Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Computer operating slowly, pop-up IE windows, virus scan software find

Started by boredcrow , Jan 29 2012 11:45 PM

  • This topic is locked This topic is locked

#46
CompCav
Posted 09 February 2012 - 02:34 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Please run TDSS

Then run ComboFix again in safe mode. When it reboots make sure you tap F8 and re enter safe mode for it to finish.
  • 0

Advertisements

#47
boredcrow
Posted 09 February 2012 - 05:07 PM

boredcrow

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
All right, I seem to be going backward here. TDSS did run, and the log is below. I made sure to restart in Safe Mode, but ComboFix still didn't reappear on restart.

Now MS Essentials keeps finding the same Trojan, asking me to restart... and same again as soon as the restart finishes.


And now the mouse doesn't work again.
::bangs head against table::



Thanks for your persistence with evil rootkit and I.


I haven't run OTL yet, I figured I'd check in first.

13:46:06.0073 6084 TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57
13:46:06.0494 6084 ============================================================
13:46:06.0494 6084 Current date / time: 2012/02/09 13:46:06.0494
13:46:06.0494 6084 SystemInfo:
13:46:06.0494 6084
13:46:06.0494 6084 OS Version: 6.0.6002 ServicePack: 2.0
13:46:06.0494 6084 Product type: Workstation
13:46:06.0494 6084 ComputerName: CODII
13:46:06.0494 6084 UserName: Sabrina
13:46:06.0494 6084 Windows directory: C:\Windows
13:46:06.0494 6084 System windows directory: C:\Windows
13:46:06.0494 6084 Processor architecture: Intel x86
13:46:06.0494 6084 Number of processors: 2
13:46:06.0494 6084 Page size: 0x1000
13:46:06.0494 6084 Boot type: Normal boot
13:46:06.0494 6084 ============================================================
13:46:07.0446 6084 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:46:07.0446 6084 \Device\Harddisk0\DR0:
13:46:07.0446 6084 MBR used
13:46:07.0446 6084 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2F800, BlocksNum 0x1400000
13:46:07.0446 6084 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x142F800, BlocksNum 0x23AFE7F8
13:46:07.0602 6084 Initialize success
13:46:07.0602 6084 ============================================================
13:46:44.0059 5564 ============================================================
13:46:44.0059 5564 Scan started
13:46:44.0059 5564 Mode: Manual; SigCheck; TDLFS;
13:46:44.0059 5564 ============================================================
13:46:44.0839 5564 .netbt - ok
13:46:45.0042 5564 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
13:46:45.0151 5564 ACPI - ok
13:46:45.0369 5564 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
13:46:45.0447 5564 adp94xx - ok
13:46:45.0572 5564 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
13:46:45.0603 5564 adpahci - ok
13:46:45.0759 5564 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
13:46:45.0790 5564 adpu160m - ok
13:46:45.0978 5564 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
13:46:46.0024 5564 adpu320 - ok
13:46:46.0196 5564 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
13:46:46.0258 5564 AFD - ok
13:46:46.0352 5564 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
13:46:46.0383 5564 agp440 - ok
13:46:46.0508 5564 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
13:46:46.0539 5564 aic78xx - ok
13:46:46.0648 5564 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
13:46:46.0664 5564 aliide - ok
13:46:46.0773 5564 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
13:46:46.0804 5564 amdagp - ok
13:46:46.0914 5564 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
13:46:46.0929 5564 amdide - ok
13:46:47.0038 5564 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
13:46:47.0163 5564 AmdK7 - ok
13:46:47.0257 5564 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
13:46:47.0335 5564 AmdK8 - ok
13:46:47.0444 5564 ApfiltrService (350f19eb5fe4ec37a2414df56cde1aa8) C:\Windows\system32\DRIVERS\Apfiltr.sys
13:46:47.0506 5564 ApfiltrService - ok
13:46:47.0709 5564 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
13:46:47.0740 5564 arc - ok
13:46:47.0959 5564 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
13:46:47.0974 5564 arcsas - ok
13:46:48.0162 5564 ASPI (e54e27976e2c5a6465d44c10b1d87ac0) C:\Windows\System32\DRIVERS\ASPI32.sys
13:46:48.0224 5564 ASPI ( UnsignedFile.Multi.Generic ) - warning
13:46:48.0224 5564 ASPI - detected UnsignedFile.Multi.Generic (1)
13:46:48.0333 5564 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
13:46:48.0364 5564 AsyncMac - ok
13:46:48.0552 5564 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
13:46:48.0567 5564 atapi - ok
13:46:48.0723 5564 b57nd60x (32795e299c3aba589a5e04c83d531cdf) C:\Windows\system32\DRIVERS\b57nd60x.sys
13:46:48.0848 5564 b57nd60x - ok
13:46:49.0051 5564 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
13:46:49.0082 5564 Beep - ok
13:46:49.0316 5564 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
13:46:49.0363 5564 blbdrive - ok
13:46:49.0597 5564 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
13:46:49.0737 5564 bowser - ok
13:46:49.0862 5564 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
13:46:49.0909 5564 BrFiltLo - ok
13:46:50.0174 5564 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
13:46:50.0205 5564 BrFiltUp - ok
13:46:50.0377 5564 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
13:46:50.0517 5564 Brserid - ok
13:46:50.0626 5564 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
13:46:50.0751 5564 BrSerWdm - ok
13:46:50.0892 5564 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
13:46:50.0985 5564 BrUsbMdm - ok
13:46:51.0079 5564 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
13:46:51.0204 5564 BrUsbSer - ok
13:46:51.0344 5564 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
13:46:51.0391 5564 BthEnum - ok
13:46:51.0500 5564 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
13:46:51.0594 5564 BTHMODEM - ok
13:46:51.0734 5564 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
13:46:51.0796 5564 BthPan - ok
13:46:51.0859 5564 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
13:46:51.0921 5564 BTHPORT - ok
13:46:52.0062 5564 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
13:46:52.0155 5564 BTHUSB - ok
13:46:52.0296 5564 btwaudio (4a28e7bd365377d0512b7ef8c7596d2c) C:\Windows\system32\drivers\btwaudio.sys
13:46:52.0342 5564 btwaudio - ok
13:46:52.0483 5564 btwavdt (5ffde57253d665067b0886612817eb11) C:\Windows\system32\drivers\btwavdt.sys
13:46:52.0514 5564 btwavdt - ok
13:46:52.0561 5564 btwrchid (ab07dc8b05c31a4f95fc73019be9db15) C:\Windows\system32\DRIVERS\btwrchid.sys
13:46:52.0623 5564 btwrchid - ok
13:46:52.0732 5564 catchme - ok
13:46:52.0826 5564 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
13:46:52.0888 5564 cdfs - ok
13:46:53.0044 5564 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
13:46:53.0122 5564 cdrom - ok
13:46:53.0154 5564 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
13:46:53.0247 5564 circlass - ok
13:46:53.0294 5564 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
13:46:53.0325 5564 CLFS - ok
13:46:53.0434 5564 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
13:46:53.0481 5564 CmBatt - ok
13:46:53.0512 5564 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
13:46:53.0528 5564 cmdide - ok
13:46:53.0559 5564 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
13:46:53.0575 5564 Compbatt - ok
13:46:53.0590 5564 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
13:46:53.0637 5564 crcdisk - ok
13:46:53.0668 5564 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
13:46:53.0746 5564 Crusoe - ok
13:46:53.0856 5564 CSC (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys
13:46:53.0887 5564 CSC - ok
13:46:53.0934 5564 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
13:46:54.0012 5564 DfsC - ok
13:46:54.0121 5564 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
13:46:54.0152 5564 disk - ok
13:46:54.0246 5564 DisplayLinkUsbPort (adccc97ad9af22d019428b6773f23150) C:\Windows\system32\DRIVERS\DisplayLinkUsbPort_5.6.31854.0.sys
13:46:54.0339 5564 DisplayLinkUsbPort - ok
13:46:54.0402 5564 dlkmd (b19e212ef403999dadd5f337746dd21d) C:\Windows\system32\drivers\dlkmd.sys
13:46:54.0464 5564 dlkmd - ok
13:46:54.0511 5564 dlkmdldr (4b9c06a5a539a46aaaface8bdb65218c) C:\Windows\system32\drivers\dlkmdldr.sys
13:46:54.0526 5564 dlkmdldr - ok
13:46:54.0745 5564 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
13:46:54.0792 5564 Dot4 - ok
13:46:54.0870 5564 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
13:46:54.0948 5564 Dot4Print - ok
13:46:54.0994 5564 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
13:46:55.0088 5564 dot4usb - ok
13:46:55.0182 5564 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
13:46:55.0244 5564 drmkaud - ok
13:46:55.0353 5564 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
13:46:55.0400 5564 DXGKrnl - ok
13:46:55.0447 5564 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
13:46:55.0525 5564 e1express - ok
13:46:55.0556 5564 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
13:46:55.0634 5564 E1G60 - ok
13:46:55.0696 5564 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
13:46:55.0728 5564 Ecache - ok
13:46:55.0790 5564 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
13:46:55.0806 5564 elxstor - ok
13:46:55.0837 5564 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
13:46:55.0915 5564 ErrDev - ok
13:46:55.0993 5564 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
13:46:56.0055 5564 exfat - ok
13:46:56.0086 5564 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
13:46:56.0133 5564 fastfat - ok
13:46:56.0180 5564 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
13:46:56.0274 5564 fdc - ok
13:46:56.0289 5564 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
13:46:56.0320 5564 FileInfo - ok
13:46:56.0352 5564 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
13:46:56.0414 5564 Filetrace - ok
13:46:56.0445 5564 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
13:46:56.0508 5564 flpydisk - ok
13:46:56.0554 5564 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
13:46:56.0586 5564 FltMgr - ok
13:46:56.0617 5564 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
13:46:56.0679 5564 Fs_Rec - ok
13:46:56.0695 5564 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
13:46:56.0726 5564 gagp30kx - ok
13:46:56.0804 5564 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
13:46:56.0851 5564 GEARAspiWDM - ok
13:46:56.0960 5564 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:46:57.0054 5564 HDAudBus - ok
13:46:57.0100 5564 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
13:46:57.0178 5564 HidBth - ok
13:46:57.0194 5564 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
13:46:57.0256 5564 HidIr - ok
13:46:57.0334 5564 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
13:46:57.0350 5564 HidUsb - ok
13:46:57.0381 5564 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
13:46:57.0397 5564 HpCISSs - ok
13:46:57.0490 5564 HSF_DPV (e9e589c9ab799f52e18f057635a2b362) C:\Windows\system32\DRIVERS\HSX_DPV.sys
13:46:57.0568 5564 HSF_DPV - ok
13:46:57.0600 5564 HSXHWAZL (7845d2385f4dc7dfb3ccaf0c2fa4948e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
13:46:57.0631 5564 HSXHWAZL - ok
13:46:57.0709 5564 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
13:46:57.0756 5564 HTTP - ok
13:46:57.0802 5564 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
13:46:57.0818 5564 i2omp - ok
13:46:57.0865 5564 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
13:46:57.0927 5564 i8042prt - ok
13:46:57.0958 5564 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\Windows\system32\drivers\iastor.sys
13:46:57.0990 5564 iaStor - ok
13:46:58.0005 5564 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
13:46:58.0036 5564 iaStorV - ok
13:46:58.0114 5564 igfx (c134e69ce901422d1f2d7ea8d69098fe) C:\Windows\system32\DRIVERS\igdkmd32.sys
13:46:58.0224 5564 igfx - ok
13:46:58.0255 5564 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
13:46:58.0286 5564 iirsp - ok
13:46:58.0333 5564 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\DRIVERS\intelide.sys
13:46:58.0348 5564 intelide - ok
13:46:58.0380 5564 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
13:46:58.0442 5564 intelppm - ok
13:46:58.0489 5564 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:46:58.0567 5564 IpFilterDriver - ok
13:46:58.0582 5564 IpInIp - ok
13:46:58.0629 5564 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
13:46:58.0707 5564 IPMIDRV - ok
13:46:58.0770 5564 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
13:46:58.0848 5564 IPNAT - ok
13:46:58.0910 5564 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
13:46:59.0019 5564 IRENUM - ok
13:46:59.0035 5564 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
13:46:59.0066 5564 isapnp - ok
13:46:59.0206 5564 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
13:46:59.0222 5564 iScsiPrt - ok
13:46:59.0347 5564 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
13:46:59.0378 5564 iteatapi - ok
13:46:59.0394 5564 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
13:46:59.0425 5564 iteraid - ok
13:46:59.0503 5564 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
13:46:59.0534 5564 kbdclass - ok
13:46:59.0674 5564 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
13:46:59.0706 5564 kbdhid - ok
13:46:59.0784 5564 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
13:46:59.0815 5564 KSecDD - ok
13:46:59.0908 5564 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
13:46:59.0971 5564 lltdio - ok
13:47:00.0080 5564 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
13:47:00.0111 5564 LSI_FC - ok
13:47:00.0158 5564 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
13:47:00.0189 5564 LSI_SAS - ok
13:47:00.0236 5564 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
13:47:00.0283 5564 LSI_SCSI - ok
13:47:00.0314 5564 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
13:47:00.0392 5564 luafv - ok
13:47:00.0486 5564 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
13:47:00.0501 5564 MBAMProtector - ok
13:47:00.0579 5564 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
13:47:00.0610 5564 mdmxsdk - ok
13:47:00.0688 5564 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
13:47:00.0720 5564 megasas - ok
13:47:00.0782 5564 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
13:47:00.0829 5564 MegaSR - ok
13:47:00.0876 5564 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
13:47:00.0954 5564 Modem - ok
13:47:00.0985 5564 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
13:47:01.0063 5564 monitor - ok
13:47:01.0094 5564 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
13:47:01.0110 5564 mouclass - ok
13:47:01.0219 5564 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
13:47:01.0281 5564 mouhid - ok
13:47:01.0390 5564 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
13:47:01.0422 5564 MountMgr - ok
13:47:01.0531 5564 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
13:47:01.0609 5564 MpFilter - ok
13:47:01.0702 5564 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
13:47:01.0749 5564 mpio - ok
13:47:02.0264 5564 MpKsl267c6a6c (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BB4533DC-5552-478C-BEA2-8A2B5732E0D7}\MpKsl267c6a6c.sys
13:47:02.0295 5564 MpKsl267c6a6c - ok
13:47:02.0654 5564 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
13:47:02.0685 5564 MpNWMon - ok
13:47:02.0794 5564 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
13:47:02.0888 5564 mpsdrv - ok
13:47:02.0935 5564 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
13:47:02.0950 5564 Mraid35x - ok
13:47:03.0044 5564 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
13:47:03.0060 5564 MRxDAV - ok
13:47:03.0153 5564 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:47:03.0184 5564 mrxsmb - ok
13:47:03.0309 5564 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:47:03.0340 5564 mrxsmb10 - ok
13:47:03.0403 5564 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:47:03.0450 5564 mrxsmb20 - ok
13:47:03.0762 5564 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
13:47:03.0777 5564 msahci - ok
13:47:04.0276 5564 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
13:47:04.0323 5564 msdsm - ok
13:47:04.0370 5564 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
13:47:04.0448 5564 Msfs - ok
13:47:04.0510 5564 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
13:47:04.0526 5564 msisadrv - ok
13:47:04.0557 5564 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
13:47:04.0604 5564 MSKSSRV - ok
13:47:04.0635 5564 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
13:47:04.0682 5564 MSPCLOCK - ok
13:47:04.0713 5564 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
13:47:04.0744 5564 MSPQM - ok
13:47:04.0994 5564 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
13:47:05.0041 5564 MsRPC - ok
13:47:05.0150 5564 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
13:47:05.0181 5564 mssmbios - ok
13:47:05.0306 5564 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
13:47:05.0353 5564 MSTEE - ok
13:47:05.0556 5564 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
13:47:05.0587 5564 Mup - ok
13:47:05.0665 5564 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
13:47:05.0727 5564 NativeWifiP - ok
13:47:05.0774 5564 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
13:47:05.0821 5564 NDIS - ok
13:47:05.0868 5564 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
13:47:05.0946 5564 NdisTapi - ok
13:47:05.0977 5564 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
13:47:06.0008 5564 Ndisuio - ok
13:47:06.0164 5564 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
13:47:06.0211 5564 NdisWan - ok
13:47:06.0226 5564 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
13:47:06.0273 5564 NDProxy - ok
13:47:06.0351 5564 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
13:47:06.0414 5564 NetBIOS - ok
13:47:06.0538 5564 NETw4v32 (6522dd40a5f67ced020bd81b856613fb) C:\Windows\system32\DRIVERS\NETw4v32.sys
13:47:06.0648 5564 NETw4v32 - ok
13:47:06.0882 5564 NETwLv32 (d4ef7a9767c05905500ec312cb29ef46) C:\Windows\system32\DRIVERS\NETwLv32.sys
13:47:07.0568 5564 NETwLv32 - ok
13:47:07.0724 5564 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
13:47:07.0740 5564 nfrd960 - ok
13:47:07.0849 5564 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
13:47:07.0880 5564 NisDrv - ok
13:47:07.0927 5564 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
13:47:07.0989 5564 Npfs - ok
13:47:08.0020 5564 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
13:47:08.0083 5564 nsiproxy - ok
13:47:08.0145 5564 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
13:47:08.0332 5564 Ntfs - ok
13:47:08.0364 5564 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
13:47:08.0442 5564 ntrigdigi - ok
13:47:08.0457 5564 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
13:47:08.0488 5564 Null - ok
13:47:08.0520 5564 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
13:47:08.0551 5564 nvraid - ok
13:47:08.0566 5564 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
13:47:08.0598 5564 nvstor - ok
13:47:08.0613 5564 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
13:47:08.0644 5564 nv_agp - ok
13:47:08.0660 5564 NwlnkFlt - ok
13:47:08.0660 5564 NwlnkFwd - ok
13:47:08.0754 5564 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
13:47:08.0816 5564 ohci1394 - ok
13:47:08.0863 5564 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
13:47:08.0972 5564 Parport - ok
13:47:09.0019 5564 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
13:47:09.0050 5564 partmgr - ok
13:47:09.0081 5564 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
13:47:09.0159 5564 Parvdm - ok
13:47:09.0206 5564 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
13:47:09.0237 5564 pci - ok
13:47:09.0253 5564 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
13:47:09.0268 5564 pciide - ok
13:47:09.0315 5564 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
13:47:09.0346 5564 pcmcia - ok
13:47:09.0393 5564 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
13:47:09.0518 5564 PEAUTH - ok
13:47:09.0596 5564 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
13:47:09.0643 5564 PptpMiniport - ok
13:47:09.0674 5564 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
13:47:09.0721 5564 Processor - ok
13:47:09.0783 5564 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
13:47:09.0846 5564 PSched - ok
13:47:09.0892 5564 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys
13:47:09.0924 5564 PxHelp20 - ok
13:47:09.0970 5564 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
13:47:10.0033 5564 ql2300 - ok
13:47:10.0095 5564 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
13:47:10.0126 5564 ql40xx - ok
13:47:10.0158 5564 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
13:47:10.0236 5564 QWAVEdrv - ok
13:47:10.0345 5564 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
13:47:10.0485 5564 R300 - ok
13:47:10.0501 5564 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
13:47:10.0563 5564 RasAcd - ok
13:47:10.0594 5564 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:47:10.0672 5564 Rasl2tp - ok
13:47:10.0719 5564 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
13:47:10.0766 5564 RasPppoe - ok
13:47:10.0797 5564 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
13:47:10.0844 5564 RasSstp - ok
13:47:10.0891 5564 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
13:47:11.0000 5564 rdbss - ok
13:47:11.0031 5564 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:47:11.0047 5564 RDPCDD - ok
13:47:11.0125 5564 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys
13:47:11.0203 5564 rdpdr - ok
13:47:11.0203 5564 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
13:47:11.0250 5564 RDPENCDD - ok
13:47:11.0296 5564 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
13:47:11.0390 5564 RDPWD - ok
13:47:11.0499 5564 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
13:47:11.0530 5564 RFCOMM - ok
13:47:11.0577 5564 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\Windows\system32\DRIVERS\rimmptsk.sys
13:47:11.0608 5564 rimmptsk - ok
13:47:11.0671 5564 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\Windows\system32\DRIVERS\rimsptsk.sys
13:47:11.0718 5564 rimsptsk - ok
13:47:11.0733 5564 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
13:47:11.0780 5564 rismxdp - ok
13:47:11.0827 5564 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
13:47:11.0874 5564 rspndr - ok
13:47:11.0905 5564 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
13:47:11.0952 5564 sbp2port - ok
13:47:12.0014 5564 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
13:47:12.0045 5564 sdbus - ok
13:47:12.0061 5564 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
13:47:12.0123 5564 secdrv - ok
13:47:12.0154 5564 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
13:47:12.0201 5564 Serenum - ok
13:47:12.0248 5564 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
13:47:12.0388 5564 Serial - ok
13:47:12.0420 5564 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
13:47:12.0482 5564 sermouse - ok
13:47:12.0513 5564 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
13:47:12.0544 5564 sffdisk - ok
13:47:12.0591 5564 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
13:47:12.0654 5564 sffp_mmc - ok
13:47:12.0685 5564 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
13:47:12.0732 5564 sffp_sd - ok
13:47:12.0747 5564 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
13:47:12.0810 5564 sfloppy - ok
13:47:12.0841 5564 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
13:47:12.0872 5564 sisagp - ok
13:47:12.0888 5564 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
13:47:12.0919 5564 SiSRaid2 - ok
13:47:12.0950 5564 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
13:47:12.0981 5564 SiSRaid4 - ok
13:47:13.0044 5564 Smb (ed23daaaccaf6f7efcfaf0cc155873e8) C:\Windows\system32\DRIVERS\smb.sys
13:47:13.0075 5564 Suspicious file (Forged): C:\Windows\system32\DRIVERS\smb.sys. Real md5: ed23daaaccaf6f7efcfaf0cc155873e8, Fake md5: 7b75299a4d201d6a6533603d6914ab04
13:47:13.0075 5564 Smb ( Virus.Win32.ZAccess.c ) - infected
13:47:13.0075 5564 Smb - detected Virus.Win32.ZAccess.c (0)
13:47:13.0106 5564 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
13:47:13.0122 5564 spldr - ok
13:47:13.0231 5564 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
13:47:13.0262 5564 srv - ok
13:47:13.0293 5564 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
13:47:13.0324 5564 srv2 - ok
13:47:13.0371 5564 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
13:47:13.0402 5564 srvnet - ok
13:47:13.0465 5564 STHDA (6a2a5e809c2c0178326d92b19ee4aad3) C:\Windows\system32\drivers\stwrt.sys
13:47:13.0496 5564 STHDA - ok
13:47:13.0558 5564 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
13:47:13.0714 5564 StillCam - ok
13:47:13.0777 5564 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
13:47:13.0792 5564 swenum - ok
13:47:13.0824 5564 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
13:47:13.0839 5564 Symc8xx - ok
13:47:13.0870 5564 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
13:47:13.0886 5564 Sym_hi - ok
13:47:13.0917 5564 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
13:47:13.0933 5564 Sym_u3 - ok
13:47:14.0042 5564 Tcpip (6647fce6fc4970daafe5c64c794513d3) C:\Windows\system32\drivers\tcpip.sys
13:47:14.0104 5564 Tcpip - ok
13:47:14.0151 5564 Tcpip6 (6647fce6fc4970daafe5c64c794513d3) C:\Windows\system32\DRIVERS\tcpip.sys
13:47:14.0214 5564 Tcpip6 - ok
13:47:14.0338 5564 tcpipreg (36606b165d04a397bdf613096986d85d) C:\Windows\system32\drivers\tcpipreg.sys
13:47:14.0370 5564 tcpipreg - ok
13:47:14.0401 5564 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
13:47:14.0494 5564 TDPIPE - ok
13:47:14.0541 5564 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
13:47:14.0588 5564 TDTCP - ok
13:47:14.0635 5564 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
13:47:14.0728 5564 tdx - ok
13:47:14.0775 5564 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
13:47:14.0853 5564 TermDD - ok
13:47:14.0884 5564 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:47:14.0962 5564 tssecsrv - ok
13:47:15.0009 5564 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
13:47:15.0040 5564 tunmp - ok
13:47:15.0118 5564 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
13:47:15.0150 5564 tunnel - ok
13:47:15.0212 5564 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
13:47:15.0259 5564 uagp35 - ok
13:47:15.0540 5564 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
13:47:15.0586 5564 udfs - ok
13:47:15.0805 5564 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
13:47:15.0836 5564 uliagpkx - ok
13:47:15.0867 5564 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
13:47:15.0930 5564 uliahci - ok
13:47:15.0976 5564 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
13:47:15.0992 5564 UlSata - ok
13:47:16.0023 5564 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
13:47:16.0054 5564 ulsata2 - ok
13:47:16.0086 5564 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
13:47:16.0132 5564 umbus - ok
13:47:16.0179 5564 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
13:47:16.0226 5564 USBAAPL - ok
13:47:16.0288 5564 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
13:47:16.0335 5564 usbaudio - ok
13:47:16.0366 5564 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
13:47:16.0444 5564 usbccgp - ok
13:47:16.0476 5564 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
13:47:16.0585 5564 usbcir - ok
13:47:16.0663 5564 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
13:47:16.0710 5564 usbehci - ok
13:47:16.0772 5564 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
13:47:16.0834 5564 usbhub - ok
13:47:16.0866 5564 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
13:47:16.0928 5564 usbohci - ok
13:47:17.0022 5564 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
13:47:17.0115 5564 usbprint - ok
13:47:17.0224 5564 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
13:47:17.0287 5564 usbscan - ok
13:47:17.0334 5564 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:47:17.0412 5564 USBSTOR - ok
13:47:17.0458 5564 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
13:47:17.0474 5564 usbuhci - ok
13:47:17.0521 5564 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
13:47:17.0568 5564 vga - ok
13:47:17.0599 5564 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
13:47:17.0630 5564 VgaSave - ok
13:47:17.0661 5564 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
13:47:17.0692 5564 viaagp - ok
13:47:17.0724 5564 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
13:47:17.0770 5564 ViaC7 - ok
13:47:17.0802 5564 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
13:47:17.0833 5564 viaide - ok
13:47:17.0833 5564 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
13:47:17.0864 5564 volmgr - ok
13:47:17.0926 5564 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
13:47:17.0942 5564 volmgrx - ok
13:47:18.0098 5564 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
13:47:18.0129 5564 volsnap - ok
13:47:18.0160 5564 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
13:47:18.0207 5564 vsmraid - ok
13:47:18.0238 5564 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
13:47:18.0301 5564 WacomPen - ok
13:47:18.0332 5564 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
13:47:18.0379 5564 Wanarp - ok
13:47:18.0379 5564 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
13:47:18.0426 5564 Wanarpv6 - ok
13:47:18.0472 5564 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
13:47:18.0488 5564 Wd - ok
13:47:18.0535 5564 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
13:47:18.0566 5564 Wdf01000 - ok
13:47:18.0660 5564 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys
13:47:18.0706 5564 WimFltr - ok
13:47:18.0769 5564 winachsf (4daca8f07537d4d7e3534bb99294aa26) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
13:47:18.0816 5564 winachsf - ok
13:47:18.0878 5564 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
13:47:18.0909 5564 WmiAcpi - ok
13:47:18.0956 5564 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
13:47:18.0987 5564 ws2ifsl - ok
13:47:19.0081 5564 WSDPrintDevice (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys
13:47:19.0112 5564 WSDPrintDevice - ok
13:47:19.0159 5564 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
13:47:19.0190 5564 XAudio - ok
13:47:19.0237 5564 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
13:47:19.0393 5564 \Device\Harddisk0\DR0 - ok
13:47:19.0424 5564 Boot (0x1200) (4617723ff8a272f626a14b3bfeb623da) \Device\Harddisk0\DR0\Partition0
13:47:19.0424 5564 \Device\Harddisk0\DR0\Partition0 - ok
13:47:19.0424 5564 Boot (0x1200) (eafe597acfc21bd173b76a926b50be2b) \Device\Harddisk0\DR0\Partition1
13:47:19.0424 5564 \Device\Harddisk0\DR0\Partition1 - ok
13:47:19.0424 5564 ============================================================
13:47:19.0424 5564 Scan finished
13:47:19.0424 5564 ============================================================
13:47:19.0440 4424 Detected object count: 2
13:47:19.0440 4424 Actual detected object count: 2
13:47:31.0998 4424 ASPI ( UnsignedFile.Multi.Generic ) - skipped by user
13:47:31.0998 4424 ASPI ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:47:32.0138 4424 C:\Windows\system32\DRIVERS\smb.sys - copied to quarantine
13:47:32.0278 4424 Backup copy found, using it..
13:47:32.0356 4424 C:\Windows\system32\DRIVERS\smb.sys - will be cured on reboot
13:47:35.0617 4424 Smb ( Virus.Win32.ZAccess.c ) - User select action: Cure
13:47:38.0986 5784 Deinitialize success
  • 0

#48
CompCav
Posted 09 February 2012 - 05:43 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Keep your AV on for now.

Let's run this scan with a zip drive.

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.


On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
Posted Image
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
  • 0

#49
boredcrow
Posted 09 February 2012 - 05:45 PM

boredcrow

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
Possibly stupid question - how do I tell whether I have a x32 or a x64 bit system?
  • 0

#50
CompCav
Posted 09 February 2012 - 05:50 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
It is a good question (there are no stupid questions) :happy: and here is how to tell:


Click Start >> Computer >> System properties

Look under System

for System type: XX-bit Operating System

Where XX is 32 or 64 :thumbsup:
  • 0

#51
boredcrow
Posted 09 February 2012 - 06:17 PM

boredcrow

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
Thank god I was able to bring my work computer home this weekend!

Here's the scan log:






Scan result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 28-01-2012
Ran by SYSTEM at 2012-02-09 16:12:08
Running from F:\
Windows Vista ™ Business Service Pack 1 (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [997920 2011-06-15] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-09-27] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421736 2011-10-09] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM\...\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2006-12-10] (Hewlett-Packard Co.)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [460872 2012-01-13] (Malwarebytes Corporation)
HKLM\...\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript [981680 2012-01-13] (Malwarebytes Corporation)
HKU\Sabrina\...\Policies\system: [disableregistrytools] 0
HKU\Sabrina\...\Policies\system: [disableregistrytools] 0
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll [X]
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

================================ Services (Whitelisted) ==================

2 AdobeActiveFileMonitor6.0; C:\Windows\System32\pdlndlpb.dll [5632 2008-01-20] (Oak Technology Inc.)
2 AESTFilters; C:\Windows\system32\aestsrv.exe [73728 2008-01-01] (Andrea Electronics Corporation)
2 BcmSqlStartupSvc; "C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" [30312 2008-01-11] (Microsoft Corporation)
2 DisplayLinkService; "C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe" [5240168 2011-04-10] (DisplayLink Corp.)
2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [161048 2008-04-28] (Stardock Corporation)
2 EvtEng; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [866576 2011-01-12] (Intel® Corporation)
3 GoogleDesktopManager-051210-111108; "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [30192 2010-06-18] (Google)
3 GoToAssist; "C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe" Start=service [16680 2008-08-17] (Citrix Online, a division of Citrix Systems, Inc.)
2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [136176 2011-10-09] (Google Inc.)
3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [136176 2011-10-09] (Google Inc.)
2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [652360 2012-01-13] (Malwarebytes Corporation)
2 RegSrvc; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [481552 2011-01-12] (Intel® Corporation)
2 SftService; "C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE" [1692480 2011-08-18] (SoftThinks SAS)
2 STacSV; C:\Windows\system32\STacSV.exe [102400 2008-01-01] (IDT, Inc.)
2 MsMpSvc; "c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe" [x]
3 MSSQL$MSSMLBIZ; "c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [x]
4 MSSQLServerADHelper; "c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe" [x]
3 NisSrv; "c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe" [x]
2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter [x]
2 SQLBrowser; "c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe" [x]
2 SQLWriter; "c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [x]

========================== Drivers (Whitelisted) =============

3 ApfiltrService; C:\Windows\System32\DRIVERS\Apfiltr.sys [155136 2007-09-24] (Alps Electric Co., Ltd.)
3 ASPI; \??\C:\Windows\System32\DRIVERS\ASPI32.sys [84832 2002-07-17] (Adaptec)
3 DisplayLinkUsbPort; C:\Windows\System32\DRIVERS\DisplayLinkUsbPort_5.6.31854.0.sys [21888 2011-04-10] (http://libusb-win32.sourceforge.net)
3 dlkmd; C:\Windows\System32\drivers\dlkmd.sys [182896 2011-04-10] (DisplayLink Corp.)
0 dlkmdldr; C:\Windows\System32\drivers\dlkmdldr.sys [14448 2011-04-10] (DisplayLink Corp.)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [20464 2011-12-10] (Malwarebytes Corporation)
1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [165648 2011-04-18] (Microsoft Corporation)
3 MpNWMon; C:\Windows\System32\DRIVERS\MpNWMon.sys [43392 2011-04-18] (Microsoft Corporation)
4 Mraid35x; C:\Windows\System32\drivers\mraid35x.sys [33384 2006-11-02] (LSI Logic Corporation)
3 NETw4v32; C:\Windows\System32\DRIVERS\NETw4v32.sys [2251776 2007-09-26] (Intel Corporation)
3 NETwLv32; C:\Windows\System32\DRIVERS\NETwLv32.sys [6639616 2010-10-07] (Intel Corporation)
3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [65024 2011-04-27] (Microsoft Corporation)
2 rimmptsk; C:\Windows\System32\DRIVERS\rimmptsk.sys [32256 2006-11-26] (REDC)
2 rimsptsk; C:\Windows\System32\DRIVERS\rimsptsk.sys [43520 2006-11-26] (REDC)
2 rismxdp; C:\Windows\System32\DRIVERS\rixdptsk.sys [37376 2006-11-26] (REDC)
4 SiSRaid2; C:\Windows\System32\drivers\sisraid2.sys [41016 2008-01-20] (Microsoft Corporation)
1 slxrgopt; \??\C:\Windows\system32\drivers\slxrgopt.sys [41680 2012-02-09] (Microsoft Corporation)
4 UlSata; C:\Windows\System32\drivers\ulsata.sys [98408 2006-11-02] (Promise Technology, Inc.)
4 ulsata2; C:\Windows\System32\drivers\ulsata2.sys [115816 2008-01-20] (Promise Technology, Inc.)
3 WimFltr; C:\Windows\System32\DRIVERS\wimfltr.sys [128104 2006-11-01] (Microsoft Corporation)
3 WSDPrintDevice; C:\Windows\System32\DRIVERS\WSDPrint.sys [16896 2008-01-20] (Microsoft Corporation)
3 .cdrom; \? [x]
3 .netbt; \? [x]
3 .smb; \? [x]
3 .tdx; \? [x]
3 catchme; \??\C:\Users\Sabrina\AppData\Local\Temp\catchme.sys [x]
1 cdrom; C:\Windows\System32\DRIVERS\cdrom.sys [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [x]

========================== NetSvcs (Whitelisted) ===========
NETSVC: AdobeActiveFileMonitor6.0

============ One Month Created Files and Folders ==============

2012-02-09 15:53 - 2012-02-09 15:53 - 0041680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\slxrgopt.sys
2012-02-09 14:40 - 2012-02-09 15:41 - 3747655680 __ASH C:\hiberfil.sys
2012-02-09 13:57 - 2012-02-09 14:28 - 0000000 ___SD C:\ComboFix
2012-02-09 13:46 - 2012-02-09 13:47 - 0080070 ____A C:\TDSSKiller.2.7.11.0_09.02.2012_13.46.06_log.txt
2012-02-09 12:18 - 2009-04-10 20:45 - 0072192 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdx.svs
2012-02-09 10:09 - 2012-02-09 10:09 - 0054540 ____A C:\Users\Sabrina\Desktop\GetWellSoon.jpg
2012-02-09 10:09 - 2012-02-09 10:09 - 0054540 ____A C:\Documents and Settings\Sabrina\Desktop\GetWellSoon.jpg
2012-02-09 03:04 - 2012-02-09 03:05 - 0140240 ____A C:\Windows\Minidump\Mini020912-01.dmp
2012-02-08 21:09 - 2012-02-09 13:45 - 4399227 ____R (Swearware) C:\Users\Sabrina\Desktop\ComboFix.exe
2012-02-08 21:09 - 2012-02-09 13:45 - 4399227 ____R (Swearware) C:\Documents and Settings\Sabrina\Desktop\ComboFix.exe
2012-02-08 20:13 - 2012-02-08 20:13 - 0001868 ____A C:\Users\Sabrina\Desktop\aswMBR.txt
2012-02-08 20:13 - 2012-02-08 20:13 - 0001868 ____A C:\Documents and Settings\Sabrina\Desktop\aswMBR.txt
2012-02-08 20:13 - 2012-02-08 20:13 - 0000512 ____A C:\Users\Sabrina\Desktop\MBR.dat
2012-02-08 20:13 - 2012-02-08 20:13 - 0000512 ____A C:\Documents and Settings\Sabrina\Desktop\MBR.dat
2012-02-08 20:12 - 2012-02-08 20:12 - 4733440 ____A (AVAST Software) C:\Users\Sabrina\Desktop\aswMBR.exe
2012-02-08 20:12 - 2012-02-08 20:12 - 4733440 ____A (AVAST Software) C:\Documents and Settings\Sabrina\Desktop\aswMBR.exe
2012-02-08 17:37 - 2012-02-09 14:28 - 0000000 __SHD C:\$RECYCLE.BIN
2012-02-07 22:22 - 2012-02-07 22:22 - 0001912 ____A C:\regi8042.txt
2012-02-07 22:16 - 2012-02-08 20:09 - 0099074 ____A C:\Users\Sabrina\Desktop\OTL.Txt
2012-02-07 22:16 - 2012-02-08 20:09 - 0099074 ____A C:\Documents and Settings\Sabrina\Desktop\OTL.Txt
2012-02-07 21:37 - 2012-02-07 21:50 - 0081272 ____A C:\TDSSKiller.2.7.10.0_07.02.2012_21.37.30_log.txt
2012-02-07 20:58 - 2012-02-09 13:47 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-02-07 20:57 - 2012-02-07 20:59 - 0159598 ____A C:\TDSSKiller.2.7.10.0_07.02.2012_20.57.00_log.txt
2012-02-07 07:34 - 2012-02-07 07:34 - 0140696 ____A C:\Windows\Minidump\Mini020712-01.dmp
2012-02-06 19:35 - 2012-02-08 17:43 - 0000000 ____D C:\Windows\ERDNT
2012-02-06 19:35 - 2011-06-25 22:45 - 0256000 ____A C:\Windows\PEV.exe
2012-02-06 19:35 - 2010-11-07 09:20 - 0208896 ____A C:\Windows\MBR.exe
2012-02-06 19:35 - 2009-04-19 20:56 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-02-06 19:35 - 2000-08-30 16:00 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-02-06 19:35 - 2000-08-30 16:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-02-06 19:35 - 2000-08-30 16:00 - 0098816 ____A C:\Windows\sed.exe
2012-02-06 19:35 - 2000-08-30 16:00 - 0080412 ____A C:\Windows\grep.exe
2012-02-06 19:35 - 2000-08-30 16:00 - 0068096 ____A C:\Windows\zip.exe
2012-02-06 19:25 - 2012-02-06 19:25 - 2623283 ____A C:\Users\Sabrina\Desktop\Note for Suzanne.jpg
2012-02-06 19:25 - 2012-02-06 19:25 - 2623283 ____A C:\Documents and Settings\Sabrina\Desktop\Note for Suzanne.jpg
2012-02-06 19:03 - 2012-02-08 21:11 - 0000000 ___AD C:\Qoobox
2012-02-06 18:51 - 2012-02-06 18:51 - 0010698 ____A C:\Users\Sabrina\Desktop\OTL1.txt
2012-02-06 18:51 - 2012-02-06 18:51 - 0010698 ____A C:\Documents and Settings\Sabrina\Desktop\OTL1.txt
2012-02-06 17:44 - 2012-02-08 19:01 - 0000098 ____A C:\Windows\System32\Drivers\etc\Hosts
2012-02-05 19:58 - 2012-02-05 19:58 - 0000000 ____D C:\_OTL
2012-02-05 19:40 - 2012-02-05 19:40 - 0140624 ____A C:\Windows\Minidump\Mini020512-01.dmp
2012-02-05 19:39 - 2012-02-05 19:39 - 0000162 ___AH C:\Users\Sabrina\Desktop\~$Step 1.docx
2012-02-05 19:39 - 2012-02-05 19:39 - 0000162 ___AH C:\Documents and Settings\Sabrina\Desktop\~$Step 1.docx
2012-02-05 19:30 - 2012-02-05 19:30 - 0230262 ____A C:\Users\Sabrina\Desktop\Step 1.docx
2012-02-05 19:30 - 2012-02-05 19:30 - 0230262 ____A C:\Documents and Settings\Sabrina\Desktop\Step 1.docx
2012-02-05 12:18 - 2012-02-09 12:21 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-02-04 23:24 - 2012-02-04 23:24 - 0140264 ____A C:\Windows\Minidump\Mini020412-03.dmp
2012-02-04 17:28 - 2012-02-04 17:28 - 0140704 ____A C:\Windows\Minidump\Mini020412-02.dmp
2012-02-04 12:14 - 2012-02-04 12:14 - 0140304 ____A C:\Windows\Minidump\Mini020412-01.dmp
2012-02-02 20:33 - 2012-02-02 20:33 - 0037649 ____A C:\Users\Sabrina\My Documents\ShaneGreene-the barking keyhole.rtf
2012-02-02 20:33 - 2012-02-02 20:33 - 0037649 ____A C:\Users\Sabrina\Documents\ShaneGreene-the barking keyhole.rtf
2012-02-02 20:33 - 2012-02-02 20:33 - 0037649 ____A C:\Documents and Settings\Sabrina\My Documents\ShaneGreene-the barking keyhole.rtf
2012-02-02 20:33 - 2012-02-02 20:33 - 0037649 ____A C:\Documents and Settings\Sabrina\Documents\ShaneGreene-the barking keyhole.rtf
2012-02-01 17:38 - 2012-02-01 17:38 - 0140024 ____A C:\Windows\Minidump\Mini020112-01.dmp
2012-02-01 17:07 - 2012-02-01 18:37 - 0000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job
2012-01-29 18:02 - 2012-01-29 18:04 - 0584192 ____A (OldTimer Tools) C:\Users\Sabrina\Desktop\OTL.exe
2012-01-29 18:02 - 2012-01-29 18:04 - 0584192 ____A (OldTimer Tools) C:\Documents and Settings\Sabrina\Desktop\OTL.exe
2012-01-29 17:36 - 2012-01-29 17:36 - 0049602 ____A C:\Users\Sabrina\My Documents\20120129_rootrepeal_report.txt
2012-01-29 17:36 - 2012-01-29 17:36 - 0049602 ____A C:\Users\Sabrina\Documents\20120129_rootrepeal_report.txt
2012-01-29 17:36 - 2012-01-29 17:36 - 0049602 ____A C:\Documents and Settings\Sabrina\My Documents\20120129_rootrepeal_report.txt
2012-01-29 17:36 - 2012-01-29 17:36 - 0049602 ____A C:\Documents and Settings\Sabrina\Documents\20120129_rootrepeal_report.txt
2012-01-28 23:01 - 2012-01-28 23:01 - 0011473 ____A C:\Users\Sabrina\Malwarebytes license key.docx
2012-01-28 23:01 - 2012-01-28 23:01 - 0011473 ____A C:\Documents and Settings\Sabrina\Malwarebytes license key.docx
2012-01-26 15:16 - 2012-01-26 15:16 - 0012777 ____A C:\Users\Sabrina\Desktop\virus.docx
2012-01-26 15:16 - 2012-01-26 15:16 - 0012777 ____A C:\Documents and Settings\Sabrina\Desktop\virus.docx
2012-01-26 12:37 - 2012-01-26 12:37 - 0015097 ____A C:\Users\Sabrina\My Documents\JohnPerkins-Subject SocialScene Alert.doc
2012-01-26 12:37 - 2012-01-26 12:37 - 0015097 ____A C:\Users\Sabrina\Documents\JohnPerkins-Subject SocialScene Alert.doc
2012-01-26 12:37 - 2012-01-26 12:37 - 0015097 ____A C:\Documents and Settings\Sabrina\My Documents\JohnPerkins-Subject SocialScene Alert.doc
2012-01-26 12:37 - 2012-01-26 12:37 - 0015097 ____A C:\Documents and Settings\Sabrina\Documents\JohnPerkins-Subject SocialScene Alert.doc
2012-01-26 12:21 - 2012-01-26 12:21 - 0017920 ____A C:\Users\Sabrina\My Documents\GrLinnaea-Roast Seeds Until Fragrant.doc
2012-01-26 12:21 - 2012-01-26 12:21 - 0017920 ____A C:\Users\Sabrina\Documents\GrLinnaea-Roast Seeds Until Fragrant.doc
2012-01-26 12:21 - 2012-01-26 12:21 - 0017920 ____A C:\Documents and Settings\Sabrina\My Documents\GrLinnaea-Roast Seeds Until Fragrant.doc
2012-01-26 12:21 - 2012-01-26 12:21 - 0017920 ____A C:\Documents and Settings\Sabrina\Documents\GrLinnaea-Roast Seeds Until Fragrant.doc
2012-01-25 18:13 - 2012-02-09 12:20 - 0000506 ____A C:\Windows\Tasks\SystemToolsDailyTest.job
2012-01-25 18:13 - 2012-02-01 17:39 - 0000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2012-01-25 17:39 - 2012-01-25 17:39 - 0000000 ____D C:\found.001
2012-01-24 19:20 - 2012-01-24 19:20 - 0007669 ____A C:\Users\Sabrina\My Documents\TonyRogers-Stanley, The Visigoth King-stanley%2c_the_visigoth_king.submission.rtf
2012-01-24 19:20 - 2012-01-24 19:20 - 0007669 ____A C:\Users\Sabrina\Documents\TonyRogers-Stanley, The Visigoth King-stanley%2c_the_visigoth_king.submission.rtf
2012-01-24 19:20 - 2012-01-24 19:20 - 0007669 ____A C:\Documents and Settings\Sabrina\My Documents\TonyRogers-Stanley, The Visigoth King-stanley%2c_the_visigoth_king.submission.rtf
2012-01-24 19:20 - 2012-01-24 19:20 - 0007669 ____A C:\Documents and Settings\Sabrina\Documents\TonyRogers-Stanley, The Visigoth King-stanley%2c_the_visigoth_king.submission.rtf
2012-01-24 17:53 - 2012-01-24 17:53 - 0195681 ____A C:\Users\Sabrina\delayed email response.docx
2012-01-24 17:53 - 2012-01-24 17:53 - 0195681 ____A C:\Documents and Settings\Sabrina\delayed email response.docx
2012-01-21 12:05 - 2012-01-21 12:05 - 0140280 ____A C:\Windows\Minidump\Mini012112-01.dmp
2012-01-21 11:09 - 2011-11-06 13:57 - 0148926 ____N C:\Windows\hpoins19.dat.temp
2012-01-21 11:09 - 2007-03-13 11:24 - 0026952 ____N C:\Windows\hpomdl19.dat.temp
2012-01-16 15:21 - 2012-01-16 15:21 - 0025600 ____A C:\Users\Sabrina\My Documents\MichaelVella-To Feel the Touch of Another.doc
2012-01-16 15:21 - 2012-01-16 15:21 - 0025600 ____A C:\Users\Sabrina\Documents\MichaelVella-To Feel the Touch of Another.doc
2012-01-16 15:21 - 2012-01-16 15:21 - 0025600 ____A C:\Documents and Settings\Sabrina\My Documents\MichaelVella-To Feel the Touch of Another.doc
2012-01-16 15:21 - 2012-01-16 15:21 - 0025600 ____A C:\Documents and Settings\Sabrina\Documents\MichaelVella-To Feel the Touch of Another.doc
2012-01-14 21:06 - 2012-01-14 21:06 - 0000162 ____A C:\Users\Sabrina\My Documents\KimPullen-The Massacre.doc
2012-01-14 21:06 - 2012-01-14 21:06 - 0000162 ____A C:\Users\Sabrina\Documents\KimPullen-The Massacre.doc
2012-01-14 21:06 - 2012-01-14 21:06 - 0000162 ____A C:\Documents and Settings\Sabrina\My Documents\KimPullen-The Massacre.doc
2012-01-14 21:06 - 2012-01-14 21:06 - 0000162 ____A C:\Documents and Settings\Sabrina\Documents\KimPullen-The Massacre.doc
2012-01-14 20:44 - 2012-01-14 20:44 - 0246272 ____A C:\Users\Sabrina\My Documents\StephenSTEVENSON-Misc.Comedy Bitz.doc
2012-01-14 20:44 - 2012-01-14 20:44 - 0246272 ____A C:\Users\Sabrina\Documents\StephenSTEVENSON-Misc.Comedy Bitz.doc
2012-01-14 20:44 - 2012-01-14 20:44 - 0246272 ____A C:\Documents and Settings\Sabrina\My Documents\StephenSTEVENSON-Misc.Comedy Bitz.doc
2012-01-14 20:44 - 2012-01-14 20:44 - 0246272 ____A C:\Documents and Settings\Sabrina\Documents\StephenSTEVENSON-Misc.Comedy Bitz.doc


============ 3 Months Modified Files and Folders ===============

2012-02-09 16:12 - 2012-02-09 16:12 - 0000000 ____D C:\FRST
2012-02-09 16:07 - 2008-08-17 12:38 - 1740725 ____A C:\Windows\WindowsUpdate.log
2012-02-09 16:07 - 2008-08-17 12:38 - 0000012 ____A C:\Windows\bthservsdp.dat
2012-02-09 16:07 - 2006-11-02 05:01 - 0032582 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-02-09 16:07 - 2006-11-02 05:01 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-02-09 16:05 - 2006-11-02 04:47 - 0003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-02-09 16:05 - 2006-11-02 04:47 - 0003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-02-09 15:53 - 2012-02-09 15:53 - 0041680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\slxrgopt.sys
2012-02-09 15:50 - 2011-10-09 13:28 - 0000888 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-02-09 15:48 - 2006-11-02 02:33 - 0773968 ____A C:\Windows\System32\PerfStringBackup.INI
2012-02-09 15:42 - 2011-01-23 13:48 - 0000000 ____D C:\Users\Default\Local Settings\SoftThinks
2012-02-09 15:42 - 2011-01-23 13:48 - 0000000 ____D C:\Users\Default\Local Settings\Application Data\SoftThinks
2012-02-09 15:42 - 2011-01-23 13:48 - 0000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2012-02-09 15:42 - 2011-01-23 13:48 - 0000000 ____D C:\Users\Default User\Local Settings\SoftThinks
2012-02-09 15:42 - 2011-01-23 13:48 - 0000000 ____D C:\Users\Default User\Local Settings\Application Data\SoftThinks
2012-02-09 15:42 - 2011-01-23 13:48 - 0000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2012-02-09 15:42 - 2011-01-23 13:48 - 0000000 ____D C:\Documents and Settings\Default\Local Settings\SoftThinks
2012-02-09 15:42 - 2011-01-23 13:48 - 0000000 ____D C:\Documents and Settings\Default\Local Settings\Application Data\SoftThinks
2012-02-09 15:42 - 2011-01-23 13:48 - 0000000 ____D C:\Documents and Settings\Default\AppData\Local\SoftThinks
2012-02-09 15:42 - 2011-01-23 13:48 - 0000000 ____D C:\Documents and Settings\Default User\Local Settings\SoftThinks
2012-02-09 15:42 - 2011-01-23 13:48 - 0000000 ____D C:\Documents and Settings\Default User\Local Settings\Application Data\SoftThinks
2012-02-09 15:42 - 2011-01-23 13:48 - 0000000 ____D C:\Documents and Settings\Default User\AppData\Local\SoftThinks
2012-02-09 15:42 - 2011-01-18 18:27 - 0000000 ____D C:\Program Files\Dell DataSafe Local Backup
2012-02-09 15:41 - 2012-02-09 14:40 - 3747655680 __ASH C:\hiberfil.sys
2012-02-09 15:41 - 2011-10-09 13:28 - 0000884 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-02-09 15:01 - 2006-11-02 04:52 - 0115163 ____A C:\Windows\setupact.log
2012-02-09 14:39 - 2011-12-07 19:53 - 0887704 ____A C:\Windows\ntbtlog.txt
2012-02-09 14:37 - 2008-09-17 07:14 - 0001356 ____A C:\Users\Sabrina\Local Settings\d3d9caps.dat
2012-02-09 14:37 - 2008-09-17 07:14 - 0001356 ____A C:\Users\Sabrina\Local Settings\Application Data\d3d9caps.dat
2012-02-09 14:37 - 2008-09-17 07:14 - 0001356 ____A C:\Users\Sabrina\AppData\Local\d3d9caps.dat
2012-02-09 14:37 - 2008-09-17 07:14 - 0001356 ____A C:\Documents and Settings\Sabrina\Local Settings\d3d9caps.dat
2012-02-09 14:37 - 2008-09-17 07:14 - 0001356 ____A C:\Documents and Settings\Sabrina\Local Settings\Application Data\d3d9caps.dat
2012-02-09 14:37 - 2008-09-17 07:14 - 0001356 ____A C:\Documents and Settings\Sabrina\AppData\Local\d3d9caps.dat
2012-02-09 14:28 - 2012-02-09 13:57 - 0000000 ___SD C:\ComboFix
2012-02-09 14:28 - 2012-02-08 17:37 - 0000000 __SHD C:\$RECYCLE.BIN
2012-02-09 14:28 - 2006-11-02 05:00 - 0037828 ____A C:\Windows\PFRO.log
2012-02-09 13:47 - 2012-02-09 13:46 - 0080070 ____A C:\TDSSKiller.2.7.11.0_09.02.2012_13.46.06_log.txt
2012-02-09 13:47 - 2012-02-07 20:58 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-02-09 13:45 - 2012-02-08 21:09 - 4399227 ____R (Swearware) C:\Users\Sabrina\Desktop\ComboFix.exe
2012-02-09 13:45 - 2012-02-08 21:09 - 4399227 ____R (Swearware) C:\Documents and Settings\Sabrina\Desktop\ComboFix.exe
2012-02-09 13:30 - 2011-10-20 19:21 - 0000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4058585062-3446566008-1817747084-1003UA.job
2012-02-09 12:21 - 2012-02-05 12:18 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-02-09 12:20 - 2012-01-25 18:13 - 0000506 ____A C:\Windows\Tasks\SystemToolsDailyTest.job
2012-02-09 10:09 - 2012-02-09 10:09 - 0054540 ____A C:\Users\Sabrina\Desktop\GetWellSoon.jpg
2012-02-09 10:09 - 2012-02-09 10:09 - 0054540 ____A C:\Documents and Settings\Sabrina\Desktop\GetWellSoon.jpg
2012-02-09 03:05 - 2012-02-09 03:04 - 0140240 ____A C:\Windows\Minidump\Mini020912-01.dmp
2012-02-09 03:04 - 2008-10-12 23:05 - 0000000 ____D C:\Windows\Minidump
2012-02-09 03:04 - 2008-10-12 23:04 - 400343103 ____A C:\Windows\MEMORY.DMP
2012-02-08 21:11 - 2012-02-06 19:03 - 0000000 ___AD C:\Qoobox
2012-02-08 20:13 - 2012-02-08 20:13 - 0001868 ____A C:\Users\Sabrina\Desktop\aswMBR.txt
2012-02-08 20:13 - 2012-02-08 20:13 - 0001868 ____A C:\Documents and Settings\Sabrina\Desktop\aswMBR.txt
2012-02-08 20:13 - 2012-02-08 20:13 - 0000512 ____A C:\Users\Sabrina\Desktop\MBR.dat
2012-02-08 20:13 - 2012-02-08 20:13 - 0000512 ____A C:\Documents and Settings\Sabrina\Desktop\MBR.dat
2012-02-08 20:12 - 2012-02-08 20:12 - 4733440 ____A (AVAST Software) C:\Users\Sabrina\Desktop\aswMBR.exe
2012-02-08 20:12 - 2012-02-08 20:12 - 4733440 ____A (AVAST Software) C:\Documents and Settings\Sabrina\Desktop\aswMBR.exe
2012-02-08 20:09 - 2012-02-07 22:16 - 0099074 ____A C:\Users\Sabrina\Desktop\OTL.Txt
2012-02-08 20:09 - 2012-02-07 22:16 - 0099074 ____A C:\Documents and Settings\Sabrina\Desktop\OTL.Txt
2012-02-08 19:01 - 2012-02-06 17:44 - 0000098 ____A C:\Windows\System32\Drivers\etc\Hosts
2012-02-08 17:46 - 2006-11-02 03:18 - 0000000 __RHD C:\users\Default
2012-02-08 17:46 - 2006-11-02 03:18 - 0000000 ___RD C:\users\Public
2012-02-08 17:43 - 2012-02-06 19:35 - 0000000 ____D C:\Windows\ERDNT
2012-02-08 17:37 - 2006-11-02 02:23 - 0000215 ____A C:\Windows\system.ini
2012-02-08 17:34 - 2008-08-28 10:57 - 0000000 ____D C:\users\Sabrina
2012-02-08 17:30 - 2011-10-20 19:21 - 0000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4058585062-3446566008-1817747084-1003Core.job
2012-02-08 17:15 - 2008-08-28 13:43 - 0000000 ____D C:\Users\Sabrina\Desktop\Recipes
2012-02-08 17:15 - 2008-08-28 13:43 - 0000000 ____D C:\Documents and Settings\Sabrina\Desktop\Recipes
2012-02-07 22:22 - 2012-02-07 22:22 - 0001912 ____A C:\regi8042.txt
2012-02-07 21:50 - 2012-02-07 21:37 - 0081272 ____A C:\TDSSKiller.2.7.10.0_07.02.2012_21.37.30_log.txt
2012-02-07 20:59 - 2012-02-07 20:57 - 0159598 ____A C:\TDSSKiller.2.7.10.0_07.02.2012_20.57.00_log.txt
2012-02-07 07:34 - 2012-02-07 07:34 - 0140696 ____A C:\Windows\Minidump\Mini020712-01.dmp
2012-02-06 19:25 - 2012-02-06 19:25 - 2623283 ____A C:\Users\Sabrina\Desktop\Note for Suzanne.jpg
2012-02-06 19:25 - 2012-02-06 19:25 - 2623283 ____A C:\Documents and Settings\Sabrina\Desktop\Note for Suzanne.jpg
2012-02-06 18:51 - 2012-02-06 18:51 - 0010698 ____A C:\Users\Sabrina\Desktop\OTL1.txt
2012-02-06 18:51 - 2012-02-06 18:51 - 0010698 ____A C:\Documents and Settings\Sabrina\Desktop\OTL1.txt
2012-02-05 19:59 - 2006-11-02 03:18 - 0000000 ___SD C:\Windows\Downloaded Program Files
2012-02-05 19:58 - 2012-02-05 19:58 - 0000000 ____D C:\_OTL
2012-02-05 19:40 - 2012-02-05 19:40 - 0140624 ____A C:\Windows\Minidump\Mini020512-01.dmp
2012-02-05 19:39 - 2012-02-05 19:39 - 0000162 ___AH C:\Users\Sabrina\Desktop\~$Step 1.docx
2012-02-05 19:39 - 2012-02-05 19:39 - 0000162 ___AH C:\Documents and Settings\Sabrina\Desktop\~$Step 1.docx
2012-02-05 19:30 - 2012-02-05 19:30 - 0230262 ____A C:\Users\Sabrina\Desktop\Step 1.docx
2012-02-05 19:30 - 2012-02-05 19:30 - 0230262 ____A C:\Documents and Settings\Sabrina\Desktop\Step 1.docx
2012-02-04 23:24 - 2012-02-04 23:24 - 0140264 ____A C:\Windows\Minidump\Mini020412-03.dmp
2012-02-04 17:28 - 2012-02-04 17:28 - 0140704 ____A C:\Windows\Minidump\Mini020412-02.dmp
2012-02-04 14:50 - 2011-12-14 21:53 - 0011453 ____A C:\Users\Sabrina\Bills.xlsx
2012-02-04 14:50 - 2011-12-14 21:53 - 0011453 ____A C:\Documents and Settings\Sabrina\Bills.xlsx
2012-02-04 12:14 - 2012-02-04 12:14 - 0140304 ____A C:\Windows\Minidump\Mini020412-01.dmp
2012-02-02 21:58 - 2008-08-31 20:12 - 0000000 ____D C:\Users\Sabrina\Desktop\Edits
2012-02-02 21:58 - 2008-08-31 20:12 - 0000000 ____D C:\Documents and Settings\Sabrina\Desktop\Edits
2012-02-02 20:33 - 2012-02-02 20:33 - 0037649 ____A C:\Users\Sabrina\My Documents\ShaneGreene-the barking keyhole.rtf
2012-02-02 20:33 - 2012-02-02 20:33 - 0037649 ____A C:\Users\Sabrina\Documents\ShaneGreene-the barking keyhole.rtf
2012-02-02 20:33 - 2012-02-02 20:33 - 0037649 ____A C:\Documents and Settings\Sabrina\My Documents\ShaneGreene-the barking keyhole.rtf
2012-02-02 20:33 - 2012-02-02 20:33 - 0037649 ____A C:\Documents and Settings\Sabrina\Documents\ShaneGreene-the barking keyhole.rtf
2012-02-02 14:40 - 2011-12-06 10:02 - 0008752 ____A C:\Users\Sabrina\Desktop\Connections.xlsx
2012-02-02 14:40 - 2011-12-06 10:02 - 0008752 ____A C:\Documents and Settings\Sabrina\Desktop\Connections.xlsx
2012-02-02 14:02 - 2010-12-15 18:22 - 0010990 ____A C:\Users\Sabrina\My Documents\music list.docx
2012-02-02 14:02 - 2010-12-15 18:22 - 0010990 ____A C:\Users\Sabrina\Documents\music list.docx
2012-02-02 14:02 - 2010-12-15 18:22 - 0010990 ____A C:\Documents and Settings\Sabrina\My Documents\music list.docx
2012-02-02 14:02 - 2010-12-15 18:22 - 0010990 ____A C:\Documents and Settings\Sabrina\Documents\music list.docx
2012-02-01 23:41 - 2011-04-27 20:42 - 0012983 ____A C:\Users\Sabrina\Desktop\Kalliyan.docx
2012-02-01 23:41 - 2011-04-27 20:42 - 0012983 ____A C:\Documents and Settings\Sabrina\Desktop\Kalliyan.docx
2012-02-01 18:37 - 2012-02-01 17:07 - 0000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job
2012-02-01 17:45 - 2011-02-06 12:00 - 0000000 ____D C:\Config.Msi
2012-02-01 17:39 - 2012-01-25 18:13 - 0000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2012-02-01 17:38 - 2012-02-01 17:38 - 0140024 ____A C:\Windows\Minidump\Mini020112-01.dmp
2012-02-01 17:37 - 2011-12-07 20:24 - 0000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-01-31 12:27 - 2011-05-08 20:37 - 0000000 ____D C:\Users\All Users\PCDr
2012-01-31 12:27 - 2011-05-08 20:37 - 0000000 ____D C:\Users\All Users\Application Data\PCDr
2012-01-31 12:27 - 2011-05-08 20:37 - 0000000 ____D C:\ProgramData\PCDr
2012-01-31 12:27 - 2011-05-08 20:37 - 0000000 ____D C:\Documents and Settings\All Users\PCDr
2012-01-31 12:27 - 2011-05-08 20:37 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\PCDr
2012-01-31 04:44 - 2009-10-02 11:02 - 0237072 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-01-29 18:04 - 2012-01-29 18:02 - 0584192 ____A (OldTimer Tools) C:\Users\Sabrina\Desktop\OTL.exe
2012-01-29 18:04 - 2012-01-29 18:02 - 0584192 ____A (OldTimer Tools) C:\Documents and Settings\Sabrina\Desktop\OTL.exe
2012-01-29 17:36 - 2012-01-29 17:36 - 0049602 ____A C:\Users\Sabrina\My Documents\20120129_rootrepeal_report.txt
2012-01-29 17:36 - 2012-01-29 17:36 - 0049602 ____A C:\Users\Sabrina\Documents\20120129_rootrepeal_report.txt
2012-01-29 17:36 - 2012-01-29 17:36 - 0049602 ____A C:\Documents and Settings\Sabrina\My Documents\20120129_rootrepeal_report.txt
2012-01-29 17:36 - 2012-01-29 17:36 - 0049602 ____A C:\Documents and Settings\Sabrina\Documents\20120129_rootrepeal_report.txt
2012-01-28 23:01 - 2012-01-28 23:01 - 0011473 ____A C:\Users\Sabrina\Malwarebytes license key.docx
2012-01-28 23:01 - 2012-01-28 23:01 - 0011473 ____A C:\Documents and Settings\Sabrina\Malwarebytes license key.docx
2012-01-26 15:16 - 2012-01-26 15:16 - 0012777 ____A C:\Users\Sabrina\Desktop\virus.docx
2012-01-26 15:16 - 2012-01-26 15:16 - 0012777 ____A C:\Documents and Settings\Sabrina\Desktop\virus.docx
2012-01-26 12:37 - 2012-01-26 12:37 - 0015097 ____A C:\Users\Sabrina\My Documents\JohnPerkins-Subject SocialScene Alert.doc
2012-01-26 12:37 - 2012-01-26 12:37 - 0015097 ____A C:\Users\Sabrina\Documents\JohnPerkins-Subject SocialScene Alert.doc
2012-01-26 12:37 - 2012-01-26 12:37 - 0015097 ____A C:\Documents and Settings\Sabrina\My Documents\JohnPerkins-Subject SocialScene Alert.doc
2012-01-26 12:37 - 2012-01-26 12:37 - 0015097 ____A C:\Documents and Settings\Sabrina\Documents\JohnPerkins-Subject SocialScene Alert.doc
2012-01-26 12:21 - 2012-01-26 12:21 - 0017920 ____A C:\Users\Sabrina\My Documents\GrLinnaea-Roast Seeds Until Fragrant.doc
2012-01-26 12:21 - 2012-01-26 12:21 - 0017920 ____A C:\Users\Sabrina\Documents\GrLinnaea-Roast Seeds Until Fragrant.doc
2012-01-26 12:21 - 2012-01-26 12:21 - 0017920 ____A C:\Documents and Settings\Sabrina\My Documents\GrLinnaea-Roast Seeds Until Fragrant.doc
2012-01-26 12:21 - 2012-01-26 12:21 - 0017920 ____A C:\Documents and Settings\Sabrina\Documents\GrLinnaea-Roast Seeds Until Fragrant.doc
2012-01-25 18:13 - 2008-08-17 18:05 - 0000000 ____D C:\Program Files\Dell Support Center
2012-01-25 17:39 - 2012-01-25 17:39 - 0000000 ____D C:\found.001
2012-01-24 19:20 - 2012-01-24 19:20 - 0007669 ____A C:\Users\Sabrina\My Documents\TonyRogers-Stanley, The Visigoth King-stanley%2c_the_visigoth_king.submission.rtf
2012-01-24 19:20 - 2012-01-24 19:20 - 0007669 ____A C:\Users\Sabrina\Documents\TonyRogers-Stanley, The Visigoth King-stanley%2c_the_visigoth_king.submission.rtf
2012-01-24 19:20 - 2012-01-24 19:20 - 0007669 ____A C:\Documents and Settings\Sabrina\My Documents\TonyRogers-Stanley, The Visigoth King-stanley%2c_the_visigoth_king.submission.rtf
2012-01-24 19:20 - 2012-01-24 19:20 - 0007669 ____A C:\Documents and Settings\Sabrina\Documents\TonyRogers-Stanley, The Visigoth King-stanley%2c_the_visigoth_king.submission.rtf
2012-01-24 17:53 - 2012-01-24 17:53 - 0195681 ____A C:\Users\Sabrina\delayed email response.docx
2012-01-24 17:53 - 2012-01-24 17:53 - 0195681 ____A C:\Documents and Settings\Sabrina\delayed email response.docx
2012-01-21 12:08 - 2006-11-02 02:23 - 0000254 ____A C:\Windows\win.ini
2012-01-21 12:05 - 2012-01-21 12:05 - 0140280 ____A C:\Windows\Minidump\Mini012112-01.dmp
2012-01-21 12:01 - 2006-11-02 04:37 - 0000000 ____D C:\Windows\twain_32
2012-01-21 11:15 - 2011-11-06 13:40 - 0148420 ____A C:\Windows\hpoins19.dat
2012-01-21 11:15 - 2011-02-06 11:56 - 0007123 ____A C:\Users\All Users\hpzinstall.log
2012-01-21 11:15 - 2011-02-06 11:56 - 0007123 ____A C:\Users\All Users\Application Data\hpzinstall.log
2012-01-21 11:15 - 2011-02-06 11:56 - 0007123 ____A C:\ProgramData\hpzinstall.log
2012-01-21 11:15 - 2011-02-06 11:56 - 0007123 ____A C:\Documents and Settings\All Users\hpzinstall.log
2012-01-21 11:15 - 2011-02-06 11:56 - 0007123 ____A C:\Documents and Settings\All Users\Application Data\hpzinstall.log
2012-01-21 11:13 - 2011-02-06 12:12 - 0000000 ____D C:\Users\Sabrina\Application Data\HP
2012-01-21 11:13 - 2011-02-06 12:12 - 0000000 ____D C:\Users\Sabrina\AppData\Roaming\HP
2012-01-21 11:13 - 2011-02-06 12:12 - 0000000 ____D C:\Documents and Settings\Sabrina\Application Data\HP
2012-01-21 11:13 - 2011-02-06 12:12 - 0000000 ____D C:\Documents and Settings\Sabrina\AppData\Roaming\HP
2012-01-17 20:21 - 2009-09-28 11:41 - 0000000 ____D C:\Users\Sabrina\Desktop\Thesis
2012-01-17 20:21 - 2009-09-28 11:41 - 0000000 ____D C:\Documents and Settings\Sabrina\Desktop\Thesis
2012-01-16 15:21 - 2012-01-16 15:21 - 0025600 ____A C:\Users\Sabrina\My Documents\MichaelVella-To Feel the Touch of Another.doc
2012-01-16 15:21 - 2012-01-16 15:21 - 0025600 ____A C:\Users\Sabrina\Documents\MichaelVella-To Feel the Touch of Another.doc
2012-01-16 15:21 - 2012-01-16 15:21 - 0025600 ____A C:\Documents and Settings\Sabrina\My Documents\MichaelVella-To Feel the Touch of Another.doc
2012-01-16 15:21 - 2012-01-16 15:21 - 0025600 ____A C:\Documents and Settings\Sabrina\Documents\MichaelVella-To Feel the Touch of Another.doc
2012-01-14 21:06 - 2012-01-14 21:06 - 0000162 ____A C:\Users\Sabrina\My Documents\KimPullen-The Massacre.doc
2012-01-14 21:06 - 2012-01-14 21:06 - 0000162 ____A C:\Users\Sabrina\Documents\KimPullen-The Massacre.doc
2012-01-14 21:06 - 2012-01-14 21:06 - 0000162 ____A C:\Documents and Settings\Sabrina\My Documents\KimPullen-The Massacre.doc
2012-01-14 21:06 - 2012-01-14 21:06 - 0000162 ____A C:\Documents and Settings\Sabrina\Documents\KimPullen-The Massacre.doc
2012-01-14 20:44 - 2012-01-14 20:44 - 0246272 ____A C:\Users\Sabrina\My Documents\StephenSTEVENSON-Misc.Comedy Bitz.doc
2012-01-14 20:44 - 2012-01-14 20:44 - 0246272 ____A C:\Users\Sabrina\Documents\StephenSTEVENSON-Misc.Comedy Bitz.doc
2012-01-14 20:44 - 2012-01-14 20:44 - 0246272 ____A C:\Documents and Settings\Sabrina\My Documents\StephenSTEVENSON-Misc.Comedy Bitz.doc
2012-01-14 20:44 - 2012-01-14 20:44 - 0246272 ____A C:\Documents and Settings\Sabrina\Documents\StephenSTEVENSON-Misc.Comedy Bitz.doc
2012-01-13 18:11 - 2008-08-28 13:34 - 0000000 ____D C:\Users\Sabrina\Application Data\.BitTornado
2012-01-13 18:11 - 2008-08-28 13:34 - 0000000 ____D C:\Users\Sabrina\AppData\Roaming\.BitTornado
2012-01-13 18:11 - 2008-08-28 13:34 - 0000000 ____D C:\Documents and Settings\Sabrina\Application Data\.BitTornado
2012-01-13 18:11 - 2008-08-28 13:34 - 0000000 ____D C:\Documents and Settings\Sabrina\AppData\Roaming\.BitTornado
2012-01-13 00:04 - 2008-08-28 11:58 - 0000000 ____D C:\Program Files\Common Files\Adobe
2012-01-12 08:15 - 2008-08-17 17:58 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-01-12 08:15 - 2008-08-17 17:58 - 0000000 ____D C:\Users\All Users\Application Data\Microsoft Help
2012-01-12 08:15 - 2008-08-17 17:58 - 0000000 ____D C:\ProgramData\Microsoft Help
2012-01-12 08:15 - 2008-08-17 17:58 - 0000000 ____D C:\Documents and Settings\All Users\Microsoft Help
2012-01-12 08:15 - 2008-08-17 17:58 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2012-01-12 08:15 - 2006-11-02 02:24 - 52128560 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-01-11 21:36 - 2008-08-28 10:22 - 0000000 ____D C:\Users\Sabrina\Desktop\Writings
2012-01-11 21:36 - 2008-08-28 10:22 - 0000000 ____D C:\Documents and Settings\Sabrina\Desktop\Writings
2012-01-08 17:35 - 2009-07-06 12:01 - 0000000 ____D C:\Users\Sabrina\hob_jportal
2012-01-08 17:35 - 2009-07-06 12:01 - 0000000 ____D C:\Documents and Settings\Sabrina\hob_jportal
2012-01-07 21:52 - 2009-01-23 12:19 - 0000000 ____D C:\Users\All Users\Thayer Birding Software
2012-01-07 21:52 - 2009-01-23 12:19 - 0000000 ____D C:\Users\All Users\Application Data\Thayer Birding Software
2012-01-07 21:52 - 2009-01-23 12:19 - 0000000 ____D C:\ProgramData\Thayer Birding Software
2012-01-07 21:52 - 2009-01-23 12:19 - 0000000 ____D C:\Documents and Settings\All Users\Thayer Birding Software
2012-01-07 21:52 - 2009-01-23 12:19 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\Thayer Birding Software
2012-01-06 23:45 - 2012-01-06 23:45 - 0144680 ____A C:\Windows\Minidump\Mini010612-01.dmp
2012-01-05 22:59 - 2012-01-05 22:59 - 0141560 ____A C:\Windows\Minidump\Mini010512-01.dmp
2012-01-04 18:58 - 2012-01-04 18:58 - 0110123 ____A C:\Users\Sabrina\Desktop\echoes.pdf
2012-01-04 18:58 - 2012-01-04 18:58 - 0110123 ____A C:\Documents and Settings\Sabrina\Desktop\echoes.pdf
2012-01-04 18:58 - 2012-01-04 18:58 - 0103351 ____A C:\Users\Sabrina\Desktop\nightingale1.pdf
2012-01-04 18:58 - 2012-01-04 18:58 - 0103351 ____A C:\Documents and Settings\Sabrina\Desktop\nightingale1.pdf
2012-01-04 18:58 - 2012-01-04 18:58 - 0052930 ____A C:\Users\Sabrina\Desktop\birthnight.pdf
2012-01-04 18:58 - 2012-01-04 18:58 - 0052930 ____A C:\Documents and Settings\Sabrina\Desktop\birthnight.pdf
2012-01-03 20:44 - 2006-11-02 03:18 - 0000000 ____D C:\Windows\Microsoft.NET
2012-01-03 17:47 - 2012-01-03 17:47 - 0139976 ____A C:\Windows\Minidump\Mini010312-01.dmp
2012-01-03 17:45 - 2011-10-20 18:59 - 0021706 ____A C:\Windows\IE9_main.log
2012-01-03 17:40 - 2006-11-02 03:18 - 0000000 ____D C:\Program Files\Common Files\microsoft shared
2011-12-28 17:23 - 2011-12-28 17:02 - 0000000 ____D C:\Users\Sabrina\Desktop\music for L
2011-12-28 17:23 - 2011-12-28 17:02 - 0000000 ____D C:\Documents and Settings\Sabrina\Desktop\music for L
2011-12-27 17:38 - 2011-12-27 17:38 - 0139696 ____A C:\Windows\Minidump\Mini122711-02.dmp
2011-12-27 17:12 - 2011-12-27 17:12 - 0139776 ____A C:\Windows\Minidump\Mini122711-01.dmp
2011-12-26 23:16 - 2011-12-26 23:16 - 0000000 ____D C:\Users\Sabrina\printer
2011-12-26 23:16 - 2011-12-26 23:16 - 0000000 ____D C:\Documents and Settings\Sabrina\printer
2011-12-26 23:15 - 2011-12-22 22:36 - 0000000 ____D C:\Users\Sabrina\Desktop\for Mom
2011-12-26 23:15 - 2011-12-22 22:36 - 0000000 ____D C:\Documents and Settings\Sabrina\Desktop\for Mom
2011-12-26 23:09 - 2008-08-28 10:36 - 0100352 ____A C:\Users\Sabrina\Local Settings\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-12-26 23:09 - 2008-08-28 10:36 - 0100352 ____A C:\Users\Sabrina\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-12-26 23:09 - 2008-08-28 10:36 - 0100352 ____A C:\Users\Sabrina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-12-26 23:09 - 2008-08-28 10:36 - 0100352 ____A C:\Documents and Settings\Sabrina\Local Settings\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-12-26 23:09 - 2008-08-28 10:36 - 0100352 ____A C:\Documents and Settings\Sabrina\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-12-26 23:09 - 2008-08-28 10:36 - 0100352 ____A C:\Documents and Settings\Sabrina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-12-19 02:26 - 2011-12-19 02:26 - 0141504 ____A C:\Windows\Minidump\Mini121911-01.dmp
2011-12-15 20:52 - 2006-11-02 03:18 - 0000000 ___RD C:\Windows\Offline Web Pages
2011-12-15 17:41 - 2011-12-15 17:41 - 0141928 ____A C:\Windows\Minidump\Mini121511-01.dmp
2011-12-14 19:41 - 2011-12-14 19:41 - 0140064 ____A C:\Windows\Minidump\Mini121411-01.dmp
2011-12-11 13:38 - 2011-12-11 13:38 - 0140464 ____A C:\Windows\Minidump\Mini121111-01.dmp
2011-12-10 15:24 - 2011-12-07 20:24 - 0020464 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2011-12-08 08:04 - 2006-11-02 03:18 - 0000000 __RSD C:\Windows\Media
2011-12-07 20:24 - 2011-12-07 20:24 - 0000000 ____D C:\Users\Sabrina\Application Data\Malwarebytes
2011-12-07 20:24 - 2011-12-07 20:24 - 0000000 ____D C:\Users\Sabrina\AppData\Roaming\Malwarebytes
2011-12-07 20:24 - 2011-12-07 20:24 - 0000000 ____D C:\Users\All Users\Malwarebytes
2011-12-07 20:24 - 2011-12-07 20:24 - 0000000 ____D C:\Users\All Users\Application Data\Malwarebytes
2011-12-07 20:24 - 2011-12-07 20:24 - 0000000 ____D C:\ProgramData\Malwarebytes
2011-12-07 20:24 - 2011-12-07 20:24 - 0000000 ____D C:\Documents and Settings\Sabrina\Application Data\Malwarebytes
2011-12-07 20:24 - 2011-12-07 20:24 - 0000000 ____D C:\Documents and Settings\Sabrina\AppData\Roaming\Malwarebytes
2011-12-07 20:24 - 2011-12-07 20:24 - 0000000 ____D C:\Documents and Settings\All Users\Malwarebytes
2011-12-07 20:24 - 2011-12-07 20:24 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2011-12-07 20:21 - 2011-12-07 20:21 - 0000682 ____A C:\rkill.log
2011-12-07 20:19 - 2011-12-07 20:19 - 1008120 ____A C:\Users\Sabrina\Downloads\iExplore.exe
2011-12-07 20:19 - 2011-12-07 20:19 - 1008120 ____A C:\Documents and Settings\Sabrina\Downloads\iExplore.exe
2011-12-05 19:04 - 2011-02-06 12:08 - 0000000 ____D C:\Users\Sabrina\Application Data\HpUpdate
2011-12-05 19:04 - 2011-02-06 12:08 - 0000000 ____D C:\Users\Sabrina\AppData\Roaming\HpUpdate
2011-12-05 19:04 - 2011-02-06 12:08 - 0000000 ____D C:\Documents and Settings\Sabrina\Application Data\HpUpdate
2011-12-05 19:04 - 2011-02-06 12:08 - 0000000 ____D C:\Documents and Settings\Sabrina\AppData\Roaming\HpUpdate
2011-11-29 22:19 - 2008-08-30 21:34 - 0000000 ____D C:\Users\Sabrina\Desktop\Manga
2011-11-29 22:19 - 2008-08-30 21:34 - 0000000 ____D C:\Documents and Settings\Sabrina\Desktop\Manga
2011-11-29 19:00 - 2011-11-29 18:59 - 0140240 ____A C:\Windows\Minidump\Mini112911-01.dmp
2011-11-28 19:18 - 2011-11-28 19:18 - 0000000 ____D C:\Users\All Users\HP Product Assistant
2011-11-28 19:18 - 2011-11-28 19:18 - 0000000 ____D C:\Users\All Users\Application Data\HP Product Assistant
2011-11-28 19:18 - 2011-11-28 19:18 - 0000000 ____D C:\ProgramData\HP Product Assistant
2011-11-28 19:18 - 2011-11-28 19:18 - 0000000 ____D C:\Documents and Settings\All Users\HP Product Assistant
2011-11-28 19:18 - 2011-11-28 19:18 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2011-11-27 18:34 - 2011-11-27 18:34 - 0000563 ____A C:\Users\Sabrina\iTunes Music - Shortcut.lnk
2011-11-27 18:34 - 2011-11-27 18:34 - 0000563 ____A C:\Documents and Settings\Sabrina\iTunes Music - Shortcut.lnk
2011-11-27 18:27 - 2008-08-28 13:34 - 0000000 ____D C:\Users\Sabrina\Desktop\Anime
2011-11-27 18:27 - 2008-08-28 13:34 - 0000000 ____D C:\Documents and Settings\Sabrina\Desktop\Anime
2011-11-15 17:11 - 2008-08-17 18:01 - 0000000 ____D C:\Users\All Users\Application Data\Adobe
2011-11-15 17:11 - 2008-08-17 18:01 - 0000000 ____D C:\Users\All Users\Adobe
2011-11-15 17:11 - 2008-08-17 18:01 - 0000000 ____D C:\ProgramData\Adobe
2011-11-15 17:11 - 2008-08-17 18:01 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\Adobe
2011-11-15 17:11 - 2008-08-17 18:01 - 0000000 ____D C:\Documents and Settings\All Users\Adobe
2011-11-14 21:53 - 2008-08-28 11:01 - 0000000 ____D C:\Users\Sabrina\Application Data\Adobe
2011-11-14 21:53 - 2008-08-28 11:01 - 0000000 ____D C:\Users\Sabrina\AppData\Roaming\Adobe
2011-11-14 21:53 - 2008-08-28 11:01 - 0000000 ____D C:\Documents and Settings\Sabrina\Application Data\Adobe
2011-11-14 21:53 - 2008-08-28 11:01 - 0000000 ____D C:\Documents and Settings\Sabrina\AppData\Roaming\Adobe
2011-11-14 21:53 - 2008-08-28 10:57 - 0000000 ____D C:\Users\Sabrina\AppData\LocalLow
2011-11-14 21:53 - 2008-08-28 10:57 - 0000000 ____D C:\Documents and Settings\Sabrina\AppData\LocalLow
2011-11-14 18:07 - 2011-09-26 17:10 - 0000000 ____D C:\Program Files\Adobe
2011-11-14 18:07 - 2008-08-28 10:15 - 0000000 ____D C:\Users\Sabrina\Local Settings\Application Data\Adobe
2011-11-14 18:07 - 2008-08-28 10:15 - 0000000 ____D C:\Users\Sabrina\Local Settings\Adobe
2011-11-14 18:07 - 2008-08-28 10:15 - 0000000 ____D C:\Users\Sabrina\AppData\Local\Adobe
2011-11-14 18:07 - 2008-08-28 10:15 - 0000000 ____D C:\Documents and Settings\Sabrina\Local Settings\Application Data\Adobe
2011-11-14 18:07 - 2008-08-28 10:15 - 0000000 ____D C:\Documents and Settings\Sabrina\Local Settings\Adobe
2011-11-14 18:07 - 2008-08-28 10:15 - 0000000 ____D C:\Documents and Settings\Sabrina\AppData\Local\Adobe
2011-11-14 18:04 - 2011-11-14 18:04 - 0000000 ____D C:\Users\Default\Application Data\Macromedia
2011-11-14 18:04 - 2011-11-14 18:04 - 0000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2011-11-14 18:04 - 2011-11-14 18:04 - 0000000 ____D C:\Users\Default User\Application Data\Macromedia
2011-11-14 18:04 - 2011-11-14 18:04 - 0000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2011-11-14 18:04 - 2011-11-14 18:04 - 0000000 ____D C:\Program Files\Common Files\Adobe AIR
2011-11-14 18:04 - 2011-11-14 18:04 - 0000000 ____D C:\Documents and Settings\Default\Application Data\Macromedia
2011-11-14 18:04 - 2011-11-14 18:04 - 0000000 ____D C:\Documents and Settings\Default\AppData\Roaming\Macromedia
2011-11-14 18:04 - 2011-11-14 18:04 - 0000000 ____D C:\Documents and Settings\Default User\Application Data\Macromedia
2011-11-14 18:04 - 2011-11-14 18:04 - 0000000 ____D C:\Documents and Settings\Default User\AppData\Roaming\Macromedia
2011-11-12 11:13 - 2011-06-07 16:35 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 8%
Total physical RAM: 4085.12 MB
Available physical RAM: 3731.76 MB
Total Pagefile: 3950.45 MB
Available Pagefile: 3802.68 MB
Total Virtual: 2047.88 MB
Available Virtual: 1974.32 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:285.5 GB) (Free:13.09 GB) NTFS ==>[Drive with boot components (obtanied from BCD)]
3 Drive f: (FD OF DOOM) (Removable) (Total:1.87 GB) (Free:0.63 GB) FAT
4 Drive x: (RECOVERY) (Fixed) (Total:10 GB) (Free:3.37 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 1912 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 94 MB 32 KB
Partition 2 Primary 10 GB 95 MB
Partition 3 Primary 285 GB 10 GB
Partition 0 Extended 2560 MB 296 GB
Partition 4 Logical 2559 MB 296 GB

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 FAT Partition 94 MB Healthy Hidden

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 X RECOVERY NTFS Partition 10 GB Healthy Boot

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 285 GB Healthy

Disk: 0
Partition 4
Type : DD
Hidden: Yes
Active: No

There is no volume associated with this partition.

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1912 MB 16 KB

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FD OF DOOM FAT Removable 1912 MB Healthy



==========================================================

Last Boot: 2012-02-09 15:48

======================= End Of Log ==========================
  • 0

#52
boredcrow
Posted 09 February 2012 - 06:20 PM

boredcrow

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
Oh, almost forgot - my computer is now starting up more slowly than it was yesterday, and MS Essentials is still finding that TrojanDropper file.

And a new symptom - the computer isn't connecting properly to my wireless network. It keeps telling me it's identifying or that it's connected with limited access.

Edited by boredcrow, 09 February 2012 - 06:21 PM.

  • 0

#53
CompCav
Posted 09 February 2012 - 06:56 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Thanks for the update I have to study this a little while.
  • 0

#54
boredcrow
Posted 09 February 2012 - 07:40 PM

boredcrow

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
I have another new problem to report. I tried to restart my computer to see if the internet would work, and now it won't turn on at all. It goes through the startup process all the way... and puts up some sort of error message for about a tenth of a second before it restarts again. I think it said something about a file missing, but I couldn't quite catch it, and I didn't want to let it keep restarting over and over and over.

Argh.

Edited by boredcrow, 09 February 2012 - 07:42 PM.

  • 0

#55
CompCav
Posted 09 February 2012 - 08:17 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Please keep your computer off for the time being (or mimi,ize use) except when we are running tools I request.





For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.



On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
Posted Image
[*]Type the following file names in the box exactly this way with no spaces:

pci.dll;slxrgopt.*;cdrom.sys;ipinip.*;nwlnkflt.sys;nwlnkfwd.sys;tdx.sys;netbt.sys

[*]Press Search button.
[*]It will make a log (Search.txt) on the flash drive. Please copy and paste it to your reply.[/list]
  • 0

Advertisements

#56
boredcrow
Posted 09 February 2012 - 08:41 PM

boredcrow

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
The box doesn't seem to have space for the whole string; it cuts me off before the last two letters. Any advice?
  • 0

#57
CompCav
Posted 09 February 2012 - 08:47 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Try this line:

pci.dll;slxrgopt.*;cdrom.sys;ipinip.*;nwlnkflt.*;nwlnkfwd.*;tdx.sys;netbt.s*
  • 0

#58
boredcrow
Posted 09 February 2012 - 09:07 PM

boredcrow

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
Search completed, here's the log:

Farbar Recovery Scan Tool Version: 28-01-2012
Ran by SYSTEM at 2012-02-09 18:54:08
Running from F:\

================== Search: "pci.dll;slxrgopt.*;cdrom.sys;ipinip.*;nwlnkflt.*;nwlnkfwd.*;tdx.sys;netbt.s*" ===================

C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6002.18005_none_ec294157d9377403\tdx.sys
[2009-09-10 16:53] - [2009-04-10 20:45] - 0072192 ____A () F8FA40F8E3B28B3C5AEFB0BD31CC3B46

C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6001.18000_none_ea3dc84bdc15a8b7\tdx.sys
[2008-01-20 18:25] - [2008-01-20 18:25] - 0071680 ____A (Microsoft Corporation) D09276B1FAB033CE1D40DCBDF303D10F

C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6002.18005_none_6250416df465f2b1\netbt.sys
[2009-09-10 16:53] - [2012-02-08 19:08] - 0185856 ____A ()

C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6001.18000_none_6064c861f7442765\netbt.sys
[2008-01-20 18:25] - [2008-01-20 18:25] - 0184320 ____A (Microsoft Corporation) 7C5FEE5B1C5728507CD96FB4A13E7A02

C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6002.18005_none_6194d4eea0e93596\cdrom.sys
[2009-09-10 16:53] - [2009-04-10 20:39] - 0067072 ____A (Microsoft Corporation) 6B4BFFB9BECD728097024276430DB314

C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6001.18000_none_5fa95be2a3c76a4a\cdrom.sys
[2008-01-20 18:23] - [2008-01-20 18:23] - 0067072 ____A (Microsoft Corporation) 1EC25CEA0DE6AC4718BF89F9E1778B57

C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_e487f727\cdrom.sys
[2006-11-02 02:25] - [2006-11-02 00:51] - 0067072 ____A (Microsoft Corporation) 8D1866E61AF096AE8B582454F5E4D303

C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_c949a5b6\cdrom.sys
[2009-09-10 16:53] - [2009-04-10 20:39] - 0067072 ____A (Microsoft Corporation) 6B4BFFB9BECD728097024276430DB314

C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_a29e71c6\cdrom.sys
[2008-01-20 18:23] - [2008-01-20 18:23] - 0067072 ____A (Microsoft Corporation) 1EC25CEA0DE6AC4718BF89F9E1778B57

C:\Windows\ERDNT\cache\tdx.sys
[2012-02-08 17:44] - [2009-04-10 20:45] - 0072192 ____A (Microsoft Corporation) 76B06EB8A01FC8624D699E7045303E54

=== End Of Search ===
  • 0

#59
CompCav
Posted 09 February 2012 - 09:57 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
We need to do another search:

pci.dll;slxrgopt.sys;ipinip.sys;nwlnkflt.sys;nwlnkfwd.sys;smb.sys


If they do not fit then just leave some off run. Shutdown when it finishes, copy paste the search.txt file in a post and then do the other ones in a second run.
  • 0

#60
boredcrow
Posted 09 February 2012 - 10:29 PM

boredcrow

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
Scan completed; computer is shut down.

Thank you for all your help, particularly as I've been posting a lot today.




Farbar Recovery Scan Tool Version: 28-01-2012
Ran by SYSTEM at 2012-02-09 20:12:42
Running from F:\

================== Search: "pci.dll;slxrgopt.sys;ipinip.sys;nwlnkflt.sys;nwlnkfwd.sys;smb.sys" ===================

C:\Windows\winsxs\x86_microsoft-windows-nbsmb_31bf3856ad364e35_6.0.6002.18005_none_61560a3ff5180c84\smb.sys
[2009-09-10 16:53] - [2012-02-09 14:47] - 0066560 ____A () D41D8CD98F00B204E9800998ECF8427E

C:\Windows\winsxs\x86_microsoft-windows-nbsmb_31bf3856ad364e35_6.0.6001.18000_none_5f6a9133f7f64138\smb.sys
[2008-01-20 18:25] - [2008-01-20 18:25] - 0066560 ____A (Microsoft Corporation) 031E6BCD53C9B2B9ACE111EAFEC347B6

=== End Of Search ===
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP