fpk1963
-
Posts
16 -
Joined
-
Last visited
-
I have run the ESET online scanner twice now, it is not finding any issues, however there is no logfile being produced. I also ran the bitdefender online scanner, it is not at the link you provided, however I get redirected to a different link where I can run it. That scan runs in about 20 seconds and finds nothing. However, I don't see a logfile being produced that I can paste in to the reply.
-
<div>Here it is</div> <div> </div> <div>ESETSmartInstaller@High as CAB hook log:</div> <div>OnlineScanner64.ocx - registred OK</div> <div>OnlineScanner.ocx - registred OK</div>
-
Here they are. Extras.Txt OTL.Txt
-
OK, I'm done! I ran mbar twice, since it found and cleaned some things on the first pass. Second pass was clean. All requested logs are attached. TDSSKiller.2.8.17.0_24.05.2013_14.21.10_log.txt checkup.txt mbar-log-2013-05-24 (15-06-34).txt mbar-log-2013-05-24 (15-57-45).txt system-log.txt ComboFix.txt
-
I have completed scans so far with ESET and Malwarebytes Anti-malware with zero problems detected thus far. I will proceed to your list and post when complete.
-
Updates.... I was poking around the HDD while booted up on xPUD, and I came across a folder C:\Users\Public\Report that was created around the time that I think the computer may have been infected. The folder contained an html file and jpeg image. The html file was the DOJ page that hijacked my desktop. I renamed that folder, rebooted, and logged back in as the normal user (that has admin rights). I then had access to my desktop again, however there were still other problems (like I couldn't run msconfig, or the task manager). However I could now run rstrui.exe, which I was unable to do earlier in safe mode since I could not login as an admin user in safe mode. I was able to restore to an earlier state that "appears" to be normal and virus-free. What else should be done? I am currently running a scan with my ESET NOD32. Thanks for your help thus far.
-
I have also attached the file as written. report.txt
-
Thu May 23 23:59:45 UTC 2013 Driver report for /mnt/sda2/Windows/System32/drivers cc8e52daa9826064ba464dbe531f2bb5 CVPNDRVA.sys has NO Company Name! 64edd3f59db321947969fdf1dd747323 1394bus.sys Microsoft Corporation a87d604aea360176311474c87a63bb88 1394ohci.sys Microsoft Corporation 12c5274cd87449a2a37a607cdb321922 acpials.sys Microsoft Corporation 99f8e788246d495ce3794d7e7821d2ca acpipmi.sys Microsoft Corporation d81d9e70b8a6dd14d42d7b4efa65d5f2 acpi.sys Microsoft Corporation 2f6b34b83843f0c5118b63ac634f5bf4 adp94xx.sys Adaptec 597f78224ee9224ea1a13d6350ced962 adpahci.sys Adaptec e109549c90f62fb570b9540c4b148e54 adpu320.sys Adaptec 1c7857b62de5994a75b054a9fd4c3825 afd.sys Microsoft Corporation 7ecff9b22276b73f43a99a15a6094e90 agilevpn.sys Microsoft Corporation 608c14dba7299d8cb6ed035a68a15799 AGP440.sys Microsoft Corporation 5812713a477a3ad7363c7438ca2ee038 aliide.sys Acer Laboratories 1ff8b4431c353ce385c875f194924c0c amdide.sys Microsoft Corporation 7024f087cff1833a806193ef9d22cda9 amdk8.sys Microsoft Corporation 1e56388b3fe0d031c44144eb8c4d6217 amdppm.sys Microsoft Corporation d4121ae6d0c0e7e13aa221aa57ef2d49 amdsata.sys Advanced Micro Devices f67f933e79241ed32ff46a4f29b5120b amdsbs.sys AMD Technologies 540daf1cea6094886d72126fd7c33048 amdxata.sys Advanced Micro Devices 616d5100fc96936f78ec7b0745af31f7 Apfiltr.sys Alps Electric 89a69c3f2f319b43379399547526d952 appid.sys Microsoft Corporation 019af6924aefe7839f61c830227fe79c arcsas.sys Adaptec c484f8ceb1717c540242531db7845c4e arc.sys Adaptec 769765ce2cc62867468cea93969b2242 asyncmac.sys Microsoft Corporation 02062c0b390b7729edc9e69c680a6f3c atapi.sys Microsoft Corporation a34fe1e025e88798e746f484956c0720 ataport.sys Microsoft Corporation b5ace6968304a3900eeb1ebfd9622df2 b57nd60a.sys Broadcom Corporation f4de2ae7a9e1badac70bc71ea2c17612 battc.sys Microsoft Corporation 9e84a931dbee0292e38ed672f6293a99 BCMWL664.SYS Broadcom Corporation 16a47ce2decc9b099349a5f840654746 beep.sys Microsoft Corporation 61583ee3c3a17003c4acd0475646b4d3 blbdrive.sys Microsoft Corporation 6c02a83164f5cc0a262f4199f0871cf5 bowser.sys Microsoft Corporation f09eee9edc320b5e1501f749fde686c8 BrFiltLo.sys Brother Industries b114d3098e9bdb8bea8b053685831be6 BrFiltUp.sys Brother Industries 5c2f352a4e961d72518261257aae204b bridge.sys Microsoft Corporation 43bea8d483bf1870f018e2d02e06a5bd BrSerId.sys Brother Industries Brother Industries Brother Industries Brother Industries Brother Industries Brother Industries Brother Industries Brother Industries Brother Industries Brother Industries Brother Industries Brother Industries Brother Industries Brother Industries Brother Industries Brother Industries Brother Industries a6eca2151b08a09caceca35c07f05b42 BrSerWdm.sys Brother Industries b79968002c277e869cf38bd22cd61524 BrUsbMdm.sys Brother Industries a87528880231c54e75ea7a44943b38bf BrUsbSer.sys Brother Industries 9da669f11d1f894ab4eb69bf546a42e8 bthmodem.sys Microsoft Corporation 3e5b191307609f7514148c6832bb0842 bxvbda.sys Broadcom Corporation b8bd2bb284668c84865658c77574381a cdfs.sys Microsoft Corporation f036ce71586e93d94dab220d7bdf4416 cdrom.sys Microsoft Corporation d7cd5c4e1b71fa62050515314cfb52cf circlass.sys Microsoft Corporation acfad0b512226c7a83c7cb09fd55a9ad Classpnp.sys Microsoft Corporation 0840155d0bddf1190f84a663c284bd33 CmBatt.sys Microsoft Corporation e19d3f095812725d88f9001985b94edd cmdide.sys CMD Technology 9ac4f97c2d3e93367e2148ea940cd2cd cng.sys Microsoft Corporation 102de219c3f61415f964c88e9085ad14 compbatt.sys Microsoft Corporation 03edb043586cceba243d689bdda370a8 CompositeBus.sys Microsoft Corporation 3e588b60ec061686ba05d33574a344c6 crashdmp.sys Microsoft Corporation 1c827878a998c18847245fe1f34ee597 crcdisk.sys Microsoft Corporation 54da3dfd29ed9f1619b6f53f3ce55e49 csc.sys Microsoft Corporation 44bddeb03c84a1c993c992ffb5700357 CVirtA64.sys Cisco Systems cc8e52daa9826064ba464dbe531f2bb5 CVPNDRVA.sys 9bb2ef44eaa163b29c4a4587887a0fe4 dfsc.sys Microsoft Corporation 13096b05847ec78f0977f2c0f79e9ab3 discache.sys Microsoft Corporation 9bbd8b5855bc6578957f82341f9cde5a Diskdump.sys Microsoft Corporation 9819eee8b5ea3784ec4af3b137a5244c disk.sys Microsoft Corporation 05cb5910b3ca6019fc3cca815ee06ffb dne64x.sys tH`VS_VERSION_INFOHFHF?zStringFileInfoVbZCompanyNameDeterministicNetworks,Inc.,FileDescriptionDeterministicNetworkEnhancerforNDIS.:rFileVersion...(InternalNameDNETLegalCopyrightCopyright©->vOriginalFilenameDNEX.SYS,BuildNumber>rProductVersion...DVarFileInfo$Translationt* 9b19f34400d24df84c858a421c205754 drmkaud.sys Microsoft Corporation 21d26064aedb4988f785bb4a3a2c051e drmk.sys Microsoft Corporation 839b5fe3d48e9f35b22c21a3d5103f6c Dumpata.sys Microsoft Corporation 814db88f2641691575a455cf25354098 dumpfve.sys Microsoft Corporation bf24d6f2ed97fe830bfd52b246f98e67 dxapi.sys Microsoft Corporation af2e16242aa723f68f461b6eae2ead3d dxgkrnl.sys Microsoft Corporation 1f04cfb79dd5fb7694468ce3fb3dcc31 dxgmms1.sys Microsoft Corporation fede0629ecb23650d48989517d4914da dxg.sys Microsoft Corporation 0ba4598a98fb32f6501dff95aaff2a24 eamon.sys ?StringFileInfoe*CompanyNameESETBrFileDescriptionAmonmonitortFileVersion..nInternalNameeamon.sysLegalCopyrightCopyright©ESET-.Allrightsreserved.:LegalTrademarksNOD,NOD,AMON,ESETareregisteredtrademarksofESET.<nOriginalFilenameeamon.sysHProductNameESETSmartSecuritytProductVersion..DVarFileInfo$Translationtpx 5afd23047d77c3bdd3769d4a1908a100 ehdrv.sys ?StringFileInfoe*CompanyNameESETNFileDescriptionESETHelperdrivertFileVersion..nInternalNameehdrv.sysLegalCopyrightCopyright©ESET-.Allrightsreserved.:LegalTrademarksNOD,NOD,AMON,ESETareregisteredtrademarksofESET.<nOriginalFilenameehdrv.sysHProductNameESETSmartSecuritytProductVersion..DVarFileInfo$Translationt* 0e5da5369a0fcaea12456dd852545184 elxstor.sys Emulex 63616c10896aed3c12a4d03b6acdf75f epfwwfpr.sys ?&StringFileInfoe*CompanyNameESETdFileDescriptionESETPersonalFirewalldrivertFileVersion..:rInternalNameepfwwfpr.sysLegalCopyrightCopyright©ESET-.Allrightsreserved.:LegalTrademarksNOD,NOD,AMON,ESETareregisteredtrademarksofESET.BrOriginalFilenameepfwwfpr.sysHProductNameESETSmartSecuritytProductVersion..DVarFileInfo$Translationt* 34a3c54752046e79a126e15c51db409b errdev.sys Microsoft Corporation dc5d737f51be844d8c82c695eb17372f evbda.sys Broadcom Corporation a510c654ec00c1e9bdd91eeb3a59823b exfat.sys Microsoft Corporation 0adc83218b66a6db380c330836f3e36d fastfat.sys Microsoft Corporation d765d19cd8ef61f650c384f62fac00ab fdc.sys Microsoft Corporation 655661be46b5f5f3fd454e2c3095b930 fileinfo.sys Microsoft Corporation 5f671ab5bc87eea04ec38a6cd5962a47 filetrace.sys Microsoft Corporation c172a0f53008eaeb8ea33fe10e177af5 flpydisk.sys Microsoft Corporation da6b67270fd9db3697b20fce94950741 fltMgr.sys Microsoft Corporation d43703496149971890703b4b1b723eac fsdepends.sys Microsoft Corporation 6bd9295cc032dd3077c671fccf579a7b fs_rec.sys Microsoft Corporation 1f7b25b858fa27015169fe95e54108ed fvevol.sys Microsoft Corporation 41c67e4205c606a103dec8651d0b6fe6 FWPKCLNT.SYS Microsoft Corporation 8c778d335c9d272cfd3298ab02abe3b6 GAGP30KX.SYS Microsoft Corporation 8e98d21ee06192492a5671a6144d092f GEARAspiWDM.sys GEAR Software ea5935fa5f07a18268bd5f2715242df4 hcmon.sys VMware f2523ef6460fc42405b12248338ab2f0 hcw85cir.sys Hauppauge Computer Works 97bfed39b6b79eb12cddbfeed51f56bb hdaudbus.sys Microsoft Corporation 975761c778e33cd22498059b91e7373a HdAudio.sys Microsoft Corporation 78e86380454a7b10a5eb255dc44a355f hidbatt.sys Microsoft Corporation 7fd2a313f7afe5c4dab14798c48dd104 hidbth.sys Microsoft Corporation 8b0e40e7e8bbf5acf390465609d89ff1 hidclass.sys Microsoft Corporation 0a77d29f311b88cfae3b13f9c1a73825 hidir.sys Microsoft Corporation 49ee2e52e6cd03947dad72f65367be06 hidparse.sys Microsoft Corporation 9592090a7e2b61cd582b612b6df70536 hidusb.sys Microsoft Corporation 39d2abcd392f3d8a6dce7b60ae7b8efc HpSAMD.sys Hewlett-Packard 0ea7de1acb728dd5a369fd742d6eee28 http.sys Microsoft Corporation a5462bd6884960c9dc85ed49d34ff392 hwpolicy.sys Microsoft Corporation fa55c73d4affa7ee23ac4be53b4592d3 i8042prt.sys Microsoft Corporation aaaf44db3bd0b9d1fb6969b23ecc8366 iaStorV.sys Intel Corporation 677aa5991026a65ada128c4b59cf2bad igdkmd64.sys Intel Corporation 5c18831c61933628f5bb0ea2675b9d21 iirsp.sys Intel Corp f00f20e70c6ec3aa366910083a0518aa intelide.sys Microsoft Corporation ada036632c664caa754079041cf1f8c1 intelppm.sys Microsoft Corporation c9f0e1bd74365a8771590e9008d22ab6 ipfltdrv.sys Microsoft Corporation 0fc1aea580957aa8817b8f305d18ca3a IPMIDrv.sys Microsoft Corporation af9b39a7e7b6caa203b3862582e9f2d0 ipnat.sys Microsoft Corporation 05360b1ea5a2abf620d1d96ebd8bd8f1 irda.sys Microsoft Corporation 3abf5e7213eb28966d55d58b515d5ce9 irenum.sys Microsoft Corporation 2f7b28dc3e1183e5eb418df55c204f38 isapnp.sys Microsoft Corporation bc02336f1cba7dcc7d1213bb588a68a5 kbdclass.sys Microsoft Corporation 0705eff5b42a9db58548eec3b26bb484 kbdhid.sys Microsoft Corporation 97a7070aea4c058b6418519e869a63b4 ksecdd.sys Microsoft Corporation 26c43a7c2862447ec59deda188d1da07 ksecpkg.sys Microsoft Corporation 24fbf5cc5c04150073c315a7c83521ee ks.sys Microsoft Corporation 6869281e78cb31a43e969f06b57347c4 ksthunk.sys Microsoft Corporation 1538831cf8ad2979a04c423779465827 lltdio.sys Microsoft Corporation 1a93e54eb0ece102495a51266dcdb6a6 lsi_fc.sys LSI Corporation 30f5c0de1ee8b5bc9306c1f0e4a75f93 lsi_sas2.sys LSI Corporation 1047184a9fdc8bdbff857175875ee810 lsi_sas.sys LSI Corporation 0504eacaff0d3c8aed161c4b0d369d4a lsi_scsi.sys LSI Corporation 43d0f98e1d56ccddb0d5254cff7b356e luafv.sys Microsoft Corporation 3c9f072f9dca856b9fb7a20cbd4281ac mcd.sys Microsoft Corporation a55805f747c6edb6a9080d7c633bd0f4 megasas.sys LSI Corporation baf74ce0072480c3b6b7c13b2a94d6b3 MegaSR.sys LSI Corporation 800ba92f7010378b09f9ed9270f07137 modem.sys Microsoft Corporation b03d591dc7da45ece20b3b467e6aadaa monitor.sys Microsoft Corporation 7d27ea49f3c1f687d357e77a470aea99 mouclass.sys Microsoft Corporation d3bf052c40b0c4166d9fd86a4288c1e6 mouhid.sys Microsoft Corporation 32e7a3d591d671a6df2db515a5cbe0fa mountmgr.sys Microsoft Corporation a44b420d30bd56e145d6a2bc8768ec58 mpio.sys Microsoft Corporation 6c38c9e45ae0ea2fa5e551f2ed5e978f mpsdrv.sys Microsoft Corporation dc722758b8261e1abafd31a3c0a66380 mrxdav.sys Microsoft Corporation d711b3c1d5f42c0c2415687be09fc163 mrxsmb10.sys Microsoft Corporation 9423e9d355c8d303e76b8cfbd8a5c30c mrxsmb20.sys Microsoft Corporation a5d9106a73dc88564c825d317cac68ac mrxsmb.sys Microsoft Corporation c25f0bafa182cbca2dd3c851c2e75796 msahci.sys Microsoft Corporation db801a638d011b9633829eb6f663c900 msdsm.sys Microsoft Corporation aa3fb40e17ce1388fa1bedab50ea8f96 msfs.sys Microsoft Corporation f9d215a46a8b9753f61767fa72a20326 mshidkmdf.sys Microsoft Corporation d916874bbd4f8b07bfb7fa9b3ccae29d msisadrv.sys Microsoft Corporation d931d7309deb2317035b07c9f9e6b0bd msiscsi.sys Microsoft Corporation 49ccf2c4fea34ffad8b1b59d49439366 mskssrv.sys Microsoft Corporation bdd71ace35a232104ddd349ee70e1ab3 mspclock.sys Microsoft Corporation 4ed981241db27c3383d72092b618a1d0 mspqm.sys Microsoft Corporation 759a9eeb0fa9ed79da1fb7d4ef78866d msrpc.sys Microsoft Corporation 0eed230e37515a0eaee3c2e1bc97b288 mssmbios.sys Microsoft Corporation 2e66f9ecb30b4221a318c92ac2250779 mstee.sys Microsoft Corporation 7ea404308934e675bffde8edf0757bcd MTConfig.sys Microsoft Corporation f9a18612fd3526fe473c1bda678d61c8 mup.sys Microsoft Corporation 9f9a1f53aad7da4d6fef5bb73ab811ac ndiscap.sys Microsoft Corporation 79b47fd40d9a817e932f9d26fac0a81c ndis.sys Microsoft Corporation 30639c932d9fef22b31268fe25a1b6e5 ndistapi.sys Microsoft Corporation 136185f9fb2cc61e573e676aa5402356 ndisuio.sys Microsoft Corporation 53f7305169863f0a2bddc49e116c2e11 ndiswan.sys Microsoft Corporation 015c0d8e0e0421b4cfd48cffe2825879 ndproxy.sys Microsoft Corporation 86743d9f5d2b1048062b14b1d84501c4 netbios.sys Microsoft Corporation 09594d1089c523423b32a4229263f068 netbt.sys Microsoft Corporation 7942b7ac3ff598f8a1736d51adaf04e8 netio.sys Microsoft Corporation 77889813be4d166cdab78ddba990da92 nfrd960.sys IBM Corp 1e4c4ab5c9b8dd13179bbdc75a2a01f7 npfs.sys Microsoft Corporation c31fa031335eff434b2d94278e74bcce npf.sys tH`VS_VERSION_INFO?aDStringFileInfobPCompanyNameCACETechnologies,Inc.p$FileDescriptionnpf.sys(NT/AMD)KernelDrivervFileVersion...nInternalNameNPF+TME`LegalCopyrightCopyright-CACETechnologies.Copyright-NetGroup,PolitecnicodiTorino.(LegalTrademarksbOriginalFilenamenpf.sysbProductNameWinPcap:vProductVersion...,BuildDescriptionDVarFileInfo$Translation* e7f5ae18af4168178a642a9247c63001 nsiproxy.sys Microsoft Corporation b98f8c6e31cd07b2e6f71f7f648e38c0 ntfs.sys Microsoft Corporation 9899284589f75fa8724ff3d16aed75c1 null.sys Microsoft Corporation 270d7cd42d6e3979f6dd0146650f0e05 NV_AGP.SYS Microsoft Corporation 0a92cb65770442ed0dc44834632f66ad nvraid.sys NVIDIA Corporation dab0e87525c10052bf65f06152f37e4a nvstor.sys NVIDIA Corporation 1ea3749c4114db3e3161156ffffa6b33 nwifi.sys Microsoft Corporation 3589478e4b22ce21b41fa1bfc0b8b8a0 ohci1394.sys Microsoft Corporation 0557cf5a2556bd58e26384169d72438d pacer.sys Microsoft Corporation 0086431c29c35be1dbc43f52cc273887 parport.sys Microsoft Corporation e9766131eeade40a27dc27d2d68fba9c partmgr.sys Microsoft Corporation b5b8b5ef2e5cb34df8dcf8831e3534fa pciide.sys Microsoft Corporation 144497daa145ba0f7be896064146c058 pciidex.sys Microsoft Corporation 94575c0571d1462a0f70bde6bd6ee6b3 pci.sys Microsoft Corporation b2e81d4e87ce48589f98cb8c05b01f2f pcmcia.sys Microsoft Corporation d6b9c2e1a11a3a4b26a182ffef18f603 pcw.sys Microsoft Corporation 68769c3356b3be5d1c732c97b9a80d6e PEAuth.sys Microsoft Corporation a010f13d27c1033a8be09d5fa9bf348b pneteth.sys tH`VS_VERSION_INFO?baStringFileInfoBZCompanyNameJuneFabricsTechnologyInc.hFileDescriptionPdaNetBroadbandAdapterDriverFileVersion...builtby:WinDDKbInternalNamepneteth.sysLegalCopyrightCopyright©JuneFabricsTechnologyInc.@bOriginalFilenamepneteth.sysRProductNamePdaNetBroadbandAdapter>rProductVersion...DVarFileInfo$Translation 06841f5cd8410b6bdc0b5a631b8f8787 pnetmdm64.sys tH`VS_VERSION_INFO?nStringFileInfobPCompanyNameJuneFabricsTechnologyDFileDescriptionPdaNetDriverbFileVersion,,,bInternalNamepnetmdm.sysr'LegalCopyrightCopyrightJuneFabricsTechnology@bOriginalFilenamepnetmdm.sys<ProductNamePdaNetDriverbProductVersion,,,DVarFileInfo$Translationt* 32e11315b5126921ffd9074840ef13d3 portcls.sys Microsoft Corporation 0d922e23c041efb1c3fac2a6f943c9bf processr.sys Microsoft Corporation a53a15a11ebfd21077463ee2c7afeef0 ql2300.sys QLogic Corporation 4f6d12b51de1aaeff7dc58c4d75423c8 ql40xx.sys QLogic Corporation 76707bb36430888d9ce9d705398adb6c qwavedrv.sys Microsoft Corporation 5a0da8ad5762fa2d91678a8a01311704 rasacd.sys Microsoft Corporation 471815800ae33e6f1c32fb1b97c490ca rasl2tp.sys Microsoft Corporation 855c9b1cd4756c5e9a2aa58a15f58c25 raspppoe.sys Microsoft Corporation f92a2c41117a11a00be01ca01a7fcde9 raspptp.sys Microsoft Corporation e8b1e447b008d07ff47d016c2b0eeecb rassstp.sys Microsoft Corporation 77f665941019a1594d887a74f301fa2f rdbss.sys Microsoft Corporation 302da2a0539f2cf54d7c6cc30c1f2d8d rdpbus.sys Microsoft Corporation cea6cc257fc9b7715f1c2b4849286d24 RDPCDD.sys Microsoft Corporation 1b6163c503398b23ff8b939c67747683 rdpdr.sys Microsoft Corporation bb5971a4f00659529a5c44831af22365 RDPENCDD.sys Microsoft Corporation 216f3fa57533d98e1f74ded70113177a RDPREFMP.sys Microsoft Corporation 70cba1a0c98600a2aa1863479b35cb90 rdpvideominiport.sys Microsoft Corporation e61608aa35e98999af9aaeeea6114b0a rdpwd.sys Microsoft Corporation 34ed295fa0121c241bfef24764fc4520 rdyboost.sys Microsoft Corporation e31960692cbb3a8bcdf300bc1d889e1f rimmpx64.sys Ricoh Company caf88d6573d21cd2aa27001ddbfdc74d rmcast.sys Microsoft Corporation fc6d5c50d846b795335deb3fce8b33f3 RNDISMP.sys Microsoft Corporation 9ebe1ca4bedbaa510dcac418b87b3c45 rndismpx.sys Microsoft Corporation 388d3dd1a6457280f3badba9f3acd6b1 rootmdm.sys Microsoft Corporation ddc86e4f8e7456261e637e3552e804ff rspndr.sys Microsoft Corporation ac03af3329579fffb455aa2daabbe22b sbp2port.sys Microsoft Corporation 253f38d0d7074c02ff8deb9836c97d2b scfilter.sys Microsoft Corporation 1b1e264203d4ef9d3da1987ad70355ab scsiport.sys Microsoft Corporation 111e0ebc0ad79cb0fa014b907b231cf0 sdbus.sys Microsoft Corporation 3ea8a16169c26afbeb544e0e48421186 secdrv.sys Macrovision Corporation cb624c0035412af0debec78c41f5ca1b serenum.sys Microsoft Corporation c1d8e28b2c2adfaec4ba89e9fda69bd6 serial.sys Microsoft Corporation 1c545a7d0691cc4a027396535691c3e3 sermouse.sys Microsoft Corporation a554811bcd09279536440c964ae35bbf sffdisk.sys Microsoft Corporation ff414f0baefeba59bc6c04b3db0b87bf sffp_mmc.sys Microsoft Corporation dd85b78243a19b59f0637dcf284da63c sffp_sd.sys Microsoft Corporation a9d601643a1647211a1ee2ec4e433ff4 sfloppy.sys Microsoft Corporation 843caf1e5fde1ffd5ff768f23a51e2e1 sisraid2.sys Silicon Integrated Systems 6a6c106d42e9ffff8b9fcb4f754f6da4 sisraid4.sys Silicon Integrated Systems 548260a7b8654e024dc30bf8a7c5baa4 smb.sys Microsoft Corporation a80348ba03e96c70852959655ca3e084 smclib.sys Microsoft Corporation b9e31e5cacdfe584f34f730a677803f9 spldr.sys Microsoft Corporation fff95479c7ab1550f0750a5d01744211 spsys.sys Microsoft Corporation b4adebbf5e3677cce9651e0f01f7cc28 srv2.sys Microsoft Corporation 27e461f0be5bff5fc737328f749538c3 srvnet.sys Microsoft Corporation 441fba48bff01fdb9d5969ebc1838f0b srv.sys Microsoft Corporation f3817967ed533d08327dc73bc4d5542a stexstor.sys Promise Technology 19cb37ac38b802be9c441d094521a29a storport.sys Microsoft Corporation d34e4943d5ac096c8edeebfd80d76e23 storvsc.sys Microsoft Corporation 001cc10fa5e71ae1119115e126c8750d stream.sys Microsoft Corporation eb059bc699e6c766857a71087594bcd7 stwrt64.sys nS?btStringFileInfoBnCompanyNameIDT,Inc.BrFileDescriptionIDTPCAudiobFileVersion...bInternalNameIDTPCAh"LegalCopyrightCopyright-IDT,Inc.@bOriginalFilenamestwrt.sys:rProductNameIDTPCAudio<bProductVersion...BrLegalTrademarksIDTPCAudiol*CommentsAllRightsReserved-IDT,Inc.DVarFileInfo$TranslationtD d01ec09b6711a5f8e7e6564a4d0fbc90 swenum.sys Microsoft Corporation<p>1e036f98e6c780dd7669f516e8be0cea SWIPsec.sys tH`XXVS_VERSION_INFOn(n(
-
re-downloading the .iso worked. I am able to boot and run driver.sh. However, the report.txt file was basically empty after I removed the USB, even though the sh program ran and found quite a bit. I'm running again now. Will update after it's done.
-
OK. It doesn't like the boot image. It just keeps looping through trying to boot up on the xpud image. After I select the language. there it says it loads /boot/xpud and /opt/medai, then says "ready", but then just reboot again. Is it a bad .iso download?
-
<p>The boot is not working as described. In the following steps:</p> <p> </p> <p>-Boot the Sick computer</p> <div>-Press F12 and choose to boot from the USB</div> <div>-Follow the prompts</div> <div>-A Welcome to xPUD screen will appear</div> <div><span style="color:#ff0000;">-Press File</span></div> <div><span style="color:#ff0000;">-Expand mnt</span></div> <div> </div> <div>I never get to the last two steps. I boot off of the USB drive OK. I see see an xPUD screen where I have to select a language, but after that, Windows 7 boots up right away and I get my login screen. If I login with my normal user name, the DOJ screen is back.</div>
-
No. After reboot, I logged back in and the DOJ screen is back.
-
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-05-2013 Ran by fpk228 at 2013-05-23 20:52:08 Run:1 Running from E:\ Boot Mode: Safe Mode (minimal) ============================================== HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => Value was restored successfully. Could not move C:\ProgramData\ezsidmv.dat. => Scheduled to move on reboot.
-
I'm not sure I understand. It was run as a non-admin user.
-
Hi, The text from FRST.txt is below. Please note that I can only get to a command prompt in recovery mode when logged in as a user that is not an admin. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-05-2013 Ran by fpk228 (ATTENTION: The logged in user is not administrator) on 23-05-2013 19:22:03 Running from E:\ Windows 7 Enterprise Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Safe Mode (minimal)Attention: System hive is missing. ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Windows\system32\cmd.exe (Farbar) e:\FRST64.exe ==================== Registry (Whitelisted) ================== Attention: Software hive is missing. HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice [2692008 2009-03-19] (ESET) HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [342528 2009-06-19] (Alps Electric Co., Ltd.) HKLM\...\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [450048 2009-07-31] (IDT, Inc.) HKLM\...\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [1832760 2012-09-20] (Logitech, Inc.) HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe <====== ATTENTION HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe <====== ATTENTION HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$c5d4bc2371e7668554fa311938a84dcb\n. ATTENTION! ====> ZeroAccess HKCU\...\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [1475584 2010-11-20] (Microsoft Corporation) HKCU\...\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation) HKLM-x32\...\Run: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe [673616 2009-04-07] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.) HKLM-x32\...\Run: [DLSService] "C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe" [55808 2009-10-28] (Sanford, L.P.) HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-11-28] (Apple Inc.) HKLM-x32\...\Run: [VMware hqtray] "C:\Program Files (x86)\VMware\VMware Player\hqtray.exe" [64112 2011-09-23] (VMware, Inc.) HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152544 2012-12-12] (Apple Inc.) HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254896 2012-09-17] (Sun Microsystems, Inc.) Lsa: [Authentication Packages] msv1_0 setuid Startup: C:\ProgramData\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.) Startup: C:\ProgramData\Start Menu\Programs\Startup\vpngui.exe.lnk ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe () ==================== Internet (Whitelisted) ==================== SearchScopes: HKCU - DefaultScope value is missing. BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited) BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Skype Plug-In - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) PDF: HKLM-x32 {00191E4B-49C2-48E2-A548-8F702D75622A} https://strtc.oracle.com/imtapp/res/jar/cnsload.cab PDF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab PDF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} https://a248.e.akamai.net/f/248/14778/2h/dlmanager.download.akamai.com/14778/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab PDF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://ciscosales.webex.com/client/T27L10NSP15/webex/ieatgpc1.cab PDF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Winsock: Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [20992] (Microsoft Corporation) Winsock: Catalog9 11 C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll [232448] (Microsoft Corporation) Winsock: Catalog9 12 C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll [232448] (Microsoft Corporation) Winsock: Catalog5-x64 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.) Winsock: Catalog9-x64 11 C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll [446576] (VMware, Inc.) Winsock: Catalog9-x64 12 C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll [446576] (VMware, Inc.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt ==================== Services (Whitelisted) ================= S2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) S2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_44a8c6ff8211f2d4\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation) S2 CVS; C:\Program Files (x86)\cvsnt\cvsservice.exe [35328 2004-08-19] (GNU) S2 CVSLock; C:\Program Files (x86)\cvsnt\cvslock.exe [48640 2004-08-19] () S3 EhttpSrv; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [23296 2009-03-19] (ESET) S2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [731840 2009-03-19] (ESET) S2 ftpsvc; C:\Windows\system32\inetsrv\ftpsvc.dll [350720 2012-06-01] (Microsoft Corporation) S3 Incognito Configuration File Manager Proxy for Windows; C:\Program Files (x86)\Incognito Software\NT\CFMProxy\cfmproxysvc.exe [4927488 2010-03-25] (Incognito Software, Inc,) S3 Incognito Configuration File Manager Service for Windows; C:\Program Files (x86)\Incognito Software\NT\CFM\cfmsvc.exe [5758976 2011-05-04] (Incognito Software, Inc,) S3 Incognito DHCP Service for Windows; C:\Program Files (x86)\Incognito Software\NT\IPCmdr\DIPSVC.exe [10338304 2011-09-06] (Incognito Software Inc.) S3 Incognito DNS Service for Windows; C:\Program Files (x86)\Incognito Software\NT\DNS\dnssvc.exe [7667712 2011-09-16] (Incognito Software Inc.) S3 Incognito KDC Service for Windows; C:\Program Files (x86)\Incognito Software\NT\KDC Wrapper\kdcwrappersvc.exe [4550656 2009-06-24] (Incognito Software Inc.) S3 Incognito Multimedia Provisioning Service for Windows; C:\Program Files (x86)\Incognito Software\NT\MPS\mpssvc.exe [13463552 2011-01-05] (Incognito Software Inc.) S2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.) S2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) S2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) S2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.) S2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_44a8c6ff8211f2d4\STacSV64.exe [240640 2009-07-31] (IDT, Inc.) S3 rpcapd; "%ProgramFiles(x86)%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles(x86)%\WinPcap\rpcapd.ini" [x] S3 ufad-ws60; "C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe" -d "C:\Program Files (x86)\VMware\VMware Player\\" -s ufad-p2v.xml [x] ==================== Drivers (Whitelisted) ==================== S3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] () S2 eamon; C:\Windows\System32\DRIVERS\eamon.sys [142776 2009-03-19] (ESET) S1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [134024 2009-03-19] (ESET) S2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [121152 2009-03-19] (ESET) S2 vstor2-ws60; C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys [32816 2010-08-19] (VMware, Inc.) S2 NPF; system32\drivers\npf.sys [x] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x] S3 tsusbhub; system32\drivers\tsusbhub.sys [x] S3 VGPU; System32\drivers\rdvgkmd.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-05-23 19:22 - 2013-05-23 19:22 - 00000000 ____D C:\FRST 2013-05-23 17:50 - 2013-05-23 17:50 - 00000020 ___SH C:\Users\fpk228\ntuser.ini 2013-05-23 17:50 - 2013-05-23 17:50 - 00000000 ____D C:\users\fpk228 2013-05-23 17:50 - 2012-10-31 17:21 - 00000000 ____D C:\Users\fpk228\AppData\LocalGoogle 2013-05-23 17:50 - 2012-10-31 17:20 - 00000000 ____D C:\Users\fpk228\AppData\Local\Google 2013-05-23 17:50 - 2009-11-23 14:17 - 00000000 ____D C:\Users\fpk228\AppData\Local\Microsoft Help 2013-05-23 16:40 - 2013-05-23 16:40 - 00012872 ____A (SurfRight B.V.) C:\Windows\System32\bootdelete.exe 2013-05-23 15:05 - 2013-05-23 16:41 - 00000000 ____D C:\ProgramData\HitmanPro 2013-05-23 14:05 - 2013-05-23 14:05 - 00000000 ___HD C:\Users\Public\Documents\Report 2013-05-16 15:55 - 2013-04-10 01:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys 2013-05-16 15:55 - 2013-04-10 01:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys 2013-05-16 15:55 - 2011-02-03 06:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll 2013-05-16 15:54 - 2013-02-27 01:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe 2013-05-16 15:54 - 2013-02-27 00:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2013-05-16 15:54 - 2013-02-27 00:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll 2013-05-16 15:54 - 2013-02-27 00:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll 2013-05-16 15:54 - 2013-02-27 00:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll 2013-05-16 15:54 - 2013-02-26 23:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2013-05-16 15:54 - 2013-02-26 23:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll 2013-05-16 15:54 - 2013-02-26 23:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2013-05-16 15:53 - 2013-04-09 22:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2013-05-16 15:47 - 2013-05-05 16:36 - 17818624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-05-16 15:47 - 2013-05-05 16:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-05-16 15:47 - 2013-05-05 14:25 - 12324864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-05-16 15:47 - 2013-05-05 14:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-05-16 15:46 - 2013-04-04 20:19 - 10926080 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-05-16 15:46 - 2013-04-04 20:08 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-05-16 15:46 - 2013-04-04 20:01 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-05-16 15:46 - 2013-04-04 20:00 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-05-16 15:46 - 2013-04-04 19:59 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2013-05-16 15:46 - 2013-04-04 19:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2013-05-16 15:46 - 2013-04-04 19:57 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-05-16 15:46 - 2013-04-04 19:56 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2013-05-16 15:46 - 2013-04-04 19:55 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-05-16 15:46 - 2013-04-04 19:55 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2013-05-16 15:46 - 2013-04-04 19:54 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-05-16 15:46 - 2013-04-04 19:54 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-05-16 15:46 - 2013-04-04 19:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2013-05-16 15:46 - 2013-04-04 19:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-05-16 15:46 - 2013-04-04 17:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-05-16 15:46 - 2013-04-04 17:09 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-05-16 15:46 - 2013-04-04 17:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-05-16 15:46 - 2013-04-04 17:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-05-16 15:46 - 2013-04-04 17:02 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-05-16 15:46 - 2013-04-04 17:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2013-05-16 15:46 - 2013-04-04 16:59 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-05-16 15:46 - 2013-04-04 16:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-05-16 15:46 - 2013-04-04 16:58 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2013-05-16 15:46 - 2013-04-04 16:57 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2013-05-16 15:46 - 2013-04-04 16:56 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-05-16 15:46 - 2013-04-04 16:55 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-05-16 15:46 - 2013-04-04 16:54 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2013-05-16 15:46 - 2013-04-04 16:50 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-05-13 14:52 - 2013-05-13 14:52 - 00001109 ____A C:\Users\Public\Desktop\X-Lite.lnk 2013-05-13 14:50 - 2013-05-13 14:50 - 00000000 ____D C:\ProgramData\Package Cache 2013-04-29 09:02 - 2013-04-12 09:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys ==================== One Month Modified Files and Folders ======= 2013-05-23 19:22 - 2013-05-23 19:22 - 00000000 ____D C:\FRST 2013-05-23 19:20 - 2009-07-14 00:13 - 00787630 ____A C:\Windows\System32\PerfStringBackup.INI 2013-05-23 17:50 - 2013-05-23 17:50 - 00000020 ___SH C:\Users\fpk228\ntuser.ini 2013-05-23 17:50 - 2013-05-23 17:50 - 00000000 ____D C:\users\fpk228 2013-05-23 17:29 - 2009-12-15 17:16 - 00000000 ____D C:\ProgramData\VMware 2013-05-23 17:29 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-05-23 17:29 - 2009-07-13 23:51 - 00060441 ____A C:\Windows\setupact.log 2013-05-23 17:07 - 2009-11-23 13:57 - 01051436 ____A C:\Windows\WindowsUpdate.log 2013-05-23 17:07 - 2009-07-13 23:45 - 00020240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-05-23 17:07 - 2009-07-13 23:45 - 00020240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-05-23 17:05 - 2009-12-22 18:09 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-05-23 16:41 - 2013-05-23 15:05 - 00000000 ____D C:\ProgramData\HitmanPro 2013-05-23 16:40 - 2013-05-23 16:40 - 00012872 ____A (SurfRight B.V.) C:\Windows\System32\bootdelete.exe 2013-05-23 16:29 - 2011-03-01 21:25 - 00000920 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1448186152-1295568710-3893836055-1701UA.job 2013-05-23 16:29 - 2009-12-22 18:09 - 00000902 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-05-23 14:05 - 2013-05-23 14:05 - 00000000 ___HD C:\Users\Public\Documents\Report 2013-05-23 14:05 - 2009-12-16 17:43 - 00000000 ____D C:\users\pkinnerk 2013-05-23 02:29 - 2011-03-01 21:25 - 00000868 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1448186152-1295568710-3893836055-1701Core.job 2013-05-17 21:17 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache 2013-05-17 18:14 - 2010-06-23 17:59 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy 2013-05-17 18:14 - 2010-02-01 16:07 - 00000000 ____D C:\ProgramData\McAfee Security Scan 2013-05-17 18:14 - 2010-01-21 09:40 - 00000000 ___RD C:\Program Files (x86)\Skype 2013-05-17 18:14 - 2009-12-14 19:52 - 00000000 ____D C:\users\administrator 2013-05-17 18:14 - 2009-11-23 14:55 - 00000000 ____D C:\users\andre 2013-05-17 18:14 - 2009-11-23 14:08 - 00000000 ____D C:\users\localadmin 2013-05-17 18:14 - 2009-07-14 02:23 - 00000000 ___RD C:\Users\Public\Recorded TV 2013-05-17 18:14 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration 2013-05-17 18:14 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\AppCompat 2013-05-16 16:00 - 2009-07-13 23:45 - 00413312 ____A C:\Windows\System32\FNTCACHE.DAT 2013-05-16 15:55 - 2009-11-23 14:14 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-05-13 14:52 - 2013-05-13 14:52 - 00001109 ____A C:\Users\Public\Desktop\X-Lite.lnk 2013-05-13 14:52 - 2012-08-03 10:26 - 02279462 ____A C:\Windows\System32\installer.log 2013-05-13 14:52 - 2011-08-11 10:36 - 00043022 ____A C:\Windows\SysWOW64\installer.log 2013-05-13 14:50 - 2013-05-13 14:50 - 00000000 ____D C:\ProgramData\Package Cache 2013-05-05 16:36 - 2013-05-16 15:47 - 17818624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-05-05 16:16 - 2013-05-16 15:47 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-05-05 14:25 - 2013-05-16 15:47 - 12324864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-05-05 14:12 - 2013-05-16 15:47 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb Other Malware: =========== C:\ProgramData\ezsidmv.dat ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== End Of Log ============================