Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Computer operating slowly, pop-up IE windows, virus scan software find

Started by boredcrow , Jan 29 2012 11:45 PM

  • This topic is locked This topic is locked

#61
CompCav
Posted 09 February 2012 - 10:39 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
I am planning to review this information and the complications of running that you had this evening with my instructor tomorrow.

I will have a plan forward tomorrow afternoon sometime.

CompCav
  • 0

Advertisements

#62
CompCav
Posted 09 February 2012 - 10:49 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
I need one more scan.

When you get to this screen:

Posted Image

Check the box next to List Drivers MD5

Click Scan

Post FRST.txt

I appreciate you running so many logs and doing outside normal windows. It helps to prevent further file corruption so we have less to fix tomorrow!
  • 0

#63
boredcrow
Posted 09 February 2012 - 11:50 PM

boredcrow

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
It's no trouble.

Here's the log:


Scan result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 28-01-2012
Ran by SYSTEM at 2012-02-09 21:43:19
Running from F:\
Windows Vista ™ Business Service Pack 1 (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [997920 2011-06-15] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-09-27] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421736 2011-10-09] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM\...\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2006-12-10] (Hewlett-Packard Co.)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [460872 2012-01-13] (Malwarebytes Corporation)
HKLM\...\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript [981680 2012-01-13] (Malwarebytes Corporation)
HKU\Sabrina\...\Policies\system: [disableregistrytools] 0
HKU\Sabrina\...\Policies\system: [disableregistrytools] 0
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll [X]
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

================================ Services (Whitelisted) ==================

2 AdobeActiveFileMonitor6.0; C:\Windows\System32\pdlndlpb.dll [5632 2008-01-20] (Oak Technology Inc.)
2 AESTFilters; C:\Windows\system32\aestsrv.exe [73728 2008-01-01] (Andrea Electronics Corporation)
2 BcmSqlStartupSvc; "C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" [30312 2008-01-11] (Microsoft Corporation)
2 DisplayLinkService; "C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe" [5240168 2011-04-10] (DisplayLink Corp.)
2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [161048 2008-04-28] (Stardock Corporation)
2 EvtEng; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [866576 2011-01-12] (Intel® Corporation)
3 GoogleDesktopManager-051210-111108; "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [30192 2010-06-18] (Google)
3 GoToAssist; "C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe" Start=service [16680 2008-08-17] (Citrix Online, a division of Citrix Systems, Inc.)
2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [136176 2011-10-09] (Google Inc.)
3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [136176 2011-10-09] (Google Inc.)
2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [652360 2012-01-13] (Malwarebytes Corporation)
2 RegSrvc; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [481552 2011-01-12] (Intel® Corporation)
2 SftService; "C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE" [1692480 2011-08-18] (SoftThinks SAS)
2 STacSV; C:\Windows\system32\STacSV.exe [102400 2008-01-01] (IDT, Inc.)
2 MsMpSvc; "c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe" [x]
3 MSSQL$MSSMLBIZ; "c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [x]
4 MSSQLServerADHelper; "c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe" [x]
3 NisSrv; "c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe" [x]
2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter [x]
2 SQLBrowser; "c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe" [x]
2 SQLWriter; "c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [x]

========================== Drivers (Whitelisted) =============

3 ApfiltrService; C:\Windows\System32\DRIVERS\Apfiltr.sys [155136 2007-09-24] (Alps Electric Co., Ltd.)
3 ASPI; \??\C:\Windows\System32\DRIVERS\ASPI32.sys [84832 2002-07-17] (Adaptec)
3 DisplayLinkUsbPort; C:\Windows\System32\DRIVERS\DisplayLinkUsbPort_5.6.31854.0.sys [21888 2011-04-10] (http://libusb-win32.sourceforge.net)
3 dlkmd; C:\Windows\System32\drivers\dlkmd.sys [182896 2011-04-10] (DisplayLink Corp.)
0 dlkmdldr; C:\Windows\System32\drivers\dlkmdldr.sys [14448 2011-04-10] (DisplayLink Corp.)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [20464 2011-12-10] (Malwarebytes Corporation)
1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [165648 2011-04-18] ()
3 MpNWMon; C:\Windows\System32\DRIVERS\MpNWMon.sys [43392 2011-04-18] (Microsoft Corporation)
4 Mraid35x; C:\Windows\System32\drivers\mraid35x.sys [33384 2006-11-02] (LSI Logic Corporation)
3 NETw4v32; C:\Windows\System32\DRIVERS\NETw4v32.sys [2251776 2007-09-26] (Intel Corporation)
3 NETwLv32; C:\Windows\System32\DRIVERS\NETwLv32.sys [6639616 2010-10-07] (Intel Corporation)
3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [65024 2011-04-27] (Microsoft Corporation)
2 rimmptsk; C:\Windows\System32\DRIVERS\rimmptsk.sys [32256 2006-11-26] (REDC)
2 rimsptsk; C:\Windows\System32\DRIVERS\rimsptsk.sys [43520 2006-11-26] (REDC)
2 rismxdp; C:\Windows\System32\DRIVERS\rixdptsk.sys [37376 2006-11-26] (REDC)
4 SiSRaid2; C:\Windows\System32\drivers\sisraid2.sys [41016 2008-01-20] (Microsoft Corporation)
4 UlSata; C:\Windows\System32\drivers\ulsata.sys [98408 2006-11-02] (Promise Technology, Inc.)
4 ulsata2; C:\Windows\System32\drivers\ulsata2.sys [115816 2008-01-20] (Promise Technology, Inc.)
3 WimFltr; C:\Windows\System32\DRIVERS\wimfltr.sys [128104 2006-11-01] (Microsoft Corporation)
3 WSDPrintDevice; C:\Windows\System32\DRIVERS\WSDPrint.sys [16896 2008-01-20] (Microsoft Corporation)
3 .afd; \? [x]
3 .cdrom; \? [x]
3 .MpFilter; \? [x]
3 .netbt; \? [x]
3 .smb; \? [x]
3 .tdx; \? [x]
3 catchme; \??\C:\Users\Sabrina\AppData\Local\Temp\catchme.sys [x]
1 cdrom; C:\Windows\System32\DRIVERS\cdrom.sys [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [x]

========================== Drivers MD5 =======================

C:\Windows\System32\drivers\acpi.sys 82B296AE1892FE3DBEE00C9CF92F8AC7
C:\Windows\System32\drivers\adp94xx.sys 04F0FCAC69C7C71A3AC4EB97FAFC8303
C:\Windows\System32\drivers\adpahci.sys 60505E0041F7751BDBB80F88BF45C2CE
C:\Windows\System32\drivers\adpu160m.sys 8A42779B02AEC986EAB64ECFC98F8BD7
C:\Windows\System32\drivers\adpu320.sys 241C9E37F8CE45EF51C3DE27515CA4E5
C:\Windows\System32\drivers\agp440.sys 13F9E33747E6B41A3FF305C37DB0D360
C:\Windows\System32\drivers\djsvs.sys ==> MD5 is legit
C:\Windows\System32\drivers\aliide.sys 9EAEF5FC9B8E351AFA7E78A6FAE91F91
C:\Windows\System32\drivers\amdagp.sys C47344BC706E5F0B9DCE369516661578
C:\Windows\System32\drivers\amdide.sys 9B78A39A4C173FDBC1321E0DD659B34C
C:\Windows\System32\drivers\amdk7.sys 18F29B49AD23ECEE3D2A826C725C8D48
C:\Windows\System32\drivers\amdk8.sys 93AE7F7DD54AB986A6F1A1B37BE7442D
C:\Windows\System32\DRIVERS\Apfiltr.sys 350F19EB5FE4EC37A2414DF56CDE1AA8
C:\Windows\System32\drivers\arc.sys 5D2888182FB46632511ACEE92FDAD522
C:\Windows\System32\drivers\arcsas.sys 5E2A321BD7C8B3624E41FDEC3E244945
C:\Windows\System32\DRIVERS\ASPI32.sys E54E27976E2C5A6465D44C10B1D87AC0
C:\Windows\System32\DRIVERS\asyncmac.sys 53B202ABEE6455406254444303E87BE1
C:\Windows\System32\drivers\atapi.sys 1F05B78AB91C9075565A9D8A4B880BC4
C:\Windows\System32\DRIVERS\b57nd60x.sys 32795E299C3ABA589A5E04C83D531CDF
C:\Windows\System32\Drivers\Beep.sys 67E506B75BD5326A3EC7B70BD014DFB6
C:\Windows\System32\drivers\blbdrive.sys D4DF28447741FD3D953526E33A617397
C:\Windows\System32\DRIVERS\bowser.sys 35F376253F687BDE63976CCB3F2108CA
C:\Windows\System32\drivers\brfiltlo.sys ==> MD5 is legit
C:\Windows\System32\drivers\brfiltup.sys ==> MD5 is legit
C:\Windows\System32\drivers\brserid.sys ==> MD5 is legit
C:\Windows\System32\drivers\brserwdm.sys ==> MD5 is legit
C:\Windows\System32\drivers\brusbmdm.sys ==> MD5 is legit
C:\Windows\System32\drivers\brusbser.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\BthEnum.sys 6D39C954799B63BA866910234CF7D726
C:\Windows\System32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bthpan.sys 5904EFA25F829BF84EA6FB045134A1D8
C:\Windows\System32\Drivers\BTHport.sys 611FF3F2F095C8D4A6D4CFD9DCC09793
C:\Windows\System32\Drivers\BTHUSB.sys D330803EAB2A15CAEC7F011F1D4CB30E
C:\Windows\System32\drivers\btwaudio.sys 4A28E7BD365377D0512B7EF8C7596D2C
C:\Windows\System32\drivers\btwavdt.sys 5FFDE57253D665067B0886612817EB11
C:\Windows\System32\DRIVERS\btwrchid.sys AB07DC8B05C31A4F95FC73019BE9DB15
C:\Windows\System32\DRIVERS\cdfs.sys 7ADD03E75BEB9E6DD102C3081D29840A
C:\Windows\System32\drivers\circlass.sys E5D4133F37219DBCFE102BC61072589D
C:\Windows\System32\CLFS.sys D7659D3B5B92C31E84E53C1431F35132
C:\Windows\System32\DRIVERS\CmBatt.sys 99AFC3795B58CC478FBBBCDC658FCB56
C:\Windows\System32\drivers\cmdide.sys 0CA25E686A4928484E9FDABD168AB629
C:\Windows\System32\DRIVERS\compbatt.sys 6AFEF0B60FA25DE07C0968983EE4F60A
C:\Windows\System32\drivers\crcdisk.sys 741E9DFF4F42D2D8477D0FC1DC0DF871
C:\Windows\System32\drivers\crusoe.sys 1F07BECDCA750766A96CDA811BA86410
C:\Windows\System32\drivers\disk.sys 5D4AEFC3386920236A548271F8F1AF6A
C:\Windows\System32\DRIVERS\DisplayLinkUsbPort_5.6.31854.0.sys ADCCC97AD9AF22D019428B6773F23150
C:\Windows\System32\drivers\dlkmd.sys B19E212EF403999DADD5F337746DD21D
C:\Windows\System32\drivers\dlkmdldr.sys 4B9C06A5A539A46AAAFACE8BDB65218C
C:\Windows\System32\DRIVERS\Dot4.sys 4F59C172C094E1A1D46463A8DC061CBD
C:\Windows\System32\DRIVERS\Dot4Prt.sys 80BF3BA09F6F2523C8F6B7CC6DBF7BD5
C:\Windows\System32\DRIVERS\dot4usb.sys C55004CA6B419B6695970DFE849B122F
C:\Windows\System32\drivers\drmkaud.sys 97FEF831AB90BEE128C9AF390E243F80
C:\Windows\System32\drivers\dxgkrnl.sys C68AC676B0EF30CFBB1080ADCE49EB1F
C:\Windows\System32\DRIVERS\e1e6032.sys 908ED85B7806E8AF3AF5E9B74F7809D4
C:\Windows\System32\DRIVERS\E1G60I32.sys 5425F74AC0C1DBD96A1E04F17D63F94C
C:\Windows\System32\drivers\ecache.sys 7F64EA048DCFAC7ACF8B4D7B4E6FE371
C:\Windows\System32\drivers\elxstor.sys 23B62471681A124889978F6295B3F4C6
C:\Windows\System32\drivers\errdev.sys 3DB974F3935483555D7148663F726C61
C:\Windows\System32\Drivers\exfat.sys 22B408651F9123527BCEE54B4F6C5CAE
C:\Windows\System32\Drivers\fastfat.sys 1E9B9A70D332103C52995E957DC09EF8
C:\Windows\System32\DRIVERS\fdc.sys AFE1E8B9782A0DD7FB46BBD88E43F89A
C:\Windows\System32\drivers\fileinfo.sys A8C0139A884861E3AAE9CFE73B208A9F
C:\Windows\System32\drivers\filetrace.sys 0AE429A696AECBC5970E3CF2C62635AE
C:\Windows\System32\DRIVERS\flpydisk.sys 85B7CF99D532820495D68D747FDA9EBD
C:\Windows\System32\drivers\fltmgr.sys 01334F9EA68E6877C4EF05D3EA8ABB05
C:\Windows\System32\Drivers\Fs_Rec.sys 65EA8B77B5851854F0C55C43FA51A198
C:\Windows\System32\drivers\gagp30kx.sys 34582A6E6573D54A07ECE5FE24A126B5
C:\Windows\System32\Drivers\GEARAspiWDM.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HDAudBus.sys 062452B7FFD68C8C042A6261FE8DFF4A
C:\Windows\System32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\System32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys CCA4B519B17E23A00B826C55716809CC
C:\Windows\System32\drivers\hpcisss.sys 16EE7B23A009E00D835CDB79574A91A6
C:\Windows\System32\DRIVERS\HSX_DPV.sys E9E589C9AB799F52E18F057635A2B362
C:\Windows\System32\DRIVERS\HSXHWAZL.sys 7845D2385F4DC7DFB3CCAF0C2FA4948E
C:\Windows\System32\drivers\HTTP.sys F870AA3E254628EBEAFE754108D664DE
C:\Windows\System32\drivers\i2omp.sys C6B032D69650985468160FC9937CF5B4
C:\Windows\System32\drivers\iastor.sys FD7F9D74C2B35DBDA400804A3F5ED5D8
C:\Windows\System32\drivers\iastorv.sys 54155EA1B0DF185878E0FC9EC3AC3A14
C:\Windows\System32\DRIVERS\igdkmd32.sys C134E69CE901422D1F2D7EA8D69098FE
C:\Windows\System32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelide.sys 83AA759F3189E6370C30DE5DC5590718
C:\Windows\System32\DRIVERS\intelppm.sys 224191001E78C89DFA78924C3EA595FF
C:\Windows\System32\DRIVERS\ipfltdrv.sys 62C265C38769B864CB25B4BCF62DF6C3
C:\Windows\System32\drivers\ipmidrv.sys B25AAF203552B7B3491139D582B39AD1
C:\Windows\System32\DRIVERS\ipnat.sys 8793643A67B42CEC66490B2A0CF92D68
C:\Windows\System32\drivers\irenum.sys 109C0DFB82C3632FBD11949B73AEEAC9
C:\Windows\System32\drivers\isapnp.sys 6C70698A3E5C4376C6AB5C7C17FB0614
C:\Windows\System32\DRIVERS\msiscsi.sys 232FA340531D940AAC623B121A595034
C:\Windows\System32\drivers\iteatapi.sys ==> MD5 is legit
C:\Windows\System32\drivers\iteraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys 37605E0A8CF00CBBA538E753E4344C6E
C:\Windows\System32\DRIVERS\kbdhid.sys EDE59EC70E25C24581ADD1FBEC7325F7
C:\Windows\System32\Drivers\ksecdd.sys 86165728AF9BF72D6442A894FDFB4F8B
C:\Windows\System32\DRIVERS\lltdio.sys D1C5883087A0C3F1344D9D55A44901F6
C:\Windows\System32\drivers\lsi_fc.sys C7E15E82879BF3235B559563D4185365
C:\Windows\System32\drivers\lsi_sas.sys EE01EBAE8C9BF0FA072E0FF68718920A
C:\Windows\System32\drivers\lsi_scsi.sys 912A04696E9CA30146A62AFA1463DD5C
C:\Windows\System32\drivers\luafv.sys 8F5C7426567798E62A3B3614965D62CC
C:\Windows\system32\drivers\mbam.sys B7CA8CC3F978201856B6AB82F40953C3
C:\Windows\System32\DRIVERS\mdmxsdk.sys 0CEA2D0D3FA284B85ED5B68365114F76
C:\Windows\System32\drivers\megasas.sys 0001CE609D66632FA17B84705F658879
C:\Windows\System32\drivers\megasr.sys C252F32CD9A49DBFC25ECF26EBD51A99
C:\Windows\System32\drivers\modem.sys E13B5EA0F51BA5B1512EC671393D09BA
C:\Windows\System32\DRIVERS\monitor.sys 0A9BB33B56E294F686ABB7C1E4E2D8A8
C:\Windows\System32\DRIVERS\mouclass.sys 5BF6A1326A335C5298477754A506D263
C:\Windows\System32\DRIVERS\mouhid.sys 93B8D4869E12CFBE663915502900876F
C:\Windows\System32\drivers\mountmgr.sys BDAFC88AA6B92F7842416EA6A48E1600
C:\Windows\System32\DRIVERS\MpFilter.sys BB0450A63B5B5BB3BEA6D5CAF18A433C
C:\Windows\System32\drivers\mpio.sys 511D011289755DD9F9A7579FB0B064E6
C:\Windows\System32\DRIVERS\MpNWMon.sys 2C3489660D4A8D514C123C3F0D67DF46
C:\Windows\System32\drivers\mpsdrv.sys 22241FEBA9B2DEFA669C8CB0A8DD7D2E
C:\Windows\System32\drivers\mraid35x.sys ==> MD5 is legit
C:\Windows\System32\drivers\mrxdav.sys 82CEA0395524AACFEB58BA1448E8325C
C:\Windows\System32\DRIVERS\mrxsmb.sys 1E94971C4B446AB2290DEB71D01CF0C2
C:\Windows\System32\DRIVERS\mrxsmb10.sys 4FCCB34D793B116423209C0F8B7A3B03
C:\Windows\System32\DRIVERS\mrxsmb20.sys C3CB1B40AD4A0124D617A1199B0B9D7C
C:\Windows\System32\drivers\msahci.sys F70590424EEFBF5C27A40C67AFDB8383
C:\Windows\System32\drivers\msdsm.sys 4468B0F385A86ECDDAF8D3CA662EC0E7
C:\Windows\System32\Drivers\Msfs.sys A9927F4A46B816C92F461ACB90CF8515
C:\Windows\System32\drivers\msisadrv.sys 0F400E306F385C56317357D6DEA56F62
C:\Windows\System32\drivers\MSKSSRV.sys D8C63D34D9C9E56C059E24EC7185CC07
C:\Windows\System32\drivers\MSPCLOCK.sys 1D373C90D62DDB641D50E55B9E78D65E
C:\Windows\System32\drivers\MSPQM.sys B572DA05BF4E098D4BBA3A4734FB505B
C:\Windows\System32\Drivers\MsRPC.sys B49456D70555DE905C311BCDA6EC6ADB
C:\Windows\System32\DRIVERS\mssmbios.sys E384487CB84BE41D09711C30CA79646C
C:\Windows\System32\drivers\MSTEE.sys 7199C1EEC1E4993CAF96B8C0A26BD58A
C:\Windows\System32\Drivers\mup.sys 6A57B5733D4CB702C8EA4542E836B96C
C:\Windows\System32\DRIVERS\nwifi.sys 85C44FDFF9CF7E72A40DCB7EC06A4416
C:\Windows\System32\drivers\ndis.sys 1357274D1883F68300AEADD15D7BBB42
C:\Windows\System32\DRIVERS\ndistapi.sys 0E186E90404980569FB449BA7519AE61
C:\Windows\System32\DRIVERS\ndisuio.sys D6973AA34C4D5D76C0430B181C3CD389
C:\Windows\System32\DRIVERS\ndiswan.sys 818F648618AE34F729FDB47EC68345C3
C:\Windows\System32\Drivers\NDProxy.sys 71DAB552B41936358F3B541AE5997FB3
C:\Windows\System32\DRIVERS\netbios.sys BCD093A5A6777CF626434568DC7DBA78
C:\Windows\System32\DRIVERS\NETw4v32.sys 6522DD40A5F67CED020BD81B856613FB
C:\Windows\System32\DRIVERS\NETwLv32.sys D4EF7A9767C05905500EC312CB29EF46
C:\Windows\System32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NisDrvWFP.sys 7B01C6172CFD0B10116175E09200D4B4
C:\Windows\System32\Drivers\Npfs.sys D36F239D7CCE1931598E8FB90A0DBC26
C:\Windows\System32\drivers\nsiproxy.sys 609773E344A97410CE4EBF74A8914FCF
C:\Windows\System32\Drivers\Ntfs.sys 6A4A98CEE84CF9E99564510DDA4BAA47
C:\Windows\System32\drivers\ntrigdigi.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Null.sys C5DBBCDA07D780BDA9B685DF333BB41E
C:\Windows\System32\drivers\nvraid.sys 2EDF9E7751554B42CBB60116DE727101
C:\Windows\System32\drivers\nvstor.sys ABED0C09758D1D97DB0042DBB2688177
C:\Windows\System32\drivers\nv_agp.sys 18BBDF913916B71BD54575BDB6EEAC0B
C:\Windows\System32\DRIVERS\ohci1394.sys 6F310E890D46E246E0E261A63D9B36B4
C:\Windows\System32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys 57389FA59A36D96B3EB09D0CB91E9CDC
C:\Windows\System32\drivers\parvdm.sys ==> MD5 is legit
C:\Windows\System32\drivers\pci.sys 941DC1D19E7E8620F40BBC206981EFDB
C:\Windows\System32\drivers\pciide.sys 1636D43F10416AEB483BC6001097B26C
C:\Windows\System32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ECFFFAEC0C1ECD8DBC77F39070EA1DB1
C:\Windows\System32\drivers\processr.sys 2027293619DD0F047C584CF2E7DF4FFD
C:\Windows\System32\DRIVERS\pacer.sys 99514FAA8DF93D34B5589187DB3AA0BA
C:\Windows\System32\Drivers\PxHelp20.sys 03E0FE281823BA64B3782F5B38950E73
C:\Windows\System32\drivers\ql2300.sys 0A6DB55AFB7820C99AA1F3A1D270F4F6
C:\Windows\System32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\System32\drivers\qwavedrv.sys 9F5E0E1926014D17486901C88ECA2DB7
C:\Windows\System32\DRIVERS\atikmdag.sys E642B131FB74CAF4BB8A014F31113142
C:\Windows\System32\DRIVERS\rasacd.sys 147D7F9C556D259924351FEB0DE606C3
C:\Windows\System32\DRIVERS\rasl2tp.sys A214ADBAF4CB47DD2728859EF31F26B0
C:\Windows\System32\DRIVERS\raspppoe.sys 509A98DD18AF4375E1FC40BC175F1DEF
C:\Windows\System32\DRIVERS\rassstp.sys 2005F4A1E05FA09389AC85840F0A9E4D
C:\Windows\System32\DRIVERS\rdbss.sys B14C9D5B9ADD2F84F70570BBBFAA7935
C:\Windows\System32\DRIVERS\RDPCDD.sys 89E59BE9A564262A3FB6C4F4F1CD9899
C:\Windows\System32\DRIVERS\rdpdr.sys 943B18305EAE3935598A9B4A3D560B4C
C:\Windows\System32\drivers\rdpencdd.sys 9D91FE5286F748862ECFFA05F8A0710C
C:\Windows\System32\Drivers\RDPWD.sys 30BFBDFB7F95559EDE971F9DDB9A00BA
C:\Windows\System32\DRIVERS\rfcomm.sys 6482707F9F4DA0ECBAB43B2E0398A101
C:\Windows\System32\DRIVERS\rimmptsk.sys D85E3FA9F5B1F29BB4ED185C450D1470
C:\Windows\System32\DRIVERS\rimsptsk.sys DB8EB01C58C9FADA00C70B1775278AE0
C:\Windows\System32\DRIVERS\rixdptsk.sys 6C1F93C0760C9F79A1869D07233DF39D
C:\Windows\System32\DRIVERS\rspndr.sys 9C508F4074A39E8B4B31D27198146FAD
C:\Windows\System32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sdbus.sys 8F36B54688C31EED4580129040C6A3D3
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\serial.sys ==> MD5 is legit
C:\Windows\System32\drivers\sermouse.sys 8AF3D28A879BF75DB53A0EE7A4289624
C:\Windows\System32\drivers\sffdisk.sys 3EFA810BDCA87F6ECC24F9832243FE86
C:\Windows\System32\drivers\sffp_mmc.sys E95D451F7EA3E583AEC75F3B3EE42DC5
C:\Windows\System32\drivers\sffp_sd.sys 3D0EA348784B7AC9EA9BD9F317980979
C:\Windows\System32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\System32\drivers\sisagp.sys 1D76624A09A054F682D746B924E2DBC3
C:\Windows\System32\drivers\sisraid2.sys 43CB7AA756C7DB280D01DA9B676CFDE2
C:\Windows\System32\drivers\sisraid4.sys A99C6C8B0BAA970D8AA59DDC50B57F94
C:\Windows\System32\Drivers\spldr.sys 7AEBDEEF071FE28B0EEF2CDD69102BFF
C:\Windows\System32\DRIVERS\srv.sys 41987F9FC0E61ADF54F581E15029AD91
C:\Windows\System32\DRIVERS\srv2.sys FF33AFF99564B1AA534F58868CBE41EF
C:\Windows\System32\DRIVERS\srvnet.sys 7605C0E1D01A08F3ECD743F38B834A44
C:\Windows\System32\drivers\stwrt.sys 6A2A5E809C2C0178326D92B19EE4AAD3
C:\Windows\System32\DRIVERS\serscan.sys EF70B3D22B4BFFDA6EA851ECB063EFAA
C:\Windows\System32\DRIVERS\swenum.sys 7BA58ECF0C0A9A69D44B3DCA62BECF56
C:\Windows\System32\drivers\symc8xx.sys ==> MD5 is legit
C:\Windows\System32\drivers\sym_hi.sys ==> MD5 is legit
C:\Windows\System32\drivers\sym_u3.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 6647FCE6FC4970DAAFE5C64C794513D3
C:\Windows\System32\DRIVERS\tcpip.sys 6647FCE6FC4970DAAFE5C64C794513D3
C:\Windows\System32\drivers\tcpipreg.sys 36606B165D04A397BDF613096986D85D
C:\Windows\System32\drivers\tdpipe.sys 5DCF5E267BE67A1AE926F2DF77FBCC56
C:\Windows\System32\drivers\tdtcp.sys 389C63E32B3CEFED425B61ED92D3F021
C:\Windows\System32\DRIVERS\termdd.sys 3CAD38910468EAB9A6479E2F01DB43C7
C:\Windows\System32\DRIVERS\tssecsrv.sys DCF0F056A2E4F52287264F5AB29CF206
C:\Windows\System32\DRIVERS\tunmp.sys CAECC0120AC49E3D2F758B9169872D38
C:\Windows\System32\DRIVERS\tunnel.sys 300DB877AC094FEAB0BE7688C3454A9C
C:\Windows\System32\drivers\uagp35.sys 7D33C4DB2CE363C8518D2DFCF533941F
C:\Windows\System32\DRIVERS\udfs.sys D9728AF68C4C7693CB100B8441CBDEC6
C:\Windows\System32\drivers\uliagpkx.sys B0ACFDC9E4AF279E9116C03E014B2B27
C:\Windows\System32\drivers\uliahci.sys 9224BB254F591DE4CA8D572A5F0D635C
C:\Windows\System32\drivers\ulsata.sys ==> MD5 is legit
C:\Windows\System32\drivers\ulsata2.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys 32CFF9F809AE9AED85464492BF3E32D2
C:\Windows\System32\Drivers\usbaapl.sys 83CAFCB53201BBAC04D822F32438E244
C:\Windows\System32\drivers\usbaudio.sys 32DB9517628FF0D070682AAB61E688F0
C:\Windows\System32\DRIVERS\usbccgp.sys CAF811AE4C147FFCD5B51750C7F09142
C:\Windows\System32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys 79E96C23A97CE7B8F14D310DA2DB0C9B
C:\Windows\System32\DRIVERS\usbhub.sys 4673BBCB006AF60E7ABDDBE7A130BA42
C:\Windows\System32\drivers\usbohci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbprint.sys E75C4B5269091D15A2E7DC0B6D35F2F5
C:\Windows\System32\DRIVERS\usbscan.sys A508C9BD8724980512136B039BBA65E9
C:\Windows\System32\DRIVERS\USBSTOR.SYS BE3DA31C191BC222D9AD503C5224F2AD
C:\Windows\System32\DRIVERS\usbuhci.sys 814D653EFC4D48BE3B04A307ECEFF56F
C:\Windows\System32\DRIVERS\vgapnp.sys 87B06E1F30B749A114F74622D013F8D4
C:\Windows\System32\drivers\vga.sys 2E93AC0A1D8C79D019DB6C51F036636C
C:\Windows\System32\drivers\viaagp.sys 5D7159DEF58A800D5781BA3A879627BC
C:\Windows\System32\drivers\viac7.sys C4F3A691B5BAD343E6249BD8C2D45DEE
C:\Windows\System32\drivers\viaide.sys AADF5587A4063F52C2C3FED7887426FC
C:\Windows\System32\drivers\volmgr.sys 69503668AC66C77C6CD7AF86FBDF8C43
C:\Windows\System32\drivers\volmgrx.sys 23E41B834759917BFD6B9A0D625D0C28
C:\Windows\System32\drivers\volsnap.sys 147281C01FCB1DF9252DE2A10D5E7093
C:\Windows\System32\drivers\vsmraid.sys 587253E09325E6BF226B299774B728A9
C:\Windows\System32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys 55201897378CCA7AF8B5EFD874374A26
C:\Windows\System32\DRIVERS\wanarp.sys 55201897378CCA7AF8B5EFD874374A26
C:\Windows\System32\drivers\wd.sys 78FE9542363F297B18C027B2D7E7C07F
C:\Windows\System32\drivers\Wdf01000.sys B6F0A7AD6D4BD325FBCD8BAC96CD8D96
C:\Windows\System32\DRIVERS\wimfltr.sys F9AD3A5E3FD7E0BDB18B8202B0FDD4E4
C:\Windows\System32\DRIVERS\HSX_CNXT.sys 4DACA8F07537D4D7E3534BB99294AA26
C:\Windows\System32\DRIVERS\wmiacpi.sys 2E7255D172DF0B8283CDFB7B433B864E
C:\Windows\System32\drivers\ws2ifsl.sys E3A3CB253C0EC2494D4A61F5E43A389C
C:\Windows\System32\DRIVERS\WSDPrint.sys 4422AC5ED8D4C2F0DB63E71D4C069DD7
C:\Windows\System32\DRIVERS\xaudio.sys 5A7FF9A18FF6D7E0527FE3ABF9204EF8

========================== NetSvcs (Whitelisted) ===========
NETSVC: AdobeActiveFileMonitor6.0

============ One Month Created Files and Folders ==============

2012-02-09 14:40 - 2012-02-09 17:33 - 3747655680 __ASH C:\hiberfil.sys
2012-02-09 13:57 - 2012-02-09 14:28 - 0000000 ___SD C:\ComboFix
2012-02-09 13:46 - 2012-02-09 13:47 - 0080070 ____A C:\TDSSKiller.2.7.11.0_09.02.2012_13.46.06_log.txt
2012-02-09 12:18 - 2009-04-10 20:45 - 0072192 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdx.svs
2012-02-09 10:09 - 2012-02-09 10:09 - 0054540 ____A C:\Users\Sabrina\Desktop\GetWellSoon.jpg
2012-02-09 10:09 - 2012-02-09 10:09 - 0054540 ____A C:\Documents and Settings\Sabrina\Desktop\GetWellSoon.jpg
2012-02-09 03:04 - 2012-02-09 03:05 - 0140240 ____A C:\Windows\Minidump\Mini020912-01.dmp
2012-02-08 21:09 - 2012-02-09 13:45 - 4399227 ____R (Swearware) C:\Users\Sabrina\Desktop\ComboFix.exe
2012-02-08 21:09 - 2012-02-09 13:45 - 4399227 ____R (Swearware) C:\Documents and Settings\Sabrina\Desktop\ComboFix.exe
2012-02-08 20:13 - 2012-02-08 20:13 - 0001868 ____A C:\Users\Sabrina\Desktop\aswMBR.txt
2012-02-08 20:13 - 2012-02-08 20:13 - 0001868 ____A C:\Documents and Settings\Sabrina\Desktop\aswMBR.txt
2012-02-08 20:13 - 2012-02-08 20:13 - 0000512 ____A C:\Users\Sabrina\Desktop\MBR.dat
2012-02-08 20:13 - 2012-02-08 20:13 - 0000512 ____A C:\Documents and Settings\Sabrina\Desktop\MBR.dat
2012-02-08 20:12 - 2012-02-08 20:12 - 4733440 ____A (AVAST Software) C:\Users\Sabrina\Desktop\aswMBR.exe
2012-02-08 20:12 - 2012-02-08 20:12 - 4733440 ____A (AVAST Software) C:\Documents and Settings\Sabrina\Desktop\aswMBR.exe
2012-02-08 17:37 - 2012-02-09 14:28 - 0000000 __SHD C:\$RECYCLE.BIN
2012-02-07 22:22 - 2012-02-07 22:22 - 0001912 ____A C:\regi8042.txt
2012-02-07 22:16 - 2012-02-08 20:09 - 0099074 ____A C:\Users\Sabrina\Desktop\OTL.Txt
2012-02-07 22:16 - 2012-02-08 20:09 - 0099074 ____A C:\Documents and Settings\Sabrina\Desktop\OTL.Txt
2012-02-07 21:37 - 2012-02-07 21:50 - 0081272 ____A C:\TDSSKiller.2.7.10.0_07.02.2012_21.37.30_log.txt
2012-02-07 20:58 - 2012-02-09 13:47 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-02-07 20:57 - 2012-02-07 20:59 - 0159598 ____A C:\TDSSKiller.2.7.10.0_07.02.2012_20.57.00_log.txt
2012-02-07 07:34 - 2012-02-07 07:34 - 0140696 ____A C:\Windows\Minidump\Mini020712-01.dmp
2012-02-06 19:35 - 2012-02-08 17:43 - 0000000 ____D C:\Windows\ERDNT
2012-02-06 19:35 - 2011-06-25 22:45 - 0256000 ____A C:\Windows\PEV.exe
2012-02-06 19:35 - 2010-11-07 09:20 - 0208896 ____A C:\Windows\MBR.exe
2012-02-06 19:35 - 2009-04-19 20:56 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-02-06 19:35 - 2000-08-30 16:00 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-02-06 19:35 - 2000-08-30 16:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-02-06 19:35 - 2000-08-30 16:00 - 0098816 ____A C:\Windows\sed.exe
2012-02-06 19:35 - 2000-08-30 16:00 - 0080412 ____A C:\Windows\grep.exe
2012-02-06 19:35 - 2000-08-30 16:00 - 0068096 ____A C:\Windows\zip.exe
2012-02-06 19:25 - 2012-02-06 19:25 - 2623283 ____A C:\Users\Sabrina\Desktop\Note for Suzanne.jpg
2012-02-06 19:25 - 2012-02-06 19:25 - 2623283 ____A C:\Documents and Settings\Sabrina\Desktop\Note for Suzanne.jpg
2012-02-06 19:03 - 2012-02-08 21:11 - 0000000 ___AD C:\Qoobox
2012-02-06 18:51 - 2012-02-06 18:51 - 0010698 ____A C:\Users\Sabrina\Desktop\OTL1.txt
2012-02-06 18:51 - 2012-02-06 18:51 - 0010698 ____A C:\Documents and Settings\Sabrina\Desktop\OTL1.txt
2012-02-06 17:44 - 2012-02-08 19:01 - 0000098 ____A C:\Windows\System32\Drivers\etc\Hosts
2012-02-05 19:58 - 2012-02-05 19:58 - 0000000 ____D C:\_OTL
2012-02-05 19:40 - 2012-02-05 19:40 - 0140624 ____A C:\Windows\Minidump\Mini020512-01.dmp
2012-02-05 19:39 - 2012-02-05 19:39 - 0000162 ___AH C:\Users\Sabrina\Desktop\~$Step 1.docx
2012-02-05 19:39 - 2012-02-05 19:39 - 0000162 ___AH C:\Documents and Settings\Sabrina\Desktop\~$Step 1.docx
2012-02-05 19:30 - 2012-02-05 19:30 - 0230262 ____A C:\Users\Sabrina\Desktop\Step 1.docx
2012-02-05 19:30 - 2012-02-05 19:30 - 0230262 ____A C:\Documents and Settings\Sabrina\Desktop\Step 1.docx
2012-02-05 12:18 - 2012-02-09 12:21 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-02-04 23:24 - 2012-02-04 23:24 - 0140264 ____A C:\Windows\Minidump\Mini020412-03.dmp
2012-02-04 17:28 - 2012-02-04 17:28 - 0140704 ____A C:\Windows\Minidump\Mini020412-02.dmp
2012-02-04 12:14 - 2012-02-04 12:14 - 0140304 ____A C:\Windows\Minidump\Mini020412-01.dmp
2012-02-02 20:33 - 2012-02-02 20:33 - 0037649 ____A C:\Users\Sabrina\My Documents\ShaneGreene-the barking keyhole.rtf
2012-02-02 20:33 - 2012-02-02 20:33 - 0037649 ____A C:\Users\Sabrina\Documents\ShaneGreene-the barking keyhole.rtf
2012-02-02 20:33 - 2012-02-02 20:33 - 0037649 ____A C:\Documents and Settings\Sabrina\My Documents\ShaneGreene-the barking keyhole.rtf
2012-02-02 20:33 - 2012-02-02 20:33 - 0037649 ____A C:\Documents and Settings\Sabrina\Documents\ShaneGreene-the barking keyhole.rtf
2012-02-01 17:38 - 2012-02-01 17:38 - 0140024 ____A C:\Windows\Minidump\Mini020112-01.dmp
2012-02-01 17:07 - 2012-02-01 18:37 - 0000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job
2012-01-29 18:02 - 2012-01-29 18:04 - 0584192 ____A (OldTimer Tools) C:\Users\Sabrina\Desktop\OTL.exe
2012-01-29 18:02 - 2012-01-29 18:04 - 0584192 ____A (OldTimer Tools) C:\Documents and Settings\Sabrina\Desktop\OTL.exe
2012-01-29 17:36 - 2012-01-29 17:36 - 0049602 ____A C:\Users\Sabrina\My Documents\20120129_rootrepeal_report.txt
2012-01-29 17:36 - 2012-01-29 17:36 - 0049602 ____A C:\Users\Sabrina\Documents\20120129_rootrepeal_report.txt
2012-01-29 17:36 - 2012-01-29 17:36 - 0049602 ____A C:\Documents and Settings\Sabrina\My Documents\20120129_rootrepeal_report.txt
2012-01-29 17:36 - 2012-01-29 17:36 - 0049602 ____A C:\Documents and Settings\Sabrina\Documents\20120129_rootrepeal_report.txt
2012-01-28 23:01 - 2012-01-28 23:01 - 0011473 ____A C:\Users\Sabrina\Malwarebytes license key.docx
2012-01-28 23:01 - 2012-01-28 23:01 - 0011473 ____A C:\Documents and Settings\Sabrina\Malwarebytes license key.docx
2012-01-26 15:16 - 2012-01-26 15:16 - 0012777 ____A C:\Users\Sabrina\Desktop\virus.docx
2012-01-26 15:16 - 2012-01-26 15:16 - 0012777 ____A C:\Documents and Settings\Sabrina\Desktop\virus.docx
2012-01-26 12:37 - 2012-01-26 12:37 - 0015097 ____A C:\Users\Sabrina\My Documents\JohnPerkins-Subject SocialScene Alert.doc
2012-01-26 12:37 - 2012-01-26 12:37 - 0015097 ____A C:\Users\Sabrina\Documents\JohnPerkins-Subject SocialScene Alert.doc
2012-01-26 12:37 - 2012-01-26 12:37 - 0015097 ____A C:\Documents and Settings\Sabrina\My Documents\JohnPerkins-Subject SocialScene Alert.doc
2012-01-26 12:37 - 2012-01-26 12:37 - 0015097 ____A C:\Documents and Settings\Sabrina\Documents\JohnPerkins-Subject SocialScene Alert.doc
2012-01-26 12:21 - 2012-01-26 12:21 - 0017920 ____A C:\Users\Sabrina\My Documents\GrLinnaea-Roast Seeds Until Fragrant.doc
2012-01-26 12:21 - 2012-01-26 12:21 - 0017920 ____A C:\Users\Sabrina\Documents\GrLinnaea-Roast Seeds Until Fragrant.doc
2012-01-26 12:21 - 2012-01-26 12:21 - 0017920 ____A C:\Documents and Settings\Sabrina\My Documents\GrLinnaea-Roast Seeds Until Fragrant.doc
2012-01-26 12:21 - 2012-01-26 12:21 - 0017920 ____A C:\Documents and Settings\Sabrina\Documents\GrLinnaea-Roast Seeds Until Fragrant.doc
2012-01-25 18:13 - 2012-02-09 12:20 - 0000506 ____A C:\Windows\Tasks\SystemToolsDailyTest.job
2012-01-25 18:13 - 2012-02-01 17:39 - 0000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2012-01-25 17:39 - 2012-01-25 17:39 - 0000000 ____D C:\found.001
2012-01-24 19:20 - 2012-01-24 19:20 - 0007669 ____A C:\Users\Sabrina\My Documents\TonyRogers-Stanley, The Visigoth King-stanley%2c_the_visigoth_king.submission.rtf
2012-01-24 19:20 - 2012-01-24 19:20 - 0007669 ____A C:\Users\Sabrina\Documents\TonyRogers-Stanley, The Visigoth King-stanley%2c_the_visigoth_king.submission.rtf
2012-01-24 19:20 - 2012-01-24 19:20 - 0007669 ____A C:\Documents and Settings\Sabrina\My Documents\TonyRogers-Stanley, The Visigoth King-stanley%2c_the_visigoth_king.submission.rtf
2012-01-24 19:20 - 2012-01-24 19:20 - 0007669 ____A C:\Documents and Settings\Sabrina\Documents\TonyRogers-Stanley, The Visigoth King-stanley%2c_the_visigoth_king.submission.rtf
2012-01-24 17:53 - 2012-01-24 17:53 - 0195681 ____A C:\Users\Sabrina\delayed email response.docx
2012-01-24 17:53 - 2012-01-24 17:53 - 0195681 ____A C:\Documents and Settings\Sabrina\delayed email response.docx
2012-01-21 12:05 - 2012-01-21 12:05 - 0140280 ____A C:\Windows\Minidump\Mini012112-01.dmp
2012-01-21 11:09 - 2011-11-06 13:57 - 0148926 ____N C:\Windows\hpoins19.dat.temp
2012-01-21 11:09 - 2007-03-13 11:24 - 0026952 ____N C:\Windows\hpomdl19.dat.temp
2012-01-16 15:21 - 2012-01-16 15:21 - 0025600 ____A C:\Users\Sabrina\My Documents\MichaelVella-To Feel the Touch of Another.doc
2012-01-16 15:21 - 2012-01-16 15:21 - 0025600 ____A C:\Users\Sabrina\Documents\MichaelVella-To Feel the Touch of Another.doc
2012-01-16 15:21 - 2012-01-16 15:21 - 0025600 ____A C:\Documents and Settings\Sabrina\My Documents\MichaelVella-To Feel the Touch of Another.doc
2012-01-16 15:21 - 2012-01-16 15:21 - 0025600 ____A C:\Documents and Settings\Sabrina\Documents\MichaelVella-To Feel the Touch of Another.doc
2012-01-14 21:06 - 2012-01-14 21:06 - 0000162 ____A C:\Users\Sabrina\My Documents\KimPullen-The Massacre.doc
2012-01-14 21:06 - 2012-01-14 21:06 - 0000162 ____A C:\Users\Sabrina\Documents\KimPullen-The Massacre.doc
2012-01-14 21:06 - 2012-01-14 21:06 - 0000162 ____A C:\Documents and Settings\Sabrina\My Documents\KimPullen-The Massacre.doc
2012-01-14 21:06 - 2012-01-14 21:06 - 0000162 ____A C:\Documents and Settings\Sabrina\Documents\KimPullen-The Massacre.doc
2012-01-14 20:44 - 2012-01-14 20:44 - 0246272 ____A C:\Users\Sabrina\My Documents\StephenSTEVENSON-Misc.Comedy Bitz.doc
2012-01-14 20:44 - 2012-01-14 20:44 - 0246272 ____A C:\Users\Sabrina\Documents\StephenSTEVENSON-Misc.Comedy Bitz.doc
2012-01-14 20:44 - 2012-01-14 20:44 - 0246272 ____A C:\Documents and Settings\Sabrina\My Documents\StephenSTEVENSON-Misc.Comedy Bitz.doc
2012-01-14 20:44 - 2012-01-14 20:44 - 0246272 ____A C:\Documents and Settings\Sabrina\Documents\StephenSTEVENSON-Misc.Comedy Bitz.doc


============ 3 Months Modified Files and Folders ===============

2012-02-09 18:35 - 2012-02-09 16:12 - 0000000 ____D C:\FRST
2012-02-09 17:33 - 2012-02-09 14:40 - 3747655680 __ASH C:\hiberfil.sys
2012-02-09 17:33 - 2011-10-09 13:28 - 0000884 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-02-09 17:33 - 2011-01-18 18:27 - 0000000 ____D C:\Program Files\Dell DataSafe Local Backup
2012-02-09 17:33 - 2006-11-02 05:01 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-02-09 17:33 - 2006-11-02 04:47 - 0003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-02-09 17:33 - 2006-11-02 04:47 - 0003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-02-09 17:31 - 2011-10-10 19:46 - 0000000 ____D C:\Program Files\DisplayLink Core Software
2012-02-09 17:31 - 2011-01-23 13:48 - 0000000 ____D C:\Users\Default\Local Settings\SoftThinks
2012-02-09 17:31 - 2011-01-23 13:48 - 0000000 ____D C:\Users\Default\Local Settings\Application Data\SoftThinks
2012-02-09 17:31 - 2011-01-23 13:48 - 0000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2012-02-09 17:31 - 2011-01-23 13:48 - 0000000 ____D C:\Users\Default User\Local Settings\SoftThinks
2012-02-09 17:31 - 2011-01-23 13:48 - 0000000 ____D C:\Users\Default User\Local Settings\Application Data\SoftThinks
2012-02-09 17:31 - 2011-01-23 13:48 - 0000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2012-02-09 17:31 - 2011-01-23 13:48 - 0000000 ____D C:\Documents and Settings\Default\Local Settings\SoftThinks
2012-02-09 17:31 - 2011-01-23 13:48 - 0000000 ____D C:\Documents and Settings\Default\Local Settings\Application Data\SoftThinks
2012-02-09 17:31 - 2011-01-23 13:48 - 0000000 ____D C:\Documents and Settings\Default\AppData\Local\SoftThinks
2012-02-09 17:31 - 2011-01-23 13:48 - 0000000 ____D C:\Documents and Settings\Default User\Local Settings\SoftThinks
2012-02-09 17:31 - 2011-01-23 13:48 - 0000000 ____D C:\Documents and Settings\Default User\Local Settings\Application Data\SoftThinks
2012-02-09 17:31 - 2011-01-23 13:48 - 0000000 ____D C:\Documents and Settings\Default User\AppData\Local\SoftThinks
2012-02-09 17:15 - 2008-08-17 12:38 - 1847869 ____A C:\Windows\WindowsUpdate.log
2012-02-09 17:15 - 2008-08-17 12:38 - 0000012 ____A C:\Windows\bthservsdp.dat
2012-02-09 17:15 - 2006-11-02 05:01 - 0032582 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-02-09 16:50 - 2011-10-09 13:28 - 0000888 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-02-09 16:30 - 2011-10-20 19:21 - 0000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4058585062-3446566008-1817747084-1003UA.job
2012-02-09 15:48 - 2006-11-02 02:33 - 0773968 ____A C:\Windows\System32\PerfStringBackup.INI
2012-02-09 15:01 - 2006-11-02 04:52 - 0115163 ____A C:\Windows\setupact.log
2012-02-09 14:39 - 2011-12-07 19:53 - 0887704 ____A C:\Windows\ntbtlog.txt
2012-02-09 14:37 - 2008-09-17 07:14 - 0001356 ____A C:\Users\Sabrina\Local Settings\d3d9caps.dat
2012-02-09 14:37 - 2008-09-17 07:14 - 0001356 ____A C:\Users\Sabrina\Local Settings\Application Data\d3d9caps.dat
2012-02-09 14:37 - 2008-09-17 07:14 - 0001356 ____A C:\Users\Sabrina\AppData\Local\d3d9caps.dat
2012-02-09 14:37 - 2008-09-17 07:14 - 0001356 ____A C:\Documents and Settings\Sabrina\Local Settings\d3d9caps.dat
2012-02-09 14:37 - 2008-09-17 07:14 - 0001356 ____A C:\Documents and Settings\Sabrina\Local Settings\Application Data\d3d9caps.dat
2012-02-09 14:37 - 2008-09-17 07:14 - 0001356 ____A C:\Documents and Settings\Sabrina\AppData\Local\d3d9caps.dat
2012-02-09 14:28 - 2012-02-09 13:57 - 0000000 ___SD C:\ComboFix
2012-02-09 14:28 - 2012-02-08 17:37 - 0000000 __SHD C:\$RECYCLE.BIN
2012-02-09 14:28 - 2006-11-02 05:00 - 0037828 ____A C:\Windows\PFRO.log
2012-02-09 13:47 - 2012-02-09 13:46 - 0080070 ____A C:\TDSSKiller.2.7.11.0_09.02.2012_13.46.06_log.txt
2012-02-09 13:47 - 2012-02-07 20:58 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-02-09 13:45 - 2012-02-08 21:09 - 4399227 ____R (Swearware) C:\Users\Sabrina\Desktop\ComboFix.exe
2012-02-09 13:45 - 2012-02-08 21:09 - 4399227 ____R (Swearware) C:\Documents and Settings\Sabrina\Desktop\ComboFix.exe
2012-02-09 12:21 - 2012-02-05 12:18 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-02-09 12:20 - 2012-01-25 18:13 - 0000506 ____A C:\Windows\Tasks\SystemToolsDailyTest.job
2012-02-09 10:09 - 2012-02-09 10:09 - 0054540 ____A C:\Users\Sabrina\Desktop\GetWellSoon.jpg
2012-02-09 10:09 - 2012-02-09 10:09 - 0054540 ____A C:\Documents and Settings\Sabrina\Desktop\GetWellSoon.jpg
2012-02-09 03:05 - 2012-02-09 03:04 - 0140240 ____A C:\Windows\Minidump\Mini020912-01.dmp
2012-02-09 03:04 - 2008-10-12 23:05 - 0000000 ____D C:\Windows\Minidump
2012-02-09 03:04 - 2008-10-12 23:04 - 400343103 ____A C:\Windows\MEMORY.DMP
2012-02-08 21:11 - 2012-02-06 19:03 - 0000000 ___AD C:\Qoobox
2012-02-08 20:13 - 2012-02-08 20:13 - 0001868 ____A C:\Users\Sabrina\Desktop\aswMBR.txt
2012-02-08 20:13 - 2012-02-08 20:13 - 0001868 ____A C:\Documents and Settings\Sabrina\Desktop\aswMBR.txt
2012-02-08 20:13 - 2012-02-08 20:13 - 0000512 ____A C:\Users\Sabrina\Desktop\MBR.dat
2012-02-08 20:13 - 2012-02-08 20:13 - 0000512 ____A C:\Documents and Settings\Sabrina\Desktop\MBR.dat
2012-02-08 20:12 - 2012-02-08 20:12 - 4733440 ____A (AVAST Software) C:\Users\Sabrina\Desktop\aswMBR.exe
2012-02-08 20:12 - 2012-02-08 20:12 - 4733440 ____A (AVAST Software) C:\Documents and Settings\Sabrina\Desktop\aswMBR.exe
2012-02-08 20:09 - 2012-02-07 22:16 - 0099074 ____A C:\Users\Sabrina\Desktop\OTL.Txt
2012-02-08 20:09 - 2012-02-07 22:16 - 0099074 ____A C:\Documents and Settings\Sabrina\Desktop\OTL.Txt
2012-02-08 19:01 - 2012-02-06 17:44 - 0000098 ____A C:\Windows\System32\Drivers\etc\Hosts
2012-02-08 17:46 - 2006-11-02 03:18 - 0000000 __RHD C:\users\Default
2012-02-08 17:46 - 2006-11-02 03:18 - 0000000 ___RD C:\users\Public
2012-02-08 17:43 - 2012-02-06 19:35 - 0000000 ____D C:\Windows\ERDNT
2012-02-08 17:37 - 2006-11-02 02:23 - 0000215 ____A C:\Windows\system.ini
2012-02-08 17:34 - 2008-08-28 10:57 - 0000000 ____D C:\users\Sabrina
2012-02-08 17:30 - 2011-10-20 19:21 - 0000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4058585062-3446566008-1817747084-1003Core.job
2012-02-08 17:15 - 2008-08-28 13:43 - 0000000 ____D C:\Users\Sabrina\Desktop\Recipes
2012-02-08 17:15 - 2008-08-28 13:43 - 0000000 ____D C:\Documents and Settings\Sabrina\Desktop\Recipes
2012-02-07 22:22 - 2012-02-07 22:22 - 0001912 ____A C:\regi8042.txt
2012-02-07 21:50 - 2012-02-07 21:37 - 0081272 ____A C:\TDSSKiller.2.7.10.0_07.02.2012_21.37.30_log.txt
2012-02-07 20:59 - 2012-02-07 20:57 - 0159598 ____A C:\TDSSKiller.2.7.10.0_07.02.2012_20.57.00_log.txt
2012-02-07 07:34 - 2012-02-07 07:34 - 0140696 ____A C:\Windows\Minidump\Mini020712-01.dmp
2012-02-06 19:25 - 2012-02-06 19:25 - 2623283 ____A C:\Users\Sabrina\Desktop\Note for Suzanne.jpg
2012-02-06 19:25 - 2012-02-06 19:25 - 2623283 ____A C:\Documents and Settings\Sabrina\Desktop\Note for Suzanne.jpg
2012-02-06 18:51 - 2012-02-06 18:51 - 0010698 ____A C:\Users\Sabrina\Desktop\OTL1.txt
2012-02-06 18:51 - 2012-02-06 18:51 - 0010698 ____A C:\Documents and Settings\Sabrina\Desktop\OTL1.txt
2012-02-05 19:59 - 2006-11-02 03:18 - 0000000 ___SD C:\Windows\Downloaded Program Files
2012-02-05 19:58 - 2012-02-05 19:58 - 0000000 ____D C:\_OTL
2012-02-05 19:40 - 2012-02-05 19:40 - 0140624 ____A C:\Windows\Minidump\Mini020512-01.dmp
2012-02-05 19:39 - 2012-02-05 19:39 - 0000162 ___AH C:\Users\Sabrina\Desktop\~$Step 1.docx
2012-02-05 19:39 - 2012-02-05 19:39 - 0000162 ___AH C:\Documents and Settings\Sabrina\Desktop\~$Step 1.docx
2012-02-05 19:30 - 2012-02-05 19:30 - 0230262 ____A C:\Users\Sabrina\Desktop\Step 1.docx
2012-02-05 19:30 - 2012-02-05 19:30 - 0230262 ____A C:\Documents and Settings\Sabrina\Desktop\Step 1.docx
2012-02-04 23:24 - 2012-02-04 23:24 - 0140264 ____A C:\Windows\Minidump\Mini020412-03.dmp
2012-02-04 17:28 - 2012-02-04 17:28 - 0140704 ____A C:\Windows\Minidump\Mini020412-02.dmp
2012-02-04 14:50 - 2011-12-14 21:53 - 0011453 ____A C:\Users\Sabrina\Bills.xlsx
2012-02-04 14:50 - 2011-12-14 21:53 - 0011453 ____A C:\Documents and Settings\Sabrina\Bills.xlsx
2012-02-04 12:14 - 2012-02-04 12:14 - 0140304 ____A C:\Windows\Minidump\Mini020412-01.dmp
2012-02-02 21:58 - 2008-08-31 20:12 - 0000000 ____D C:\Users\Sabrina\Desktop\Edits
2012-02-02 21:58 - 2008-08-31 20:12 - 0000000 ____D C:\Documents and Settings\Sabrina\Desktop\Edits
2012-02-02 20:33 - 2012-02-02 20:33 - 0037649 ____A C:\Users\Sabrina\My Documents\ShaneGreene-the barking keyhole.rtf
2012-02-02 20:33 - 2012-02-02 20:33 - 0037649 ____A C:\Users\Sabrina\Documents\ShaneGreene-the barking keyhole.rtf
2012-02-02 20:33 - 2012-02-02 20:33 - 0037649 ____A C:\Documents and Settings\Sabrina\My Documents\ShaneGreene-the barking keyhole.rtf
2012-02-02 20:33 - 2012-02-02 20:33 - 0037649 ____A C:\Documents and Settings\Sabrina\Documents\ShaneGreene-the barking keyhole.rtf
2012-02-02 14:40 - 2011-12-06 10:02 - 0008752 ____A C:\Users\Sabrina\Desktop\Connections.xlsx
2012-02-02 14:40 - 2011-12-06 10:02 - 0008752 ____A C:\Documents and Settings\Sabrina\Desktop\Connections.xlsx
2012-02-02 14:02 - 2010-12-15 18:22 - 0010990 ____A C:\Users\Sabrina\My Documents\music list.docx
2012-02-02 14:02 - 2010-12-15 18:22 - 0010990 ____A C:\Users\Sabrina\Documents\music list.docx
2012-02-02 14:02 - 2010-12-15 18:22 - 0010990 ____A C:\Documents and Settings\Sabrina\My Documents\music list.docx
2012-02-02 14:02 - 2010-12-15 18:22 - 0010990 ____A C:\Documents and Settings\Sabrina\Documents\music list.docx
2012-02-01 23:41 - 2011-04-27 20:42 - 0012983 ____A C:\Users\Sabrina\Desktop\Kalliyan.docx
2012-02-01 23:41 - 2011-04-27 20:42 - 0012983 ____A C:\Documents and Settings\Sabrina\Desktop\Kalliyan.docx
2012-02-01 18:37 - 2012-02-01 17:07 - 0000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job
2012-02-01 17:45 - 2011-02-06 12:00 - 0000000 ____D C:\Config.Msi
2012-02-01 17:39 - 2012-01-25 18:13 - 0000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2012-02-01 17:38 - 2012-02-01 17:38 - 0140024 ____A C:\Windows\Minidump\Mini020112-01.dmp
2012-02-01 17:37 - 2011-12-07 20:24 - 0000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-01-31 12:27 - 2011-05-08 20:37 - 0000000 ____D C:\Users\All Users\PCDr
2012-01-31 12:27 - 2011-05-08 20:37 - 0000000 ____D C:\Users\All Users\Application Data\PCDr
2012-01-31 12:27 - 2011-05-08 20:37 - 0000000 ____D C:\ProgramData\PCDr
2012-01-31 12:27 - 2011-05-08 20:37 - 0000000 ____D C:\Documents and Settings\All Users\PCDr
2012-01-31 12:27 - 2011-05-08 20:37 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\PCDr
2012-01-31 04:44 - 2009-10-02 11:02 - 0237072 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-01-29 18:04 - 2012-01-29 18:02 - 0584192 ____A (OldTimer Tools) C:\Users\Sabrina\Desktop\OTL.exe
2012-01-29 18:04 - 2012-01-29 18:02 - 0584192 ____A (OldTimer Tools) C:\Documents and Settings\Sabrina\Desktop\OTL.exe
2012-01-29 17:36 - 2012-01-29 17:36 - 0049602 ____A C:\Users\Sabrina\My Documents\20120129_rootrepeal_report.txt
2012-01-29 17:36 - 2012-01-29 17:36 - 0049602 ____A C:\Users\Sabrina\Documents\20120129_rootrepeal_report.txt
2012-01-29 17:36 - 2012-01-29 17:36 - 0049602 ____A C:\Documents and Settings\Sabrina\My Documents\20120129_rootrepeal_report.txt
2012-01-29 17:36 - 2012-01-29 17:36 - 0049602 ____A C:\Documents and Settings\Sabrina\Documents\20120129_rootrepeal_report.txt
2012-01-28 23:01 - 2012-01-28 23:01 - 0011473 ____A C:\Users\Sabrina\Malwarebytes license key.docx
2012-01-28 23:01 - 2012-01-28 23:01 - 0011473 ____A C:\Documents and Settings\Sabrina\Malwarebytes license key.docx
2012-01-26 15:16 - 2012-01-26 15:16 - 0012777 ____A C:\Users\Sabrina\Desktop\virus.docx
2012-01-26 15:16 - 2012-01-26 15:16 - 0012777 ____A C:\Documents and Settings\Sabrina\Desktop\virus.docx
2012-01-26 12:37 - 2012-01-26 12:37 - 0015097 ____A C:\Users\Sabrina\My Documents\JohnPerkins-Subject SocialScene Alert.doc
2012-01-26 12:37 - 2012-01-26 12:37 - 0015097 ____A C:\Users\Sabrina\Documents\JohnPerkins-Subject SocialScene Alert.doc
2012-01-26 12:37 - 2012-01-26 12:37 - 0015097 ____A C:\Documents and Settings\Sabrina\My Documents\JohnPerkins-Subject SocialScene Alert.doc
2012-01-26 12:37 - 2012-01-26 12:37 - 0015097 ____A C:\Documents and Settings\Sabrina\Documents\JohnPerkins-Subject SocialScene Alert.doc
2012-01-26 12:21 - 2012-01-26 12:21 - 0017920 ____A C:\Users\Sabrina\My Documents\GrLinnaea-Roast Seeds Until Fragrant.doc
2012-01-26 12:21 - 2012-01-26 12:21 - 0017920 ____A C:\Users\Sabrina\Documents\GrLinnaea-Roast Seeds Until Fragrant.doc
2012-01-26 12:21 - 2012-01-26 12:21 - 0017920 ____A C:\Documents and Settings\Sabrina\My Documents\GrLinnaea-Roast Seeds Until Fragrant.doc
2012-01-26 12:21 - 2012-01-26 12:21 - 0017920 ____A C:\Documents and Settings\Sabrina\Documents\GrLinnaea-Roast Seeds Until Fragrant.doc
2012-01-25 18:13 - 2008-08-17 18:05 - 0000000 ____D C:\Program Files\Dell Support Center
2012-01-25 17:39 - 2012-01-25 17:39 - 0000000 ____D C:\found.001
2012-01-24 19:20 - 2012-01-24 19:20 - 0007669 ____A C:\Users\Sabrina\My Documents\TonyRogers-Stanley, The Visigoth King-stanley%2c_the_visigoth_king.submission.rtf
2012-01-24 19:20 - 2012-01-24 19:20 - 0007669 ____A C:\Users\Sabrina\Documents\TonyRogers-Stanley, The Visigoth King-stanley%2c_the_visigoth_king.submission.rtf
2012-01-24 19:20 - 2012-01-24 19:20 - 0007669 ____A C:\Documents and Settings\Sabrina\My Documents\TonyRogers-Stanley, The Visigoth King-stanley%2c_the_visigoth_king.submission.rtf
2012-01-24 19:20 - 2012-01-24 19:20 - 0007669 ____A C:\Documents and Settings\Sabrina\Documents\TonyRogers-Stanley, The Visigoth King-stanley%2c_the_visigoth_king.submission.rtf
2012-01-24 17:53 - 2012-01-24 17:53 - 0195681 ____A C:\Users\Sabrina\delayed email response.docx
2012-01-24 17:53 - 2012-01-24 17:53 - 0195681 ____A C:\Documents and Settings\Sabrina\delayed email response.docx
2012-01-21 12:08 - 2006-11-02 02:23 - 0000254 ____A C:\Windows\win.ini
2012-01-21 12:05 - 2012-01-21 12:05 - 0140280 ____A C:\Windows\Minidump\Mini012112-01.dmp
2012-01-21 12:01 - 2006-11-02 04:37 - 0000000 ____D C:\Windows\twain_32
2012-01-21 11:15 - 2011-11-06 13:40 - 0148420 ____A C:\Windows\hpoins19.dat
2012-01-21 11:15 - 2011-02-06 11:56 - 0007123 ____A C:\Users\All Users\hpzinstall.log
2012-01-21 11:15 - 2011-02-06 11:56 - 0007123 ____A C:\Users\All Users\Application Data\hpzinstall.log
2012-01-21 11:15 - 2011-02-06 11:56 - 0007123 ____A C:\ProgramData\hpzinstall.log
2012-01-21 11:15 - 2011-02-06 11:56 - 0007123 ____A C:\Documents and Settings\All Users\hpzinstall.log
2012-01-21 11:15 - 2011-02-06 11:56 - 0007123 ____A C:\Documents and Settings\All Users\Application Data\hpzinstall.log
2012-01-21 11:13 - 2011-02-06 12:12 - 0000000 ____D C:\Users\Sabrina\Application Data\HP
2012-01-21 11:13 - 2011-02-06 12:12 - 0000000 ____D C:\Users\Sabrina\AppData\Roaming\HP
2012-01-21 11:13 - 2011-02-06 12:12 - 0000000 ____D C:\Documents and Settings\Sabrina\Application Data\HP
2012-01-21 11:13 - 2011-02-06 12:12 - 0000000 ____D C:\Documents and Settings\Sabrina\AppData\Roaming\HP
2012-01-17 20:21 - 2009-09-28 11:41 - 0000000 ____D C:\Users\Sabrina\Desktop\Thesis
2012-01-17 20:21 - 2009-09-28 11:41 - 0000000 ____D C:\Documents and Settings\Sabrina\Desktop\Thesis
2012-01-16 15:21 - 2012-01-16 15:21 - 0025600 ____A C:\Users\Sabrina\My Documents\MichaelVella-To Feel the Touch of Another.doc
2012-01-16 15:21 - 2012-01-16 15:21 - 0025600 ____A C:\Users\Sabrina\Documents\MichaelVella-To Feel the Touch of Another.doc
2012-01-16 15:21 - 2012-01-16 15:21 - 0025600 ____A C:\Documents and Settings\Sabrina\My Documents\MichaelVella-To Feel the Touch of Another.doc
2012-01-16 15:21 - 2012-01-16 15:21 - 0025600 ____A C:\Documents and Settings\Sabrina\Documents\MichaelVella-To Feel the Touch of Another.doc
2012-01-14 21:06 - 2012-01-14 21:06 - 0000162 ____A C:\Users\Sabrina\My Documents\KimPullen-The Massacre.doc
2012-01-14 21:06 - 2012-01-14 21:06 - 0000162 ____A C:\Users\Sabrina\Documents\KimPullen-The Massacre.doc
2012-01-14 21:06 - 2012-01-14 21:06 - 0000162 ____A C:\Documents and Settings\Sabrina\My Documents\KimPullen-The Massacre.doc
2012-01-14 21:06 - 2012-01-14 21:06 - 0000162 ____A C:\Documents and Settings\Sabrina\Documents\KimPullen-The Massacre.doc
2012-01-14 20:44 - 2012-01-14 20:44 - 0246272 ____A C:\Users\Sabrina\My Documents\StephenSTEVENSON-Misc.Comedy Bitz.doc
2012-01-14 20:44 - 2012-01-14 20:44 - 0246272 ____A C:\Users\Sabrina\Documents\StephenSTEVENSON-Misc.Comedy Bitz.doc
2012-01-14 20:44 - 2012-01-14 20:44 - 0246272 ____A C:\Documents and Settings\Sabrina\My Documents\StephenSTEVENSON-Misc.Comedy Bitz.doc
2012-01-14 20:44 - 2012-01-14 20:44 - 0246272 ____A C:\Documents and Settings\Sabrina\Documents\StephenSTEVENSON-Misc.Comedy Bitz.doc
2012-01-13 18:11 - 2008-08-28 13:34 - 0000000 ____D C:\Users\Sabrina\Application Data\.BitTornado
2012-01-13 18:11 - 2008-08-28 13:34 - 0000000 ____D C:\Users\Sabrina\AppData\Roaming\.BitTornado
2012-01-13 18:11 - 2008-08-28 13:34 - 0000000 ____D C:\Documents and Settings\Sabrina\Application Data\.BitTornado
2012-01-13 18:11 - 2008-08-28 13:34 - 0000000 ____D C:\Documents and Settings\Sabrina\AppData\Roaming\.BitTornado
2012-01-13 00:04 - 2008-08-28 11:58 - 0000000 ____D C:\Program Files\Common Files\Adobe
2012-01-12 08:15 - 2008-08-17 17:58 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-01-12 08:15 - 2008-08-17 17:58 - 0000000 ____D C:\Users\All Users\Application Data\Microsoft Help
2012-01-12 08:15 - 2008-08-17 17:58 - 0000000 ____D C:\ProgramData\Microsoft Help
2012-01-12 08:15 - 2008-08-17 17:58 - 0000000 ____D C:\Documents and Settings\All Users\Microsoft Help
2012-01-12 08:15 - 2008-08-17 17:58 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2012-01-12 08:15 - 2006-11-02 02:24 - 52128560 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-01-11 21:36 - 2008-08-28 10:22 - 0000000 ____D C:\Users\Sabrina\Desktop\Writings
2012-01-11 21:36 - 2008-08-28 10:22 - 0000000 ____D C:\Documents and Settings\Sabrina\Desktop\Writings
2012-01-08 17:35 - 2009-07-06 12:01 - 0000000 ____D C:\Users\Sabrina\hob_jportal
2012-01-08 17:35 - 2009-07-06 12:01 - 0000000 ____D C:\Documents and Settings\Sabrina\hob_jportal
2012-01-07 21:52 - 2009-01-23 12:19 - 0000000 ____D C:\Users\All Users\Thayer Birding Software
2012-01-07 21:52 - 2009-01-23 12:19 - 0000000 ____D C:\Users\All Users\Application Data\Thayer Birding Software
2012-01-07 21:52 - 2009-01-23 12:19 - 0000000 ____D C:\ProgramData\Thayer Birding Software
2012-01-07 21:52 - 2009-01-23 12:19 - 0000000 ____D C:\Documents and Settings\All Users\Thayer Birding Software
2012-01-07 21:52 - 2009-01-23 12:19 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\Thayer Birding Software
2012-01-06 23:45 - 2012-01-06 23:45 - 0144680 ____A C:\Windows\Minidump\Mini010612-01.dmp
2012-01-05 22:59 - 2012-01-05 22:59 - 0141560 ____A C:\Windows\Minidump\Mini010512-01.dmp
2012-01-04 18:58 - 2012-01-04 18:58 - 0110123 ____A C:\Users\Sabrina\Desktop\echoes.pdf
2012-01-04 18:58 - 2012-01-04 18:58 - 0110123 ____A C:\Documents and Settings\Sabrina\Desktop\echoes.pdf
2012-01-04 18:58 - 2012-01-04 18:58 - 0103351 ____A C:\Users\Sabrina\Desktop\nightingale1.pdf
2012-01-04 18:58 - 2012-01-04 18:58 - 0103351 ____A C:\Documents and Settings\Sabrina\Desktop\nightingale1.pdf
2012-01-04 18:58 - 2012-01-04 18:58 - 0052930 ____A C:\Users\Sabrina\Desktop\birthnight.pdf
2012-01-04 18:58 - 2012-01-04 18:58 - 0052930 ____A C:\Documents and Settings\Sabrina\Desktop\birthnight.pdf
2012-01-03 20:44 - 2006-11-02 03:18 - 0000000 ____D C:\Windows\Microsoft.NET
2012-01-03 17:47 - 2012-01-03 17:47 - 0139976 ____A C:\Windows\Minidump\Mini010312-01.dmp
2012-01-03 17:45 - 2011-10-20 18:59 - 0021706 ____A C:\Windows\IE9_main.log
2012-01-03 17:40 - 2006-11-02 03:18 - 0000000 ____D C:\Program Files\Common Files\microsoft shared
2011-12-28 17:23 - 2011-12-28 17:02 - 0000000 ____D C:\Users\Sabrina\Desktop\music for L
2011-12-28 17:23 - 2011-12-28 17:02 - 0000000 ____D C:\Documents and Settings\Sabrina\Desktop\music for L
2011-12-27 17:38 - 2011-12-27 17:38 - 0139696 ____A C:\Windows\Minidump\Mini122711-02.dmp
2011-12-27 17:12 - 2011-12-27 17:12 - 0139776 ____A C:\Windows\Minidump\Mini122711-01.dmp
2011-12-26 23:16 - 2011-12-26 23:16 - 0000000 ____D C:\Users\Sabrina\printer
2011-12-26 23:16 - 2011-12-26 23:16 - 0000000 ____D C:\Documents and Settings\Sabrina\printer
2011-12-26 23:15 - 2011-12-22 22:36 - 0000000 ____D C:\Users\Sabrina\Desktop\for Mom
2011-12-26 23:15 - 2011-12-22 22:36 - 0000000 ____D C:\Documents and Settings\Sabrina\Desktop\for Mom
2011-12-26 23:09 - 2008-08-28 10:36 - 0100352 ____A C:\Users\Sabrina\Local Settings\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-12-26 23:09 - 2008-08-28 10:36 - 0100352 ____A C:\Users\Sabrina\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-12-26 23:09 - 2008-08-28 10:36 - 0100352 ____A C:\Users\Sabrina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-12-26 23:09 - 2008-08-28 10:36 - 0100352 ____A C:\Documents and Settings\Sabrina\Local Settings\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-12-26 23:09 - 2008-08-28 10:36 - 0100352 ____A C:\Documents and Settings\Sabrina\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-12-26 23:09 - 2008-08-28 10:36 - 0100352 ____A C:\Documents and Settings\Sabrina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-12-19 02:26 - 2011-12-19 02:26 - 0141504 ____A C:\Windows\Minidump\Mini121911-01.dmp
2011-12-15 20:52 - 2006-11-02 03:18 - 0000000 ___RD C:\Windows\Offline Web Pages
2011-12-15 17:41 - 2011-12-15 17:41 - 0141928 ____A C:\Windows\Minidump\Mini121511-01.dmp
2011-12-14 19:41 - 2011-12-14 19:41 - 0140064 ____A C:\Windows\Minidump\Mini121411-01.dmp
2011-12-11 13:38 - 2011-12-11 13:38 - 0140464 ____A C:\Windows\Minidump\Mini121111-01.dmp
2011-12-10 15:24 - 2011-12-07 20:24 - 0020464 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2011-12-08 08:04 - 2006-11-02 03:18 - 0000000 __RSD C:\Windows\Media
2011-12-07 20:24 - 2011-12-07 20:24 - 0000000 ____D C:\Users\Sabrina\Application Data\Malwarebytes
2011-12-07 20:24 - 2011-12-07 20:24 - 0000000 ____D C:\Users\Sabrina\AppData\Roaming\Malwarebytes
2011-12-07 20:24 - 2011-12-07 20:24 - 0000000 ____D C:\Users\All Users\Malwarebytes
2011-12-07 20:24 - 2011-12-07 20:24 - 0000000 ____D C:\Users\All Users\Application Data\Malwarebytes
2011-12-07 20:24 - 2011-12-07 20:24 - 0000000 ____D C:\ProgramData\Malwarebytes
2011-12-07 20:24 - 2011-12-07 20:24 - 0000000 ____D C:\Documents and Settings\Sabrina\Application Data\Malwarebytes
2011-12-07 20:24 - 2011-12-07 20:24 - 0000000 ____D C:\Documents and Settings\Sabrina\AppData\Roaming\Malwarebytes
2011-12-07 20:24 - 2011-12-07 20:24 - 0000000 ____D C:\Documents and Settings\All Users\Malwarebytes
2011-12-07 20:24 - 2011-12-07 20:24 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2011-12-07 20:21 - 2011-12-07 20:21 - 0000682 ____A C:\rkill.log
2011-12-07 20:19 - 2011-12-07 20:19 - 1008120 ____A C:\Users\Sabrina\Downloads\iExplore.exe
2011-12-07 20:19 - 2011-12-07 20:19 - 1008120 ____A C:\Documents and Settings\Sabrina\Downloads\iExplore.exe
2011-12-05 19:04 - 2011-02-06 12:08 - 0000000 ____D C:\Users\Sabrina\Application Data\HpUpdate
2011-12-05 19:04 - 2011-02-06 12:08 - 0000000 ____D C:\Users\Sabrina\AppData\Roaming\HpUpdate
2011-12-05 19:04 - 2011-02-06 12:08 - 0000000 ____D C:\Documents and Settings\Sabrina\Application Data\HpUpdate
2011-12-05 19:04 - 2011-02-06 12:08 - 0000000 ____D C:\Documents and Settings\Sabrina\AppData\Roaming\HpUpdate
2011-11-29 22:19 - 2008-08-30 21:34 - 0000000 ____D C:\Users\Sabrina\Desktop\Manga
2011-11-29 22:19 - 2008-08-30 21:34 - 0000000 ____D C:\Documents and Settings\Sabrina\Desktop\Manga
2011-11-29 19:00 - 2011-11-29 18:59 - 0140240 ____A C:\Windows\Minidump\Mini112911-01.dmp
2011-11-28 19:18 - 2011-11-28 19:18 - 0000000 ____D C:\Users\All Users\HP Product Assistant
2011-11-28 19:18 - 2011-11-28 19:18 - 0000000 ____D C:\Users\All Users\Application Data\HP Product Assistant
2011-11-28 19:18 - 2011-11-28 19:18 - 0000000 ____D C:\ProgramData\HP Product Assistant
2011-11-28 19:18 - 2011-11-28 19:18 - 0000000 ____D C:\Documents and Settings\All Users\HP Product Assistant
2011-11-28 19:18 - 2011-11-28 19:18 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2011-11-27 18:34 - 2011-11-27 18:34 - 0000563 ____A C:\Users\Sabrina\iTunes Music - Shortcut.lnk
2011-11-27 18:34 - 2011-11-27 18:34 - 0000563 ____A C:\Documents and Settings\Sabrina\iTunes Music - Shortcut.lnk
2011-11-27 18:27 - 2008-08-28 13:34 - 0000000 ____D C:\Users\Sabrina\Desktop\Anime
2011-11-27 18:27 - 2008-08-28 13:34 - 0000000 ____D C:\Documents and Settings\Sabrina\Desktop\Anime
2011-11-15 17:11 - 2008-08-17 18:01 - 0000000 ____D C:\Users\All Users\Application Data\Adobe
2011-11-15 17:11 - 2008-08-17 18:01 - 0000000 ____D C:\Users\All Users\Adobe
2011-11-15 17:11 - 2008-08-17 18:01 - 0000000 ____D C:\ProgramData\Adobe
2011-11-15 17:11 - 2008-08-17 18:01 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\Adobe
2011-11-15 17:11 - 2008-08-17 18:01 - 0000000 ____D C:\Documents and Settings\All Users\Adobe
2011-11-14 21:53 - 2008-08-28 11:01 - 0000000 ____D C:\Users\Sabrina\Application Data\Adobe
2011-11-14 21:53 - 2008-08-28 11:01 - 0000000 ____D C:\Users\Sabrina\AppData\Roaming\Adobe
2011-11-14 21:53 - 2008-08-28 11:01 - 0000000 ____D C:\Documents and Settings\Sabrina\Application Data\Adobe
2011-11-14 21:53 - 2008-08-28 11:01 - 0000000 ____D C:\Documents and Settings\Sabrina\AppData\Roaming\Adobe
2011-11-14 21:53 - 2008-08-28 10:57 - 0000000 ____D C:\Users\Sabrina\AppData\LocalLow
2011-11-14 21:53 - 2008-08-28 10:57 - 0000000 ____D C:\Documents and Settings\Sabrina\AppData\LocalLow
2011-11-14 18:07 - 2011-09-26 17:10 - 0000000 ____D C:\Program Files\Adobe
2011-11-14 18:07 - 2008-08-28 10:15 - 0000000 ____D C:\Users\Sabrina\Local Settings\Application Data\Adobe
2011-11-14 18:07 - 2008-08-28 10:15 - 0000000 ____D C:\Users\Sabrina\Local Settings\Adobe
2011-11-14 18:07 - 2008-08-28 10:15 - 0000000 ____D C:\Users\Sabrina\AppData\Local\Adobe
2011-11-14 18:07 - 2008-08-28 10:15 - 0000000 ____D C:\Documents and Settings\Sabrina\Local Settings\Application Data\Adobe
2011-11-14 18:07 - 2008-08-28 10:15 - 0000000 ____D C:\Documents and Settings\Sabrina\Local Settings\Adobe
2011-11-14 18:07 - 2008-08-28 10:15 - 0000000 ____D C:\Documents and Settings\Sabrina\AppData\Local\Adobe
2011-11-14 18:04 - 2011-11-14 18:04 - 0000000 ____D C:\Users\Default\Application Data\Macromedia
2011-11-14 18:04 - 2011-11-14 18:04 - 0000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2011-11-14 18:04 - 2011-11-14 18:04 - 0000000 ____D C:\Users\Default User\Application Data\Macromedia
2011-11-14 18:04 - 2011-11-14 18:04 - 0000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2011-11-14 18:04 - 2011-11-14 18:04 - 0000000 ____D C:\Program Files\Common Files\Adobe AIR
2011-11-14 18:04 - 2011-11-14 18:04 - 0000000 ____D C:\Documents and Settings\Default\Application Data\Macromedia
2011-11-14 18:04 - 2011-11-14 18:04 - 0000000 ____D C:\Documents and Settings\Default\AppData\Roaming\Macromedia
2011-11-14 18:04 - 2011-11-14 18:04 - 0000000 ____D C:\Documents and Settings\Default User\Application Data\Macromedia
2011-11-14 18:04 - 2011-11-14 18:04 - 0000000 ____D C:\Documents and Settings\Default User\AppData\Roaming\Macromedia
2011-11-12 11:13 - 2011-06-07 16:35 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 8%
Total physical RAM: 4085.12 MB
Available physical RAM: 3737.08 MB
Total Pagefile: 3952.43 MB
Available Pagefile: 3805.57 MB
Total Virtual: 2047.88 MB
Available Virtual: 1980.93 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:285.5 GB) (Free:13 GB) NTFS ==>[Drive with boot components (obtanied from BCD)]
3 Drive f: (FD OF DOOM) (Removable) (Total:1.87 GB) (Free:0.63 GB) FAT
4 Drive x: (RECOVERY) (Fixed) (Total:10 GB) (Free:3.36 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 1912 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 94 MB 32 KB
Partition 2 Primary 10 GB 95 MB
Partition 3 Primary 285 GB 10 GB
Partition 0 Extended 2560 MB 296 GB
Partition 4 Logical 2559 MB 296 GB

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 FAT Partition 94 MB Healthy Hidden

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 X RECOVERY NTFS Partition 10 GB Healthy Boot

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 285 GB Healthy

Disk: 0
Partition 4
Type : DD
Hidden: Yes
Active: No

There is no volume associated with this partition.

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1912 MB 16 KB

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FD OF DOOM FAT Removable 1912 MB Healthy



==========================================================

Last Boot: 2012-02-09 16:22

======================= End Of Log ==========================
  • 0

#64
CompCav
Posted 10 February 2012 - 03:27 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
OK here we go, this will be a two step fix/search then fix before we try to start up in normal mode.

Step 1.

Download the enclosed file. Attached File fixlist.txt


Save it in the USB drive.

Insert the USB drive into the ailing computer. Run FRST as you did before, except that this time around click on the Fix button.

The tool will make a log on the flashdrive (Fixlog.txt) please post it in your reply.


Step 2.

Before leaving the tool we need to search for one more file.

In the search box type:

afd.sys

Then click Search

The tool will make a log on the flashdrive (Search.txt) please post it it your reply.


Step 3.

Now please post:

Fixlog.txt
Search.txt

I will then prepare a fix to replace the missing afd.sys file.

Attached Files


  • 0

#65
boredcrow
Posted 10 February 2012 - 10:37 PM

boredcrow

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts

Step 1.

Download the enclosed file. Attached File fixlist.txt


Save it in the USB drive.

Insert the USB drive into the ailing computer. Run FRST as you did before, except that this time around click on the Fix button.

The tool will make a log on the flashdrive (Fixlog.txt) please post it in your reply.


Apologies, but I don't understand this step. I couldn't find a valid file to download. And do I type anything in the 'fix' box?
  • 0

#66
CompCav
Posted 11 February 2012 - 04:19 AM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Sorry the website had sql errors and my upload did not take.

I will try to linclude the fixlist.txt file here:
Attached File  fixlist.txt   1010bytes   128 downloads


You just copy this file over to the USB drive.

When you boot up with these instructions as before:
Plug the flashdrive into the infected PC before turning the computer on.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
Posted Image
[*]Press Fix button.
[*]It will make a log (Fixlog.txt) on the flash drive. Please copy and paste it to your reply.[/list]
But before you leave the tool we need to do one more search:Type in the Search: box the following:

afd.sys


This will produce a new Search.txt on the USB drive.


Please post:

Fixlog.txt
Search.txt

I will then prepare a fix to replace the missing afd.sys file and send it in the next post!

Edited by CompCav, 11 February 2012 - 04:30 AM.

  • 0

#67
boredcrow
Posted 11 February 2012 - 02:10 PM

boredcrow

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
Scans completed:

Fix result of Farbar Recovery Tool (FRST written by farbar) Version: 28-01-2012
Ran by SYSTEM at 2012-02-11 11:59:10 R:1
Running from F:\

==============================================

slxrgopt service not found.
C:\Windows\System32\Drivers\slxrgopt.sys not found.
C:\Windows\System32\Drivers\tdx.svs moved successfully.
C:\Windows\System32\dds_trash_log.cmd moved successfully.
Could not find c:\WINDOWS\system32\drivers\cdrom.sys.
C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_c949a5b6\cdrom.sys copied successfully to c:\WINDOWS\system32\drivers\cdrom.sys
Could not find c:\WINDOWS\system32\drivers\netbt.sys.
C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6001.18000_none_6064c861f7442765\netbt.sys copied successfully to c:\WINDOWS\system32\drivers\netbt.sys
Could not find c:\WINDOWS\system32\drivers\smb.sys.
Could not replece c:\WINDOWS\system32\drivers\smb.sys.
Could not find c:\WINDOWS\system32\drivers\tdx.sys.
C:\Windows\ERDNT\cache\tdx.sys copied successfully to c:\WINDOWS\system32\drivers\tdx.sys
Could not find c:\WINDOWS\system32\drivers\i8042prt.sys.
C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_f55d5e51\i8042prt.sys copied successfully to c:\WINDOWS\system32\drivers\i8042prt.sys

==== End of Fixlog ====


Farbar Recovery Scan Tool Version: 28-01-2012
Ran by SYSTEM at 2012-02-11 11:59:45
Running from F:\

================== Search: "afd.sys" ===================

C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.22629_none_da4bc33774b91967\afd.sys
[2011-06-16 19:20] - [2011-04-21 05:28] - 0273920 ____A (Microsoft Corporation) 70EE0FC7A0F384DBD929A01384AEEB4B

C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18457_none_d99fb42e5bb59d9b\afd.sys
[2011-06-16 19:20] - [2012-02-09 16:27] - 0273408 ____A () D41D8CD98F00B204E9800998ECF8427E

C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18005_none_d9d3bb9e5b8eea9c\afd.sys
[2009-09-10 16:53] - [2009-04-10 20:47] - 0273920 ____A (Microsoft Corporation) A201207363AA900ABF1A388468688570

C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.22905_none_d876efff77862705\afd.sys
[2011-06-16 19:20] - [2011-04-21 05:12] - 0273920 ____A (Microsoft Corporation) C8AF25017CECB75906A571AC70D2D306

C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18639_none_d7d0e0cc5e7d461c\afd.sys
[2011-06-16 19:20] - [2011-04-21 05:16] - 0273408 ____A (Microsoft Corporation) 48EB99503533C27AC6135648E5474457

C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18000_none_d7e842925e6d1f50\afd.sys
[2008-01-20 18:24] - [2008-01-20 18:24] - 0273920 ____A (Microsoft Corporation) 763E172A55177E478CB419F88FD0BA03

=== End Of Search ===
  • 0

#68
CompCav
Posted 11 February 2012 - 03:14 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Thanks I will have one more fixlist to run and then we will try to boot into normal mode!
  • 0

#69
CompCav
Posted 11 February 2012 - 11:46 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Step 1.

Download the enclosed file. Attached File fixlist.txt
Attached File  fixlist.txt   343bytes   142 downloads

Save it in the USB drive. (It will have to overwrite the existing one so click yes to overwrite it on the USB drive)

Insert the USB drive into the ailing computer. Run FRST as you did before, like last time around click on the Fix button.

The tool will make a log on the flashdrive (Fixlog.txt) please post it it your reply.


Now please post:

Fixlog.txt

Edited by CompCav, 12 February 2012 - 06:07 PM.

  • 0

#70
boredcrow
Posted 13 February 2012 - 07:20 PM

boredcrow

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
This is all it printed this time.

Awaiting your next post before trying to restart!


Start
Replace: C:\Windows\winsxs\x86_microsoft-windows-nbsmb_31bf3856ad364e35_6.0.6001.18000_none_5f6a9133f7f64138\smb.sys c:\WINDOWS\system32\drivers\smb.sys
Replace: C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18005_none_d9d3bb9e5b8eea9c\afd.sys c:\WINDOWS\system32\drivers\afd.sys
End
  • 0

Advertisements

#71
CompCav
Posted 13 February 2012 - 08:50 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Ok here it is. This will be our first startup attempt. I do know we are not through with this infection. During my research and consultation with my instructor it is clear that we have a variant that is very strong. We will get it but there will be more steps with ComboFix and possibly TDSSKiller along the way. Thank you for your patience in correcting this issue.



Step 1.

Download the enclosed file. Attached File fixlist.txt
Attached File  fixlist.txt   163bytes   127 downloads

Save it in the USB drive. (It will have to overwrite the existing one so click yes to overwrite it on the USB drive)

Insert the USB drive into the ailing computer. Run FRST as you did before, like last time around click on the Fix button.

The tool will make a log on the flashdrive (Fixlog.txt) please post it it your reply.


Now please post:

Fixlog.txt




Reboot into normal mode.

Tell me what symptoms the computer has now.

If it is the same as we have been having please shut it down and let me know that also
  • 0

#72
boredcrow
Posted 13 February 2012 - 09:14 PM

boredcrow

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
Fix completed (log below)

Now when I start up, it gets to the point of my desktop appearing, and then up pops the blue screen of death with the message of "IRQL not less or equal." It did this twice before I shut down. The screen wasn't up long enough for me to copy down the numbers it gave with the message.

And I don't mind at all running all these fixes. I just appreciate you taking the time to help me.
(Also, my friend let me borrow her spare laptop, so I'm a lot calmer about the situation) :)



Fix result of Farbar Recovery Tool (FRST written by farbar) Version: 28-01-2012
Ran by SYSTEM at 2012-02-13 19:01:54 R:3
Running from F:\

==============================================

AdobeActiveFileMonitor6.0 service deleted successfully.
C:\Windows\System32\pdlndlpb.dll moved successfully.

==== End of Fixlog ====
  • 0

#73
CompCav
Posted 13 February 2012 - 09:28 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
OK let's try to get the details on this BSOD.

When you start up after you see the splash screen start tapping F8 until you get to the Advanced Options screen.


Select Disable automatic restart on system failure and hit Enter.

Then when the code comes up you should be able to collect the information which will be words and some numbers.
  • 0

#74
boredcrow
Posted 13 February 2012 - 10:06 PM

boredcrow

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
The message is ***STOP: 0x0000000A (0x00000000, 0x00000002, 0x00000001, 0x81E4183C)
  • 0

#75
CompCav
Posted 13 February 2012 - 10:26 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
When you start up after you see the splash screen start tapping F8 until you get to the Advanced Options screen.


Now select Last Known Good Configuration and hit Enter
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP