS\lsi_sas2.sys [x]
3 LSI_SCSI; C:\Windows\system32\DRIVERS\lsi_scsi.sys [x]
3 megasas; C:\Windows\system32\DRIVERS\megasas.sys [x]
3 MegaSR; C:\Windows\system32\DRIVERS\MegaSR.sys [x]
0 msahci; C:\Windows\System32\drivers\msahci.sys [x]
3 MTConfig; C:\Windows\system32\DRIVERS\MTConfig.sys [x]
3 nfrd960; C:\Windows\system32\DRIVERS\nfrd960.sys [x]
3 nvraid; C:\Windows\system32\drivers\nvraid.sys [x]
3 nvstor; C:\Windows\system32\drivers\nvstor.sys [x]
3 nv_agp; C:\Windows\system32\drivers\nv_agp.sys [x]
3 Parport; C:\Windows\system32\DRIVERS\parport.sys [x]
3 pcmcia; C:\Windows\system32\DRIVERS\pcmcia.sys [x]
3 Processor; C:\Windows\system32\DRIVERS\processr.sys [x]
3 ql2300; C:\Windows\system32\DRIVERS\ql2300.sys [x]
3 ql40xx; C:\Windows\system32\DRIVERS\ql40xx.sys [x]
3 s3cap; C:\Windows\system32\drivers\vms3cap.sys [x]
2 sbapifs; C:\Windows\System32\DRIVERS\sbapifs.sys [x]
1 SbFw; C:\Windows\System32\drivers\SbFw.sys [x]
3 SBFWIMCL; C:\Windows\System32\DRIVERS\sbfwim.sys [x]
3 SBFWIMCLMP; C:\Windows\System32\DRIVERS\SBFWIM.sys [x]
3 SbHips; C:\Windows\System32\drivers\sbhips.sys [x]
3 sbp2port; C:\Windows\system32\drivers\sbp2port.sys [x]
3 sbwtis; C:\Windows\System32\DRIVERS\sbwtis.sys [x]
2 secdrv; [x]
3 Serenum; C:\Windows\system32\DRIVERS\serenum.sys [x]
3 Serial; C:\Windows\system32\DRIVERS\serial.sys [x]
3 sfloppy; C:\Windows\system32\DRIVERS\sfloppy.sys [x]
3 SiSRaid2; C:\Windows\system32\DRIVERS\SiSRaid2.sys [x]
3 SiSRaid4; C:\Windows\system32\DRIVERS\sisraid4.sys [x]
3 stexstor; C:\Windows\system32\DRIVERS\stexstor.sys [x]
0 storflt; C:\Windows\System32\drivers\vmstorfl.sys [x]
3 storvsc; C:\Windows\system32\drivers\storvsc.sys [x]
3 swenum; C:\Windows\system32\drivers\swenum.sys [x]
3 uagp35; C:\Windows\system32\DRIVERS\uagp35.sys [x]
3 uliagpkx; C:\Windows\system32\drivers\uliagpkx.sys [x]
3 UmPass; C:\Windows\system32\DRIVERS\umpass.sys [x]
3 usbcir; C:\Windows\system32\drivers\usbcir.sys [x]
3 viaide; C:\Windows\system32\drivers\viaide.sys [x]
3 VKBD; C:\Windows\System32\DRIVERS\virkbd.sys [x]
0 vmbus; C:\Windows\System32\drivers\vmbus.sys [x]
3 VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [x]
3 vsmraid; C:\Windows\system32\DRIVERS\vsmraid.sys [x]
3 WacomPen; C:\Windows\system32\DRIVERS\wacompen.sys [x]
3 Wd; C:\Windows\system32\DRIVERS\wd.sys [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-12-17 12:04 - 2012-12-17 12:04 - 00000000 ____D C:\FRST
2012-12-15 06:24 - 2009-07-13 17:52 - 00021584 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\compbatt.sys
2012-12-14 05:34 - 2012-12-14 05:34 - 00001026 ____A C:\Users\user\Desktop\HP LaserJet 1018 - Shortcut.lnk
2012-12-14 03:22 - 2012-12-14 03:20 - 04063232 ___RA C:\Users\user\Gauteng GP Network.xls
2012-12-13 03:48 - 2012-12-13 06:13 - 00011176 ____A C:\Users\user\FRENCH ENGINEERING_339846 (Change Schedule).csv
2012-12-13 03:48 - 2012-12-13 03:49 - 00011176 ____A C:\Users\user\EF337100
2012-12-13 03:48 - 2012-12-13 03:48 - 00011176 ____A C:\Users\user\A5037100
2012-12-12 06:49 - 2012-11-13 23:06 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-12-12 06:49 - 2012-11-13 22:32 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-12-12 06:49 - 2012-11-13 22:11 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-12-12 06:49 - 2012-11-13 22:04 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-12-12 06:49 - 2012-11-13 22:04 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-12-12 06:49 - 2012-11-13 22:02 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-12-12 06:49 - 2012-11-13 22:02 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-12-12 06:49 - 2012-11-13 21:59 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-12-12 06:49 - 2012-11-13 21:58 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-12-12 06:49 - 2012-11-13 21:57 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-12-12 06:49 - 2012-11-13 21:57 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-12-12 06:49 - 2012-11-13 21:55 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-12-12 06:49 - 2012-11-13 21:55 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-12-12 06:49 - 2012-11-13 21:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-12-12 06:49 - 2012-11-13 21:52 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-12-12 06:49 - 2012-11-13 21:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-12-12 06:49 - 2012-11-13 18:48 - 12320256 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-12-12 06:49 - 2012-11-13 18:14 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-12-12 06:49 - 2012-11-13 18:09 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-12-12 06:49 - 2012-11-13 17:58 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-12-12 06:49 - 2012-11-13 17:57 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-12-12 06:49 - 2012-11-13 17:57 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-12-12 06:49 - 2012-11-13 17:55 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-12-12 06:49 - 2012-11-13 17:51 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-12-12 06:49 - 2012-11-13 17:49 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-12-12 06:49 - 2012-11-13 17:49 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-12-12 06:49 - 2012-11-13 17:48 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-12-12 06:49 - 2012-11-13 17:47 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-12-12 06:49 - 2012-11-13 17:46 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-12-12 06:49 - 2012-11-13 17:45 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-12-12 06:49 - 2012-11-13 17:44 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-12-12 06:49 - 2012-11-13 17:41 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-12-11 22:48 - 2012-11-21 19:26 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-12-11 22:48 - 2012-11-08 21:45 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-12-11 22:48 - 2012-11-08 20:42 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-12-11 22:48 - 2012-11-05 13:35 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2012-12-11 22:48 - 2012-11-05 12:41 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2012-12-11 22:48 - 2012-11-05 12:32 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2012-12-11 22:48 - 2012-11-05 12:32 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2012-12-11 22:48 - 2012-10-04 09:46 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2012-12-11 22:48 - 2012-10-04 09:46 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2012-12-11 22:48 - 2012-10-04 09:46 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2012-12-11 22:48 - 2012-10-04 09:45 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-12-11 22:48 - 2012-10-04 09:43 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2012-12-11 22:48 - 2012-10-04 09:41 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-12-11 22:48 - 2012-10-04 09:41 - 00424960 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-12-11 22:48 - 2012-10-04 09:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 09:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 09:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 09:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 08:47 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2012-12-11 22:48 - 2012-10-04 08:47 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2012-12-11 22:48 - 2012-10-04 08:47 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2012-12-11 22:48 - 2012-10-04 08:40 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 08:40 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 07:21 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-12-11 22:48 - 2012-10-04 06:46 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2012-12-11 22:48 - 2012-10-04 06:46 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2012-12-11 22:48 - 2012-10-04 06:46 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2012-12-11 22:48 - 2012-10-04 06:41 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 06:41 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 06:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-12-11 22:48 - 2012-10-04 06:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-12-11 22:47 - 2012-11-01 21:59 - 00478208 ____A (Microsoft Corporation) C:\Windows\System32\dpnet.dll
2012-12-11 22:47 - 2012-11-01 21:11 - 00376832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2012-12-11 22:47 - 2012-10-04 06:46 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2012-12-11 04:56 - 2011-07-03 22:49 - 00000276 ____A C:\Users\user\Desktop\STD Bank - Copy - Copy.url
2012-12-06 06:03 - 2012-12-06 06:03 - 00163328 ____A C:\Users\user\Desktop\Recon Confirm Contribution Report FEW_201211_1.xls
2012-12-04 02:59 - 2012-12-04 03:24 - 00046080 ____A C:\Users\user\avbob.11.12.xls
2012-12-03 03:20 - 2012-12-03 03:21 - 02545672 ____A C:\Users\user\Downloads\lj1018-HB-pnp-win64-en (1).exe.ym9zas8.partial
2012-12-03 03:20 - 2012-12-03 03:20 - 03258096 ____A C:\Users\user\Downloads\lj1018-HB-pnp-win64-en.exe
2012-12-03 03:20 - 2007-12-09 16:00 - 00567296 ____A () C:\Windows\System32\ZSHP1018.EXE
2012-12-03 03:20 - 2007-12-09 16:00 - 00128380 ____A C:\Windows\System32\hp1018.img
2012-12-03 03:20 - 2007-12-09 16:00 - 00127488 ____A (Zenographics, Inc.) C:\Windows\System32\ZSPOOL.DLL
2012-12-03 03:20 - 2007-12-09 16:00 - 00115200 ____A (Zenographics, Inc.) C:\Windows\System32\ZLhp1018.DLL
2012-12-03 03:20 - 2007-12-09 16:00 - 00061952 ____A (Zenographics, Inc.) C:\Windows\System32\ZIMF.DLL
2012-12-03 03:20 - 2007-12-09 16:00 - 00049664 ____A (Zenographics, Inc.) C:\Windows\System32\ZTAG.DLL
2012-12-03 03:20 - 2007-12-09 16:00 - 00010632 ____A C:\Windows\System32\ZSHP1018.CHM
2012-12-03 03:17 - 2012-12-03 03:17 - 02974136 ____A C:\Users\user\Downloads\lj1018-HB-pnp-win32-en.exe
2012-12-03 02:37 - 2012-12-14 02:13 - 00286409 ____A C:\M1319.log
2012-12-03 02:26 - 2012-12-13 22:53 - 00002028 ____A C:\Windows\setupact.log
2012-12-03 02:26 - 2012-12-03 02:26 - 00000000 ____A C:\Windows\setuperr.log
2012-12-03 02:15 - 2012-12-03 02:15 - 00000828 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-12-03 02:15 - 2012-12-03 02:15 - 00000000 ____D C:\Program Files\CCleaner
2012-12-03 02:12 - 2012-12-03 02:12 - 00315436 ____A C:\Users\user\Downloads\Profwiz3.zip
2012-12-03 01:45 - 2012-12-03 01:45 - 00001026 ____A C:\Users\user\Desktop\hp LaserJet 1010 - Shortcut.lnk
2012-12-03 01:16 - 2012-12-03 01:18 - 20878730 ____A C:\Users\user\Downloads\lj1010serieshb-vista64.zip
2012-12-03 01:09 - 2012-12-03 01:09 - 00000000 ____D C:\lj1010 series
2012-11-27 00:19 - 2012-11-26 23:44 - 01455796 ___RA C:\Users\user\Desktop\app to add dependant.tiff
2012-11-26 23:15 - 2012-11-26 23:15 - 00053248 ____A C:\Users\user\DEPN JULY 2012.xls
2012-11-26 05:01 - 2010-06-09 22:27 - 00047616 ____A C:\Users\user\Desktop\Returns & Request for Credit.xls
2012-11-20 01:21 - 2012-11-20 01:21 - 00000730 ____A C:\Users\user\Desktop\Copy System Louisa.lnk
2012-11-19 05:52 - 2012-12-14 05:43 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-11-19 05:52 - 2012-12-12 01:43 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-11-19 05:52 - 2012-12-12 01:43 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-11-19 05:52 - 2012-11-19 05:52 - 00000000 ____D C:\Windows\System32\Macromed
2012-11-19 02:52 - 2012-11-19 02:52 - 00014336 ____A C:\Users\user\Desktop\Book1.xls


==================== One Month Modified Files and Folders =======

2012-12-17 21:22 - 2012-12-17 21:22 - 00000000 ____D C:\Windows\System32\config\HiveBackup
2012-12-17 12:04 - 2012-12-17 12:04 - 00000000 ____D C:\FRST
2012-12-14 06:20 - 2010-05-25 18:14 - 01966679 ____A C:\Windows\WindowsUpdate.log
2012-12-14 05:57 - 2011-07-03 23:02 - 00000000 ____D C:\Users\user\AppData\Roaming\Skype
2012-12-14 05:53 - 2012-10-01 00:38 - 00000112 ____A C:\Windows\System32\config\netlogon.ftl
2012-12-14 05:43 - 2012-11-19 05:52 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-12-14 05:34 - 2012-12-14 05:34 - 00001026 ____A C:\Users\user\Desktop\HP LaserJet 1018 - Shortcut.lnk
2012-12-14 05:27 - 2011-05-08 03:26 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-904651207-2848802423-1292378443-1000UA.job
2012-12-14 03:20 - 2012-12-14 03:22 - 04063232 ___RA C:\Users\user\Gauteng GP Network.xls
2012-12-14 02:33 - 2011-07-01 03:02 - 00000000 ____D C:\Users\user\Desktop\New Folder (3)
2012-12-14 02:31 - 2011-07-01 04:05 - 00000000 ____D C:\Premier
2012-12-14 02:13 - 2012-12-03 02:37 - 00286409 ____A C:\M1319.log
2012-12-14 01:48 - 2011-09-28 00:46 - 00000000 ____D C:\Users\user\Desktop\Clockings
2012-12-13 23:28 - 2011-05-08 03:26 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-904651207-2848802423-1292378443-1000Core.job
2012-12-13 23:01 - 2009-07-13 20:45 - 00010112 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-12-13 23:01 - 2009-07-13 20:45 - 00010112 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-12-13 22:57 - 2009-07-13 21:13 - 00726316 ____A C:\Windows\System32\PerfStringBackup.INI
2012-12-13 22:53 - 2012-12-03 02:26 - 00002028 ____A C:\Windows\setupact.log
2012-12-13 22:53 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-12-13 06:13 - 2012-12-13 03:48 - 00011176 ____A C:\Users\user\FRENCH ENGINEERING_339846 (Change Schedule).csv
2012-12-13 04:30 - 2012-04-12 23:48 - 00000000 ____D C:\Users\user\Desktop\UIF
2012-12-13 03:49 - 2012-12-13 03:48 - 00011176 ____A C:\Users\user\EF337100
2012-12-13 03:48 - 2012-12-13 03:48 - 00011176 ____A C:\Users\user\A5037100
2012-12-12 10:09 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2012-12-12 09:32 - 2009-07-13 20:45 - 00447936 ____A C:\Windows\System32\FNTCACHE.DAT
2012-12-12 01:43 - 2012-11-19 05:52 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-12-12 01:43 - 2012-11-19 05:52 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-12-11 01:16 - 2011-07-01 02:22 - 00000000 ____D C:\Users\user\YEAR.END
2012-12-11 00:57 - 2011-07-01 02:22 - 00000000 ____D C:\Users\user\MEDICAL.AID
2012-12-10 04:30 - 2011-07-01 02:22 - 00000000 ____D C:\Users\user\MONTH END
2012-12-10 00:43 - 2011-07-01 02:22 - 00019968 ____A C:\Users\user\mibfa.benefit.statements.fw..xls
2012-12-10 00:39 - 2012-02-12 23:13 - 00018944 ____A C:\Users\user\mibfa.benefit.statements.fw.n.s.xls
2012-12-10 00:33 - 2011-07-01 02:22 - 00018432 ____A C:\Users\user\mibfa.benefit.statements.fs..xls
2012-12-07 05:47 - 2011-07-01 02:22 - 00000000 ____D C:\Users\user\POP
2012-12-07 05:23 - 2011-07-01 03:02 - 00000000 ____D C:\Users\user\Desktop\New Folder (2)
2012-12-07 05:21 - 2011-07-01 02:22 - 00000000 ____D C:\Users\user\RETURNS
2012-12-07 00:44 - 2011-07-01 02:21 - 00000000 ____D C:\Users\user\FAW
2012-12-07 00:40 - 2011-07-01 02:21 - 00000000 ____D C:\Users\user\FORMS
2012-12-07 00:18 - 2011-07-01 02:21 - 00000000 ____D C:\Users\user\BANK
2012-12-06 06:03 - 2012-12-06 06:03 - 00163328 ____A C:\Users\user\Desktop\Recon Confirm Contribution Report FEW_201211_1.xls
2012-12-06 02:28 - 2011-07-01 02:22 - 00000000 ____D C:\Users\user\TRAVEL
2012-12-05 03:33 - 2011-12-21 04:54 - 00001446 ____A C:\Users\user\Desktop\kjooste (192.1.1.244) - Shortcut.lnk
2012-12-04 03:24 - 2012-12-04 02:59 - 00046080 ____A C:\Users\user\avbob.11.12.xls
2012-12-03 03:21 - 2012-12-03 03:20 - 02545672 ____A C:\Users\user\Downloads\lj1018-HB-pnp-win64-en (1).exe.ym9zas8.partial
2012-12-03 03:20 - 2012-12-03 03:20 - 03258096 ____A C:\Users\user\Downloads\lj1018-HB-pnp-win64-en.exe
2012-12-03 03:20 - 2011-10-20 03:41 - 00000000 ____D C:\Program Files\HP
2012-12-03 03:17 - 2012-12-03 03:17 - 02974136 ____A C:\Users\user\Downloads\lj1018-HB-pnp-win32-en.exe
2012-12-03 02:37 - 2011-10-20 03:13 - 00000000 ____D C:\Program Files (x86)\HP
2012-12-03 02:27 - 2012-10-01 00:42 - 00003078 _RASH C:\Users\All Users\ntuser.pol
2012-12-03 02:26 - 2012-12-03 02:26 - 00000000 ____A C:\Windows\setuperr.log
2012-12-03 02:24 - 2010-05-25 19:11 - 00000000 ____D C:\Windows\Panther
2012-12-03 02:15 - 2012-12-03 02:15 - 00000828 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-12-03 02:15 - 2012-12-03 02:15 - 00000000 ____D C:\Program Files\CCleaner
2012-12-03 02:13 - 2012-10-01 00:35 - 00360840 ____A (ForensiT Limited) C:\Windows\UserProfileMigrationService.exe
2012-12-03 02:12 - 2012-12-03 02:12 - 00315436 ____A C:\Users\user\Downloads\Profwiz3.zip
2012-12-03 01:45 - 2012-12-03 01:45 - 00001026 ____A C:\Users\user\Desktop\hp LaserJet 1010 - Shortcut.lnk
2012-12-03 01:36 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\FxsTmp
2012-12-03 01:18 - 2012-12-03 01:16 - 20878730 ____A C:\Users\user\Downloads\lj1010serieshb-vista64.zip
2012-12-03 01:09 - 2012-12-03 01:09 - 00000000 ____D C:\lj1010 series
2012-11-26 23:44 - 2012-11-27 00:19 - 01455796 ___RA C:\Users\user\Desktop\app to add dependant.tiff
2012-11-26 23:15 - 2012-11-26 23:15 - 00053248 ____A C:\Users\user\DEPN JULY 2012.xls
2012-11-21 19:26 - 2012-12-11 22:48 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-11-21 06:43 - 2012-08-03 00:11 - 00000000 ____D C:\Users\All Users\SYSPRO
2012-11-20 01:24 - 2012-02-29 08:31 - 00000000 ____D C:\Users\user\Desktop\New folder (4)
2012-11-20 01:21 - 2012-11-20 01:21 - 00000730 ____A C:\Users\user\Desktop\Copy System Louisa.lnk
2012-11-19 05:52 - 2012-11-19 05:52 - 00000000 ____D C:\Windows\System32\Macromed
2012-11-19 05:52 - 2010-05-25 18:51 - 00000000 ____D C:\Users\All Users\Adobe
2012-11-19 03:03 - 2011-07-01 02:21 - 00000000 ____D C:\Users\user\AWARDS
2012-11-19 02:52 - 2012-11-19 02:52 - 00014336 ____A C:\Users\user\Desktop\Book1.xls
2012-11-19 00:27 - 2012-08-16 22:33 - 00000000 ____D C:\Users\user\Desktop\Numsa


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================


==================== Memory info ===========================

Percentage of memory in use: 15%
Total physical RAM: 3894.78 MB
Available physical RAM: 3284.41 MB
Total Pagefile: 3892.93 MB
Available Pagefile: 3285.98 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: (SYSTEM) (Fixed) (Total:332.88 GB) (Free:249.99 GB) NTFS
2 Drive e: (DATA) (Fixed) (Total:124.78 GB) (Free:11.62 GB) NTFS
3 Drive f: (GRMCULXFRER_EN_DVD) (CDROM) (Total:3 GB) (Free:0 GB) UDF
4 Drive g: () (Removable) (Total:7.21 GB) (Free:7.2 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (BOOT) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 7386 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 8 GB 1024 KB
Partition 2 Primary 100 MB 8 GB
Partition 3 Primary 332 GB 8 GB
Partition 4 Primary 124 GB 340 GB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 RECOVERY NTFS Partition 8 GB Healthy Hidden

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y BOOT NTFS Partition 100 MB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C SYSTEM NTFS Partition 332 GB Healthy

=========================================================

Disk: 0
Partition 4
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E DATA NTFS Partition 124 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7382 MB 4032 KB

==================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G FAT32 Removable 7382 MB Healthy

=========================================================

Last Boot: 2012-12-05 00:11

==================== End Of Log =============================

#11 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:03:55 AM

Posted 17 December 2012 - 02:56 PM

Run FRST as you did before.

Type the following in the edit box on FRST, after "Search:".

amdxata.sys;iaStor.sys;msahci.sys;vmstorfl.sys;vmbus.sys

It then should look like:

Search: amdxata.sys;iaStor.sys;msahci.sys;vmstorfl.sys;vmbus.sys

Click Search button and post the log (Search.txt) it makes on the USB drive in your next reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#12 ffx2

ffx2
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:55 AM

Posted 17 December 2012 - 03:04 PM

Farbar Recovery Scan Tool (x64) Version: 11-12-2012
Ran by SYSTEM at 2012-12-17 22:05:10
Running from G:\

================== Search: "amdxata.sys;iaStor.sys;msahci.sys;vmstorfl.sys;vmbus.sys" ===================

C:\Windows\winsxs\amd64_wvmbus.inf_31bf3856ad364e35_6.1.7601.17514_none_97a6ab0ec0a6e89a\vmbus.sys
[2011-09-20 23:51] - [2010-11-20 05:34] - 0199552 ____A (Microsoft Corporation) 86EA3E79AE350FEA5331A1303054005F

C:\Windows\winsxs\amd64_wvmbus.inf_31bf3856ad364e35_6.1.7600.16385_none_95759746c3b86500\vmbus.sys
[2009-07-13 15:42] - [2009-07-13 17:45] - 0200272 ____A (Microsoft Corporation) 1501699D7EDA984ABC4155A7DA5738D1

C:\Windows\winsxs\amd64_wstorflt.inf_31bf3856ad364e35_6.1.7601.17514_none_1eb9f40a2eecbab3\vmstorfl.sys
[2011-09-20 23:50] - [2010-11-20 05:34] - 0046464 ____A (Microsoft Corporation) 7785DC213270D2FC066538DAF94087E7

C:\Windows\winsxs\amd64_wstorflt.inf_31bf3856ad364e35_6.1.7600.16385_none_1c88e04231fe3719\vmstorfl.sys
[2009-07-13 15:42] - [2009-07-13 17:45] - 0046672 ____A (Microsoft Corporation) FFD7A6F15B14234B5B0E5D49E7961895

C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\msahci.sys
[2011-09-20 23:50] - [2010-11-20 05:33] - 0031104 ____A (Microsoft Corporation) C25F0BAFA182CBCA2DD3C851C2E75796

C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\msahci.sys
[2009-07-13 16:01] - [2009-07-13 17:48] - 0030272 ____A (Microsoft Corporation) 5C37497276E3B3A5488B23A326A754B7

C:\Windows\winsxs\amd64_amdsata.inf_31bf3856ad364e35_6.1.7601.21680_none_aaccc8deb1e48f1e\amdxata.sys
[2011-09-20 03:23] - [2011-03-10 22:18] - 0027008 ____A (Advanced Micro Devices) 91F0F51F579BE0C3E8A85B57A8637D2D

C:\Windows\winsxs\amd64_amdsata.inf_31bf3856ad364e35_6.1.7601.17577_none_aa54fe0598b884c4\amdxata.sys
[2011-09-20 03:23] - [2011-03-10 22:41] - 0027008 ____A (Advanced Micro Devices) 540DAF1CEA6094886D72126FD7C33048

C:\Windows\winsxs\amd64_amdsata.inf_31bf3856ad364e35_6.1.7601.17514_none_aa92dcaf988a9119\amdxata.sys
[2011-09-20 23:51] - [2010-11-20 05:32] - 0027008 ____A (Advanced Micro Devices) 1142A21DB581A84EA5597B03A26EBAA0

C:\Windows\winsxs\amd64_amdsata.inf_31bf3856ad364e35_6.1.7600.20921_none_a9284d90b48c920a\amdxata.sys
[2011-09-20 03:23] - [2011-03-10 22:25] - 0027008 ____A (Advanced Micro Devices) DECA4E2CB5C7B2A7606932A929866EAF

C:\Windows\winsxs\amd64_amdsata.inf_31bf3856ad364e35_6.1.7600.16778_none_a86fa1499b91322f\amdxata.sys
[2011-09-20 03:23] - [2011-03-10 22:22] - 0027008 ____A (Advanced Micro Devices) DB27766102C7BF7E95140A2AA81D042E

C:\Windows\winsxs\amd64_amdsata.inf_31bf3856ad364e35_6.1.7600.16385_none_a861c8e79b9c0d7f\amdxata.sys
[2009-07-13 13:59] - [2009-07-13 17:52] - 0028752 ____A (Advanced Micro Devices) B4AD0CACBAB298671DD6F6EF7E20679D

C:\Windows\System32\DriverStore\FileRepository\wvmbus.inf_amd64_neutral_fca91999602b0343\vmbus.sys
[2011-09-20 23:51] - [2010-11-20 05:34] - 0199552 ____A (Microsoft Corporation) 86EA3E79AE350FEA5331A1303054005F

C:\Windows\System32\DriverStore\FileRepository\wstorflt.inf_amd64_neutral_3db956c41708f7f5\vmstorfl.sys
[2011-09-20 23:50] - [2010-11-20 05:34] - 0046464 ____A (Microsoft Corporation) 7785DC213270D2FC066538DAF94087E7

C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\msahci.sys
[2011-09-20 23:50] - [2010-11-20 05:33] - 0031104 ____A (Microsoft Corporation) C25F0BAFA182CBCA2DD3C851C2E75796

C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_amd64_neutral_78ebae21a80aa2b4\iaStor.sys
[2010-05-25 18:33] - [2010-03-03 18:51] - 0540696 ____A (Intel Corporation) ABBF174CB394F5C437410A788B7E404A

C:\Windows\System32\DriverStore\FileRepository\amdsata.inf_amd64_neutral_67db50590108ebd9\amdxata.sys
[2011-09-20 23:51] - [2010-11-20 05:32] - 0027008 ____A (Advanced Micro Devices) 1142A21DB581A84EA5597B03A26EBAA0

C:\Windows\System32\DriverStore\FileRepository\amdsata.inf_amd64_neutral_5c3d0d1e97e99e10\amdxata.sys
[2011-09-20 03:23] - [2011-03-10 22:41] - 0027008 ____A (Advanced Micro Devices) 540DAF1CEA6094886D72126FD7C33048

====== End Of Search ======

#13 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:03:55 AM

Posted 17 December 2012 - 03:51 PM

We still have the same problem. Numerous drivers are missing. Lets try restoring some of these to see if there are any changes.

Download the enclosed file. [attachment=133320:fixlist.txt]

Save it next to FRST replacing the existing one.

Run FRST as you did before, except that this time around click on the Fix button and wait.

The tool will make a log in the flashdrive (Fixlog.txt) please post it to your reply.

Once done, scan once again with FRST and post its report. Do not attempt to boot in Normal Mode yet.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#14 ffx2

ffx2
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:55 AM

Posted 17 December 2012 - 04:02 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-12-2012
Ran by SYSTEM at 2012-12-17 23:05:37 Run:5
Running from G:\

==============================================

Could not find C:\Windows\System32\Drivers\vmbus.sys.
C:\Windows\winsxs\amd64_wvmbus.inf_31bf3856ad364e35_6.1.7601.17514_none_97a6ab0ec0a6e89a\vmbus.sys copied successfully to C:\Windows\System32\Drivers\vmbus.sys
Could not find C:\Windows\System32\Drivers\vmstorfl.sys.
C:\Windows\winsxs\amd64_wstorflt.inf_31bf3856ad364e35_6.1.7601.17514_none_1eb9f40a2eecbab3\vmstorfl.sys copied successfully to C:\Windows\System32\Drivers\vmstorfl.sys
Could not find C:\Windows\System32\Drivers\msahci.sys.
C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\msahci.sys copied successfully to C:\Windows\System32\Drivers\msahci.sys
Could not find C:\Windows\System32\Drivers\amdxata.sys.
C:\Windows\winsxs\amd64_amdsata.inf_31bf3856ad364e35_6.1.7601.21680_none_aaccc8deb1e48f1e\amdxata.sys copied successfully to C:\Windows\System32\Drivers\amdxata.sys
Could not find C:\Windows\System32\Drivers\mbus.sys.
C:\Windows\System32\DriverStore\FileRepository\wvmbus.inf_amd64_neutral_fca91999602b0343\vmbus.sys copied successfully to C:\Windows\System32\Drivers\mbus.sys
C:\Windows\System32\Drivers\vmstorfl.sys moved successfully.
C:\Windows\System32\DriverStore\FileRepository\wstorflt.inf_amd64_neutral_3db956c41708f7f5\vmstorfl.sys copied successfully to C:\Windows\System32\Drivers\vmstorfl.sys
C:\Windows\System32\Drivers\msahci.sys moved successfully.
C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\msahci.sys copied successfully to C:\Windows\System32\Drivers\msahci.sys
Could not find C:\Windows\System32\Drivers\iaStor.sys.
C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_amd64_neutral_78ebae21a80aa2b4\iaStor.sys copied successfully to C:\Windows\System32\Drivers\iaStor.sys

==== End of Fixlog ====

#15 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:03:55 AM

Posted 17 December 2012 - 04:54 PM

Scan once again with FRST and post its report.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users