Dell Inspiron won't boot after running tdsskiller
#1
Posted 03 February 2012 - 03:14 PM
#2
Posted 03 February 2012 - 04:45 PM
Lets give it a try. You will need a USB (Flash) pendrive.
For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.
Plug the flashdrive into the infected PC.
Enter System Recovery Options.
To enter System Recovery Options from the Advanced Boot Options:
- Restart the computer.
- As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
- Click on Repair your computer menu item.
- Select US as the keyboard language settings, and then click Next.
- Select the operating system you want to repair, and then click Next.
- Select your user account and click Next.
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
- Select Command Prompt
- In the command window type in notepad and press Enter.
- The notepad opens. Under File menu select Open.
- Select "Computer" and find your flash drive letter and close the notepad.
- In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive. - The tool will start to run.
- When the tool opens click Yes to disclaimer.
- Press Scan button.
- It will make a log (FRST.txt) in the flash drive. Please copy and paste it to your reply.
#3
Posted 03 February 2012 - 05:08 PM
Ran by SYSTEM at 2012-02-03 06:05:03
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001
========================== Registry (Whitelisted) =============
HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [384296 2010-04-05] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-02-25] (IDT, Inc.)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [165912 2010-02-21] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [387608 2010-02-21] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [365592 2010-02-21] (Intel Corporation)
HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [4968960 2009-07-16] (Dell Inc.)
HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [3180624 2009-07-02] (Dell Inc.)
HKLM\...\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [2780776 2011-07-19] (CANON INC.)
HKLM-x32\...\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m [1807680 2010-02-09] ()
HKLM-x32\...\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [140520 2009-12-29] (CyberLink Corp.)
HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [498160 2009-10-15] ()
HKLM-x32\...\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [x]
HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1675160 2011-11-22] (McAfee, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2011-09-07] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-03-29] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-11-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [LTCM Client] C:\Program Files (x86)\LTCM Client\ltcmClient.exe /startup [1596096 2009-08-05] (Leader Technologies Inc.)
HKU\Sherry\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-05-03] (Google Inc.)
HKU\Sherry\...\Run: [EPSON NX430 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHBA.EXE /FU "C:\Users\Sherry\AppData\Local\Temp\E_S8568.tmp" /EF "HKCU" [126 2012-01-05] ()
HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2009-07-13] (Microsoft Corporation)
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [559616 2011-10-06] (Dell)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
==================== Services (Whitelisted) ======
2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [462184 2011-08-30] (Apple Inc.)
2 EpsonCustomerParticipation; "C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe" [555392 2011-06-09] (SEIKO EPSON CORPORATION)
2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 mcmscsvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McNaiAnn; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McNASvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
3 McODS; "C:\Program Files\McAfee\VirusScan\mcods.exe" [501768 2011-06-23] (McAfee, Inc.)
2 McProxy; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [199272 2011-10-18] (McAfee, Inc.)
2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [208536 2011-10-18] (McAfee, Inc.)
2 mfevtp; "C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe" [161168 2011-10-18] (McAfee, Inc.)
2 MSK80Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\STacSV64.exe [244736 2010-02-25] (IDT, Inc.)
========================== Drivers (Whitelisted) =============
3 cfwids; C:\Windows\System32\drivers\cfwids.sys [65264 2011-10-15] (McAfee, Inc.)
3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [160280 2011-10-15] (McAfee, Inc.)
3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [229528 2011-10-15] (McAfee, Inc.)
3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [41032 2009-06-18] (McAfee, Inc.)
3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [481768 2011-10-15] (McAfee, Inc.)
0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [647080 2011-10-15] (McAfee, Inc.)
1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [75808 2011-10-15] (McAfee, Inc.)
3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [100912 2011-10-15] (McAfee, Inc.)
3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [40904 2010-02-17] (McAfee, Inc.)
3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [49480 2010-02-17] (McAfee, Inc.)
1 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [284648 2011-10-15] (McAfee, Inc.)
3 mfeavfk01; [x]
3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [x]
========================== NetSvcs (Whitelisted) ===========
============ One Month Created Files and Folders ==============
2012-02-01 11:17 - 2012-02-01 11:17 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-02-01 11:14 - 2012-02-01 11:18 - 0081108 ____A C:\TDSSKiller.2.7.9.0_01.02.2012_11.14.38_log.txt
2012-02-01 11:14 - 2012-02-01 11:10 - 2040543 ___AH C:\Users\Sherry\Desktop\tdsskiller.zip
2012-02-01 11:14 - 2012-02-01 09:42 - 0000000 ___HD C:\Users\Sherry\Desktop\tdsskiller
2012-02-01 10:34 - 2012-02-01 10:34 - 0000000 ___HD C:\Users\Sherry\Application Data\Malwarebytes
2012-02-01 10:34 - 2012-02-01 10:34 - 0000000 ___HD C:\Users\Sherry\AppData\Roaming\Malwarebytes
2012-02-01 10:32 - 2012-02-01 10:32 - 0000000 ___HD C:\Users\All Users\Malwarebytes
2012-02-01 10:32 - 2012-02-01 10:32 - 0000000 ___HD C:\Users\All Users\Application Data\Malwarebytes
2012-02-01 10:32 - 2012-02-01 10:32 - 0000000 ___HD C:\ProgramData\Malwarebytes
2012-02-01 10:31 - 2012-02-01 09:44 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-02-01 10:04 - 2012-02-01 09:42 - 0000000 ____D C:\Windows\Minidump
2012-01-31 19:25 - 2012-01-31 19:25 - 0016624 ___AH C:\Users\Sherry\My Documents\european capitals.docx
2012-01-31 19:25 - 2012-01-31 19:25 - 0016624 ___AH C:\Users\Sherry\Documents\european capitals.docx
2012-01-31 19:02 - 2012-01-31 19:02 - 0000000 ____D C:\Windows\Sun
2012-01-31 15:00 - 2012-01-31 15:00 - 0000162 ___AH C:\Users\Sherry\My Documents\~$theran Elementary CSCP.docx
2012-01-31 15:00 - 2012-01-31 15:00 - 0000162 ___AH C:\Users\Sherry\Documents\~$theran Elementary CSCP.docx
2012-01-31 14:59 - 2012-01-31 14:59 - 0000162 ___AH C:\Users\Sherry\My Documents\~$DAY PER WEEK SCHEDULE.docx
2012-01-31 14:59 - 2012-01-31 14:59 - 0000162 ___AH C:\Users\Sherry\Documents\~$DAY PER WEEK SCHEDULE.docx
2012-01-29 17:18 - 2012-01-30 18:06 - 0014463 ___AH C:\Users\Sherry\My Documents\2 DAY PER WEEK SCHEDULE.docx
2012-01-29 17:18 - 2012-01-30 18:06 - 0014463 ___AH C:\Users\Sherry\Documents\2 DAY PER WEEK SCHEDULE.docx
2012-01-29 14:39 - 2012-01-29 14:39 - 0015722 ___AH C:\Users\Sherry\My Documents\Luth Elem CSCP title page.docx
2012-01-29 14:39 - 2012-01-29 14:39 - 0015722 ___AH C:\Users\Sherry\Documents\Luth Elem CSCP title page.docx
2012-01-27 07:09 - 2012-01-27 07:30 - 0044544 ___AH C:\Users\Sherry\My Documents\1January 29.2.doc
2012-01-27 07:09 - 2012-01-27 07:30 - 0044544 ___AH C:\Users\Sherry\Documents\1January 29.2.doc
2012-01-27 07:09 - 2012-01-27 07:09 - 0000162 ___AH C:\Users\Sherry\My Documents\~$anuary 29.2.doc
2012-01-27 07:09 - 2012-01-27 07:09 - 0000162 ___AH C:\Users\Sherry\Documents\~$anuary 29.2.doc
2012-01-26 18:06 - 2012-01-26 18:21 - 0056325 ___AH C:\Users\Sherry\My Documents\Announcements Jan 29 revised.docx
2012-01-26 18:06 - 2012-01-26 18:21 - 0056325 ___AH C:\Users\Sherry\Documents\Announcements Jan 29 revised.docx
2012-01-25 19:00 - 2012-01-25 19:00 - 0018712 ___AH C:\Users\Sherry\My Documents\valentines party.docx
2012-01-25 19:00 - 2012-01-25 19:00 - 0018712 ___AH C:\Users\Sherry\Documents\valentines party.docx
2012-01-22 16:06 - 2012-01-22 16:06 - 0086333 ___AH C:\Users\Sherry\Desktop\pbis it works.pdf
2012-01-22 15:56 - 2012-01-22 15:56 - 1061725 ___AH C:\Users\Sherry\Desktop\school coun and spirituality.pdf
2012-01-22 14:52 - 2012-01-30 18:59 - 0019528 ___AH C:\Users\Sherry\My Documents\Lutheran Elementary CSCP.docx
2012-01-22 14:52 - 2012-01-30 18:59 - 0019528 ___AH C:\Users\Sherry\Documents\Lutheran Elementary CSCP.docx
2012-01-22 14:31 - 2012-01-22 14:31 - 0000000 ___HD C:\Users\Sherry\My Documents\Consultation Strategies
2012-01-22 14:31 - 2012-01-22 14:31 - 0000000 ___HD C:\Users\Sherry\Documents\Consultation Strategies
2012-01-21 21:54 - 2012-01-21 21:54 - 0025133 ___AH C:\Users\Sherry\Desktop\asca logo.png
2012-01-21 20:28 - 2012-01-21 20:28 - 0159458 ___AH C:\Users\Sherry\Downloads\MembershipCard_127590.pdf
2012-01-21 20:22 - 2012-01-21 20:30 - 0000951 ___AH C:\Users\Sherry\Desktop\MembershipCard_127590.txt
2012-01-21 11:23 - 2012-01-21 11:22 - 0010304 ___AH C:\Users\Sherry\Desktop\hands and world.jpg
2012-01-21 10:10 - 2012-01-21 10:10 - 0024740 ___AH C:\Users\Sherry\Desktop\lcms cross.png
2012-01-21 10:02 - 2012-01-21 10:02 - 0010016 ___AH C:\Users\Sherry\Desktop\world.jpg
2012-01-20 20:33 - 2012-02-01 11:14 - 0000000 ____D C:\Users\Sherry\Desktop\EBSCOhost School Counselors as Social-Emotional Learning Consultants Where Do We Beg____files
2012-01-20 20:33 - 2012-01-20 20:33 - 0200479 ___AH C:\Users\Sherry\Desktop\EBSCOhost School Counselors as Social-Emotional Learning Consultants Where Do We Beg___.htm
2012-01-20 16:53 - 2012-01-20 16:53 - 0012746 ___AH C:\Users\Sherry\My Documents\NOTES 13.docx
2012-01-20 16:53 - 2012-01-20 16:53 - 0012746 ___AH C:\Users\Sherry\Documents\NOTES 13.docx
2012-01-20 16:41 - 2012-01-20 16:47 - 0015174 ___AH C:\Users\Sherry\My Documents\NOTES 12-13.docx
2012-01-20 16:41 - 2012-01-20 16:47 - 0015174 ___AH C:\Users\Sherry\Documents\NOTES 12-13.docx
2012-01-20 16:36 - 2012-01-20 16:36 - 0014261 ___AH C:\Users\Sherry\My Documents\NOTES 11.docx
2012-01-20 16:36 - 2012-01-20 16:36 - 0014261 ___AH C:\Users\Sherry\Documents\NOTES 11.docx
2012-01-20 16:27 - 2012-01-20 16:27 - 0014738 ___AH C:\Users\Sherry\My Documents\NOTES 10.docx
2012-01-20 16:27 - 2012-01-20 16:27 - 0014738 ___AH C:\Users\Sherry\Documents\NOTES 10.docx
2012-01-20 16:17 - 2012-01-27 13:05 - 0016628 ___AH C:\Users\Sherry\My Documents\NOTES 8-9.docx
2012-01-20 16:17 - 2012-01-27 13:05 - 0016628 ___AH C:\Users\Sherry\Documents\NOTES 8-9.docx
2012-01-20 15:59 - 2012-01-20 15:59 - 0018310 ___AH C:\Users\Sherry\My Documents\NOTES 7.docx
2012-01-20 15:59 - 2012-01-20 15:59 - 0018310 ___AH C:\Users\Sherry\Documents\NOTES 7.docx
2012-01-20 12:57 - 2012-01-20 12:58 - 0015728 ___AH C:\Users\Sherry\My Documents\NOTES 6.docx
2012-01-20 12:57 - 2012-01-20 12:58 - 0015728 ___AH C:\Users\Sherry\Documents\NOTES 6.docx
2012-01-20 12:44 - 2012-01-20 12:44 - 0015525 ___AH C:\Users\Sherry\My Documents\NOTES 5.docx
2012-01-20 12:44 - 2012-01-20 12:44 - 0015525 ___AH C:\Users\Sherry\Documents\NOTES 5.docx
2012-01-20 12:06 - 2012-01-20 12:06 - 0014998 ___AH C:\Users\Sherry\My Documents\NOTES 4.docx
2012-01-20 12:06 - 2012-01-20 12:06 - 0014998 ___AH C:\Users\Sherry\Documents\NOTES 4.docx
2012-01-20 11:56 - 2012-01-20 11:56 - 0016895 ___AH C:\Users\Sherry\My Documents\NOTES 2-3.docx
2012-01-20 11:56 - 2012-01-20 11:56 - 0016895 ___AH C:\Users\Sherry\Documents\NOTES 2-3.docx
2012-01-20 11:35 - 2012-01-20 11:35 - 0013217 ___AH C:\Users\Sherry\My Documents\NOTES 2.docx
2012-01-20 11:35 - 2012-01-20 11:35 - 0013217 ___AH C:\Users\Sherry\Documents\NOTES 2.docx
2012-01-20 11:10 - 2012-01-27 13:04 - 0014667 ___AH C:\Users\Sherry\My Documents\notes 1.docx
2012-01-20 11:10 - 2012-01-27 13:04 - 0014667 ___AH C:\Users\Sherry\Documents\notes 1.docx
2012-01-18 20:32 - 2012-01-18 20:32 - 0046080 ___AH C:\Users\Sherry\My Documents\Informed Consent for School Counseling AF.doc
2012-01-18 20:32 - 2012-01-18 20:32 - 0046080 ___AH C:\Users\Sherry\Documents\Informed Consent for School Counseling AF.doc
2012-01-18 20:04 - 2012-01-18 20:04 - 0233207 ___AH C:\Users\Sherry\Desktop\confidentiality-guidelines-for-school-counselors-short-version.pdf
2012-01-18 19:15 - 2012-01-31 19:15 - 0000000 ___HD C:\Users\Sherry\My Documents\CSCP documents
2012-01-18 19:15 - 2012-01-31 19:15 - 0000000 ___HD C:\Users\Sherry\Documents\CSCP documents
2012-01-17 19:35 - 2012-01-17 19:35 - 0152502 ___AH C:\Users\Sherry\Desktop\ConfRegistrationForm2012_Final.pdf
2012-01-16 15:17 - 2012-01-27 14:50 - 0000000 ___HD C:\Users\Sherry\My Documents\CSCP research
2012-01-16 15:17 - 2012-01-27 14:50 - 0000000 ___HD C:\Users\Sherry\Documents\CSCP research
2012-01-11 15:59 - 2011-10-25 23:22 - 1572864 ____A (Microsoft Corporation) C:\Windows\System32\quartz.dll
2012-01-11 15:59 - 2011-10-25 22:28 - 1328640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2012-01-11 15:58 - 2011-11-19 09:07 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\packager.dll
2012-01-11 15:58 - 2011-11-19 08:06 - 0067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2012-01-11 15:58 - 2011-11-17 01:14 - 1739160 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2012-01-11 15:58 - 2011-11-16 23:41 - 1292592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2012-01-11 15:58 - 2011-10-25 23:33 - 0366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-01-11 15:58 - 2011-10-25 22:33 - 0514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2012-01-10 19:57 - 2012-01-10 19:57 - 0000000 ___AH C:\Users\Sherry\Sti_Trace.log
2012-01-07 19:05 - 2012-01-07 19:05 - 0037376 ___AH C:\Users\Sherry\My Documents\Spring 2012 Milw Luth Design Syllabus.doc
2012-01-07 19:05 - 2012-01-07 19:05 - 0037376 ___AH C:\Users\Sherry\Documents\Spring 2012 Milw Luth Design Syllabus.doc
2012-01-05 17:54 - 2012-01-05 18:16 - 0023040 ___AH C:\Users\Sherry\Desktop\Sci Fair Research PaperEV.doc
2012-01-05 16:38 - 2012-02-01 11:16 - 0000000 ____D C:\Users\Sherry\Application Data\Epson
2012-01-05 16:38 - 2012-02-01 11:16 - 0000000 ____D C:\Users\Sherry\AppData\Roaming\Epson
2012-01-05 16:38 - 2012-01-05 16:38 - 0000000 ___HD C:\Users\Sherry\Application Data\Leader Technologies
2012-01-05 16:38 - 2012-01-05 16:38 - 0000000 ___HD C:\Users\Sherry\AppData\Roaming\Leader Technologies
2012-01-04 21:31 - 2012-01-04 21:31 - 0000000 ___HD C:\Users\Sherry\Application Data\Leadertech
2012-01-04 21:31 - 2012-01-04 21:31 - 0000000 ___HD C:\Users\Sherry\AppData\Roaming\Leadertech
2012-01-04 21:29 - 2012-01-04 21:29 - 0002076 ____A C:\Users\Public\Desktop\Epson Stylus NX430 User's Guide.lnk
2012-01-04 21:29 - 2012-01-04 21:29 - 0002076 ____A C:\Users\All Users\Desktop\Epson Stylus NX430 User's Guide.lnk
2012-01-04 21:29 - 2012-01-04 21:29 - 0000000 ____D C:\Program Files (x86)\LTCM Client
2012-01-04 21:25 - 2012-01-04 21:25 - 0000000 ____D C:\Program Files (x86)\Epson America Inc
2012-01-04 21:24 - 2012-01-04 21:24 - 0000000 ____D C:\Program Files\EPSON
2012-01-04 21:22 - 2012-01-04 21:25 - 0000000 ____D C:\Program Files (x86)\Epson Software
2012-01-04 21:21 - 2012-01-04 21:29 - 0000000 ____D C:\Program Files (x86)\epson
2012-01-04 21:21 - 2012-01-04 21:21 - 0000936 ____A C:\Users\Public\Desktop\EPSON Scan.lnk
2012-01-04 21:21 - 2012-01-04 21:21 - 0000936 ____A C:\Users\All Users\Desktop\EPSON Scan.lnk
2012-01-04 21:21 - 2011-08-10 00:00 - 0464384 ____A (Seiko Epson Corporation) C:\Windows\System32\esxw2ud.dll
2012-01-04 21:21 - 2009-10-16 00:00 - 0132560 ____A (Seiko Epson Corporation) C:\Windows\System32\esdevapp.exe
2012-01-04 21:21 - 2009-10-16 00:00 - 0013824 ____A (Seiko Epson Corporation) C:\Windows\System32\esxcdev.dll
2012-01-04 21:17 - 2012-01-04 21:35 - 0000071 ____A C:\Windows\ENX430.ini
2012-01-04 21:16 - 2012-02-01 11:04 - 0000000 ____D C:\Users\All Users\EPSON
2012-01-04 21:16 - 2012-02-01 11:04 - 0000000 ____D C:\Users\All Users\Application Data\EPSON
2012-01-04 21:16 - 2012-02-01 11:04 - 0000000 ____D C:\ProgramData\EPSON
2012-01-04 21:16 - 2012-01-04 21:16 - 0000000 ____D C:\Program Files\Common Files\EPSON
2012-01-04 21:15 - 2009-09-30 18:01 - 0088064 ____A (SEIKO EPSON CORPORATION) C:\Windows\System32\E_IBCBHBA.DLL
2012-01-04 21:15 - 2008-11-11 18:00 - 0118784 ____A (SEIKO EPSON CORPORATION) C:\Windows\System32\E_ILMHBA.DLL
============ 3 Months Modified Files and Folders =============
2012-02-03 06:05 - 2012-02-03 06:04 - 0000000 ____D C:\FRST
2012-02-01 11:18 - 2012-02-01 11:14 - 0081108 ____A C:\TDSSKiller.2.7.9.0_01.02.2012_11.14.38_log.txt
2012-02-01 11:17 - 2012-02-01 11:17 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-02-01 11:16 - 2012-01-05 16:38 - 0000000 ____D C:\Users\Sherry\Application Data\Epson
2012-02-01 11:16 - 2012-01-05 16:38 - 0000000 ____D C:\Users\Sherry\AppData\Roaming\Epson
2012-02-01 11:16 - 2011-07-21 21:06 - 0000000 ____D C:\Program Files\Dell Support Center
2012-02-01 11:16 - 2011-07-19 17:17 - 0000000 ____D C:\Users\Sherry\Local Settings\Proxure
2012-02-01 11:16 - 2011-07-19 17:17 - 0000000 ____D C:\Users\Sherry\Local Settings\Application Data\Proxure
2012-02-01 11:16 - 2011-07-19 17:17 - 0000000 ____D C:\Users\Sherry\AppData\Local\Proxure
2012-02-01 11:16 - 2011-07-19 10:42 - 0000000 ____D C:\Users\Sherry\My Documents\attachments_2011_07_19[1]
2012-02-01 11:16 - 2011-07-19 10:42 - 0000000 ____D C:\Users\Sherry\Documents\attachments_2011_07_19[1]
2012-02-01 11:16 - 2010-11-28 19:43 - 0000000 ____D C:\Users\Sherry\Application Data\Macrovision
2012-02-01 11:16 - 2010-11-28 19:43 - 0000000 ____D C:\Users\Sherry\AppData\Roaming\Macrovision
2012-02-01 11:16 - 2010-11-25 17:55 - 0000000 ____D C:\Users\Sherry\Local Settings\PowerDVD DX
2012-02-01 11:16 - 2010-11-25 17:55 - 0000000 ____D C:\Users\Sherry\Local Settings\Application Data\PowerDVD DX
2012-02-01 11:16 - 2010-11-25 17:55 - 0000000 ____D C:\Users\Sherry\AppData\Local\PowerDVD DX
2012-02-01 11:16 - 2010-09-16 15:32 - 0000000 ____D C:\Users\Sherry\Application Data\Skype
2012-02-01 11:16 - 2010-09-16 15:32 - 0000000 ____D C:\Users\Sherry\AppData\Roaming\Skype
2012-02-01 11:16 - 2010-08-24 15:52 - 0000000 ____D C:\Users\Sherry\Application Data\Creative
2012-02-01 11:16 - 2010-08-24 15:52 - 0000000 ____D C:\Users\Sherry\AppData\Roaming\Creative
2012-02-01 11:16 - 2010-07-14 10:37 - 0000000 ____D C:\Users\Sherry\My Documents\Career Counseling
2012-02-01 11:16 - 2010-07-14 10:37 - 0000000 ____D C:\Users\Sherry\Documents\Career Counseling
2012-02-01 11:16 - 2010-07-13 14:21 - 0000000 ____D C:\Users\Sherry\Local Settings\Stardock_Corporation
2012-02-01 11:16 - 2010-07-13 14:21 - 0000000 ____D C:\Users\Sherry\Local Settings\Application Data\Stardock_Corporation
2012-02-01 11:16 - 2010-07-13 14:21 - 0000000 ____D C:\Users\Sherry\Application Data\Roxio
2012-02-01 11:16 - 2010-07-13 14:21 - 0000000 ____D C:\Users\Sherry\AppData\Roaming\Roxio
2012-02-01 11:16 - 2010-07-13 14:21 - 0000000 ____D C:\Users\Sherry\AppData\Local\Stardock_Corporation
2012-02-01 11:16 - 2010-07-13 14:17 - 0000000 ____D C:\users\Sherry
2012-02-01 11:16 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\sysprep
2012-02-01 11:16 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\NDF
2012-02-01 11:15 - 2010-07-13 14:59 - 0000000 ____D C:\Users\Sherry\Local Settings\Microsoft Help
2012-02-01 11:15 - 2010-07-13 14:59 - 0000000 ____D C:\Users\Sherry\Local Settings\Application Data\Microsoft Help
2012-02-01 11:15 - 2010-07-13 14:59 - 0000000 ____D C:\Users\Sherry\AppData\Local\Microsoft Help
2012-02-01 11:15 - 2010-07-13 14:21 - 0000000 ____D C:\Users\Sherry\Local Settings\DataSafeOnline
2012-02-01 11:15 - 2010-07-13 14:21 - 0000000 ____D C:\Users\Sherry\Local Settings\Application Data\DataSafeOnline
2012-02-01 11:15 - 2010-07-13 14:21 - 0000000 ____D C:\Users\Sherry\AppData\Local\DataSafeOnline
2012-02-01 11:15 - 2010-07-08 04:53 - 0000000 ____D C:\dell
2012-02-01 11:15 - 2010-07-08 03:07 - 0000000 ____D C:\Program Files\McAfee
2012-02-01 11:15 - 2010-07-08 03:07 - 0000000 ____D C:\Program Files\Common Files\McAfee
2012-02-01 11:15 - 2010-07-08 02:47 - 0000000 ____D C:\Users\All Users\PCDr
2012-02-01 11:15 - 2010-07-08 02:47 - 0000000 ____D C:\Users\All Users\Application Data\PCDr
2012-02-01 11:15 - 2010-07-08 02:47 - 0000000 ____D C:\ProgramData\PCDr
2012-02-01 11:15 - 2010-07-08 02:40 - 0000000 ____D C:\Users\All Users\WildTangent
2012-02-01 11:15 - 2010-07-08 02:40 - 0000000 ____D C:\Users\All Users\Application Data\WildTangent
2012-02-01 11:15 - 2010-07-08 02:40 - 0000000 ____D C:\ProgramData\WildTangent
2012-02-01 11:14 - 2012-01-20 20:33 - 0000000 ____D C:\Users\Sherry\Desktop\EBSCOhost School Counselors as Social-Emotional Learning Consultants Where Do We Beg____files
2012-02-01 11:13 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\registration
2012-02-01 11:12 - 2011-07-21 20:53 - 0000000 ____D C:\Users\Sherry\Application Data\PCDr
2012-02-01 11:12 - 2011-07-21 20:53 - 0000000 ____D C:\Users\Sherry\AppData\Roaming\PCDr
2012-02-01 11:12 - 2010-07-13 14:25 - 0000000 ____D C:\Users\Sherry\Application Data\Adobe
2012-02-01 11:12 - 2010-07-13 14:25 - 0000000 ____D C:\Users\Sherry\AppData\Roaming\Adobe
2012-02-01 11:12 - 2010-07-13 14:17 - 0000000 ____D C:\Users\Sherry\AppData\LocalLow
2012-02-01 11:10 - 2012-02-01 11:14 - 2040543 ___AH C:\Users\Sherry\Desktop\tdsskiller.zip
2012-02-01 11:05 - 2011-05-03 11:50 - 0000000 ____D C:\Users\Sherry\Local Settings\Google
2012-02-01 11:05 - 2011-05-03 11:50 - 0000000 ____D C:\Users\Sherry\Local Settings\Application Data\Google
2012-02-01 11:05 - 2011-05-03 11:50 - 0000000 ____D C:\Users\Sherry\AppData\Local\Google
2012-02-01 11:05 - 2010-07-17 10:13 - 0000000 ____D C:\Users\Sherry\Local Settings\Microsoft Games
2012-02-01 11:05 - 2010-07-17 10:13 - 0000000 ____D C:\Users\Sherry\Local Settings\Application Data\Microsoft Games
2012-02-01 11:05 - 2010-07-17 10:13 - 0000000 ____D C:\Users\Sherry\AppData\Local\Microsoft Games
2012-02-01 11:05 - 2009-07-14 01:44 - 0000000 ___RD C:\Users\Public\Recorded TV
2012-02-01 11:05 - 2009-07-13 21:20 - 0000000 ___RD C:\users\Public
2012-02-01 11:04 - 2012-01-04 21:16 - 0000000 ____D C:\Users\All Users\EPSON
2012-02-01 11:04 - 2012-01-04 21:16 - 0000000 ____D C:\Users\All Users\Application Data\EPSON
2012-02-01 11:04 - 2012-01-04 21:16 - 0000000 ____D C:\ProgramData\EPSON
2012-02-01 11:04 - 2011-12-29 12:10 - 0000000 ___HD C:\Users\All Users\CanonBJ
2012-02-01 11:04 - 2011-12-29 12:10 - 0000000 ___HD C:\Users\All Users\Application Data\CanonBJ
2012-02-01 11:04 - 2011-12-29 12:10 - 0000000 ___HD C:\ProgramData\CanonBJ
2012-02-01 11:04 - 2011-05-03 11:50 - 0000000 ____D C:\Users\All Users\Google
2012-02-01 11:04 - 2011-05-03 11:50 - 0000000 ____D C:\Users\All Users\Application Data\Google
2012-02-01 11:04 - 2011-05-03 11:50 - 0000000 ____D C:\ProgramData\Google
2012-02-01 11:04 - 2011-05-03 11:39 - 0000000 ____D C:\Users\All Users\Skype Extras
2012-02-01 11:04 - 2011-05-03 11:39 - 0000000 ____D C:\Users\All Users\Application Data\Skype Extras
2012-02-01 11:04 - 2011-05-03 11:39 - 0000000 ____D C:\ProgramData\Skype Extras
2012-02-01 11:04 - 2010-11-25 17:55 - 0000000 ____D C:\Users\All Users\CyberLink
2012-02-01 11:04 - 2010-11-25 17:55 - 0000000 ____D C:\Users\All Users\Application Data\CyberLink
2012-02-01 11:04 - 2010-11-25 17:55 - 0000000 ____D C:\ProgramData\CyberLink
2012-02-01 11:04 - 2010-07-13 16:56 - 0000000 ____D C:\Users\All Users\Application Data\Apple Computer
2012-02-01 11:04 - 2010-07-13 16:56 - 0000000 ____D C:\Users\All Users\Apple Computer
2012-02-01 11:04 - 2010-07-13 16:56 - 0000000 ____D C:\ProgramData\Apple Computer
2012-02-01 11:04 - 2010-07-13 16:55 - 0000000 ____D C:\Users\All Users\Application Data\Apple
2012-02-01 11:04 - 2010-07-13 16:55 - 0000000 ____D C:\Users\All Users\Apple
2012-02-01 11:04 - 2010-07-13 16:55 - 0000000 ____D C:\ProgramData\Apple
2012-02-01 11:04 - 2010-07-08 03:07 - 0000000 ____D C:\Users\All Users\McAfee
2012-02-01 11:04 - 2010-07-08 03:07 - 0000000 ____D C:\Users\All Users\Application Data\McAfee
2012-02-01 11:04 - 2010-07-08 03:07 - 0000000 ____D C:\ProgramData\McAfee
2012-02-01 11:04 - 2010-07-08 02:59 - 0000000 ____D C:\Users\All Users\Uninstall
2012-02-01 11:04 - 2010-07-08 02:59 - 0000000 ____D C:\Users\All Users\Application Data\Uninstall
2012-02-01 11:04 - 2010-07-08 02:59 - 0000000 ____D C:\ProgramData\Uninstall
2012-02-01 11:04 - 2010-07-08 02:58 - 0000000 ____D C:\Users\All Users\Macrovision
2012-02-01 11:04 - 2010-07-08 02:58 - 0000000 ____D C:\Users\All Users\Application Data\Macrovision
2012-02-01 11:04 - 2010-07-08 02:58 - 0000000 ____D C:\ProgramData\Macrovision
2012-02-01 11:04 - 2010-07-08 02:54 - 0000000 ____D C:\Users\All Users\Skype
2012-02-01 11:04 - 2010-07-08 02:54 - 0000000 ____D C:\Users\All Users\Application Data\Skype
2012-02-01 11:04 - 2010-07-08 02:54 - 0000000 ____D C:\ProgramData\Skype
2012-02-01 11:04 - 2010-07-08 02:46 - 0000000 ____D C:\Users\All Users\Cozi
2012-02-01 11:04 - 2010-07-08 02:46 - 0000000 ____D C:\Users\All Users\Application Data\Cozi
2012-02-01 11:04 - 2010-07-08 02:46 - 0000000 ____D C:\ProgramData\Cozi
2012-02-01 11:04 - 2010-07-08 02:37 - 0000000 ____D C:\Users\All Users\Application Data\Adobe
2012-02-01 11:04 - 2010-07-08 02:37 - 0000000 ____D C:\Users\All Users\Adobe
2012-02-01 11:04 - 2010-07-08 02:37 - 0000000 ____D C:\ProgramData\Adobe
2012-02-01 11:04 - 2010-07-08 02:36 - 0000000 ____D C:\Users\All Users\Dell
2012-02-01 11:04 - 2010-07-08 02:36 - 0000000 ____D C:\Users\All Users\Application Data\Dell
2012-02-01 11:04 - 2010-07-08 02:36 - 0000000 ____D C:\ProgramData\Dell
2012-02-01 11:03 - 2010-07-13 14:59 - 0000000 __RHD C:\MSOCache
2012-02-01 11:03 - 2010-07-08 03:06 - 0000000 ____D C:\Program Files (x86)\McAfee
2012-02-01 11:03 - 2010-07-08 02:45 - 0000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2012-02-01 10:58 - 2010-07-08 03:13 - 0000000 ____D C:\Users\Default\Local Settings\SoftThinks
2012-02-01 10:58 - 2010-07-08 03:13 - 0000000 ____D C:\Users\Default\Local Settings\Application Data\SoftThinks
2012-02-01 10:58 - 2010-07-08 03:13 - 0000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2012-02-01 10:58 - 2010-07-08 03:13 - 0000000 ____D C:\Users\Default User\Local Settings\SoftThinks
2012-02-01 10:58 - 2010-07-08 03:13 - 0000000 ____D C:\Users\Default User\Local Settings\Application Data\SoftThinks
2012-02-01 10:58 - 2010-07-08 03:13 - 0000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2012-02-01 10:57 - 2010-07-08 04:24 - 2384744448 __ASH C:\hiberfil.sys
2012-02-01 10:34 - 2012-02-01 10:34 - 0000000 ___HD C:\Users\Sherry\Application Data\Malwarebytes
2012-02-01 10:34 - 2012-02-01 10:34 - 0000000 ___HD C:\Users\Sherry\AppData\Roaming\Malwarebytes
2012-02-01 10:32 - 2012-02-01 10:32 - 0000000 ___HD C:\Users\All Users\Malwarebytes
2012-02-01 10:32 - 2012-02-01 10:32 - 0000000 ___HD C:\Users\All Users\Application Data\Malwarebytes
2012-02-01 10:32 - 2012-02-01 10:32 - 0000000 ___HD C:\ProgramData\Malwarebytes
2012-02-01 09:44 - 2012-02-01 10:31 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-02-01 09:42 - 2012-02-01 11:14 - 0000000 ___HD C:\Users\Sherry\Desktop\tdsskiller
2012-02-01 09:42 - 2012-02-01 10:04 - 0000000 ____D C:\Windows\Minidump
2012-01-31 19:50 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\config\TxR
2012-01-31 19:48 - 2009-07-13 23:32 - 0000000 ____D C:\Windows\System32\FxsTmp
2012-01-31 19:25 - 2012-01-31 19:25 - 0016624 ___AH C:\Users\Sherry\My Documents\european capitals.docx
2012-01-31 19:25 - 2012-01-31 19:25 - 0016624 ___AH C:\Users\Sherry\Documents\european capitals.docx
2012-01-31 19:15 - 2012-01-18 19:15 - 0000000 ___HD C:\Users\Sherry\My Documents\CSCP documents
2012-01-31 19:15 - 2012-01-18 19:15 - 0000000 ___HD C:\Users\Sherry\Documents\CSCP documents
2012-01-31 19:02 - 2012-01-31 19:02 - 0000000 ____D C:\Windows\Sun
2012-01-31 15:00 - 2012-01-31 15:00 - 0000162 ___AH C:\Users\Sherry\My Documents\~$theran Elementary CSCP.docx
2012-01-31 15:00 - 2012-01-31 15:00 - 0000162 ___AH C:\Users\Sherry\Documents\~$theran Elementary CSCP.docx
2012-01-31 14:59 - 2012-01-31 14:59 - 0000162 ___AH C:\Users\Sherry\My Documents\~$DAY PER WEEK SCHEDULE.docx
2012-01-31 14:59 - 2012-01-31 14:59 - 0000162 ___AH C:\Users\Sherry\Documents\~$DAY PER WEEK SCHEDULE.docx
2012-01-30 18:59 - 2012-01-22 14:52 - 0019528 ___AH C:\Users\Sherry\My Documents\Lutheran Elementary CSCP.docx
2012-01-30 18:59 - 2012-01-22 14:52 - 0019528 ___AH C:\Users\Sherry\Documents\Lutheran Elementary CSCP.docx
2012-01-30 18:06 - 2012-01-29 17:18 - 0014463 ___AH C:\Users\Sherry\My Documents\2 DAY PER WEEK SCHEDULE.docx
2012-01-30 18:06 - 2012-01-29 17:18 - 0014463 ___AH C:\Users\Sherry\Documents\2 DAY PER WEEK SCHEDULE.docx
2012-01-29 16:33 - 2011-08-02 16:20 - 0000000 ___HD C:\Users\Sherry\My Documents\Mileage Reports
2012-01-29 16:33 - 2011-08-02 16:20 - 0000000 ___HD C:\Users\Sherry\Documents\Mileage Reports
2012-01-29 14:39 - 2012-01-29 14:39 - 0015722 ___AH C:\Users\Sherry\My Documents\Luth Elem CSCP title page.docx
2012-01-29 14:39 - 2012-01-29 14:39 - 0015722 ___AH C:\Users\Sherry\Documents\Luth Elem CSCP title page.docx
2012-01-27 14:50 - 2012-01-16 15:17 - 0000000 ___HD C:\Users\Sherry\My Documents\CSCP research
2012-01-27 14:50 - 2012-01-16 15:17 - 0000000 ___HD C:\Users\Sherry\Documents\CSCP research
2012-01-27 13:05 - 2012-01-20 16:17 - 0016628 ___AH C:\Users\Sherry\My Documents\NOTES 8-9.docx
2012-01-27 13:05 - 2012-01-20 16:17 - 0016628 ___AH C:\Users\Sherry\Documents\NOTES 8-9.docx
2012-01-27 13:04 - 2012-01-20 11:10 - 0014667 ___AH C:\Users\Sherry\My Documents\notes 1.docx
2012-01-27 13:04 - 2012-01-20 11:10 - 0014667 ___AH C:\Users\Sherry\Documents\notes 1.docx
2012-01-27 07:30 - 2012-01-27 07:09 - 0044544 ___AH C:\Users\Sherry\My Documents\1January 29.2.doc
2012-01-27 07:30 - 2012-01-27 07:09 - 0044544 ___AH C:\Users\Sherry\Documents\1January 29.2.doc
2012-01-27 07:09 - 2012-01-27 07:09 - 0000162 ___AH C:\Users\Sherry\My Documents\~$anuary 29.2.doc
2012-01-27 07:09 - 2012-01-27 07:09 - 0000162 ___AH C:\Users\Sherry\Documents\~$anuary 29.2.doc
2012-01-26 18:21 - 2012-01-26 18:06 - 0056325 ___AH C:\Users\Sherry\My Documents\Announcements Jan 29 revised.docx
2012-01-26 18:21 - 2012-01-26 18:06 - 0056325 ___AH C:\Users\Sherry\Documents\Announcements Jan 29 revised.docx
2012-01-25 19:00 - 2012-01-25 19:00 - 0018712 ___AH C:\Users\Sherry\My Documents\valentines party.docx
2012-01-25 19:00 - 2012-01-25 19:00 - 0018712 ___AH C:\Users\Sherry\Documents\valentines party.docx
2012-01-22 16:06 - 2012-01-22 16:06 - 0086333 ___AH C:\Users\Sherry\Desktop\pbis it works.pdf
2012-01-22 15:56 - 2012-01-22 15:56 - 1061725 ___AH C:\Users\Sherry\Desktop\school coun and spirituality.pdf
2012-01-22 14:31 - 2012-01-22 14:31 - 0000000 ___HD C:\Users\Sherry\My Documents\Consultation Strategies
2012-01-22 14:31 - 2012-01-22 14:31 - 0000000 ___HD C:\Users\Sherry\Documents\Consultation Strategies
2012-01-21 21:54 - 2012-01-21 21:54 - 0025133 ___AH C:\Users\Sherry\Desktop\asca logo.png
2012-01-21 20:30 - 2012-01-21 20:22 - 0000951 ___AH C:\Users\Sherry\Desktop\MembershipCard_127590.txt
2012-01-21 20:28 - 2012-01-21 20:28 - 0159458 ___AH C:\Users\Sherry\Downloads\MembershipCard_127590.pdf
2012-01-21 11:22 - 2012-01-21 11:23 - 0010304 ___AH C:\Users\Sherry\Desktop\hands and world.jpg
2012-01-21 10:10 - 2012-01-21 10:10 - 0024740 ___AH C:\Users\Sherry\Desktop\lcms cross.png
2012-01-21 10:02 - 2012-01-21 10:02 - 0010016 ___AH C:\Users\Sherry\Desktop\world.jpg
2012-01-20 20:33 - 2012-01-20 20:33 - 0200479 ___AH C:\Users\Sherry\Desktop\EBSCOhost School Counselors as Social-Emotional Learning Consultants Where Do We Beg___.htm
2012-01-20 16:53 - 2012-01-20 16:53 - 0012746 ___AH C:\Users\Sherry\My Documents\NOTES 13.docx
2012-01-20 16:53 - 2012-01-20 16:53 - 0012746 ___AH C:\Users\Sherry\Documents\NOTES 13.docx
2012-01-20 16:47 - 2012-01-20 16:41 - 0015174 ___AH C:\Users\Sherry\My Documents\NOTES 12-13.docx
2012-01-20 16:47 - 2012-01-20 16:41 - 0015174 ___AH C:\Users\Sherry\Documents\NOTES 12-13.docx
2012-01-20 16:36 - 2012-01-20 16:36 - 0014261 ___AH C:\Users\Sherry\My Documents\NOTES 11.docx
2012-01-20 16:36 - 2012-01-20 16:36 - 0014261 ___AH C:\Users\Sherry\Documents\NOTES 11.docx
2012-01-20 16:27 - 2012-01-20 16:27 - 0014738 ___AH C:\Users\Sherry\My Documents\NOTES 10.docx
2012-01-20 16:27 - 2012-01-20 16:27 - 0014738 ___AH C:\Users\Sherry\Documents\NOTES 10.docx
2012-01-20 15:59 - 2012-01-20 15:59 - 0018310 ___AH C:\Users\Sherry\My Documents\NOTES 7.docx
2012-01-20 15:59 - 2012-01-20 15:59 - 0018310 ___AH C:\Users\Sherry\Documents\NOTES 7.docx
2012-01-20 12:58 - 2012-01-20 12:57 - 0015728 ___AH C:\Users\Sherry\My Documents\NOTES 6.docx
2012-01-20 12:58 - 2012-01-20 12:57 - 0015728 ___AH C:\Users\Sherry\Documents\NOTES 6.docx
2012-01-20 12:44 - 2012-01-20 12:44 - 0015525 ___AH C:\Users\Sherry\My Documents\NOTES 5.docx
2012-01-20 12:44 - 2012-01-20 12:44 - 0015525 ___AH C:\Users\Sherry\Documents\NOTES 5.docx
2012-01-20 12:06 - 2012-01-20 12:06 - 0014998 ___AH C:\Users\Sherry\My Documents\NOTES 4.docx
2012-01-20 12:06 - 2012-01-20 12:06 - 0014998 ___AH C:\Users\Sherry\Documents\NOTES 4.docx
2012-01-20 11:56 - 2012-01-20 11:56 - 0016895 ___AH C:\Users\Sherry\My Documents\NOTES 2-3.docx
2012-01-20 11:56 - 2012-01-20 11:56 - 0016895 ___AH C:\Users\Sherry\Documents\NOTES 2-3.docx
2012-01-20 11:35 - 2012-01-20 11:35 - 0013217 ___AH C:\Users\Sherry\My Documents\NOTES 2.docx
2012-01-20 11:35 - 2012-01-20 11:35 - 0013217 ___AH C:\Users\Sherry\Documents\NOTES 2.docx
2012-01-18 20:32 - 2012-01-18 20:32 - 0046080 ___AH C:\Users\Sherry\My Documents\Informed Consent for School Counseling AF.doc
2012-01-18 20:32 - 2012-01-18 20:32 - 0046080 ___AH C:\Users\Sherry\Documents\Informed Consent for School Counseling AF.doc
2012-01-18 20:04 - 2012-01-18 20:04 - 0233207 ___AH C:\Users\Sherry\Desktop\confidentiality-guidelines-for-school-counselors-short-version.pdf
2012-01-17 19:35 - 2012-01-17 19:35 - 0152502 ___AH C:\Users\Sherry\Desktop\ConfRegistrationForm2012_Final.pdf
2012-01-16 19:19 - 2011-08-02 16:15 - 0000000 ___HD C:\Users\Sherry\My Documents\Group Counseling
2012-01-16 19:19 - 2011-08-02 16:15 - 0000000 ___HD C:\Users\Sherry\Documents\Group Counseling
2012-01-15 20:52 - 2011-07-21 21:07 - 0000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2012-01-15 20:52 - 2009-07-13 23:10 - 1394109 ____A C:\Windows\WindowsUpdate.log
2012-01-15 20:42 - 2011-07-21 21:07 - 0000506 ____A C:\Windows\Tasks\SystemToolsDailyTest.job
2012-01-15 20:42 - 2011-05-03 11:50 - 0000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-01-15 16:21 - 2011-05-03 11:50 - 0000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-01-14 10:18 - 2009-07-13 22:45 - 0014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-01-14 10:18 - 2009-07-13 22:45 - 0014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-01-14 10:15 - 2011-12-28 19:51 - 0001830 ____A C:\Users\Public\Desktop\McAfee Security Center.lnk
2012-01-14 10:15 - 2011-12-28 19:51 - 0001830 ____A C:\Users\All Users\Desktop\McAfee Security Center.lnk
2012-01-14 10:10 - 2009-07-13 23:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-01-14 10:10 - 2009-07-13 22:51 - 0099919 ____A C:\Windows\setupact.log
2012-01-13 06:49 - 2010-07-08 04:24 - 0548960 ____A C:\Windows\PFRO.log
2012-01-12 07:30 - 2010-07-13 14:59 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-01-12 07:30 - 2010-07-13 14:59 - 0000000 ____D C:\Users\All Users\Application Data\Microsoft Help
2012-01-12 07:30 - 2010-07-13 14:59 - 0000000 ____D C:\ProgramData\Microsoft Help
2012-01-12 07:27 - 2010-08-15 07:41 - 54008112 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-01-12 07:26 - 2009-07-13 23:13 - 0740446 ____A C:\Windows\System32\PerfStringBackup.INI
2012-01-10 19:57 - 2012-01-10 19:57 - 0000000 ___AH C:\Users\Sherry\Sti_Trace.log
2012-01-07 19:05 - 2012-01-07 19:05 - 0037376 ___AH C:\Users\Sherry\My Documents\Spring 2012 Milw Luth Design Syllabus.doc
2012-01-07 19:05 - 2012-01-07 19:05 - 0037376 ___AH C:\Users\Sherry\Documents\Spring 2012 Milw Luth Design Syllabus.doc
2012-01-06 21:28 - 2011-08-19 19:58 - 0002346 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-01-06 21:28 - 2011-08-19 19:58 - 0002346 ____A C:\Users\All Users\Desktop\Google Chrome.lnk
2012-01-05 18:16 - 2012-01-05 17:54 - 0023040 ___AH C:\Users\Sherry\Desktop\Sci Fair Research PaperEV.doc
2012-01-05 16:38 - 2012-01-05 16:38 - 0000000 ___HD C:\Users\Sherry\Application Data\Leader Technologies
2012-01-05 16:38 - 2012-01-05 16:38 - 0000000 ___HD C:\Users\Sherry\AppData\Roaming\Leader Technologies
2012-01-04 21:35 - 2012-01-04 21:17 - 0000071 ____A C:\Windows\ENX430.ini
2012-01-04 21:31 - 2012-01-04 21:31 - 0000000 ___HD C:\Users\Sherry\Application Data\Leadertech
2012-01-04 21:31 - 2012-01-04 21:31 - 0000000 ___HD C:\Users\Sherry\AppData\Roaming\Leadertech
2012-01-04 21:29 - 2012-01-04 21:29 - 0002076 ____A C:\Users\Public\Desktop\Epson Stylus NX430 User's Guide.lnk
2012-01-04 21:29 - 2012-01-04 21:29 - 0002076 ____A C:\Users\All Users\Desktop\Epson Stylus NX430 User's Guide.lnk
2012-01-04 21:29 - 2012-01-04 21:29 - 0000000 ____D C:\Program Files (x86)\LTCM Client
2012-01-04 21:29 - 2012-01-04 21:21 - 0000000 ____D C:\Program Files (x86)\epson
2012-01-04 21:25 - 2012-01-04 21:25 - 0000000 ____D C:\Program Files (x86)\Epson America Inc
2012-01-04 21:25 - 2012-01-04 21:22 - 0000000 ____D C:\Program Files (x86)\Epson Software
2012-01-04 21:25 - 2010-07-08 02:36 - 0000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-01-04 21:24 - 2012-01-04 21:24 - 0000000 ____D C:\Program Files\EPSON
2012-01-04 21:21 - 2012-01-04 21:21 - 0000936 ____A C:\Users\Public\Desktop\EPSON Scan.lnk
2012-01-04 21:21 - 2012-01-04 21:21 - 0000936 ____A C:\Users\All Users\Desktop\EPSON Scan.lnk
2012-01-04 21:16 - 2012-01-04 21:16 - 0000000 ____D C:\Program Files\Common Files\EPSON
2012-01-02 23:49 - 2012-01-02 23:49 - 0016785 ___AH C:\Users\Sherry\My Documents\CHILD DEV.docx
2012-01-02 23:49 - 2012-01-02 23:49 - 0016785 ___AH C:\Users\Sherry\Documents\CHILD DEV.docx
2012-01-02 01:36 - 2012-01-02 01:36 - 0000000 ___AH C:\Users\Sherry\Local Settings\Application Data\{DFF76620-1F0A-42A1-917D-CAC32B205EF4}
2012-01-02 01:36 - 2012-01-02 01:36 - 0000000 ___AH C:\Users\Sherry\Local Settings\{DFF76620-1F0A-42A1-917D-CAC32B205EF4}
2012-01-02 01:36 - 2012-01-02 01:36 - 0000000 ___AH C:\Users\Sherry\AppData\Local\{DFF76620-1F0A-42A1-917D-CAC32B205EF4}
2012-01-02 00:48 - 2012-01-02 00:40 - 0012942 __ASH C:\Users\Sherry\Local Settings\Application Data\4itm381rhffubsqe4bkmo744ja2v5
2012-01-02 00:48 - 2012-01-02 00:40 - 0012942 __ASH C:\Users\Sherry\Local Settings\4itm381rhffubsqe4bkmo744ja2v5
2012-01-02 00:48 - 2012-01-02 00:40 - 0012942 __ASH C:\Users\Sherry\AppData\Local\4itm381rhffubsqe4bkmo744ja2v5
2012-01-02 00:48 - 2012-01-02 00:40 - 0012942 __ASH C:\Users\All Users\Application Data\4itm381rhffubsqe4bkmo744ja2v5
2012-01-02 00:48 - 2012-01-02 00:40 - 0012942 __ASH C:\Users\All Users\4itm381rhffubsqe4bkmo744ja2v5
2012-01-02 00:48 - 2012-01-02 00:40 - 0012942 __ASH C:\ProgramData\4itm381rhffubsqe4bkmo744ja2v5
2011-12-30 16:44 - 2011-12-30 16:44 - 0018203 ___AH C:\Users\Sherry\My Documents\OCD.docx
2011-12-30 16:44 - 2011-12-30 16:44 - 0018203 ___AH C:\Users\Sherry\Documents\OCD.docx
2011-12-29 12:16 - 2011-12-29 12:16 - 0000000 ___HD C:\Users\All Users\CanonIJEPPEX2
2011-12-29 12:16 - 2011-12-29 12:16 - 0000000 ___HD C:\Users\All Users\CanonEPP
2011-12-29 12:16 - 2011-12-29 12:16 - 0000000 ___HD C:\Users\All Users\Application Data\CanonIJEPPEX2
2011-12-29 12:16 - 2011-12-29 12:16 - 0000000 ___HD C:\Users\All Users\Application Data\CanonEPP
2011-12-29 12:16 - 2011-12-29 12:16 - 0000000 ___HD C:\ProgramData\CanonIJEPPEX2
2011-12-29 12:16 - 2011-12-29 12:16 - 0000000 ___HD C:\ProgramData\CanonEPP
2011-12-29 12:15 - 2011-12-29 12:15 - 0001888 ____A C:\Users\Public\Desktop\Canon Easy-PhotoPrint EX.lnk
2011-12-29 12:15 - 2011-12-29 12:15 - 0001888 ____A C:\Users\All Users\Desktop\Canon Easy-PhotoPrint EX.lnk
2011-12-29 12:14 - 2011-12-29 12:10 - 0000000 ____D C:\Program Files\Canon
2011-12-29 12:10 - 2011-12-29 11:52 - 0000000 ____D C:\Program Files (x86)\Canon
2011-12-29 12:03 - 2011-12-29 12:03 - 4298064 ____A C:\Users\Sherry\Downloads\aomwin110ea23us.exe
2011-12-28 14:39 - 2011-12-28 13:48 - 0015440 ___AH C:\Users\Sherry\My Documents\Nov 13.docx
2011-12-28 14:39 - 2011-12-28 13:48 - 0015440 ___AH C:\Users\Sherry\Documents\Nov 13.docx
2011-12-18 21:57 - 2011-12-18 19:44 - 0015984 ___AH C:\Users\Sherry\My Documents\2011 VOIGT FAMILY UPDATES.docx
2011-12-18 21:57 - 2011-12-18 19:44 - 0015984 ___AH C:\Users\Sherry\Documents\2011 VOIGT FAMILY UPDATES.docx
2011-12-17 17:47 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\rescache
2011-12-15 07:30 - 2009-07-13 22:45 - 0414656 ____A C:\Windows\System32\FNTCACHE.DAT
2011-12-11 17:46 - 2011-12-09 18:43 - 0018969 ___AH C:\Users\Sherry\My Documents\Assessment Interview.docx
2011-12-11 17:46 - 2011-12-09 18:43 - 0018969 ___AH C:\Users\Sherry\Documents\Assessment Interview.docx
2011-12-11 17:25 - 2011-12-11 17:25 - 2907040 ___AH C:\Users\Sherry\Desktop\DIBELSbrochure_0407.pdf
2011-12-10 21:20 - 2011-12-10 21:16 - 0033280 ___AH C:\Users\Sherry\My Documents\Acolyte & Conf 2012.doc
2011-12-10 21:20 - 2011-12-10 21:16 - 0033280 ___AH C:\Users\Sherry\Documents\Acolyte & Conf 2012.doc
2011-12-10 15:16 - 2011-12-10 15:16 - 0146031 ___AH C:\Users\Sherry\Desktop\RtI & PBIS info.pdf
2011-12-09 10:38 - 2011-12-09 10:38 - 1192110 ___AH C:\Users\Sherry\Desktop\rti-guiding-doc.pdf
2011-12-05 20:52 - 2011-12-04 15:27 - 0023431 ___AH C:\Users\Sherry\My Documents\Journal Response.docx
2011-12-05 20:52 - 2011-12-04 15:27 - 0023431 ___AH C:\Users\Sherry\Documents\Journal Response.docx
2011-12-05 20:07 - 2010-07-14 10:29 - 0000000 ___HD C:\Users\Sherry\My Documents\Theories & Issues in Counseling
2011-12-05 20:07 - 2010-07-14 10:29 - 0000000 ___HD C:\Users\Sherry\Documents\Theories & Issues in Counseling
2011-12-03 11:39 - 2011-12-03 11:39 - 0523380 ___AH C:\Users\Sherry\Downloads\Practicum site list for Students - November 2011.pdf
2011-12-02 11:10 - 2011-12-02 11:10 - 0040797 ___AH C:\Users\Sherry\Downloads\proquestExport.html
2011-11-29 21:24 - 2011-11-29 21:24 - 0028160 ___AH C:\Users\Sherry\Desktop\TEXTING AND DRIVING.doc
2011-11-29 15:36 - 2011-11-29 15:36 - 0013691 ___AH C:\Users\Sherry\Desktop\Links for Personality section.docx
2011-11-28 20:17 - 2011-11-26 12:04 - 0018606 ___AH C:\Users\Sherry\My Documents\Negative Evaluation Online Test.docx
2011-11-28 20:17 - 2011-11-26 12:04 - 0018606 ___AH C:\Users\Sherry\Documents\Negative Evaluation Online Test.docx
2011-11-25 10:39 - 2011-11-25 10:39 - 3818507 ___AH C:\Users\Sherry\Downloads\Cyndi Lauper Girls Just Want To Have Fun Lyrics.mp3
2011-11-25 10:34 - 2011-11-25 10:34 - 2827525 ___AH C:\Users\Sherry\Downloads\Luke Bryan - Rain Is A Good Thing.mp3
2011-11-25 10:21 - 2010-07-13 16:58 - 0000000 ___HD C:\Users\Sherry\Application Data\Apple Computer
2011-11-25 10:21 - 2010-07-13 16:58 - 0000000 ___HD C:\Users\Sherry\AppData\Roaming\Apple Computer
2011-11-25 10:17 - 2011-11-25 10:17 - 0001847 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2011-11-25 10:17 - 2011-11-25 10:17 - 0001847 ____A C:\Users\All Users\Desktop\QuickTime Player.lnk
2011-11-25 10:17 - 2011-11-25 10:17 - 0000000 ____D C:\Program Files (x86)\QuickTime
2011-11-25 10:15 - 2011-11-25 10:15 - 0001785 ____A C:\Users\Public\Desktop\iTunes.lnk
2011-11-25 10:15 - 2011-11-25 10:15 - 0001785 ____A C:\Users\All Users\Desktop\iTunes.lnk
2011-11-25 10:15 - 2011-11-25 10:14 - 0000000 ____D C:\Program Files\iTunes
2011-11-25 10:15 - 2011-11-25 10:14 - 0000000 ____D C:\Program Files (x86)\iTunes
2011-11-25 10:14 - 2011-11-25 10:14 - 0000000 ____D C:\Program Files\iPod
2011-11-25 10:10 - 2011-11-25 10:10 - 0000000 ____D C:\Program Files\Bonjour
2011-11-25 10:10 - 2011-11-25 10:10 - 0000000 ____D C:\Program Files (x86)\Bonjour
2011-11-25 10:07 - 2011-11-25 10:07 - 0000000 ____D C:\Program Files (x86)\Apple Software Update
2011-11-24 11:49 - 2011-11-25 16:51 - 2251346 ___AH C:\Users\Sherry\Desktop\kidpic2011.jpg
2011-11-23 23:00 - 2011-12-14 20:26 - 3141632 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2011-11-19 09:07 - 2012-01-11 15:58 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\packager.dll
2011-11-19 08:06 - 2012-01-11 15:58 - 0067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2011-11-19 07:31 - 2011-11-19 07:31 - 0183296 ___AH C:\Users\Sherry\My Documents\Thanksgiving Worship 2011.doc
2011-11-19 07:31 - 2011-11-19 07:31 - 0183296 ___AH C:\Users\Sherry\Documents\Thanksgiving Worship 2011.doc
2011-11-17 01:14 - 2012-01-11 15:58 - 1739160 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2011-11-16 23:41 - 2012-01-11 15:58 - 1292592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2011-11-15 14:46 - 2011-11-15 11:41 - 0015911 ___AH C:\Users\Sherry\My Documents\ACT scores comparison.docx
2011-11-15 14:46 - 2011-11-15 11:41 - 0015911 ___AH C:\Users\Sherry\Documents\ACT scores comparison.docx
2011-11-15 01:06 - 2011-11-15 01:06 - 0000000 ____D C:\Users\Default\Local Settings\Microsoft Help
2011-11-15 01:06 - 2011-11-15 01:06 - 0000000 ____D C:\Users\Default\Local Settings\Application Data\Microsoft Help
2011-11-15 01:06 - 2011-11-15 01:06 - 0000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2011-11-15 01:06 - 2011-11-15 01:06 - 0000000 ____D C:\Users\Default User\Local Settings\Microsoft Help
2011-11-15 01:06 - 2011-11-15 01:06 - 0000000 ____D C:\Users\Default User\Local Settings\Application Data\Microsoft Help
2011-11-15 01:06 - 2011-11-15 01:06 - 0000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2011-11-15 01:03 - 2009-07-13 20:34 - 0000478 ____A C:\Windows\win.ini
2011-11-11 09:32 - 2011-11-10 23:01 - 0166912 ___AH C:\Users\Sherry\My Documents\STRESS presentation final copy 11-11-11.doc
2011-11-11 09:32 - 2011-11-10 23:01 - 0166912 ___AH C:\Users\Sherry\Documents\STRESS presentation final copy 11-11-11.doc
2011-11-11 09:01 - 2011-08-02 16:19 - 0000000 ___HD C:\Users\Sherry\My Documents\CUW Presentation
2011-11-11 09:01 - 2011-08-02 16:19 - 0000000 ___HD C:\Users\Sherry\Documents\CUW Presentation
2011-11-10 12:35 - 2009-07-13 21:20 - 0000000 ____D C:\Program Files\Common Files\System
2011-11-08 16:35 - 2011-11-07 17:21 - 0018020 ___AH C:\Users\Sherry\My Documents\psych.docx
2011-11-08 16:35 - 2011-11-07 17:21 - 0018020 ___AH C:\Users\Sherry\Documents\psych.docx
2011-11-07 21:41 - 2011-11-07 21:41 - 0014499 ___AH C:\Users\Sherry\My Documents\Hiring Assessment reflection.docx
2011-11-07 21:41 - 2011-11-07 21:41 - 0014499 ___AH C:\Users\Sherry\Documents\Hiring Assessment reflection.docx
2011-11-06 20:40 - 2011-11-06 20:40 - 0103776 ___AH C:\Users\Sherry\Desktop\WSCA%20Online%20Application%2011-12.pdf
2011-11-06 20:07 - 2011-11-06 20:07 - 0289280 ___AH C:\Users\Sherry\My Documents\scwcscmodel.ppt
2011-11-06 20:07 - 2011-11-06 20:07 - 0289280 ___AH C:\Users\Sherry\Documents\scwcscmodel.ppt
2011-11-06 20:07 - 2011-11-06 20:07 - 0276480 ___AH C:\Users\Sherry\My Documents\ebdmhfacts.doc
2011-11-06 20:07 - 2011-11-06 20:07 - 0276480 ___AH C:\Users\Sherry\Documents\ebdmhfacts.doc
2011-11-06 19:16 - 2011-11-06 15:14 - 0015607 ___AH C:\Users\Sherry\My Documents\hiring test- test&meas.docx
2011-11-06 19:16 - 2011-11-06 15:14 - 0015607 ___AH C:\Users\Sherry\Documents\hiring test- test&meas.docx
========================= Known DLLs (Whitelisted) ============
========================= Bamital & volsnap Check ============
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
========================= Memory info ======================
Percentage of memory in use: 17%
Total physical RAM: 3032.36 MB
Available physical RAM: 2508.23 MB
Total Pagefile: 3030.51 MB
Available Pagefile: 2500.92 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB
======================= Partitions =========================
1 Drive c: (OS) (Fixed) (Total:218.2 GB) (Free:167.55 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:7.91 GB) NTFS ==>[System with boot components (obtained from reading drive)]
5 Drive g: () (Removable) (Total:3.73 GB) (Free:3.73 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 232 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 Online 3835 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 14 GB 40 MB
Partition 3 Primary 218 GB 14 GB
Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 FAT Partition 39 MB Healthy Hidden
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 D RECOVERY NTFS Partition 14 GB Healthy
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 218 GB Healthy
Partitions of Disk 2:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3827 MB 19 KB
Disk: 2
Partition 1
Type : 0B
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G FAT32 Removable 3827 MB Healthy
==========================================================
TDL4: custom:26000022
==========================================================
Last Boot: 2012-01-30 21:51
======================= End Of Log ==========================
#4
Posted 03 February 2012 - 07:07 PM
Save it in the USB drive.
Insert the USB drive into the ailing computer. Run FRST as you did before, except that this time around click on the Fix button.
The tool will make a log on the flashdrive (Fixlog.txt) please post it it your reply.
Attempt to boot in Normal Mode. If successful, run Combofix as follows:
Please download ComboFix from Here or Here to your Desktop.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
- Please, never rename Combofix unless instructed.
- Close any open browsers.
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link or this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
-----------------------------------------------------------
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
-----------------------------------------------------------
- Double click on combofix.exe & follow the prompts.
- Install the Recovery Console if prompted.
- When finished, it will produce a report for you.
- Please post the "C:\ComboFix.txt" .
Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.
Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.
#5
Posted 03 February 2012 - 08:15 PM
Fix result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 28-01-2012
Ran by SYSTEM at 2012-02-03 08:11:24 R:1
Running from G:\
==============================================
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\*Restore Value deleted successfully.
========= type C:\TDSSKiller*.txt =========
C:\TDSSKiller.2.7.9.0_01.02.2012_11.14.38_log.txt
11:14:40.0240 1032 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49
11:14:42.0240 1032 ============================================================
11:14:42.0240 1032 Current date / time: 2012/02/01 11:14:42.0240
11:14:42.0240 1032 SystemInfo:
11:14:42.0240 1032
11:14:42.0240 1032 OS Version: 6.1.7600 ServicePack: 0.0
11:14:42.0240 1032 Product type: Workstation
11:14:42.0240 1032 ComputerName: SHERRY-PC
11:14:42.0240 1032 UserName: Sherry
11:14:42.0240 1032 Windows directory: C:\Windows
11:14:42.0240 1032 System windows directory: C:\Windows
11:14:42.0240 1032 Running under WOW64
11:14:42.0240 1032 Processor architecture: Intel x64
11:14:42.0240 1032 Number of processors: 2
11:14:42.0240 1032 Page size: 0x1000
11:14:42.0240 1032 Boot type: Normal boot
11:14:42.0240 1032 ============================================================
11:14:44.0631 1032 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:14:44.0641 1032 Drive \Device\Harddisk1\DR2 - Size: 0xF48D1A00 (3.82 Gb), SectorSize: 0x200, Cylinders: 0x1F2, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
11:14:44.0641 1032 \Device\Harddisk0\DR0:
11:14:44.0641 1032 MBR used
11:14:44.0641 1032 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
11:14:44.0641 1032 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x1B465170
11:14:44.0641 1032 \Device\Harddisk1\DR2:
11:14:44.0641 1032 MBR used
11:14:44.0641 1032 \Device\Harddisk1\DR2\Partition0: MBR, Type 0xB, StartLBA 0x22, BlocksNum 0x79D48F
11:14:44.0671 1032 Initialize success
11:14:44.0671 1032 ============================================================
11:14:48.0312 5020 ============================================================
11:14:48.0312 5020 Scan started
11:14:48.0312 5020 Mode: Manual;
11:14:48.0312 5020 ============================================================
11:14:53.0682 5020 1394ohci (69aa89a20dee08bfa650aab6ce37bd10) C:\Windows\system32\DRIVERS\1394ohci.sys
11:14:53.0742 5020 1394ohci - ok
11:14:53.0912 5020 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
11:14:53.0952 5020 ACPI - ok
11:14:54.0282 5020 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
11:14:54.0292 5020 AcpiPmi - ok
11:14:54.0592 5020 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
11:14:54.0652 5020 adp94xx - ok
11:14:57.0343 5020 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
11:14:57.0964 5020 adpahci - ok
11:15:03.0536 5020 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
11:15:03.0546 5020 adpu320 - ok
11:15:13.0039 5020 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
11:15:13.0059 5020 AFD - ok
11:15:19.0590 5020 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
11:15:20.0230 5020 agp440 - ok
11:15:26.0362 5020 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
11:15:26.0542 5020 aliide - ok
11:15:28.0202 5020 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
11:15:28.0212 5020 amdide - ok
11:15:29.0782 5020 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
11:15:29.0792 5020 AmdK8 - ok
11:15:30.0122 5020 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
11:15:30.0132 5020 AmdPPM - ok
11:15:30.0612 5020 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
11:15:30.0672 5020 amdsata - ok
11:15:30.0972 5020 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
11:15:30.0992 5020 amdsbs - ok
11:15:31.0382 5020 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
11:15:31.0432 5020 amdxata - ok
11:15:32.0172 5020 ApfiltrService (98449a2957778a6f025c418438a380f4) C:\Windows\system32\DRIVERS\Apfiltr.sys
11:15:32.0252 5020 ApfiltrService - ok
11:15:32.0482 5020 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
11:15:32.0492 5020 AppID - ok
11:15:32.0932 5020 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
11:15:32.0932 5020 arc - ok
11:15:33.0102 5020 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
11:15:33.0112 5020 arcsas - ok
11:15:33.0453 5020 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
11:15:33.0463 5020 AsyncMac - ok
11:15:33.0693 5020 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
11:15:33.0693 5020 atapi - ok
11:15:34.0023 5020 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
11:15:34.0073 5020 b06bdrv - ok
11:15:34.0293 5020 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
11:15:34.0303 5020 b57nd60a - ok
11:15:34.0503 5020 BCM42RLY (e001dd475a7c27ebe5a0db45c11bad71) C:\Windows\system32\drivers\BCM42RLY.sys
11:15:34.0563 5020 BCM42RLY - ok
11:15:34.0923 5020 BCM43XX (37394d3553e220fb732c21e217e1bd8b) C:\Windows\system32\DRIVERS\bcmwl664.sys
11:15:35.0143 5020 BCM43XX - ok
11:15:35.0713 5020 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
11:15:35.0733 5020 Beep - ok
11:15:35.0973 5020 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
11:15:35.0993 5020 blbdrive - ok
11:15:36.0213 5020 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
11:15:36.0263 5020 bowser - ok
11:15:36.0444 5020 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:15:36.0464 5020 BrFiltLo - ok
11:15:36.0504 5020 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:15:36.0514 5020 BrFiltUp - ok
11:15:36.0574 5020 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
11:15:36.0644 5020 Brserid - ok
11:15:37.0544 5020 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
11:15:37.0774 5020 BrSerWdm - ok
11:15:39.0344 5020 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:15:39.0344 5020 BrUsbMdm - ok
11:15:39.0795 5020 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
11:15:39.0795 5020 BrUsbSer - ok
11:15:40.0125 5020 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
11:15:40.0135 5020 BTHMODEM - ok
11:15:40.0445 5020 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
11:15:40.0455 5020 cdfs - ok
11:15:40.0695 5020 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
11:15:40.0705 5020 cdrom - ok
11:15:41.0005 5020 cfwids (ed0263b2eb24f0f4e3898036fa1d28a1) C:\Windows\system32\drivers\cfwids.sys
11:15:41.0065 5020 cfwids - ok
11:15:41.0745 5020 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
11:15:41.0755 5020 circlass - ok
11:15:42.0385 5020 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
11:15:42.0405 5020 CLFS - ok
11:15:43.0045 5020 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
11:15:43.0045 5020 CmBatt - ok
11:15:43.0185 5020 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
11:15:43.0195 5020 cmdide - ok
11:15:43.0575 5020 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
11:15:43.0625 5020 CNG - ok
11:15:43.0905 5020 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
11:15:43.0915 5020 Compbatt - ok
11:15:44.0065 5020 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
11:15:44.0085 5020 CompositeBus - ok
11:15:44.0305 5020 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
11:15:44.0315 5020 crcdisk - ok
11:15:44.0536 5020 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys
11:15:44.0586 5020 CtClsFlt - ok
11:15:44.0926 5020 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
11:15:44.0986 5020 DfsC - ok
11:15:45.0146 5020 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
11:15:45.0146 5020 discache - ok
11:15:45.0276 5020 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
11:15:45.0296 5020 Disk - ok
11:15:45.0696 5020 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
11:15:45.0716 5020 drmkaud - ok
11:15:45.0906 5020 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
11:15:46.0066 5020 DXGKrnl - ok
11:15:46.0346 5020 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
11:15:46.0526 5020 ebdrv - ok
11:15:46.0956 5020 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
11:15:47.0066 5020 elxstor - ok
11:15:48.0356 5020 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
11:15:48.0376 5020 ErrDev - ok
11:15:51.0147 5020 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
11:15:51.0327 5020 exfat - ok
11:15:51.0597 5020 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
11:15:51.0607 5020 fastfat - ok
11:15:51.0917 5020 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
11:15:51.0927 5020 fdc - ok
11:15:52.0658 5020 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
11:15:52.0658 5020 FileInfo - ok
11:15:53.0688 5020 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
11:15:53.0718 5020 Filetrace - ok
11:15:54.0268 5020 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
11:15:54.0278 5020 flpydisk - ok
11:15:54.0528 5020 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
11:15:54.0548 5020 FltMgr - ok
11:15:54.0848 5020 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
11:15:54.0858 5020 FsDepends - ok
11:15:55.0148 5020 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
11:15:55.0158 5020 Fs_Rec - ok
11:15:55.0408 5020 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
11:15:55.0629 5020 fvevol - ok
11:15:56.0249 5020 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
11:15:56.0259 5020 gagp30kx - ok
11:15:56.0609 5020 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:15:56.0669 5020 GEARAspiWDM - ok
11:15:57.0069 5020 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
11:15:57.0069 5020 hcw85cir - ok
11:15:57.0179 5020 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
11:15:57.0189 5020 HDAudBus - ok
11:15:57.0269 5020 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
11:15:57.0279 5020 HidBatt - ok
11:15:58.0349 5020 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
11:15:58.0349 5020 HidBth - ok
11:15:58.0469 5020 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
11:15:58.0469 5020 HidIr - ok
11:15:58.0539 5020 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
11:15:58.0549 5020 HidUsb - ok
11:15:58.0929 5020 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
11:15:58.0939 5020 HpSAMD - ok
11:15:59.0699 5020 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
11:15:59.0979 5020 HTTP - ok
11:16:00.0269 5020 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
11:16:00.0269 5020 hwpolicy - ok
11:16:00.0561 5020 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
11:16:00.0581 5020 i8042prt - ok
11:16:00.0881 5020 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
11:16:00.0891 5020 iaStor - ok
11:16:01.0121 5020 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
11:16:01.0201 5020 iaStorV - ok
11:16:02.0491 5020 igfx (44a4cfdf95dec95cfe8a5c111a2cbf71) C:\Windows\system32\DRIVERS\igdkmd64.sys
11:16:02.0901 5020 igfx - ok
11:16:03.0101 5020 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
11:16:03.0111 5020 iirsp - ok
11:16:03.0281 5020 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
11:16:03.0291 5020 intelide - ok
11:16:05.0512 5020 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
11:16:05.0512 5020 intelppm - ok
11:16:06.0132 5020 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:16:06.0132 5020 IpFilterDriver - ok
11:16:09.0642 5020 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
11:16:09.0662 5020 IPMIDRV - ok
11:16:09.0892 5020 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
11:16:09.0902 5020 IPNAT - ok
11:16:10.0242 5020 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
11:16:10.0242 5020 IRENUM - ok
11:16:10.0542 5020 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
11:16:10.0552 5020 isapnp - ok
11:16:10.0743 5020 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
11:16:10.0753 5020 iScsiPrt - ok
11:16:10.0913 5020 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
11:16:10.0923 5020 kbdclass - ok
11:16:11.0193 5020 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
11:16:11.0193 5020 kbdhid - ok
11:16:11.0323 5020 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
11:16:11.0363 5020 KSecDD - ok
11:16:11.0613 5020 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
11:16:11.0673 5020 KSecPkg - ok
11:16:12.0023 5020 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
11:16:12.0033 5020 ksthunk - ok
11:16:12.0343 5020 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
11:16:12.0353 5020 lltdio - ok
11:16:12.0904 5020 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
11:16:12.0914 5020 LSI_FC - ok
11:16:13.0474 5020 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
11:16:13.0484 5020 LSI_SAS - ok
11:16:13.0645 5020 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:16:13.0655 5020 LSI_SAS2 - ok
11:16:13.0805 5020 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:16:13.0815 5020 LSI_SCSI - ok
11:16:13.0975 5020 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
11:16:13.0985 5020 luafv - ok
11:16:14.0605 5020 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
11:16:14.0615 5020 megasas - ok
11:16:14.0865 5020 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
11:16:14.0895 5020 MegaSR - ok
11:16:15.0085 5020 mfeapfk (ef3acfb7e3f82d5f7cde9ef5f0a4e2e2) C:\Windows\system32\drivers\mfeapfk.sys
11:16:15.0175 5020 mfeapfk - ok
11:16:15.0905 5020 mfeavfk (e7a60bdb4365b561d896019b82fb7dd0) C:\Windows\system32\drivers\mfeavfk.sys
11:16:15.0975 5020 mfeavfk - ok
11:16:16.0205 5020 mfeavfk01 - ok
11:16:16.0335 5020 mfebopk (dd7b52227da36f2718306c98e474b51b) C:\Windows\system32\drivers\mfebopk.sys
11:16:16.0385 5020 mfebopk - ok
11:16:16.0705 5020 mfefirek (670dffe55e2f9ab99d9169c428bcece9) C:\Windows\system32\drivers\mfefirek.sys
11:16:16.0825 5020 mfefirek - ok
11:16:17.0045 5020 mfehidk (1892616b7f9291fd77c3fa0a5811fe9f) C:\Windows\system32\drivers\mfehidk.sys
11:16:17.0155 5020 mfehidk - ok
11:16:17.0795 5020 mfenlfk (1721261c77f6e7a9e0cb51b7d9f31b60) C:\Windows\system32\DRIVERS\mfenlfk.sys
11:16:17.0845 5020 mfenlfk - ok
11:16:18.0055 5020 mferkdet (65776bd8029e409935b90de30bf99526) C:\Windows\system32\drivers\mferkdet.sys
11:16:18.0105 5020 mferkdet - ok
11:16:18.0295 5020 mferkdk (624d717b11e5004f68442b5740f17f21) C:\Windows\system32\drivers\mferkdk.sys
11:16:18.0345 5020 mferkdk - ok
11:16:18.0555 5020 mfesmfk (0cd9de7b96735f33f078c4ea044e8b34) C:\Windows\system32\drivers\mfesmfk.sys
11:16:18.0605 5020 mfesmfk - ok
11:16:18.0825 5020 mfewfpk (4f17d8b85b903d96ef7033bb6ef50516) C:\Windows\system32\drivers\mfewfpk.sys
11:16:18.0905 5020 mfewfpk - ok
11:16:19.0125 5020 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
11:16:19.0125 5020 Modem - ok
11:16:20.0855 5020 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
11:16:20.0855 5020 monitor - ok
11:16:21.0865 5020 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
11:16:21.0885 5020 mouclass - ok
11:16:23.0295 5020 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
11:16:23.0305 5020 mouhid - ok
11:16:23.0455 5020 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
11:16:23.0465 5020 mountmgr - ok
11:16:23.0645 5020 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
11:16:23.0655 5020 mpio - ok
11:16:23.0795 5020 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
11:16:23.0795 5020 mpsdrv - ok
11:16:24.0155 5020 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
11:16:24.0155 5020 MRxDAV - ok
11:16:24.0315 5020 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:16:24.0365 5020 mrxsmb - ok
11:16:24.0455 5020 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:16:24.0505 5020 mrxsmb10 - ok
11:16:24.0635 5020 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:16:24.0696 5020 mrxsmb20 - ok
11:16:24.0868 5020 msahci (bccf16d5fb1109162380e3e28dc9e4e5) C:\Windows\system32\DRIVERS\msahci.sys
11:16:24.0928 5020 msahci - ok
11:16:25.0158 5020 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
11:16:25.0168 5020 msdsm - ok
11:16:25.0778 5020 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
11:16:25.0798 5020 Msfs - ok
11:16:26.0008 5020 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
11:16:26.0028 5020 mshidkmdf - ok
11:16:26.0118 5020 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
11:16:26.0128 5020 msisadrv - ok
11:16:26.0458 5020 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
11:16:26.0468 5020 MSKSSRV - ok
11:16:26.0688 5020 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
11:16:26.0698 5020 MSPCLOCK - ok
11:16:26.0858 5020 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
11:16:26.0868 5020 MSPQM - ok
11:16:26.0968 5020 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
11:16:26.0988 5020 MsRPC - ok
11:16:27.0048 5020 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
11:16:27.0058 5020 mssmbios - ok
11:16:27.0138 5020 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
11:16:27.0148 5020 MSTEE - ok
11:16:27.0188 5020 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
11:16:27.0198 5020 MTConfig - ok
11:16:27.0918 5020 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
11:16:27.0928 5020 Mup - ok
11:16:28.0158 5020 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
11:16:28.0168 5020 NativeWifiP - ok
11:16:28.0278 5020 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
11:16:28.0298 5020 NDIS - ok
11:16:28.0338 5020 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
11:16:28.0348 5020 NdisCap - ok
11:16:28.0398 5020 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
11:16:28.0398 5020 NdisTapi - ok
11:16:28.0708 5020 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
11:16:28.0729 5020 Ndisuio - ok
11:16:28.0909 5020 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
11:16:28.0909 5020 NdisWan - ok
11:16:29.0089 5020 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
11:16:29.0099 5020 NDProxy - ok
11:16:32.0479 5020 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
11:16:32.0489 5020 NetBIOS - ok
11:16:35.0029 5020 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
11:16:35.0089 5020 NetBT - ok
11:16:35.0369 5020 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
11:16:35.0369 5020 nfrd960 - ok
11:16:35.0910 5020 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
11:16:35.0920 5020 Npfs - ok
11:16:36.0090 5020 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
11:16:36.0100 5020 nsiproxy - ok
11:16:36.0340 5020 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
11:16:36.0470 5020 Ntfs - ok
11:16:36.0600 5020 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
11:16:36.0610 5020 Null - ok
11:16:36.0850 5020 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
11:16:36.0910 5020 nvraid - ok
11:16:37.0160 5020 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
11:16:37.0220 5020 nvstor - ok
11:16:38.0050 5020 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
11:16:38.0060 5020 nv_agp - ok
11:16:38.0310 5020 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
11:16:38.0330 5020 ohci1394 - ok
11:16:38.0560 5020 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
11:16:38.0570 5020 Parport - ok
11:16:38.0660 5020 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
11:16:38.0670 5020 partmgr - ok
11:16:38.0811 5020 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - ok
11:16:39.0101 5020 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
11:16:39.0101 5020 pci - ok
11:16:39.0241 5020 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
11:16:39.0251 5020 pciide - ok
11:16:39.0941 5020 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
11:16:39.0951 5020 pcmcia - ok
11:16:40.0191 5020 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
11:16:40.0211 5020 pcw - ok
11:16:40.0551 5020 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
11:16:40.0681 5020 PEAUTH - ok
11:16:41.0181 5020 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
11:16:41.0191 5020 PptpMiniport - ok
11:16:41.0691 5020 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
11:16:41.0701 5020 Processor - ok
11:16:42.0171 5020 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
11:16:42.0171 5020 Psched - ok
11:16:42.0361 5020 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
11:16:42.0411 5020 PxHlpa64 - ok
11:16:42.0681 5020 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
11:16:42.0847 5020 ql2300 - ok
11:16:42.0977 5020 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
11:16:42.0997 5020 ql40xx - ok
11:16:43.0067 5020 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
11:16:43.0077 5020 QWAVEdrv - ok
11:16:43.0177 5020 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
11:16:43.0187 5020 RasAcd - ok
11:16:46.0237 5020 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:16:46.0237 5020 RasAgileVpn - ok
11:16:47.0548 5020 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:16:47.0558 5020 Rasl2tp - ok
11:16:47.0728 5020 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
11:16:47.0738 5020 RasPppoe - ok
11:16:47.0798 5020 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
11:16:47.0798 5020 RasSstp - ok
11:16:47.0838 5020 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
11:16:47.0848 5020 rdbss - ok
11:16:47.0898 5020 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
11:16:47.0908 5020 rdpbus - ok
11:16:47.0968 5020 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:16:47.0968 5020 RDPCDD - ok
11:16:48.0098 5020 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
11:16:48.0108 5020 RDPENCDD - ok
11:16:48.0378 5020 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
11:16:48.0388 5020 RDPREFMP - ok
11:16:48.0578 5020 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
11:16:48.0598 5020 RDPWD - ok
11:16:48.0798 5020 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
11:16:48.0819 5020 rdyboost - ok
11:16:49.0019 5020 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
11:16:49.0029 5020 rspndr - ok
11:16:49.0569 5020 RSUSBSTOR (4a25dc970c58104602ed274dacafd784) C:\Windows\system32\Drivers\RtsUStor.sys
11:16:49.0629 5020 RSUSBSTOR - ok
11:16:49.0819 5020 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
11:16:49.0829 5020 sbp2port - ok
11:16:49.0989 5020 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
11:16:49.0999 5020 scfilter - ok
11:16:50.0269 5020 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:16:50.0269 5020 secdrv - ok
11:16:50.0409 5020 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
11:16:50.0409 5020 Serenum - ok
11:16:50.0489 5020 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
11:16:50.0499 5020 Serial - ok
11:16:50.0609 5020 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
11:16:50.0619 5020 sermouse - ok
11:16:50.0959 5020 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
11:16:51.0029 5020 sffdisk - ok
11:16:51.0269 5020 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
11:16:51.0279 5020 sffp_mmc - ok
11:16:52.0060 5020 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
11:16:52.0070 5020 sffp_sd - ok
11:16:52.0300 5020 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
11:16:52.0370 5020 sfloppy - ok
11:16:52.0630 5020 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:16:52.0640 5020 SiSRaid2 - ok
11:16:52.0680 5020 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
11:16:52.0690 5020 SiSRaid4 - ok
11:16:52.0730 5020 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
11:16:52.0750 5020 Smb - ok
11:16:53.0000 5020 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
11:16:53.0010 5020 spldr - ok
11:16:53.0170 5020 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
11:16:53.0230 5020 srv - ok
11:16:53.0310 5020 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
11:16:53.0780 5020 srv2 - ok
11:16:53.0970 5020 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
11:16:54.0020 5020 srvnet - ok
11:16:54.0220 5020 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
11:16:54.0220 5020 stexstor - ok
11:16:54.0300 5020 STHDA (f3f6c17f70eba268cdbe4f9704e3eac5) C:\Windows\system32\DRIVERS\stwrt64.sys
11:16:54.0380 5020 STHDA - ok
11:16:54.0420 5020 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
11:16:54.0430 5020 swenum - ok
11:16:54.0540 5020 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
11:16:54.0690 5020 Tcpip - ok
11:16:54.0991 5020 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
11:16:55.0001 5020 TCPIP6 - ok
11:16:55.0141 5020 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
11:16:55.0151 5020 tcpipreg - ok
11:16:55.0191 5020 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
11:16:55.0201 5020 TDPIPE - ok
11:16:55.0251 5020 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
11:16:55.0261 5020 TDTCP - ok
11:16:56.0502 5020 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
11:16:56.0552 5020 tdx - ok
11:16:58.0743 5020 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
11:16:58.0753 5020 TermDD - ok
11:17:01.0354 5020 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:17:01.0354 5020 tssecsrv - ok
11:17:04.0856 5020 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
11:17:04.0866 5020 tunnel - ok
11:17:08.0007 5020 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
11:17:08.0657 5020 uagp35 - ok
11:17:18.0017 5020 udfs (31ba4a33afab6a69ea092b18017f737f) C:\Windows\system32\DRIVERS\udfs.sys
11:17:19.0368 5020 udfs - ok
11:17:22.0238 5020 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
11:17:22.0248 5020 uliagpkx - ok
11:17:26.0849 5020 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
11:17:26.0869 5020 umbus - ok
11:17:28.0520 5020 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
11:17:28.0530 5020 UmPass - ok
11:17:29.0450 5020 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
11:17:29.0500 5020 USBAAPL64 - ok
11:17:29.0981 5020 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys
11:17:30.0021 5020 usbccgp - ok
11:17:30.0291 5020 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
11:17:30.0301 5020 usbcir - ok
11:17:30.0441 5020 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\DRIVERS\usbehci.sys
11:17:30.0481 5020 usbehci - ok
11:17:30.0731 5020 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
11:17:30.0811 5020 usbhub - ok
11:17:30.0981 5020 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys
11:17:31.0031 5020 usbohci - ok
11:17:31.0201 5020 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
11:17:31.0211 5020 usbprint - ok
11:17:31.0411 5020 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
11:17:31.0421 5020 usbscan - ok
11:17:31.0561 5020 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:17:31.0621 5020 USBSTOR - ok
11:17:31.0881 5020 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\DRIVERS\usbuhci.sys
11:17:31.0931 5020 usbuhci - ok
11:17:32.0172 5020 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys
11:17:32.0232 5020 usbvideo - ok
11:17:32.0412 5020 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
11:17:32.0422 5020 vdrvroot - ok
11:17:32.0622 5020 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
11:17:32.0632 5020 vga - ok
11:17:32.0772 5020 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
11:17:32.0782 5020 VgaSave - ok
11:17:33.0002 5020 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
11:17:33.0012 5020 vhdmp - ok
11:17:33.0082 5020 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
11:17:33.0082 5020 viaide - ok
11:17:33.0252 5020 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
11:17:33.0292 5020 volmgr - ok
11:17:33.0572 5020 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
11:17:33.0592 5020 volmgrx - ok
11:17:33.0922 5020 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
11:17:33.0952 5020 volsnap - ok
11:17:34.0123 5020 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
11:17:34.0133 5020 vsmraid - ok
11:17:34.0223 5020 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
11:17:34.0233 5020 vwifibus - ok
11:17:34.0293 5020 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
11:17:34.0303 5020 vwififlt - ok
11:17:34.0333 5020 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
11:17:34.0343 5020 WacomPen - ok
11:17:34.0393 5020 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
11:17:34.0403 5020 WANARP - ok
11:17:34.0413 5020 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
11:17:34.0413 5020 Wanarpv6 - ok
11:17:34.0663 5020 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
11:17:34.0673 5020 Wd - ok
11:17:35.0023 5020 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
11:17:35.0083 5020 Wdf01000 - ok
11:17:35.0303 5020 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
11:17:35.0313 5020 WfpLwf - ok
11:17:35.0473 5020 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
11:17:35.0533 5020 WimFltr - ok
11:17:35.0673 5020 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
11:17:35.0683 5020 WIMMount - ok
11:17:35.0983 5020 WinUsb (4d52c872018af7e18d078978dcc3f6f2) C:\Windows\system32\DRIVERS\WinUsb.sys
11:17:36.0023 5020 WinUsb - ok
11:17:36.0273 5020 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
11:17:36.0283 5020 WmiAcpi - ok
11:17:36.0563 5020 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
11:17:36.0563 5020 ws2ifsl - ok
11:17:36.0623 5020 WudfPf (c63907207b837a5c05cf6d1606aa0008) C:\Windows\system32\drivers\WudfPf.sys
11:17:36.0673 5020 WudfPf - ok
11:17:37.0064 5020 WUDFRd (d885a873d733020f8b9b9ff4b1666158) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:17:37.0104 5020 WUDFRd - ok
11:17:37.0414 5020 yukonw7 (79d9ce9614c955dd31aa2556b4014662) C:\Windows\system32\DRIVERS\yk62x64.sys
11:17:37.0474 5020 yukonw7 - ok
11:17:37.0534 5020 MBR (0x1B8) (4bf077b4df3f4f5483a79d4ce511c7f3) \Device\Harddisk0\DR0
11:17:37.0634 5020 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
11:17:37.0634 5020 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
11:17:37.0644 5020 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR2
11:17:37.0644 5020 \Device\Harddisk1\DR2 - ok
11:17:38.0034 5020 Boot (0x1200) (9f22d7d006b9d684c3f753afa6f7933a) \Device\Harddisk0\DR0\Partition0
11:17:38.0034 5020 \Device\Harddisk0\DR0\Partition0 - ok
11:17:38.0064 5020 Boot (0x1200) (f335325df766ec0845baf838112a6c84) \Device\Harddisk0\DR0\Partition1
11:17:38.0074 5020 \Device\Harddisk0\DR0\Partition1 - ok
11:17:38.0084 5020 Boot (0x1200) (5fd6922d82821b048a9acf0f622c0c11) \Device\Harddisk1\DR2\Partition0
11:17:38.0084 5020 \Device\Harddisk1\DR2\Partition0 - ok
11:17:38.0084 5020 ============================================================
11:17:38.0084 5020 Scan finished
11:17:38.0084 5020 ============================================================
11:17:38.0114 6384 Detected object count: 1
11:17:38.0114 6384 Actual detected object count: 1
11:17:46.0726 6384 \Device\Harddisk0\DR0\# - copied to quarantine
11:17:46.0736 6384 \Device\Harddisk0\DR0 - copied to quarantine
11:17:46.0846 6384 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
11:18:06.0651 6384 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
11:18:06.0751 6384 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
11:18:06.0921 6384 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
11:18:12.0831 6384 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
11:18:12.0841 6384 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
11:18:12.0891 6384 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
11:18:12.0901 6384 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
11:18:18.0983 6384 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
11:18:25.0104 6384 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
11:18:25.0184 6384 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
11:18:25.0184 6384 \Device\Harddisk0\DR0 - ok
11:18:25.0184 6384 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
11:18:41.0790 2224 Deinitialize success
========= End of CMD: =========
The operation completed successfully.
The operation completed successfully.
==== End of Fixlog ====
#6
Posted 03 February 2012 - 08:36 PM
#7
Posted 03 February 2012 - 08:59 PM
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3032.1527 [GMT -6:00]
Running from: c:\users\Sherry\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Sherry\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6D8464E4-0756-4EAE-8BDF-AC2FBF598CE6}.xps
c:\users\Sherry\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7E48E69F-4726-4CA5-9B88-3184259A8767}.xps
c:\users\Sherry\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9F4CA39C-9C8B-481F-BD85-533D1FFDA28B}.xps
c:\users\Sherry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
c:\users\Sherry\Documents\~WRL0003.tmp
c:\users\Sherry\Documents\~WRL0005.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-01-03 to 2012-02-03 )))))))))))))))))))))))))))))))
.
.
2012-02-03 14:41 . 2012-02-03 14:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-03 12:04 . 2012-02-03 12:05 -------- d-----w- C:\FRST
2012-02-01 17:17 . 2012-02-01 17:17 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-01 16:34 . 2012-02-01 16:34 -------- d--h--w- c:\users\Sherry\AppData\Roaming\Malwarebytes
2012-02-01 16:32 . 2012-02-01 16:32 -------- d--h--w- c:\programdata\Malwarebytes
2012-02-01 16:31 . 2012-02-01 15:44 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-01 01:02 . 2012-02-01 01:02 -------- d-----w- c:\windows\Sun
2012-01-31 02:33 . 2012-01-31 02:33 6656 ---ha-w- c:\programdata\Microsoft\Windows\DRM\E2C7.tmp
2012-01-31 02:33 . 2012-01-31 02:33 6656 ---ha-w- c:\programdata\Microsoft\Windows\DRM\E2C6.tmp
2012-01-11 21:59 . 2011-10-26 04:28 1328640 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-11 21:59 . 2011-10-26 05:22 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 21:58 . 2011-10-26 04:33 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-11 21:58 . 2011-10-26 05:33 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 21:58 . 2011-11-17 07:14 1739160 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 21:58 . 2011-11-17 05:41 1292592 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-11 21:58 . 2011-11-19 15:07 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-11 21:58 . 2011-11-19 14:06 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-05 22:38 . 2012-02-01 17:16 -------- d-----w- c:\users\Sherry\AppData\Roaming\Epson
2012-01-05 22:38 . 2012-01-05 22:38 -------- d--h--w- c:\users\Sherry\AppData\Roaming\Leader Technologies
2012-01-05 03:31 . 2012-01-05 03:31 -------- d--h--w- c:\users\Sherry\AppData\Roaming\Leadertech
2012-01-05 03:16 . 2012-01-05 03:16 -------- d-----w- c:\program files\Common Files\EPSON
2012-01-05 03:16 . 2012-02-01 17:04 -------- d-----w- c:\programdata\EPSON
2012-01-05 03:15 . 2008-11-12 00:00 118784 ----a-w- c:\windows\system32\E_ILMHBA.DLL
2012-01-05 03:15 . 2009-10-01 00:01 88064 ----a-w- c:\windows\system32\E_IBCBHBA.DLL
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-24 05:00 . 2011-12-15 02:26 3141632 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-05-03 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-11-22 1675160]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]
"LTCM Client"="c:\program files (x86)\LTCM Client\ltcmClient.exe" [2009-08-05 1596096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-07 559616]
.
c:\users\Sherry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-03 136176]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-16 183560]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-03 136176]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2011-06-14 25072]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe [2009-03-02 89600]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2012-01-05 168448]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2012-01-05 131072]
S2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [2011-06-09 555392]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-10-18 208536]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2011-10-18 161168]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-03 17:50]
.
2012-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-03 17:50]
.
2012-02-03 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:09]
.
2012-02-03 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:09]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-04-06 384296]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-02-25 487424]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-02-21 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-02-21 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-02-21 365592]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-07-02 3180624]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-07-19 2780776]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-DellSupportCenter - c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe
Toolbar-Locked - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
.
**************************************************************************
.
Completion time: 2012-02-03 08:50:32 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-03 14:50
.
Pre-Run: 179,749,269,504 bytes free
Post-Run: 179,965,415,424 bytes free
.
- - End Of File - - EE9A995796B3FCF093133B5C0FB3F55C
#8
Posted 03 February 2012 - 10:51 PM
Download aswMBR.exe ( 511KB ) to your desktop. If you already have this application, this is a new version I need you to download.
Double click the aswMBR.exe to run it
Click the "Scan" button to start scan
On completion of the scan click save log, save it to your desktop and post in your next reply
The tool will also produce a copy of the mbrdump labeled MBR.dat. Please upload that file here.
#9
Posted 04 February 2012 - 09:08 AM
Run date: 2012-02-03 11:45:37
-----------------------------
11:45:37.600 OS Version: Windows x64 6.1.7600
11:45:37.600 Number of processors: 2 586 0x170A
11:45:37.600 ComputerName: SHERRY-PC UserName: Sherry
11:45:38.458 Initialize success
11:47:40.073 AVAST engine defs: 12020301
11:47:45.284 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
11:47:45.299 Disk 0 Vendor: ST925031 D005 Size: 238475MB BusType: 3
11:47:45.502 Disk 0 MBR read successfully
11:47:45.518 Disk 0 MBR scan
11:47:45.518 Disk 0 Windows VISTA default MBR code
11:47:45.518 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
11:47:45.565 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 81920
11:47:45.580 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 223434 MB offset 30801920
11:47:45.596 Service scanning
11:47:47.343 Modules scanning
11:47:47.343 Disk 0 trace - called modules:
11:47:47.390 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
11:47:47.405 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8002f8d060]
11:47:47.920 3 CLASSPNP.SYS[fffff8800100143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8002e68050]
11:47:54.940 AVAST engine scan C:\Windows
11:47:59.168 AVAST engine scan C:\Windows\system32
11:57:05.998 AVAST engine scan C:\Windows\system32\drivers
11:57:34.639 AVAST engine scan C:\Users\Sherry
12:35:01.696 AVAST engine scan C:\ProgramData
13:13:59.910 Scan finished successfully
21:01:30.079 Disk 0 MBR has been saved successfully to "E:\MBR.dat"
21:01:30.172 The log file has been saved successfully to "E:\aswMBR.txt"
#10
Posted 04 February 2012 - 09:10 AM
#11
Posted 04 February 2012 - 10:09 AM
Please download Malwarebytes' Anti-Malware from Here. Never download Malwarebytes' Anti-Malware from other sources.
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Quick Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy&Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.
ESET online scannner
Note: You can use either Internet Explorer or Mozilla FireFox for this scan.
Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
- First please Disable any Antivirus you have active, as shown in This topic.
- Note: Don't forget to re-enable it after the scan.
- Next hold down Control then click on the following link to open a new window to ESET online scannner.
- Select the option YES, I accept the Terms of Use then click on Start.
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
- All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
- When prompted allow the Add-On/Active X to install.
- Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
- Now click on Advanced Settings and select the following:
Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth Technology - Now click on Start.
- The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
- When completed the Online Scan will begin automatically.
- Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
- When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
- Now click on Finish.
- Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
- Copy and paste that log as a reply to this topic.
#12
Posted 04 February 2012 - 12:29 PM
www.malwarebytes.org
Database version: v2012.02.04.03
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Sherry :: SHERRY-PC [administrator]
2/3/2012 10:21:06 PM
mbam-log-2012-02-03 (22-21-06).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 183769
Time elapsed: 7 minute(s), 57 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
#13
Posted 04 February 2012 - 01:09 PM
C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application
C:\ProgramData\Microsoft\Windows\DRM\E2C6.tmp Win64/Olmarik.AD trojan
C:\ProgramData\Microsoft\Windows\DRM\E2C7.tmp Win64/Olmarik.AD trojan
C:\TDSSKiller_Quarantine\01.02.2012_11.14.42\mbr0000\tdlfs0000\tsk0000.dta Win64/Olmarik.AD trojan
C:\Users\All Users\Microsoft\Windows\DRM\E2C6.tmp Win64/Olmarik.AD trojan
C:\Users\All Users\Microsoft\Windows\DRM\E2C7.tmp Win64/Olmarik.AD trojan
C:\Users\Sherry\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\6fd1eff0-49c8cc08 a variant of Java/TrojanDownloader.Agent.NDJ trojan
C:\Users\Sherry\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\282b7ff3-49aec973 a variant of Java/TrojanDownloader.Agent.NDJ trojan
#14
Posted 04 February 2012 - 05:03 PM
- Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
- It will close all programs when run, so make sure you have saved all your work before you begin.
- Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
- Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.
Download the enclosed file:
Save it next to Combofix.
Once saved, referring to the picture above, drag CFScript.txt into ComboFix.exe, and post back the resulting report.
Download and run Security Check by screen317 and post its report.
How is the computer doing?
#15
Posted 04 February 2012 - 05:22 PM
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users