(new TDL4) Keylogged & IE with a mind of its own

Inactive
By Brutal Black
Nov 23, 2011
  1. Brutal Black

    Brutal Black Newcomer, in training Topic Starter Posts: 75

    Scan result of Farbars's Recovery Tool (FRST written by farbar) Version 2.3.0
    Ran by gamers at 2011-12-02 19:53:22
    Running from C:\Users\gamers\Desktop
    (X86) OS Language: English(US)
    Attention: Could not load system hive.ERROR: The process cannot access the file because it is being used by another process.

    ========================== Registry (Whitelisted) =============

    HKU\Administrator\...\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2008-06-09] (Hewlett-Packard Company)
    HKLM\...\Winlogon: [Userinit] [x]
    HKLM\...\Winlogon: [Shell]

    ================================ Services (Whitelisted) ==================


    ========================== Drivers (Whitelisted) =============


    ========================== NetSvcs (Whitelisted) ===========

    ============ One Month Created Files and Folders ==============

    2011-12-02 19:52 - 2011-12-02 19:52 - 0858348 ____A C:\Users\gamers\Desktop\FRST.exe
    2011-12-01 20:38 - 2009-07-13 18:12 - 0338944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
    2011-12-01 20:30 - 2011-12-02 19:49 - 0000000 ___SD C:\Yourname
    2011-12-01 19:49 - 2011-12-01 19:49 - 0000000 ____A C:\Users\gamers\Desktop\New Text Document.txt
    2011-12-01 19:05 - 2011-12-01 19:05 - 0000000 ____D C:\Users\All Users\AMMYY
    2011-12-01 19:05 - 2011-12-01 19:05 - 0000000 ____D C:\ProgramData\AMMYY
    2011-12-01 01:29 - 2011-12-01 01:29 - 1566512 ____A (Kaspersky Lab ZAO) C:\Users\gamers\Desktop\tdsskiller.exe
    2011-11-30 19:44 - 2011-11-30 19:44 - 0000000 __SHD C:\$RECYCLE.BIN
    2011-11-29 21:52 - 2011-12-01 20:28 - 4324789 ____R (Swearware) C:\Users\gamers\Desktop\Yourname.exe
    2011-11-29 03:53 - 2011-06-26 01:45 - 0256000 ____A C:\Windows\PEV.exe
    2011-11-29 03:53 - 2010-11-07 12:20 - 0208896 ____A C:\Windows\MBR.exe
    2011-11-29 03:53 - 2009-04-19 23:56 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
    2011-11-29 03:53 - 2000-08-30 19:00 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe
    2011-11-29 03:53 - 2000-08-30 19:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe
    2011-11-29 03:53 - 2000-08-30 19:00 - 0098816 ____A C:\Windows\sed.exe
    2011-11-29 03:53 - 2000-08-30 19:00 - 0080412 ____A C:\Windows\grep.exe
    2011-11-29 03:53 - 2000-08-30 19:00 - 0068096 ____A C:\Windows\zip.exe
    2011-11-29 03:52 - 2011-11-29 03:52 - 0000000 ____D C:\Windows\ERDNT
    2011-11-29 03:46 - 2011-11-29 03:52 - 0000000 ____D C:\Qoobox
    2011-11-29 01:38 - 2011-11-29 01:38 - 0160160 ____A C:\Windows\Minidump\112911-24679-01.dmp
    2011-11-28 16:48 - 2011-11-29 01:38 - 311721516 ____A C:\Windows\MEMORY.DMP
    2011-11-28 16:48 - 2011-11-29 01:38 - 0000000 ____D C:\Windows\Minidump
    2011-11-28 16:48 - 2011-11-28 16:48 - 0160112 ____A C:\Windows\Minidump\112811-24133-01.dmp
    2011-11-28 06:44 - 2011-11-28 10:03 - 0052018 ____A C:\Users\gamers\Desktop\bootkit_remover_debug_log.txt
    2011-11-24 14:45 - 2011-11-24 14:45 - 1916416 ____A (AVAST Software) C:\Users\gamers\Desktop\aswMBR.exe
    2011-11-24 14:44 - 2011-12-01 01:35 - 0000357 ____A C:\rkill.log
    2011-11-24 14:43 - 2011-11-24 14:43 - 1008092 ____A C:\Users\gamers\Desktop\rkill.com
    2011-11-24 14:27 - 2011-12-02 19:49 - 0017838 ____A C:\Windows\PFRO.log
    2011-11-24 14:19 - 2011-11-24 14:19 - 9130808 ____A (OPSWAT, Inc.) C:\Users\gamers\Downloads\AppRemover.exe
    2011-11-23 16:08 - 2011-12-02 19:49 - 0002184 ____A C:\Windows\setupact.log
    2011-11-23 16:08 - 2011-11-23 16:08 - 0000000 ____A C:\Windows\setuperr.log
    2011-11-23 13:38 - 2011-11-23 13:38 - 0035561 ____A C:\Users\gamers\Documents\DDSlog2.txt
    2011-11-23 13:38 - 2011-11-23 13:38 - 0019191 ____A C:\Users\gamers\Documents\DDSlog1.txt
    2011-11-23 13:38 - 2011-11-23 13:38 - 0004413 ____A C:\Users\gamers\Documents\GMERlog.txt
    2011-11-23 13:38 - 2011-11-23 13:38 - 0000909 ____A C:\Users\gamers\Documents\MBLog.txt
    2011-11-23 13:21 - 2011-11-23 13:21 - 0004415 ____A C:\Users\gamers\Desktop\GMER.log
    2011-11-23 12:11 - 2011-11-23 12:11 - 0000000 ____D C:\Program Files\somototoolbar
    2011-11-23 12:10 - 2011-11-23 12:10 - 1785905 ____A C:\Users\gamers\Downloads\TempFileCleaner_3.1.1_Setup.exe
    2011-11-23 12:10 - 2011-11-23 12:10 - 0001047 ____A C:\Users\gamers\Desktop\Temp File Cleaner.lnk
    2011-11-23 12:10 - 2011-11-23 12:10 - 0000000 ____D C:\Program Files\Temp File Cleaner
    2011-11-23 12:09 - 2011-11-23 12:09 - 0463080 ____A (CNET Download.com) C:\Users\gamers\Downloads\cnet_TempFileCleaner_3_1_1_Setup_exe.exe
    2011-11-23 07:29 - 2011-11-23 07:36 - 0000000 ____D C:\Users\gamers\AppData\Roaming\AVG
    2011-11-23 07:28 - 2011-11-23 07:28 - 8143920 ____A (AVG ) C:\Users\gamers\Downloads\avg_pct_stf_all_2012_26_c5.exe
    2011-11-23 06:58 - 2011-11-23 06:57 - 0607260 ____R (Swearware) C:\Users\gamers\Desktop\dds.scr
    2011-11-23 06:58 - 2011-11-23 06:56 - 0302592 ____A C:\Users\gamers\Desktop\u6gx0ld6.exe
    2011-11-23 06:57 - 2011-11-23 06:58 - 0607260 ____A (Swearware) C:\Users\gamers\Downloads\dds.scr
    2011-11-23 06:56 - 2011-11-23 06:56 - 0302592 ____A C:\Users\gamers\Downloads\u6gx0ld6.exe
    2011-11-23 06:45 - 2011-11-23 06:45 - 0000000 ____D C:\Users\All Users\Kaspersky Lab
    2011-11-23 06:45 - 2011-11-23 06:45 - 0000000 ____D C:\ProgramData\Kaspersky Lab
    2011-11-23 06:42 - 2011-11-23 06:42 - 0000000 ____D C:\Users\gamers\AppData\Roaming\QuickScan
    2011-11-23 06:39 - 2011-11-23 06:39 - 0000000 ____D C:\Users\All Users\boost_interprocess
    2011-11-23 06:39 - 2011-11-23 06:39 - 0000000 ____D C:\ProgramData\boost_interprocess
    2011-11-23 06:37 - 2011-11-23 06:39 - 102896192 ____A C:\Users\gamers\Downloads\setup_11.0.0.1245.x01_2011_11_23_14_01.exe
    2011-11-23 06:27 - 2011-11-23 15:29 - 0011513 ____A C:\Users\gamers\Documents\hijackthis.log
    2011-11-23 06:02 - 2011-11-23 06:02 - 0002969 ____A C:\Users\gamers\Desktop\HiJackThis.lnk
    2011-11-23 06:02 - 2011-11-23 06:02 - 0000000 ____D C:\Program Files\Trend Micro
    2011-11-23 06:01 - 2011-11-23 06:01 - 1402880 ____A C:\Users\gamers\Downloads\HijackThis.msi
    2011-11-21 18:09 - 2011-11-23 06:06 - 0002378 ____A C:\Users\gamers\Documents\Kill Box Instructions.txt
    2011-11-21 18:09 - 2011-11-21 18:09 - 0092672 ____A (Option^Explicit Software vbtechcd@gmail.com) C:\Users\gamers\Downloads\KillBox.exe
    2011-11-21 17:57 - 2011-11-21 17:57 - 0000000 ____D C:\Users\gamers\AppData\Roaming\Malwarebytes
    2011-11-21 17:56 - 2011-11-21 17:57 - 0000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
    2011-11-21 17:56 - 2011-11-21 17:56 - 9852544 ____A (Malwarebytes Corporation ) C:\Users\gamers\Downloads\mbam-setup-1.51.2.1300.exe
    2011-11-21 17:56 - 2011-11-21 17:56 - 0001071 ____A C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    2011-11-21 17:56 - 2011-11-21 17:56 - 0000000 ____D C:\Users\All Users\Malwarebytes
    2011-11-21 17:56 - 2011-11-21 17:56 - 0000000 ____D C:\ProgramData\Malwarebytes
    2011-11-20 09:17 - 2011-11-20 09:17 - 0000000 ___HD C:\$AVG
    2011-11-20 08:42 - 2011-11-20 08:42 - 0000000 ____D C:\Users\gamers\AppData\Roaming\AVG2012
    2011-11-20 08:40 - 2011-11-24 14:27 - 0000000 ____D C:\Users\All Users\AVG2012
    2011-11-20 08:40 - 2011-11-24 14:27 - 0000000 ____D C:\ProgramData\AVG2012
    2011-11-20 08:37 - 2011-11-24 14:25 - 0000000 ____D C:\Users\All Users\MFAData
    2011-11-20 08:37 - 2011-11-24 14:25 - 0000000 ____D C:\ProgramData\MFAData
    2011-11-20 08:29 - 2011-11-20 08:29 - 3903528 ____A (AVG Technologies) C:\Users\gamers\Downloads\avg_free_stb_en_2012_1872_free.exe
    2011-11-20 08:18 - 2011-11-20 08:21 - 0000000 ____D C:\Program Files\Eusing Free Registry Cleaner
    2011-11-20 08:18 - 2011-11-20 08:18 - 0001027 ____A C:\Users\gamers\Desktop\Eusing Free Registry Cleaner.lnk
    2011-11-20 08:17 - 2011-11-20 08:17 - 0977520 ____A C:\Users\gamers\Downloads\EFRCSetup.exe
    2011-11-19 06:13 - 2011-11-24 14:27 - 0000000 ____D C:\Program Files\AVG
    2011-11-19 06:06 - 2011-11-19 06:08 - 93393016 ____A (AVG Technologies) C:\Users\gamers\Downloads\avg_free_stf_en_90_851a3009.exe
    2011-11-19 05:59 - 2011-11-19 05:59 - 0000027 ____A C:\Windows\System32\MPFServiceFailureCount.txt
    2011-11-19 05:33 - 2011-11-19 09:18 - 0000000 ____D C:\Users\All Users\AVAST Software
    2011-11-19 05:33 - 2011-11-19 09:18 - 0000000 ____D C:\ProgramData\AVAST Software
    2011-11-19 05:33 - 2011-11-19 05:33 - 0000000 ____D C:\Program Files\AVAST Software
    2011-11-19 04:17 - 2011-11-19 04:17 - 0000000 ____D C:\Users\gamers\AppData\Roaming\jFF44pmG5sQJdE8
    2011-11-19 03:59 - 2011-11-19 03:59 - 0000000 ____D C:\Users\gamers\AppData\Roaming\tppmmG55aJ6KfLh
    2011-11-19 03:10 - 2011-11-19 04:30 - 0000000 ____D C:\Users\gamers\AppData\Roaming\B424F
    2011-11-19 03:10 - 2011-11-19 03:10 - 0000000 ____D C:\Users\gamers\AppData\Roaming\wcccS11ivD
    2011-11-19 03:10 - 2011-11-19 03:10 - 0000000 ____D C:\Users\gamers\AppData\Roaming\kttxxP0uuS1
    2011-11-19 03:10 - 2011-11-19 03:10 - 0000000 ____D C:\Users\gamers\AppData\Roaming\FiiibFF3pnGa
    2011-11-18 15:24 - 2011-11-18 15:34 - 0000304 ____A C:\Users\All Users\~MqGNiCX5Sv6EsH
    2011-11-18 15:24 - 2011-11-18 15:34 - 0000304 ____A C:\ProgramData\~MqGNiCX5Sv6EsH
    2011-11-18 15:24 - 2011-11-18 15:34 - 0000232 ____A C:\Users\All Users\~MqGNiCX5Sv6EsHr
    2011-11-18 15:24 - 2011-11-18 15:34 - 0000232 ____A C:\ProgramData\~MqGNiCX5Sv6EsHr
    2011-11-18 15:23 - 2011-11-18 15:32 - 0000448 ____A C:\Users\All Users\MqGNiCX5Sv6EsH
    2011-11-18 15:23 - 2011-11-18 15:32 - 0000448 ____A C:\ProgramData\MqGNiCX5Sv6EsH
    2011-11-18 12:47 - 2011-11-18 12:47 - 1063703 ___AH C:\Users\gamers\Documents\Shadow Sabres Notes - Big D.docx
    2011-11-16 13:30 - 2011-11-16 13:30 - 0397472 ____A () C:\Users\gamers\Downloads\FXAA_PPI_Automatic_Installer-131-1-2.exe
    2011-11-16 13:20 - 2011-11-29 01:41 - 0000000 ___HD C:\Users\gamers\Documents\Nexus Mod Manager
    2011-11-16 13:20 - 2011-11-23 16:36 - 0001047 ____A C:\Users\Public\Desktop\Nexus Mod Manager.lnk
    2011-11-16 13:20 - 2011-11-23 16:36 - 0000000 ____D C:\Program Files\Nexus Mod Manager
    2011-11-16 13:20 - 2011-11-19 04:28 - 0000000 ____D C:\Users\gamers\AppData\Local\Black_Tree_Gaming
    2011-11-16 13:20 - 2011-11-16 13:20 - 2286434 ____A (Black Tree Gaming ) C:\Users\gamers\Downloads\Nexus Mod Manager-0.12.2.exe
    2011-11-15 17:24 - 2011-11-15 17:24 - 0000000 ____D C:\Users\All Users\NCH Software
    2011-11-15 17:24 - 2011-11-15 17:24 - 0000000 ____D C:\ProgramData\NCH Software
    2011-11-14 12:26 - 2011-11-14 12:26 - 0000637 ___AH C:\Users\gamers\Documents\Bob's Burgers.xspf
    2011-11-10 16:28 - 2011-11-10 16:28 - 0001624 ____A C:\Users\gamers\Desktop\The Elder Scrolls Skyrim.lnk
    2011-11-10 16:16 - 2011-11-10 16:16 - 0000000 ___HD C:\Users\gamers\AppData\Local\Skyrim
    2011-11-10 15:50 - 2011-11-29 01:40 - 0000000 ____D C:\Program Files\The Elder Scrolls V Skyrim
    2011-11-10 15:48 - 2011-11-10 15:49 - 21386221 ___AH C:\Users\gamers\Downloads\rzr-skrm.rar
    2011-11-10 15:45 - 2011-11-19 04:31 - 0000000 ____D C:\Elder Scrolls
    2011-11-10 15:39 - 2011-11-10 15:40 - 6685523 ___AH C:\Users\gamers\Downloads\SkyUPDATERAZOR.rar
    2011-11-10 15:39 - 2011-11-10 15:39 - 0752882 ___AH C:\Users\gamers\Downloads\insta.rar
    2011-11-09 12:35 - 2011-11-09 12:35 - 0001096 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk


    ============ 3 Months Modified Files and Folders ===============

    2011-12-02 19:53 - 2011-12-02 19:53 - 0000000 ____D C:\FRST
    2011-12-02 19:52 - 2011-12-02 19:52 - 0858348 ____A C:\Users\gamers\Desktop\FRST.exe
    2011-12-02 19:50 - 2010-12-16 02:45 - 0000000 ____D C:\Program Files\Steam
    2011-12-02 19:49 - 2011-12-01 20:30 - 0000000 ___SD C:\Yourname
    2011-12-02 19:49 - 2011-11-24 14:27 - 0017838 ____A C:\Windows\PFRO.log
    2011-12-02 19:49 - 2011-11-23 16:08 - 0002184 ____A C:\Windows\setupact.log
    2011-12-02 19:49 - 2010-11-03 18:58 - 2415566848 __ASH C:\hiberfil.sys
    2011-12-02 19:49 - 2009-07-13 23:53 - 0032556 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2011-12-02 19:49 - 2009-07-13 23:53 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
    2011-12-01 20:37 - 2009-07-13 21:37 - 0000000 ___DC C:\Windows\$NtUninstallKB49674$
    2011-12-01 20:33 - 2010-11-03 19:01 - 1809242 ____A C:\Windows\WindowsUpdate.log
    2011-12-01 20:28 - 2011-11-29 21:52 - 4324789 ____R (Swearware) C:\Users\gamers\Desktop\Yourname.exe
    2011-12-01 20:10 - 2011-04-22 14:09 - 0000000 ____D C:\Users\All Users\MediaMall
    2011-12-01 20:10 - 2011-04-22 14:09 - 0000000 ____D C:\ProgramData\MediaMall
    2011-12-01 20:10 - 2010-11-09 21:20 - 0000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2011-12-01 19:58 - 2009-07-13 23:34 - 0010240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2011-12-01 19:58 - 2009-07-13 23:34 - 0010240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2011-12-01 19:55 - 2010-11-09 21:20 - 0000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2011-12-01 19:49 - 2011-12-01 19:49 - 0000000 ____A C:\Users\gamers\Desktop\New Text Document.txt
    2011-12-01 19:05 - 2011-12-01 19:05 - 0000000 ____D C:\Users\All Users\AMMYY
    2011-12-01 19:05 - 2011-12-01 19:05 - 0000000 ____D C:\ProgramData\AMMYY
    2011-12-01 01:38 - 2011-02-16 14:00 - 1775562 ____A C:\Windows\ntbtlog.txt
    2011-12-01 01:35 - 2011-11-24 14:44 - 0000357 ____A C:\rkill.log
    2011-12-01 01:29 - 2011-12-01 01:29 - 1566512 ____A (Kaspersky Lab ZAO) C:\Users\gamers\Desktop\tdsskiller.exe
    2011-11-30 21:04 - 2011-08-10 19:38 - 0000000 ____D C:\Users\gamers\.frostwire5
    2011-11-30 20:11 - 2010-11-09 21:20 - 0000000 ___HD C:\Users\gamers\AppData\Local\Google
    2011-11-30 19:44 - 2011-11-30 19:44 - 0000000 __SHD C:\$RECYCLE.BIN
    2011-11-30 19:44 - 2010-12-23 03:38 - 0000000 ____D C:\Users\gamers\AppData\Local\Apps\2.0
    2011-11-30 15:47 - 2009-07-13 21:04 - 0000027 ____A C:\Windows\System32\Drivers\etc\hosts
    2011-11-29 03:56 - 2009-07-13 21:37 - 0000000 ___RD C:\users\Public
    2011-11-29 03:52 - 2011-11-29 03:52 - 0000000 ____D C:\Windows\ERDNT
    2011-11-29 03:52 - 2011-11-29 03:46 - 0000000 ____D C:\Qoobox
    2011-11-29 01:41 - 2011-11-16 13:20 - 0000000 ___HD C:\Users\gamers\Documents\Nexus Mod Manager
    2011-11-29 01:40 - 2011-11-10 15:50 - 0000000 ____D C:\Program Files\The Elder Scrolls V Skyrim
    2011-11-29 01:38 - 2011-11-29 01:38 - 0160160 ____A C:\Windows\Minidump\112911-24679-01.dmp
    2011-11-29 01:38 - 2011-11-28 16:48 - 311721516 ____A C:\Windows\MEMORY.DMP
    2011-11-29 01:38 - 2011-11-28 16:48 - 0000000 ____D C:\Windows\Minidump
    2011-11-28 18:46 - 2011-02-16 16:32 - 0000000 ____D C:\Users\gamers\AppData\Roaming\SoftGrid Client
    2011-11-28 16:48 - 2011-11-28 16:48 - 0160112 ____A C:\Windows\Minidump\112811-24133-01.dmp
    2011-11-28 10:03 - 2011-11-28 06:44 - 0052018 ____A C:\Users\gamers\Desktop\bootkit_remover_debug_log.txt
    2011-11-28 08:39 - 2011-07-05 19:18 - 0000000 ____D C:\Users\gamers\AppData\Roaming\RIFT
    2011-11-28 08:39 - 2010-12-26 11:46 - 0000000 __SHD C:\Config.Msi
    2011-11-28 08:39 - 2010-11-03 17:16 - 0000000 ___HD C:\Program Files\InstallShield Installation Information
    2011-11-24 14:45 - 2011-11-24 14:45 - 1916416 ____A (AVAST Software) C:\Users\gamers\Desktop\aswMBR.exe
    2011-11-24 14:43 - 2011-11-24 14:43 - 1008092 ____A C:\Users\gamers\Desktop\rkill.com
    2011-11-24 14:27 - 2011-11-20 08:40 - 0000000 ____D C:\Users\All Users\AVG2012
    2011-11-24 14:27 - 2011-11-20 08:40 - 0000000 ____D C:\ProgramData\AVG2012
    2011-11-24 14:27 - 2011-11-19 06:13 - 0000000 ____D C:\Program Files\AVG
    2011-11-24 14:25 - 2011-11-20 08:37 - 0000000 ____D C:\Users\All Users\MFAData
    2011-11-24 14:25 - 2011-11-20 08:37 - 0000000 ____D C:\ProgramData\MFAData
    2011-11-24 14:19 - 2011-11-24 14:19 - 9130808 ____A (OPSWAT, Inc.) C:\Users\gamers\Downloads\AppRemover.exe
    2011-11-23 16:36 - 2011-11-16 13:20 - 0001047 ____A C:\Users\Public\Desktop\Nexus Mod Manager.lnk
    2011-11-23 16:36 - 2011-11-16 13:20 - 0000000 ____D C:\Program Files\Nexus Mod Manager
    2011-11-23 16:08 - 2011-11-23 16:08 - 0000000 ____A C:\Windows\setuperr.log
    2011-11-23 15:29 - 2011-11-23 06:27 - 0011513 ____A C:\Users\gamers\Documents\hijackthis.log
    2011-11-23 15:27 - 2010-11-03 16:08 - 0000000 ____D C:\Users\gamers\AppData\Local\VirtualStore
    2011-11-23 13:38 - 2011-11-23 13:38 - 0035561 ____A C:\Users\gamers\Documents\DDSlog2.txt
    2011-11-23 13:38 - 2011-11-23 13:38 - 0019191 ____A C:\Users\gamers\Documents\DDSlog1.txt
    2011-11-23 13:38 - 2011-11-23 13:38 - 0004413 ____A C:\Users\gamers\Documents\GMERlog.txt
    2011-11-23 13:38 - 2011-11-23 13:38 - 0000909 ____A C:\Users\gamers\Documents\MBLog.txt
    2011-11-23 13:21 - 2011-11-23 13:21 - 0004415 ____A C:\Users\gamers\Desktop\GMER.log
    2011-11-23 12:13 - 2010-11-06 00:46 - 0000000 ___HD C:\Users\gamers\AppData\Roaming\Macromedia
    2011-11-23 12:13 - 2010-11-03 16:08 - 0000000 ____D C:\Users\gamers\AppData\LocalLow
    2011-11-23 12:12 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\security
    2011-11-23 12:11 - 2011-11-23 12:11 - 0000000 ____D C:\Program Files\somototoolbar
    2011-11-23 12:10 - 2011-11-23 12:10 - 1785905 ____A C:\Users\gamers\Downloads\TempFileCleaner_3.1.1_Setup.exe
    2011-11-23 12:10 - 2011-11-23 12:10 - 0001047 ____A C:\Users\gamers\Desktop\Temp File Cleaner.lnk
    2011-11-23 12:10 - 2011-11-23 12:10 - 0000000 ____D C:\Program Files\Temp File Cleaner
    2011-11-23 12:09 - 2011-11-23 12:09 - 0463080 ____A (CNET Download.com) C:\Users\gamers\Downloads\cnet_TempFileCleaner_3_1_1_Setup_exe.exe
    2011-11-23 07:43 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\System32\config\TxR
    2011-11-23 07:41 - 2009-07-13 23:52 - 0000000 ____D C:\Windows\Downloaded Program Files
    2011-11-23 07:36 - 2011-11-23 07:29 - 0000000 ____D C:\Users\gamers\AppData\Roaming\AVG
    2011-11-23 07:28 - 2011-11-23 07:28 - 8143920 ____A (AVG ) C:\Users\gamers\Downloads\avg_pct_stf_all_2012_26_c5.exe
    2011-11-23 06:58 - 2011-11-23 06:57 - 0607260 ____A (Swearware) C:\Users\gamers\Downloads\dds.scr
    2011-11-23 06:57 - 2011-11-23 06:58 - 0607260 ____R (Swearware) C:\Users\gamers\Desktop\dds.scr
    2011-11-23 06:56 - 2011-11-23 06:58 - 0302592 ____A C:\Users\gamers\Desktop\u6gx0ld6.exe
    2011-11-23 06:56 - 2011-11-23 06:56 - 0302592 ____A C:\Users\gamers\Downloads\u6gx0ld6.exe
    2011-11-23 06:45 - 2011-11-23 06:45 - 0000000 ____D C:\Users\All Users\Kaspersky Lab
    2011-11-23 06:45 - 2011-11-23 06:45 - 0000000 ____D C:\ProgramData\Kaspersky Lab
    2011-11-23 06:42 - 2011-11-23 06:42 - 0000000 ____D C:\Users\gamers\AppData\Roaming\QuickScan
    2011-11-23 06:39 - 2011-11-23 06:39 - 0000000 ____D C:\Users\All Users\boost_interprocess
    2011-11-23 06:39 - 2011-11-23 06:39 - 0000000 ____D C:\ProgramData\boost_interprocess
    2011-11-23 06:39 - 2011-11-23 06:37 - 102896192 ____A C:\Users\gamers\Downloads\setup_11.0.0.1245.x01_2011_11_23_14_01.exe
    2011-11-23 06:06 - 2011-11-21 18:09 - 0002378 ____A C:\Users\gamers\Documents\Kill Box Instructions.txt
    2011-11-23 06:02 - 2011-11-23 06:02 - 0002969 ____A C:\Users\gamers\Desktop\HiJackThis.lnk
    2011-11-23 06:02 - 2011-11-23 06:02 - 0000000 ____D C:\Program Files\Trend Micro
    2011-11-23 06:01 - 2011-11-23 06:01 - 1402880 ____A C:\Users\gamers\Downloads\HijackThis.msi
    2011-11-23 05:51 - 2010-11-06 16:07 - 0000000 ___HD C:\Users\gamers\AppData\Roaming\BitComet
    2011-11-21 23:53 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\Cursors
    2011-11-21 18:09 - 2011-11-21 18:09 - 0092672 ____A (Option^Explicit Software vbtechcd@gmail.com) C:\Users\gamers\Downloads\KillBox.exe
    2011-11-21 17:57 - 2011-11-21 17:57 - 0000000 ____D C:\Users\gamers\AppData\Roaming\Malwarebytes
    2011-11-21 17:57 - 2011-11-21 17:56 - 0000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
    2011-11-21 17:56 - 2011-11-21 17:56 - 9852544 ____A (Malwarebytes Corporation ) C:\Users\gamers\Downloads\mbam-setup-1.51.2.1300.exe
    2011-11-21 17:56 - 2011-11-21 17:56 - 0001071 ____A C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    2011-11-21 17:56 - 2011-11-21 17:56 - 0000000 ____D C:\Users\All Users\Malwarebytes
    2011-11-21 17:56 - 2011-11-21 17:56 - 0000000 ____D C:\ProgramData\Malwarebytes
    2011-11-20 09:17 - 2011-11-20 09:17 - 0000000 ___HD C:\$AVG
    2011-11-20 08:42 - 2011-11-20 08:42 - 0000000 ____D C:\Users\gamers\AppData\Roaming\AVG2012
    2011-11-20 08:29 - 2011-11-20 08:29 - 3903528 ____A (AVG Technologies) C:\Users\gamers\Downloads\avg_free_stb_en_2012_1872_free.exe
    2011-11-20 08:21 - 2011-11-20 08:18 - 0000000 ____D C:\Program Files\Eusing Free Registry Cleaner
    2011-11-20 08:18 - 2011-11-20 08:18 - 0001027 ____A C:\Users\gamers\Desktop\Eusing Free Registry Cleaner.lnk
    2011-11-20 08:17 - 2011-11-20 08:17 - 0977520 ____A C:\Users\gamers\Downloads\EFRCSetup.exe
    2011-11-19 20:07 - 2011-09-28 14:47 - 0000000 ___HD C:\Users\gamers\AppData\Local\dxhr
    2011-11-19 14:28 - 2010-12-16 02:45 - 0000000 ____D C:\Program Files\Common Files\Steam
    2011-11-19 09:18 - 2011-11-19 05:33 - 0000000 ____D C:\Users\All Users\AVAST Software
    2011-11-19 09:18 - 2011-11-19 05:33 - 0000000 ____D C:\ProgramData\AVAST Software
    2011-11-19 06:23 - 2010-11-03 16:12 - 0714754 ____A C:\Windows\System32\PerfStringBackup.INI
    2011-11-19 06:19 - 2011-03-30 13:23 - 0000000 ____D C:\Program Files\Midnight Club 2
    2011-11-19 06:17 - 2011-03-07 09:40 - 0000000 ____D C:\Users\All Users\McAfee
    2011-11-19 06:17 - 2011-03-07 09:40 - 0000000 ____D C:\ProgramData\McAfee
    2011-11-19 06:08 - 2011-11-19 06:06 - 93393016 ____A (AVG Technologies) C:\Users\gamers\Downloads\avg_free_stf_en_90_851a3009.exe
    2011-11-19 05:59 - 2011-11-19 05:59 - 0000027 ____A C:\Windows\System32\MPFServiceFailureCount.txt
    2011-11-19 05:33 - 2011-11-19 05:33 - 0000000 ____D C:\Program Files\AVAST Software
    2011-11-19 05:33 - 2009-07-13 21:04 - 0002577 ____A C:\Windows\System32\config.nt
    2011-11-19 05:30 - 2010-12-23 20:11 - 0000000 ____D C:\Users\All Users\Alwil Software
    2011-11-19 05:30 - 2010-12-23 20:11 - 0000000 ____D C:\ProgramData\Alwil Software
    2011-11-19 05:30 - 2010-12-23 20:11 - 0000000 ____D C:\Program Files\Alwil Software
    2011-11-19 04:59 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\System32\DriverStore
    2011-11-19 04:33 - 2010-11-03 16:08 - 0000000 ____D C:\users\gamers
    2011-11-19 04:32 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\System32\wfp
    2011-11-19 04:31 - 2011-11-10 15:45 - 0000000 ____D C:\Elder Scrolls
    2011-11-19 04:31 - 2011-10-15 18:58 - 0000000 ____D C:\Users\gamers\AppData\Local\Top_Producer_Systems_Inc
    2011-11-19 04:31 - 2011-10-14 18:13 - 0000000 ____D C:\Users\gamers\AppData\Local\Conduit
    2011-11-19 04:31 - 2011-09-25 15:27 - 0000000 ____D C:\Users\gamers\AppData\Local\LogMeIn Hamachi
    2011-11-19 04:31 - 2011-08-12 10:29 - 0000000 ___AD C:\Users\gamers\Desktop\plugins
    2011-11-19 04:31 - 2011-08-12 10:28 - 0000000 ___AD C:\Users\gamers\plugins
    2011-11-19 04:31 - 2011-06-25 13:24 - 0000000 ____D C:\Users\gamers\Desktop\Comcast Essentials
    2011-11-19 04:31 - 2011-03-30 16:26 - 0000000 ____D C:\Users\gamers\AppData\Roaming\NCH Software
    2011-11-19 04:31 - 2011-03-22 00:53 - 0000000 ____D C:\Users\gamers\Documents\Blood Omen 2
    2011-11-19 04:31 - 2011-03-20 18:11 - 0000000 ____D C:\Program Files\Microsoft Silverlight
    2011-11-19 04:31 - 2010-12-26 11:50 - 0000000 ____D C:\Program Files\WinZip
    2011-11-19 04:31 - 2010-12-18 17:34 - 0000000 ____D C:\Users\gamers\AppData\Local\FOMM
    2011-11-19 04:31 - 2010-11-30 22:39 - 0000000 ____D C:\Users\gamers\AppData\Roaming\uTorrent
    2011-11-19 04:31 - 2010-11-30 22:28 - 0000000 ____D C:\Users\gamers\AppData\Roaming\vlc
    2011-11-19 04:31 - 2010-11-23 18:57 - 0000000 ____D C:\Program Files\Mozilla Firefox
    2011-11-19 04:31 - 2010-11-11 12:07 - 0000000 ____D C:\Users\gamers\AppData\Local\SupportSoft
    2011-11-19 04:31 - 2010-11-09 23:19 - 0000000 ____D C:\Users\gamers\Desktop\FFXIV JUNK
    2011-11-19 04:31 - 2010-11-05 16:33 - 0000000 ____D C:\Users\gamers\AppData\Roaming\Ventrilo
    2011-11-19 04:31 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\AppCompat
    2011-11-19 04:30 - 2011-11-19 03:10 - 0000000 ____D C:\Users\gamers\AppData\Roaming\B424F
    2011-11-19 04:30 - 2011-02-01 10:32 - 0000000 ____D C:\DeadSpace
    2011-11-19 04:30 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\registration
    2011-11-19 04:29 - 2011-08-10 19:39 - 0000000 ____D C:\Users\gamers\FrostWire
    2011-11-19 04:29 - 2011-06-24 05:55 - 0000000 ____D C:\Users\gamers\Documents\Witcher 2
    2011-11-19 04:29 - 2011-03-31 12:10 - 0000000 ____D C:\Users\gamers\AppData\Roaming\TuneUp Software
    2011-11-19 04:29 - 2011-03-08 21:31 - 0000000 ____D C:\Users\gamers\Desktop\Dragon Age 2
    2011-11-19 04:29 - 2011-02-18 06:30 - 0000000 ____D C:\Users\gamers\AppData\Roaming\Nero
    2011-11-19 04:29 - 2011-02-05 00:16 - 0000000 ____D C:\Users\gamers\Documents\BioWare
    2011-11-19 04:29 - 2010-11-23 18:58 - 0000000 ____D C:\Users\gamers\AppData\Roaming\Mozilla
    2011-11-19 04:29 - 2010-11-04 16:17 - 0000000 ____D C:\Users\gamers\Documents\My Games
    2011-11-19 04:28 - 2011-11-16 13:20 - 0000000 ____D C:\Users\gamers\AppData\Local\Black_Tree_Gaming
    2011-11-19 04:28 - 2010-11-06 00:46 - 0000000 ____D C:\Users\gamers\AppData\Roaming\Adobe
    2011-11-19 04:27 - 2011-03-09 01:02 - 0000000 ____D C:\Users\All Users\Electronic Arts
    2011-11-19 04:27 - 2011-03-09 01:02 - 0000000 ____D C:\ProgramData\Electronic Arts
    2011-11-19 04:17 - 2011-11-19 04:17 - 0000000 ____D C:\Users\gamers\AppData\Roaming\jFF44pmG5sQJdE8
    2011-11-19 03:59 - 2011-11-19 03:59 - 0000000 ____D C:\Users\gamers\AppData\Roaming\tppmmG55aJ6KfLh
    2011-11-19 03:10 - 2011-11-19 03:10 - 0000000 ____D C:\Users\gamers\AppData\Roaming\wcccS11ivD
    2011-11-19 03:10 - 2011-11-19 03:10 - 0000000 ____D C:\Users\gamers\AppData\Roaming\kttxxP0uuS1
    2011-11-19 03:10 - 2011-11-19 03:10 - 0000000 ____D C:\Users\gamers\AppData\Roaming\FiiibFF3pnGa
    2011-11-18 15:34 - 2011-11-18 15:24 - 0000304 ____A C:\Users\All Users\~MqGNiCX5Sv6EsH
    2011-11-18 15:34 - 2011-11-18 15:24 - 0000304 ____A C:\ProgramData\~MqGNiCX5Sv6EsH
    2011-11-18 15:34 - 2011-11-18 15:24 - 0000232 ____A C:\Users\All Users\~MqGNiCX5Sv6EsHr
    2011-11-18 15:34 - 2011-11-18 15:24 - 0000232 ____A C:\ProgramData\~MqGNiCX5Sv6EsHr
    2011-11-18 15:32 - 2011-11-18 15:23 - 0000448 ____A C:\Users\All Users\MqGNiCX5Sv6EsH
    2011-11-18 15:32 - 2011-11-18 15:23 - 0000448 ____A C:\ProgramData\MqGNiCX5Sv6EsH
    2011-11-18 12:47 - 2011-11-18 12:47 - 1063703 ___AH C:\Users\gamers\Documents\Shadow Sabres Notes - Big D.docx
    2011-11-18 11:55 - 2010-12-23 03:38 - 0000000 ___HD C:\Users\gamers\AppData\Local\Deployment
    2011-11-16 13:30 - 2011-11-16 13:30 - 0397472 ____A () C:\Users\gamers\Downloads\FXAA_PPI_Automatic_Installer-131-1-2.exe
    2011-11-16 13:21 - 2010-12-18 17:36 - 0000000 ____D C:\Games
    2011-11-16 13:20 - 2011-11-16 13:20 - 2286434 ____A (Black Tree Gaming ) C:\Users\gamers\Downloads\Nexus Mod Manager-0.12.2.exe
    2011-11-15 17:47 - 2011-03-30 16:25 - 0000000 ____D C:\Program Files\NCH Software
    2011-11-15 17:24 - 2011-11-15 17:24 - 0000000 ____D C:\Users\All Users\NCH Software
    2011-11-15 17:24 - 2011-11-15 17:24 - 0000000 ____D C:\ProgramData\NCH Software
    2011-11-14 12:26 - 2011-11-14 12:26 - 0000637 ___AH C:\Users\gamers\Documents\Bob's Burgers.xspf
    2011-11-10 16:28 - 2011-11-10 16:28 - 0001624 ____A C:\Users\gamers\Desktop\The Elder Scrolls Skyrim.lnk
    2011-11-10 16:16 - 2011-11-10 16:16 - 0000000 ___HD C:\Users\gamers\AppData\Local\Skyrim
    2011-11-10 15:49 - 2011-11-10 15:48 - 21386221 ___AH C:\Users\gamers\Downloads\rzr-skrm.rar
    2011-11-10 15:40 - 2011-11-10 15:39 - 6685523 ___AH C:\Users\gamers\Downloads\SkyUPDATERAZOR.rar
    2011-11-10 15:39 - 2011-11-10 15:39 - 0752882 ___AH C:\Users\gamers\Downloads\insta.rar
    2011-11-09 13:21 - 2011-08-10 19:37 - 0000000 ____D C:\Program Files\FrostWire 5
    2011-11-09 13:21 - 2011-01-18 11:19 - 0000000 ____D C:\Program Files\iTunes
    2011-11-09 12:35 - 2011-11-09 12:35 - 0001096 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2011-11-09 12:33 - 2010-11-30 22:39 - 0000000 ____D C:\Program Files\uTorrentBar
    2011-11-02 08:15 - 2011-01-03 22:12 - 0000000 ___HD C:\Users\gamers\AppData\Local\ElevatedDiagnostics
    2011-10-30 08:29 - 2011-08-12 10:29 - 0000000 ___HD C:\Users\gamers\Desktop\screenshots
    2011-10-30 03:00 - 2011-10-30 03:00 - 0000736 ___AH C:\Users\gamers\Documents\Smn skill up.txt
    2011-10-16 07:54 - 2010-11-06 16:07 - 0000969 ____A C:\Users\Public\Desktop\BitComet.lnk
    2011-10-16 03:03 - 2011-10-16 02:19 - 0000131 ___AH C:\Users\gamers\Documents\JP Translate.txt
    2011-10-15 03:57 - 2011-10-15 03:55 - 0046080 __ASH C:\Users\gamers\AppData\Roaming\Thumbs.db
    2011-10-07 20:47 - 2011-10-07 20:46 - 0000069 ____A C:\Windows\NeroDigital.ini
    2011-10-07 20:47 - 2010-12-23 16:43 - 0000182 ___AH C:\Users\gamers\AppData\Roaming\default.rss
    2011-10-04 18:30 - 2011-06-04 16:51 - 0000089 ___SH C:\Users\All Users\.zreglib
    2011-10-04 18:30 - 2011-06-04 16:51 - 0000089 ___SH C:\ProgramData\.zreglib
    2011-10-04 05:48 - 2011-10-04 05:48 - 0000461 ___AH C:\Users\gamers\Documents\LolJobs.txt
    2011-10-01 20:37 - 2011-10-01 20:37 - 0000000 ____D C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor
    2011-10-01 20:37 - 2010-12-22 04:33 - 0000000 ____D C:\Program Files\Common Files\InstallShield
    2011-10-01 20:32 - 2011-10-01 20:32 - 0001624 ____A C:\Windows\System32\WLAN.INI
    2011-10-01 20:29 - 2011-10-01 20:29 - 0000000 ____D C:\Linksys Driver
    2011-09-30 17:06 - 2011-09-30 17:06 - 0000000 ___HD C:\Users\gamers\AppData\Local\Microsoft Games
    2011-09-28 14:44 - 2011-09-28 14:44 - 0000000 ___HD C:\Users\gamers\AppData\Local\SKIDROW
    2011-09-28 14:44 - 2011-09-28 14:44 - 0000000 ___HD C:\Users\gamers\AppData\Local\28050
    2011-09-28 14:44 - 2011-09-28 14:25 - 0000000 ____D C:\Program Files\Square Enix
    2011-09-28 14:42 - 2011-09-28 14:42 - 0001223 ____A C:\Users\Public\Desktop\Deus Ex - Human Revolution.lnk
    2011-09-26 13:15 - 2011-09-26 13:11 - 0000260 ___AH C:\Users\gamers\Documents\Raps & Rhymes.txt
    2011-09-25 15:27 - 2011-09-25 15:27 - 0000896 ____A C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
    2011-09-25 15:27 - 2011-09-25 15:27 - 0000000 ____D C:\Program Files\LogMeIn Hamachi
    2011-09-25 14:59 - 2011-09-25 12:36 - 0000000 ____D C:\Program Files\Deep Silver
    2011-09-25 14:54 - 2011-09-25 14:54 - 0001659 ____A C:\Users\gamers\Desktop\Dead Island.lnk
    2011-09-25 13:28 - 2011-09-25 13:28 - 0000000 ___HD C:\Users\gamers\AppData\Local\PackageAware
    2011-09-24 02:04 - 2011-01-21 10:53 - 0000166 ___AH C:\Users\gamers\Documents\Passwords.txt
    2011-09-21 18:11 - 2011-09-21 18:11 - 0003641 ____A C:\Users\gamers\Desktop\readme_ru.txt
    2011-09-21 18:11 - 2011-09-21 18:11 - 0003114 ____A C:\Users\gamers\Desktop\readme_en.txt
    2011-09-20 03:02 - 2011-09-20 03:02 - 0083968 ____A (Esage Lab) C:\Users\gamers\Desktop\boot_cleaner.exe
    2011-09-12 13:42 - 2011-09-12 13:42 - 0000000 ___AH C:\Users\gamers\Documents\Default.rdp
    2011-09-11 04:06 - 2011-08-12 10:29 - 0000512 ____A C:\Users\gamers\Desktop\launcher.ini
    2011-09-06 13:32 - 2009-07-13 21:37 - 0000000 __RHD C:\Users\Public\Libraries
    2011-09-04 01:35 - 2011-07-21 13:45 - 0016914 ___AH C:\Users\gamers\Documents\Shadow Sabers Random Chapter Work.docx

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\explorer.exe
    [2010-11-30 22:42] - [2009-10-31 00:45] - 2614272 ____A (Microsoft Corporation) 2626FC9755BE22F805D3CFA0CE3EE727

    C:\Windows\System32\winlogon.exe => MD5 is legit

    C:\Windows\System32\wininit.exe => MD5 is legit

    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ========================= Memory info ======================

    Percentage of memory in use: 33%
    Total physical RAM: 3071.55 MB
    Available physical RAM: 2033.92 MB
    Total Pagefile: 6141.39 MB
    Available Pagefile: 5022.46 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1937.32 MB

    ======================= Partitions =========================

    1 Drive c: () (Fixed) (Total:465.75 GB) (Free:81.74 GB) NTFS ==>[System = boot components]

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 465 GB 0 B

    Partitions of Disk 0:

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 465 GB 31 KB
    Partition 2 Primary 10 MB 465 GB

    Disk: 0
    Partition 2
    Hidden: Yes
    Active: Yes

    There is no volume associated with this partition.



    ==========================================================

    Last Boot: 2011-12-01 00:40

    ======================= End Of Log ==========================
  2. Brutal Black

    Brutal Black Newcomer, in training Topic Starter Posts: 75

    I got a new notification from Combofix. I left it running with the ethernet cord plugged in for the first time and downloaded an updated version of Combofix. This version told me I had a Rootkit.ZeroAccess virus. Unsure if thats even a virus but from my understanding that's what it said. I couldn't copy/paste this information sadly.

    Combofix never finished running, was left at the same scanning screen for 23hrs.
  3. Broni

    Broni Malware Annihilator Posts: 45,175   +242

    You seem to be infected with the newest TDL4 rootkit.

    WARNING!
    Proceed with extreme caution!
    Deleting wrong partition will result with your computer being unusable.
    If you have any doubts, ask.


    ===========================================================================================

    Download gparted-live-0.10.0-3.iso (115.1 MB)

    Burn it to a CD: http://neosmart.net/wiki/display/G/Burning+ISO+Images+to+a+CD+or+DVD

    Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
    Boot off of the newly created Gparted CD.

    You should be here:
    [​IMG]
    Press Enter.

    By default, "do not touch keymap" is highlighted. Leave this setting alone and just press ENTER:
    [​IMG]

    Choose your language and press ENTER. English is default [33]:
    [​IMG]

    Once again, at this prompt, press ENTER:
    [​IMG]

    You will now be taken to the main GUI screen below:
    [​IMG]
    According to your logs, the partition that you want to delete is the small partition of 10MB.
    Click on it to highlight it.
    Click the trash can icon to delete and then click Apply.

    You should now be here confirming your actions:
    [​IMG]

    Now you should be here:
    [​IMG]

    Is "boot" next to your OS drive?
    [​IMG]

    If "boot" is NOT next to your OS drive under "Flags", right-mouse click the OS drive while in Gparted and select Manage Flags.

    In the menu that pops up, place a checkmark in boot like the picture below:
    [​IMG]

    Now double-click the [​IMG] button.

    You should receive a small pop up like this:
    [​IMG]

    Choose reboot and then press OK.

    ============================================================================================

    Then....

    Please Boot to the System Recovery Options
    If you have Windows 7 installation disc, just insert a DVD to the drive, restart computer and it should load automatically (option two presented in the article).
    It's possible also that your computer has a pre-installed recovery partition instead - in such a case use a method one (by pressing F8 before Windows starts loading)...

    On the System Recovery Options menu you will get the following options:

    • Startup Repair
    • System Restore
    • Windows Complete PC Restore
    • Windows Memory Diagnostic Tool
    • Command Prompt

    Choose Command Prompt
    You should see X:\SOURCES>...

    Execute the following commands in bold.
    Press Enter after every one of them.

    bootrec /fixmbr (<--- there is a "space" after "bootrec")

    bootrec /fixboot

    exit

    Restart computer.

    Post new aswMBR log.
  4. Brutal Black

    Brutal Black Newcomer, in training Topic Starter Posts: 75

    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-12-03 04:09:06
    -----------------------------
    04:09:06.824 OS Version: Windows 6.1.7600
    04:09:06.824 Number of processors: 2 586 0x4B02
    04:09:06.827 ComputerName: ELNEGROBRUTAL UserName: gamers
    04:09:07.824 Initialize success
    04:11:00.351 AVAST engine defs: 11120300
    04:11:10.256 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000064
    04:11:10.261 Disk 0 Vendor: WDC_WD50 05.0 Size: 476940MB BusType: 3
    04:11:12.281 Disk 0 MBR read successfully
    04:11:12.286 Disk 0 MBR scan
    04:11:12.296 Disk 0 Windows 7 default MBR code
    04:11:12.306 Disk 0 scanning sectors +976752000
    04:11:12.353 Disk 0 scanning C:\Windows\system32\drivers
    04:11:19.356 Service scanning
    04:11:21.591 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
    04:11:22.153 Modules scanning
    04:11:26.638 Module: C:\Windows\System32\user32.dll **SUSPICIOUS**
    04:11:26.958 Disk 0 trace - called modules:
    04:11:26.971 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x8557d1f8]<<
    04:11:26.978 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86701aa0]
    04:11:26.986 3 CLASSPNP.SYS[8b92659e] -> nt!IofCallDriver -> [0x855bb700]
    04:11:26.991 5 ACPI.sys[8b3433b2] -> nt!IofCallDriver -> \Device\00000064[0x86311860]
    04:11:26.996 \Driver\nvstor[0x862e9968] -> IRP_MJ_CREATE -> 0x8557d1f8
    04:11:28.493 AVAST engine scan C:\Windows
    04:11:31.216 AVAST engine scan C:\Windows\system32
    04:13:19.856 AVAST engine scan C:\Windows\system32\drivers
    04:13:26.988 AVAST engine scan C:\Users\gamers
    04:18:58.678 AVAST engine scan C:\ProgramData
    04:19:39.721 Scan finished successfully
    04:40:09.366 Disk 0 MBR has been saved successfully to "C:\Users\gamers\Desktop\MBR.dat"
    04:40:09.371 The log file has been saved successfully to "C:\Users\gamers\Desktop\aswMBR.txt"


    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-12-03 04:09:06
    -----------------------------
    04:09:06.824 OS Version: Windows 6.1.7600
    04:09:06.824 Number of processors: 2 586 0x4B02
    04:09:06.827 ComputerName: ELNEGROBRUTAL UserName: gamers
    04:09:07.824 Initialize success
    04:11:00.351 AVAST engine defs: 11120300
    04:11:10.256 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000064
    04:11:10.261 Disk 0 Vendor: WDC_WD50 05.0 Size: 476940MB BusType: 3
    04:11:12.281 Disk 0 MBR read successfully
    04:11:12.286 Disk 0 MBR scan
    04:11:12.296 Disk 0 Windows 7 default MBR code
    04:11:12.306 Disk 0 scanning sectors +976752000
    04:11:12.353 Disk 0 scanning C:\Windows\system32\drivers
    04:11:19.356 Service scanning
    04:11:21.591 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
    04:11:22.153 Modules scanning
    04:11:26.638 Module: C:\Windows\System32\user32.dll **SUSPICIOUS**
    04:11:26.958 Disk 0 trace - called modules:
    04:11:26.971 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x8557d1f8]<<
    04:11:26.978 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86701aa0]
    04:11:26.986 3 CLASSPNP.SYS[8b92659e] -> nt!IofCallDriver -> [0x855bb700]
    04:11:26.991 5 ACPI.sys[8b3433b2] -> nt!IofCallDriver -> \Device\00000064[0x86311860]
    04:11:26.996 \Driver\nvstor[0x862e9968] -> IRP_MJ_CREATE -> 0x8557d1f8
    04:11:28.493 AVAST engine scan C:\Windows
    04:11:31.216 AVAST engine scan C:\Windows\system32
    04:13:19.856 AVAST engine scan C:\Windows\system32\drivers
    04:13:26.988 AVAST engine scan C:\Users\gamers
    04:18:58.678 AVAST engine scan C:\ProgramData
    04:19:39.721 Scan finished successfully
    04:40:09.366 Disk 0 MBR has been saved successfully to "C:\Users\gamers\Desktop\MBR.dat"
    04:40:09.371 The log file has been saved successfully to "C:\Users\gamers\Desktop\aswMBR.txt"
    04:41:18.389 Disk 0 MBR has been saved successfully to "C:\Users\gamers\Desktop\MBR.dat"
    04:41:18.394 The log file has been saved successfully to "C:\Users\gamers\Desktop\aswMBR.txt"
  5. Brutal Black

    Brutal Black Newcomer, in training Topic Starter Posts: 75

    Followed your instructions to the T. aswMBR wouldn't run before, but after following your steps and finally getting back to the desktop it ran as it should have the first time around, pleasant surprise. So I didn't hit "Fix MBR" because I figured it was something I should ask about first and it wasn't in the instrctions. So I left the log open with the option still available, should I hit the button?

    Also, can I reinstall my AV at this point or not quite yet?
  6. Broni

    Broni Malware Annihilator Posts: 45,175   +242

    Hold on with reinstalling AV program.
    Leave aswMBR alone.

    First of all how are the issues?

    Post fresh Farbar Recovery Scan Tool log.

    See if TDSSKiller will run.

    See if Combofix will run.
  7. Brutal Black

    Brutal Black Newcomer, in training Topic Starter Posts: 75

    The problems have seemed to all cease, no more redirection, nor psychotic IE. But I'll definitely run all the programs and post some logs in just a moment.
  8. Brutal Black

    Brutal Black Newcomer, in training Topic Starter Posts: 75

    Scan result of Farbars's Recovery Tool (FRST written by farbar) Version 2.3.0
    Ran by gamers at 2011-12-03 13:11:20
    Running from C:\Users\gamers\Desktop
    (X86) OS Language: English(US)
    Attention: Could not load system hive.ERROR: The process cannot access the file because it is being used by another process.

    ========================== Registry (Whitelisted) =============

    HKU\Administrator\...\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2008-06-09] (Hewlett-Packard Company)
    HKLM\...\Winlogon: [Userinit] [x]
    HKLM\...\Winlogon: [Shell]

    ================================ Services (Whitelisted) ==================


    ========================== Drivers (Whitelisted) =============


    ========================== NetSvcs (Whitelisted) ===========

    ============ One Month Created Files and Folders ==============

    2011-12-03 04:40 - 2011-12-03 04:41 - 0000512 ____A C:\Users\gamers\Desktop\MBR.dat
    2011-12-02 22:22 - 2011-12-02 22:23 - 115079168 ____A C:\Users\gamers\Downloads\gparted-live-0.10.0-3.iso
    2011-12-02 19:53 - 2011-12-03 13:11 - 0000000 ____D C:\FRST
    2011-12-02 19:52 - 2011-12-02 19:52 - 0858348 ____A C:\Users\gamers\Desktop\FRST.exe
    2011-12-01 20:38 - 2009-07-13 18:12 - 0338944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
    2011-12-01 20:30 - 2011-12-02 19:49 - 0000000 ___SD C:\Yourname
    2011-12-01 19:49 - 2011-12-01 19:49 - 0000000 ____A C:\Users\gamers\Desktop\New Text Document.txt
    2011-12-01 19:05 - 2011-12-01 19:05 - 0000000 ____D C:\Users\All Users\AMMYY
    2011-12-01 19:05 - 2011-12-01 19:05 - 0000000 ____D C:\ProgramData\AMMYY
    2011-12-01 01:29 - 2011-12-01 01:29 - 1566512 ____A (Kaspersky Lab ZAO) C:\Users\gamers\Desktop\tdsskiller.exe
    2011-11-30 19:44 - 2011-11-30 19:44 - 0000000 __SHD C:\$RECYCLE.BIN
    2011-11-29 21:52 - 2011-12-01 20:28 - 4324789 ____R (Swearware) C:\Users\gamers\Desktop\Yourname.exe
    2011-11-29 03:53 - 2011-06-26 01:45 - 0256000 ____A C:\Windows\PEV.exe
    2011-11-29 03:53 - 2010-11-07 12:20 - 0208896 ____A C:\Windows\MBR.exe
    2011-11-29 03:53 - 2009-04-19 23:56 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
    2011-11-29 03:53 - 2000-08-30 19:00 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe
    2011-11-29 03:53 - 2000-08-30 19:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe
    2011-11-29 03:53 - 2000-08-30 19:00 - 0098816 ____A C:\Windows\sed.exe
    2011-11-29 03:53 - 2000-08-30 19:00 - 0080412 ____A C:\Windows\grep.exe
    2011-11-29 03:53 - 2000-08-30 19:00 - 0068096 ____A C:\Windows\zip.exe
    2011-11-29 03:52 - 2011-11-29 03:52 - 0000000 ____D C:\Windows\ERDNT
    2011-11-29 03:46 - 2011-11-29 03:52 - 0000000 ____D C:\Qoobox
    2011-11-29 01:38 - 2011-11-29 01:38 - 0160160 ____A C:\Windows\Minidump\112911-24679-01.dmp
    2011-11-28 16:48 - 2011-11-29 01:38 - 311721516 ____A C:\Windows\MEMORY.DMP
    2011-11-28 16:48 - 2011-11-29 01:38 - 0000000 ____D C:\Windows\Minidump
    2011-11-28 16:48 - 2011-11-28 16:48 - 0160112 ____A C:\Windows\Minidump\112811-24133-01.dmp
    2011-11-28 06:44 - 2011-11-28 10:03 - 0052018 ____A C:\Users\gamers\Desktop\bootkit_remover_debug_log.txt
    2011-11-24 14:45 - 2011-11-24 14:45 - 1916416 ____A (AVAST Software) C:\Users\gamers\Desktop\aswMBR.exe
    2011-11-24 14:44 - 2011-12-01 01:35 - 0000357 ____A C:\rkill.log
    2011-11-24 14:43 - 2011-11-24 14:43 - 1008092 ____A C:\Users\gamers\Desktop\rkill.com
    2011-11-24 14:27 - 2011-12-02 19:49 - 0017838 ____A C:\Windows\PFRO.log
    2011-11-24 14:19 - 2011-11-24 14:19 - 9130808 ____A (OPSWAT, Inc.) C:\Users\gamers\Downloads\AppRemover.exe
    2011-11-23 16:08 - 2011-12-03 04:07 - 0002408 ____A C:\Windows\setupact.log
    2011-11-23 16:08 - 2011-11-23 16:08 - 0000000 ____A C:\Windows\setuperr.log
    2011-11-23 13:38 - 2011-11-23 13:38 - 0035561 ____A C:\Users\gamers\Documents\DDSlog2.txt
    2011-11-23 13:38 - 2011-11-23 13:38 - 0019191 ____A C:\Users\gamers\Documents\DDSlog1.txt
    2011-11-23 13:38 - 2011-11-23 13:38 - 0004413 ____A C:\Users\gamers\Documents\GMERlog.txt
    2011-11-23 13:38 - 2011-11-23 13:38 - 0000909 ____A C:\Users\gamers\Documents\MBLog.txt
    2011-11-23 13:21 - 2011-11-23 13:21 - 0004415 ____A C:\Users\gamers\Desktop\GMER.log
    2011-11-23 12:11 - 2011-11-23 12:11 - 0000000 ____D C:\Program Files\somototoolbar
    2011-11-23 12:10 - 2011-11-23 12:10 - 1785905 ____A C:\Users\gamers\Downloads\TempFileCleaner_3.1.1_Setup.exe
    2011-11-23 12:10 - 2011-11-23 12:10 - 0001047 ____A C:\Users\gamers\Desktop\Temp File Cleaner.lnk
    2011-11-23 12:10 - 2011-11-23 12:10 - 0000000 ____D C:\Program Files\Temp File Cleaner
    2011-11-23 12:09 - 2011-11-23 12:09 - 0463080 ____A (CNET Download.com) C:\Users\gamers\Downloads\cnet_TempFileCleaner_3_1_1_Setup_exe.exe
    2011-11-23 07:29 - 2011-11-23 07:36 - 0000000 ____D C:\Users\gamers\AppData\Roaming\AVG
    2011-11-23 07:28 - 2011-11-23 07:28 - 8143920 ____A (AVG ) C:\Users\gamers\Downloads\avg_pct_stf_all_2012_26_c5.exe
    2011-11-23 06:58 - 2011-11-23 06:57 - 0607260 ____R (Swearware) C:\Users\gamers\Desktop\dds.scr
    2011-11-23 06:58 - 2011-11-23 06:56 - 0302592 ____A C:\Users\gamers\Desktop\u6gx0ld6.exe
    2011-11-23 06:57 - 2011-11-23 06:58 - 0607260 ____A (Swearware) C:\Users\gamers\Downloads\dds.scr
    2011-11-23 06:56 - 2011-11-23 06:56 - 0302592 ____A C:\Users\gamers\Downloads\u6gx0ld6.exe
    2011-11-23 06:45 - 2011-11-23 06:45 - 0000000 ____D C:\Users\All Users\Kaspersky Lab
    2011-11-23 06:45 - 2011-11-23 06:45 - 0000000 ____D C:\ProgramData\Kaspersky Lab
    2011-11-23 06:42 - 2011-11-23 06:42 - 0000000 ____D C:\Users\gamers\AppData\Roaming\QuickScan
    2011-11-23 06:39 - 2011-11-23 06:39 - 0000000 ____D C:\Users\All Users\boost_interprocess
    2011-11-23 06:39 - 2011-11-23 06:39 - 0000000 ____D C:\ProgramData\boost_interprocess
    2011-11-23 06:37 - 2011-11-23 06:39 - 102896192 ____A C:\Users\gamers\Downloads\setup_11.0.0.1245.x01_2011_11_23_14_01.exe
    2011-11-23 06:27 - 2011-11-23 15:29 - 0011513 ____A C:\Users\gamers\Documents\hijackthis.log
    2011-11-23 06:02 - 2011-11-23 06:02 - 0002969 ____A C:\Users\gamers\Desktop\HiJackThis.lnk
    2011-11-23 06:02 - 2011-11-23 06:02 - 0000000 ____D C:\Program Files\Trend Micro
    2011-11-23 06:01 - 2011-11-23 06:01 - 1402880 ____A C:\Users\gamers\Downloads\HijackThis.msi
    2011-11-21 18:09 - 2011-11-23 06:06 - 0002378 ____A C:\Users\gamers\Documents\Kill Box Instructions.txt
    2011-11-21 18:09 - 2011-11-21 18:09 - 0092672 ____A (Option^Explicit Software vbtechcd@gmail.com) C:\Users\gamers\Downloads\KillBox.exe
    2011-11-21 17:57 - 2011-11-21 17:57 - 0000000 ____D C:\Users\gamers\AppData\Roaming\Malwarebytes
    2011-11-21 17:56 - 2011-11-21 17:57 - 0000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
    2011-11-21 17:56 - 2011-11-21 17:56 - 9852544 ____A (Malwarebytes Corporation ) C:\Users\gamers\Downloads\mbam-setup-1.51.2.1300.exe
    2011-11-21 17:56 - 2011-11-21 17:56 - 0001071 ____A C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    2011-11-21 17:56 - 2011-11-21 17:56 - 0000000 ____D C:\Users\All Users\Malwarebytes
    2011-11-21 17:56 - 2011-11-21 17:56 - 0000000 ____D C:\ProgramData\Malwarebytes
    2011-11-20 09:17 - 2011-11-20 09:17 - 0000000 ___HD C:\$AVG
    2011-11-20 08:42 - 2011-11-20 08:42 - 0000000 ____D C:\Users\gamers\AppData\Roaming\AVG2012
    2011-11-20 08:40 - 2011-11-24 14:27 - 0000000 ____D C:\Users\All Users\AVG2012
    2011-11-20 08:40 - 2011-11-24 14:27 - 0000000 ____D C:\ProgramData\AVG2012
    2011-11-20 08:37 - 2011-11-24 14:25 - 0000000 ____D C:\Users\All Users\MFAData
    2011-11-20 08:37 - 2011-11-24 14:25 - 0000000 ____D C:\ProgramData\MFAData
    2011-11-20 08:29 - 2011-11-20 08:29 - 3903528 ____A (AVG Technologies) C:\Users\gamers\Downloads\avg_free_stb_en_2012_1872_free.exe
    2011-11-20 08:18 - 2011-11-20 08:21 - 0000000 ____D C:\Program Files\Eusing Free Registry Cleaner
    2011-11-20 08:18 - 2011-11-20 08:18 - 0001027 ____A C:\Users\gamers\Desktop\Eusing Free Registry Cleaner.lnk
    2011-11-20 08:17 - 2011-11-20 08:17 - 0977520 ____A C:\Users\gamers\Downloads\EFRCSetup.exe
    2011-11-19 06:13 - 2011-11-24 14:27 - 0000000 ____D C:\Program Files\AVG
    2011-11-19 06:06 - 2011-11-19 06:08 - 93393016 ____A (AVG Technologies) C:\Users\gamers\Downloads\avg_free_stf_en_90_851a3009.exe
    2011-11-19 05:59 - 2011-11-19 05:59 - 0000027 ____A C:\Windows\System32\MPFServiceFailureCount.txt
    2011-11-19 05:33 - 2011-11-19 09:18 - 0000000 ____D C:\Users\All Users\AVAST Software
    2011-11-19 05:33 - 2011-11-19 09:18 - 0000000 ____D C:\ProgramData\AVAST Software
    2011-11-19 05:33 - 2011-11-19 05:33 - 0000000 ____D C:\Program Files\AVAST Software
    2011-11-19 04:17 - 2011-11-19 04:17 - 0000000 ____D C:\Users\gamers\AppData\Roaming\jFF44pmG5sQJdE8
    2011-11-19 03:59 - 2011-11-19 03:59 - 0000000 ____D C:\Users\gamers\AppData\Roaming\tppmmG55aJ6KfLh
    2011-11-19 03:10 - 2011-11-19 04:30 - 0000000 ____D C:\Users\gamers\AppData\Roaming\B424F
    2011-11-19 03:10 - 2011-11-19 03:10 - 0000000 ____D C:\Users\gamers\AppData\Roaming\wcccS11ivD
    2011-11-19 03:10 - 2011-11-19 03:10 - 0000000 ____D C:\Users\gamers\AppData\Roaming\kttxxP0uuS1
    2011-11-19 03:10 - 2011-11-19 03:10 - 0000000 ____D C:\Users\gamers\AppData\Roaming\FiiibFF3pnGa
    2011-11-18 15:24 - 2011-11-18 15:34 - 0000304 ____A C:\Users\All Users\~MqGNiCX5Sv6EsH
    2011-11-18 15:24 - 2011-11-18 15:34 - 0000304 ____A C:\ProgramData\~MqGNiCX5Sv6EsH
    2011-11-18 15:24 - 2011-11-18 15:34 - 0000232 ____A C:\Users\All Users\~MqGNiCX5Sv6EsHr
    2011-11-18 15:24 - 2011-11-18 15:34 - 0000232 ____A C:\ProgramData\~MqGNiCX5Sv6EsHr
    2011-11-18 15:23 - 2011-11-18 15:32 - 0000448 ____A C:\Users\All Users\MqGNiCX5Sv6EsH
    2011-11-18 15:23 - 2011-11-18 15:32 - 0000448 ____A C:\ProgramData\MqGNiCX5Sv6EsH
    2011-11-18 12:47 - 2011-11-18 12:47 - 1063703 ___AH C:\Users\gamers\Documents\Shadow Sabres Notes - Big D.docx
    2011-11-16 13:30 - 2011-11-16 13:30 - 0397472 ____A () C:\Users\gamers\Downloads\FXAA_PPI_Automatic_Installer-131-1-2.exe
    2011-11-16 13:20 - 2011-11-29 01:41 - 0000000 ___HD C:\Users\gamers\Documents\Nexus Mod Manager
    2011-11-16 13:20 - 2011-11-23 16:36 - 0001047 ____A C:\Users\Public\Desktop\Nexus Mod Manager.lnk
    2011-11-16 13:20 - 2011-11-23 16:36 - 0000000 ____D C:\Program Files\Nexus Mod Manager
    2011-11-16 13:20 - 2011-11-19 04:28 - 0000000 ____D C:\Users\gamers\AppData\Local\Black_Tree_Gaming
    2011-11-16 13:20 - 2011-11-16 13:20 - 2286434 ____A (Black Tree Gaming ) C:\Users\gamers\Downloads\Nexus Mod Manager-0.12.2.exe
    2011-11-15 17:24 - 2011-11-15 17:24 - 0000000 ____D C:\Users\All Users\NCH Software
    2011-11-15 17:24 - 2011-11-15 17:24 - 0000000 ____D C:\ProgramData\NCH Software
    2011-11-14 12:26 - 2011-11-14 12:26 - 0000637 ___AH C:\Users\gamers\Documents\Bob's Burgers.xspf
    2011-11-10 16:28 - 2011-11-10 16:28 - 0001624 ____A C:\Users\gamers\Desktop\The Elder Scrolls Skyrim.lnk
    2011-11-10 16:16 - 2011-11-10 16:16 - 0000000 ___HD C:\Users\gamers\AppData\Local\Skyrim
    2011-11-10 15:50 - 2011-11-29 01:40 - 0000000 ____D C:\Program Files\The Elder Scrolls V Skyrim
    2011-11-10 15:48 - 2011-11-10 15:49 - 21386221 ___AH C:\Users\gamers\Downloads\rzr-skrm.rar
    2011-11-10 15:45 - 2011-11-19 04:31 - 0000000 ____D C:\Elder Scrolls
    2011-11-10 15:39 - 2011-11-10 15:40 - 6685523 ___AH C:\Users\gamers\Downloads\SkyUPDATERAZOR.rar
    2011-11-10 15:39 - 2011-11-10 15:39 - 0752882 ___AH C:\Users\gamers\Downloads\insta.rar
    2011-11-09 12:35 - 2011-11-09 12:35 - 0001096 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk


    ============ 3 Months Modified Files and Folders ===============

    2011-12-03 13:11 - 2011-12-02 19:53 - 0000000 ____D C:\FRST
    2011-12-03 12:55 - 2010-11-09 21:20 - 0000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2011-12-03 04:41 - 2011-12-03 04:40 - 0004069 ____A C:\Users\gamers\Desktop\aswMBR.txt
    2011-12-03 04:41 - 2011-12-03 04:40 - 0000512 ____A C:\Users\gamers\Desktop\MBR.dat
    2011-12-03 04:10 - 2010-11-03 19:01 - 1823747 ____A C:\Windows\WindowsUpdate.log
    2011-12-03 04:07 - 2011-11-23 16:08 - 0002408 ____A C:\Windows\setupact.log
    2011-12-03 04:07 - 2011-04-22 14:09 - 0000000 ____D C:\Users\All Users\MediaMall
    2011-12-03 04:07 - 2011-04-22 14:09 - 0000000 ____D C:\ProgramData\MediaMall
    2011-12-03 04:07 - 2010-12-16 02:45 - 0000000 ____D C:\Program Files\Steam
    2011-12-03 04:07 - 2010-11-09 21:20 - 0000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2011-12-03 04:07 - 2009-07-13 23:53 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
    2011-12-03 04:06 - 2010-11-03 18:58 - 2415566848 __ASH C:\hiberfil.sys
    2011-12-03 04:02 - 2011-02-16 14:00 - 1975558 ____A C:\Windows\ntbtlog.txt
    2011-12-02 22:23 - 2011-12-02 22:22 - 115079168 ____A C:\Users\gamers\Downloads\gparted-live-0.10.0-3.iso
    2011-12-02 19:58 - 2011-02-16 16:32 - 0000000 ____D C:\Users\gamers\AppData\Roaming\SoftGrid Client
    2011-12-02 19:52 - 2011-12-02 19:52 - 0858348 ____A C:\Users\gamers\Desktop\FRST.exe
    2011-12-02 19:49 - 2011-12-01 20:30 - 0000000 ___SD C:\Yourname
    2011-12-02 19:49 - 2011-11-24 14:27 - 0017838 ____A C:\Windows\PFRO.log
    2011-12-02 19:49 - 2009-07-13 23:53 - 0032556 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2011-12-01 20:37 - 2009-07-13 21:37 - 0000000 ___DC C:\Windows\$NtUninstallKB49674$
    2011-12-01 20:28 - 2011-11-29 21:52 - 4324789 ____R (Swearware) C:\Users\gamers\Desktop\Yourname.exe
    2011-12-01 19:58 - 2009-07-13 23:34 - 0010240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2011-12-01 19:58 - 2009-07-13 23:34 - 0010240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2011-12-01 19:49 - 2011-12-01 19:49 - 0000000 ____A C:\Users\gamers\Desktop\New Text Document.txt
    2011-12-01 19:05 - 2011-12-01 19:05 - 0000000 ____D C:\Users\All Users\AMMYY
    2011-12-01 19:05 - 2011-12-01 19:05 - 0000000 ____D C:\ProgramData\AMMYY
    2011-12-01 01:35 - 2011-11-24 14:44 - 0000357 ____A C:\rkill.log
    2011-12-01 01:29 - 2011-12-01 01:29 - 1566512 ____A (Kaspersky Lab ZAO) C:\Users\gamers\Desktop\tdsskiller.exe
    2011-11-30 21:04 - 2011-08-10 19:38 - 0000000 ____D C:\Users\gamers\.frostwire5
    2011-11-30 20:11 - 2010-11-09 21:20 - 0000000 ___HD C:\Users\gamers\AppData\Local\Google
    2011-11-30 19:44 - 2011-11-30 19:44 - 0000000 __SHD C:\$RECYCLE.BIN
    2011-11-30 19:44 - 2010-12-23 03:38 - 0000000 ____D C:\Users\gamers\AppData\Local\Apps\2.0
    2011-11-30 15:47 - 2009-07-13 21:04 - 0000027 ____A C:\Windows\System32\Drivers\etc\hosts
    2011-11-29 03:56 - 2009-07-13 21:37 - 0000000 ___RD C:\users\Public
    2011-11-29 03:52 - 2011-11-29 03:52 - 0000000 ____D C:\Windows\ERDNT
    2011-11-29 03:52 - 2011-11-29 03:46 - 0000000 ____D C:\Qoobox
    2011-11-29 01:41 - 2011-11-16 13:20 - 0000000 ___HD C:\Users\gamers\Documents\Nexus Mod Manager
    2011-11-29 01:40 - 2011-11-10 15:50 - 0000000 ____D C:\Program Files\The Elder Scrolls V Skyrim
    2011-11-29 01:38 - 2011-11-29 01:38 - 0160160 ____A C:\Windows\Minidump\112911-24679-01.dmp
    2011-11-29 01:38 - 2011-11-28 16:48 - 311721516 ____A C:\Windows\MEMORY.DMP
    2011-11-29 01:38 - 2011-11-28 16:48 - 0000000 ____D C:\Windows\Minidump
    2011-11-28 16:48 - 2011-11-28 16:48 - 0160112 ____A C:\Windows\Minidump\112811-24133-01.dmp
    2011-11-28 10:03 - 2011-11-28 06:44 - 0052018 ____A C:\Users\gamers\Desktop\bootkit_remover_debug_log.txt
    2011-11-28 08:39 - 2011-07-05 19:18 - 0000000 ____D C:\Users\gamers\AppData\Roaming\RIFT
    2011-11-28 08:39 - 2010-12-26 11:46 - 0000000 __SHD C:\Config.Msi
    2011-11-28 08:39 - 2010-11-03 17:16 - 0000000 ___HD C:\Program Files\InstallShield Installation Information
    2011-11-24 14:45 - 2011-11-24 14:45 - 1916416 ____A (AVAST Software) C:\Users\gamers\Desktop\aswMBR.exe
    2011-11-24 14:43 - 2011-11-24 14:43 - 1008092 ____A C:\Users\gamers\Desktop\rkill.com
    2011-11-24 14:27 - 2011-11-20 08:40 - 0000000 ____D C:\Users\All Users\AVG2012
    2011-11-24 14:27 - 2011-11-20 08:40 - 0000000 ____D C:\ProgramData\AVG2012
    2011-11-24 14:27 - 2011-11-19 06:13 - 0000000 ____D C:\Program Files\AVG
    2011-11-24 14:25 - 2011-11-20 08:37 - 0000000 ____D C:\Users\All Users\MFAData
    2011-11-24 14:25 - 2011-11-20 08:37 - 0000000 ____D C:\ProgramData\MFAData
    2011-11-24 14:19 - 2011-11-24 14:19 - 9130808 ____A (OPSWAT, Inc.) C:\Users\gamers\Downloads\AppRemover.exe
    2011-11-23 16:36 - 2011-11-16 13:20 - 0001047 ____A C:\Users\Public\Desktop\Nexus Mod Manager.lnk
    2011-11-23 16:36 - 2011-11-16 13:20 - 0000000 ____D C:\Program Files\Nexus Mod Manager
    2011-11-23 16:08 - 2011-11-23 16:08 - 0000000 ____A C:\Windows\setuperr.log
    2011-11-23 15:29 - 2011-11-23 06:27 - 0011513 ____A C:\Users\gamers\Documents\hijackthis.log
    2011-11-23 15:27 - 2010-11-03 16:08 - 0000000 ____D C:\Users\gamers\AppData\Local\VirtualStore
    2011-11-23 13:38 - 2011-11-23 13:38 - 0035561 ____A C:\Users\gamers\Documents\DDSlog2.txt
    2011-11-23 13:38 - 2011-11-23 13:38 - 0019191 ____A C:\Users\gamers\Documents\DDSlog1.txt
    2011-11-23 13:38 - 2011-11-23 13:38 - 0004413 ____A C:\Users\gamers\Documents\GMERlog.txt
    2011-11-23 13:38 - 2011-11-23 13:38 - 0000909 ____A C:\Users\gamers\Documents\MBLog.txt
    2011-11-23 13:21 - 2011-11-23 13:21 - 0004415 ____A C:\Users\gamers\Desktop\GMER.log
    2011-11-23 12:13 - 2010-11-06 00:46 - 0000000 ___HD C:\Users\gamers\AppData\Roaming\Macromedia
    2011-11-23 12:13 - 2010-11-03 16:08 - 0000000 ____D C:\Users\gamers\AppData\LocalLow
    2011-11-23 12:12 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\security
    2011-11-23 12:11 - 2011-11-23 12:11 - 0000000 ____D C:\Program Files\somototoolbar
    2011-11-23 12:10 - 2011-11-23 12:10 - 1785905 ____A C:\Users\gamers\Downloads\TempFileCleaner_3.1.1_Setup.exe
    2011-11-23 12:10 - 2011-11-23 12:10 - 0001047 ____A C:\Users\gamers\Desktop\Temp File Cleaner.lnk
    2011-11-23 12:10 - 2011-11-23 12:10 - 0000000 ____D C:\Program Files\Temp File Cleaner
    2011-11-23 12:09 - 2011-11-23 12:09 - 0463080 ____A (CNET Download.com) C:\Users\gamers\Downloads\cnet_TempFileCleaner_3_1_1_Setup_exe.exe
    2011-11-23 07:43 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\System32\config\TxR
    2011-11-23 07:41 - 2009-07-13 23:52 - 0000000 ____D C:\Windows\Downloaded Program Files
    2011-11-23 07:36 - 2011-11-23 07:29 - 0000000 ____D C:\Users\gamers\AppData\Roaming\AVG
    2011-11-23 07:28 - 2011-11-23 07:28 - 8143920 ____A (AVG ) C:\Users\gamers\Downloads\avg_pct_stf_all_2012_26_c5.exe
    2011-11-23 06:58 - 2011-11-23 06:57 - 0607260 ____A (Swearware) C:\Users\gamers\Downloads\dds.scr
    2011-11-23 06:57 - 2011-11-23 06:58 - 0607260 ____R (Swearware) C:\Users\gamers\Desktop\dds.scr
    2011-11-23 06:56 - 2011-11-23 06:58 - 0302592 ____A C:\Users\gamers\Desktop\u6gx0ld6.exe
    2011-11-23 06:56 - 2011-11-23 06:56 - 0302592 ____A C:\Users\gamers\Downloads\u6gx0ld6.exe
    2011-11-23 06:45 - 2011-11-23 06:45 - 0000000 ____D C:\Users\All Users\Kaspersky Lab
    2011-11-23 06:45 - 2011-11-23 06:45 - 0000000 ____D C:\ProgramData\Kaspersky Lab
    2011-11-23 06:42 - 2011-11-23 06:42 - 0000000 ____D C:\Users\gamers\AppData\Roaming\QuickScan
    2011-11-23 06:39 - 2011-11-23 06:39 - 0000000 ____D C:\Users\All Users\boost_interprocess
    2011-11-23 06:39 - 2011-11-23 06:39 - 0000000 ____D C:\ProgramData\boost_interprocess
    2011-11-23 06:39 - 2011-11-23 06:37 - 102896192 ____A C:\Users\gamers\Downloads\setup_11.0.0.1245.x01_2011_11_23_14_01.exe
    2011-11-23 06:06 - 2011-11-21 18:09 - 0002378 ____A C:\Users\gamers\Documents\Kill Box Instructions.txt
    2011-11-23 06:02 - 2011-11-23 06:02 - 0002969 ____A C:\Users\gamers\Desktop\HiJackThis.lnk
    2011-11-23 06:02 - 2011-11-23 06:02 - 0000000 ____D C:\Program Files\Trend Micro
    2011-11-23 06:01 - 2011-11-23 06:01 - 1402880 ____A C:\Users\gamers\Downloads\HijackThis.msi
    2011-11-23 05:51 - 2010-11-06 16:07 - 0000000 ___HD C:\Users\gamers\AppData\Roaming\BitComet
    2011-11-21 23:53 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\Cursors
    2011-11-21 18:09 - 2011-11-21 18:09 - 0092672 ____A (Option^Explicit Software vbtechcd@gmail.com) C:\Users\gamers\Downloads\KillBox.exe
    2011-11-21 17:57 - 2011-11-21 17:57 - 0000000 ____D C:\Users\gamers\AppData\Roaming\Malwarebytes
    2011-11-21 17:57 - 2011-11-21 17:56 - 0000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
    2011-11-21 17:56 - 2011-11-21 17:56 - 9852544 ____A (Malwarebytes Corporation ) C:\Users\gamers\Downloads\mbam-setup-1.51.2.1300.exe
    2011-11-21 17:56 - 2011-11-21 17:56 - 0001071 ____A C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    2011-11-21 17:56 - 2011-11-21 17:56 - 0000000 ____D C:\Users\All Users\Malwarebytes
    2011-11-21 17:56 - 2011-11-21 17:56 - 0000000 ____D C:\ProgramData\Malwarebytes
    2011-11-20 09:17 - 2011-11-20 09:17 - 0000000 ___HD C:\$AVG
    2011-11-20 08:42 - 2011-11-20 08:42 - 0000000 ____D C:\Users\gamers\AppData\Roaming\AVG2012
    2011-11-20 08:29 - 2011-11-20 08:29 - 3903528 ____A (AVG Technologies) C:\Users\gamers\Downloads\avg_free_stb_en_2012_1872_free.exe
    2011-11-20 08:21 - 2011-11-20 08:18 - 0000000 ____D C:\Program Files\Eusing Free Registry Cleaner
    2011-11-20 08:18 - 2011-11-20 08:18 - 0001027 ____A C:\Users\gamers\Desktop\Eusing Free Registry Cleaner.lnk
    2011-11-20 08:17 - 2011-11-20 08:17 - 0977520 ____A C:\Users\gamers\Downloads\EFRCSetup.exe
    2011-11-19 20:07 - 2011-09-28 14:47 - 0000000 ___HD C:\Users\gamers\AppData\Local\dxhr
    2011-11-19 14:28 - 2010-12-16 02:45 - 0000000 ____D C:\Program Files\Common Files\Steam
    2011-11-19 09:18 - 2011-11-19 05:33 - 0000000 ____D C:\Users\All Users\AVAST Software
    2011-11-19 09:18 - 2011-11-19 05:33 - 0000000 ____D C:\ProgramData\AVAST Software
    2011-11-19 06:23 - 2010-11-03 16:12 - 0714754 ____A C:\Windows\System32\PerfStringBackup.INI
    2011-11-19 06:19 - 2011-03-30 13:23 - 0000000 ____D C:\Program Files\Midnight Club 2
    2011-11-19 06:17 - 2011-03-07 09:40 - 0000000 ____D C:\Users\All Users\McAfee
    2011-11-19 06:17 - 2011-03-07 09:40 - 0000000 ____D C:\ProgramData\McAfee
    2011-11-19 06:08 - 2011-11-19 06:06 - 93393016 ____A (AVG Technologies) C:\Users\gamers\Downloads\avg_free_stf_en_90_851a3009.exe
    2011-11-19 05:59 - 2011-11-19 05:59 - 0000027 ____A C:\Windows\System32\MPFServiceFailureCount.txt
    2011-11-19 05:33 - 2011-11-19 05:33 - 0000000 ____D C:\Program Files\AVAST Software
    2011-11-19 05:33 - 2009-07-13 21:04 - 0002577 ____A C:\Windows\System32\config.nt
    2011-11-19 05:30 - 2010-12-23 20:11 - 0000000 ____D C:\Users\All Users\Alwil Software
    2011-11-19 05:30 - 2010-12-23 20:11 - 0000000 ____D C:\ProgramData\Alwil Software
    2011-11-19 05:30 - 2010-12-23 20:11 - 0000000 ____D C:\Program Files\Alwil Software
    2011-11-19 04:59 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\System32\DriverStore
    2011-11-19 04:33 - 2010-11-03 16:08 - 0000000 ____D C:\users\gamers
    2011-11-19 04:32 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\System32\wfp
    2011-11-19 04:31 - 2011-11-10 15:45 - 0000000 ____D C:\Elder Scrolls
    2011-11-19 04:31 - 2011-10-15 18:58 - 0000000 ____D C:\Users\gamers\AppData\Local\Top_Producer_Systems_Inc
    2011-11-19 04:31 - 2011-10-14 18:13 - 0000000 ____D C:\Users\gamers\AppData\Local\Conduit
    2011-11-19 04:31 - 2011-09-25 15:27 - 0000000 ____D C:\Users\gamers\AppData\Local\LogMeIn Hamachi
    2011-11-19 04:31 - 2011-08-12 10:29 - 0000000 ___AD C:\Users\gamers\Desktop\plugins
    2011-11-19 04:31 - 2011-08-12 10:28 - 0000000 ___AD C:\Users\gamers\plugins
    2011-11-19 04:31 - 2011-06-25 13:24 - 0000000 ____D C:\Users\gamers\Desktop\Comcast Essentials
    2011-11-19 04:31 - 2011-03-30 16:26 - 0000000 ____D C:\Users\gamers\AppData\Roaming\NCH Software
    2011-11-19 04:31 - 2011-03-22 00:53 - 0000000 ____D C:\Users\gamers\Documents\Blood Omen 2
    2011-11-19 04:31 - 2011-03-20 18:11 - 0000000 ____D C:\Program Files\Microsoft Silverlight
    2011-11-19 04:31 - 2010-12-26 11:50 - 0000000 ____D C:\Program Files\WinZip
    2011-11-19 04:31 - 2010-12-18 17:34 - 0000000 ____D C:\Users\gamers\AppData\Local\FOMM
    2011-11-19 04:31 - 2010-11-30 22:39 - 0000000 ____D C:\Users\gamers\AppData\Roaming\uTorrent
    2011-11-19 04:31 - 2010-11-30 22:28 - 0000000 ____D C:\Users\gamers\AppData\Roaming\vlc
    2011-11-19 04:31 - 2010-11-23 18:57 - 0000000 ____D C:\Program Files\Mozilla Firefox
    2011-11-19 04:31 - 2010-11-11 12:07 - 0000000 ____D C:\Users\gamers\AppData\Local\SupportSoft
    2011-11-19 04:31 - 2010-11-09 23:19 - 0000000 ____D C:\Users\gamers\Desktop\FFXIV JUNK
    2011-11-19 04:31 - 2010-11-05 16:33 - 0000000 ____D C:\Users\gamers\AppData\Roaming\Ventrilo
    2011-11-19 04:31 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\AppCompat
    2011-11-19 04:30 - 2011-11-19 03:10 - 0000000 ____D C:\Users\gamers\AppData\Roaming\B424F
    2011-11-19 04:30 - 2011-02-01 10:32 - 0000000 ____D C:\DeadSpace
    2011-11-19 04:30 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\registration
    2011-11-19 04:29 - 2011-08-10 19:39 - 0000000 ____D C:\Users\gamers\FrostWire
    2011-11-19 04:29 - 2011-06-24 05:55 - 0000000 ____D C:\Users\gamers\Documents\Witcher 2
    2011-11-19 04:29 - 2011-03-31 12:10 - 0000000 ____D C:\Users\gamers\AppData\Roaming\TuneUp Software
    2011-11-19 04:29 - 2011-03-08 21:31 - 0000000 ____D C:\Users\gamers\Desktop\Dragon Age 2
    2011-11-19 04:29 - 2011-02-18 06:30 - 0000000 ____D C:\Users\gamers\AppData\Roaming\Nero
    2011-11-19 04:29 - 2011-02-05 00:16 - 0000000 ____D C:\Users\gamers\Documents\BioWare
    2011-11-19 04:29 - 2010-11-23 18:58 - 0000000 ____D C:\Users\gamers\AppData\Roaming\Mozilla
    2011-11-19 04:29 - 2010-11-04 16:17 - 0000000 ____D C:\Users\gamers\Documents\My Games
    2011-11-19 04:28 - 2011-11-16 13:20 - 0000000 ____D C:\Users\gamers\AppData\Local\Black_Tree_Gaming
    2011-11-19 04:28 - 2010-11-06 00:46 - 0000000 ____D C:\Users\gamers\AppData\Roaming\Adobe
    2011-11-19 04:27 - 2011-03-09 01:02 - 0000000 ____D C:\Users\All Users\Electronic Arts
    2011-11-19 04:27 - 2011-03-09 01:02 - 0000000 ____D C:\ProgramData\Electronic Arts
    2011-11-19 04:17 - 2011-11-19 04:17 - 0000000 ____D C:\Users\gamers\AppData\Roaming\jFF44pmG5sQJdE8
    2011-11-19 03:59 - 2011-11-19 03:59 - 0000000 ____D C:\Users\gamers\AppData\Roaming\tppmmG55aJ6KfLh
    2011-11-19 03:10 - 2011-11-19 03:10 - 0000000 ____D C:\Users\gamers\AppData\Roaming\wcccS11ivD
    2011-11-19 03:10 - 2011-11-19 03:10 - 0000000 ____D C:\Users\gamers\AppData\Roaming\kttxxP0uuS1
    2011-11-19 03:10 - 2011-11-19 03:10 - 0000000 ____D C:\Users\gamers\AppData\Roaming\FiiibFF3pnGa
    2011-11-18 15:34 - 2011-11-18 15:24 - 0000304 ____A C:\Users\All Users\~MqGNiCX5Sv6EsH
    2011-11-18 15:34 - 2011-11-18 15:24 - 0000304 ____A C:\ProgramData\~MqGNiCX5Sv6EsH
    2011-11-18 15:34 - 2011-11-18 15:24 - 0000232 ____A C:\Users\All Users\~MqGNiCX5Sv6EsHr
    2011-11-18 15:34 - 2011-11-18 15:24 - 0000232 ____A C:\ProgramData\~MqGNiCX5Sv6EsHr
    2011-11-18 15:32 - 2011-11-18 15:23 - 0000448 ____A C:\Users\All Users\MqGNiCX5Sv6EsH
    2011-11-18 15:32 - 2011-11-18 15:23 - 0000448 ____A C:\ProgramData\MqGNiCX5Sv6EsH
    2011-11-18 12:47 - 2011-11-18 12:47 - 1063703 ___AH C:\Users\gamers\Documents\Shadow Sabres Notes - Big D.docx
    2011-11-18 11:55 - 2010-12-23 03:38 - 0000000 ___HD C:\Users\gamers\AppData\Local\Deployment
    2011-11-16 13:30 - 2011-11-16 13:30 - 0397472 ____A () C:\Users\gamers\Downloads\FXAA_PPI_Automatic_Installer-131-1-2.exe
    2011-11-16 13:21 - 2010-12-18 17:36 - 0000000 ____D C:\Games
    2011-11-16 13:20 - 2011-11-16 13:20 - 2286434 ____A (Black Tree Gaming ) C:\Users\gamers\Downloads\Nexus Mod Manager-0.12.2.exe
    2011-11-15 17:47 - 2011-03-30 16:25 - 0000000 ____D C:\Program Files\NCH Software
    2011-11-15 17:24 - 2011-11-15 17:24 - 0000000 ____D C:\Users\All Users\NCH Software
    2011-11-15 17:24 - 2011-11-15 17:24 - 0000000 ____D C:\ProgramData\NCH Software
    2011-11-14 12:26 - 2011-11-14 12:26 - 0000637 ___AH C:\Users\gamers\Documents\Bob's Burgers.xspf
    2011-11-10 16:28 - 2011-11-10 16:28 - 0001624 ____A C:\Users\gamers\Desktop\The Elder Scrolls Skyrim.lnk
    2011-11-10 16:16 - 2011-11-10 16:16 - 0000000 ___HD C:\Users\gamers\AppData\Local\Skyrim
    2011-11-10 15:49 - 2011-11-10 15:48 - 21386221 ___AH C:\Users\gamers\Downloads\rzr-skrm.rar
    2011-11-10 15:40 - 2011-11-10 15:39 - 6685523 ___AH C:\Users\gamers\Downloads\SkyUPDATERAZOR.rar
    2011-11-10 15:39 - 2011-11-10 15:39 - 0752882 ___AH C:\Users\gamers\Downloads\insta.rar
    2011-11-09 13:21 - 2011-08-10 19:37 - 0000000 ____D C:\Program Files\FrostWire 5
    2011-11-09 13:21 - 2011-01-18 11:19 - 0000000 ____D C:\Program Files\iTunes
    2011-11-09 12:35 - 2011-11-09 12:35 - 0001096 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2011-11-09 12:33 - 2010-11-30 22:39 - 0000000 ____D C:\Program Files\uTorrentBar
    2011-11-02 08:15 - 2011-01-03 22:12 - 0000000 ___HD C:\Users\gamers\AppData\Local\ElevatedDiagnostics
    2011-10-30 08:29 - 2011-08-12 10:29 - 0000000 ___HD C:\Users\gamers\Desktop\screenshots
    2011-10-30 03:00 - 2011-10-30 03:00 - 0000736 ___AH C:\Users\gamers\Documents\Smn skill up.txt
    2011-10-16 07:54 - 2010-11-06 16:07 - 0000969 ____A C:\Users\Public\Desktop\BitComet.lnk
    2011-10-16 03:03 - 2011-10-16 02:19 - 0000131 ___AH C:\Users\gamers\Documents\JP Translate.txt
    2011-10-15 03:57 - 2011-10-15 03:55 - 0046080 __ASH C:\Users\gamers\AppData\Roaming\Thumbs.db
    2011-10-07 20:47 - 2011-10-07 20:46 - 0000069 ____A C:\Windows\NeroDigital.ini
    2011-10-07 20:47 - 2010-12-23 16:43 - 0000182 ___AH C:\Users\gamers\AppData\Roaming\default.rss
    2011-10-04 18:30 - 2011-06-04 16:51 - 0000089 ___SH C:\Users\All Users\.zreglib
    2011-10-04 18:30 - 2011-06-04 16:51 - 0000089 ___SH C:\ProgramData\.zreglib
    2011-10-04 05:48 - 2011-10-04 05:48 - 0000461 ___AH C:\Users\gamers\Documents\LolJobs.txt
    2011-10-01 20:37 - 2011-10-01 20:37 - 0000000 ____D C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor
    2011-10-01 20:37 - 2010-12-22 04:33 - 0000000 ____D C:\Program Files\Common Files\InstallShield
    2011-10-01 20:32 - 2011-10-01 20:32 - 0001624 ____A C:\Windows\System32\WLAN.INI
    2011-10-01 20:29 - 2011-10-01 20:29 - 0000000 ____D C:\Linksys Driver
    2011-09-30 17:06 - 2011-09-30 17:06 - 0000000 ___HD C:\Users\gamers\AppData\Local\Microsoft Games
    2011-09-28 14:44 - 2011-09-28 14:44 - 0000000 ___HD C:\Users\gamers\AppData\Local\SKIDROW
    2011-09-28 14:44 - 2011-09-28 14:44 - 0000000 ___HD C:\Users\gamers\AppData\Local\28050
    2011-09-28 14:44 - 2011-09-28 14:25 - 0000000 ____D C:\Program Files\Square Enix
    2011-09-28 14:42 - 2011-09-28 14:42 - 0001223 ____A C:\Users\Public\Desktop\Deus Ex - Human Revolution.lnk
    2011-09-26 13:15 - 2011-09-26 13:11 - 0000260 ___AH C:\Users\gamers\Documents\Raps & Rhymes.txt
    2011-09-25 15:27 - 2011-09-25 15:27 - 0000896 ____A C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
    2011-09-25 15:27 - 2011-09-25 15:27 - 0000000 ____D C:\Program Files\LogMeIn Hamachi
    2011-09-25 14:59 - 2011-09-25 12:36 - 0000000 ____D C:\Program Files\Deep Silver
    2011-09-25 14:54 - 2011-09-25 14:54 - 0001659 ____A C:\Users\gamers\Desktop\Dead Island.lnk
    2011-09-25 13:28 - 2011-09-25 13:28 - 0000000 ___HD C:\Users\gamers\AppData\Local\PackageAware
    2011-09-24 02:04 - 2011-01-21 10:53 - 0000166 ___AH C:\Users\gamers\Documents\Passwords.txt
    2011-09-21 18:11 - 2011-09-21 18:11 - 0003641 ____A C:\Users\gamers\Desktop\readme_ru.txt
    2011-09-21 18:11 - 2011-09-21 18:11 - 0003114 ____A C:\Users\gamers\Desktop\readme_en.txt
    2011-09-20 03:02 - 2011-09-20 03:02 - 0083968 ____A (Esage Lab) C:\Users\gamers\Desktop\boot_cleaner.exe
    2011-09-12 13:42 - 2011-09-12 13:42 - 0000000 ___AH C:\Users\gamers\Documents\Default.rdp
    2011-09-11 04:06 - 2011-08-12 10:29 - 0000512 ____A C:\Users\gamers\Desktop\launcher.ini
    2011-09-06 13:32 - 2009-07-13 21:37 - 0000000 __RHD C:\Users\Public\Libraries

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\explorer.exe
    [2010-11-30 22:42] - [2009-10-31 00:45] - 2614272 ____A (Microsoft Corporation) 2626FC9755BE22F805D3CFA0CE3EE727

    C:\Windows\System32\winlogon.exe => MD5 is legit

    C:\Windows\System32\wininit.exe => MD5 is legit

    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ========================= Memory info ======================

    Percentage of memory in use: 44%
    Total physical RAM: 3071.55 MB
    Available physical RAM: 1713.34 MB
    Total Pagefile: 6141.39 MB
    Available Pagefile: 4611.53 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1956.65 MB

    ======================= Partitions =========================

    1 Drive c: () (Fixed) (Total:465.75 GB) (Free:90.18 GB) NTFS ==>[System = boot components]

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 465 GB 9 MB

    Partitions of Disk 0:

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 465 GB 31 KB

    Disk: 0
    Partition 1
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C NTFS Partition 465 GB Healthy System



    ==========================================================

    Last Boot: 2011-12-01 00:40

    ======================= End Of Log ==========================
  9. Brutal Black

    Brutal Black Newcomer, in training Topic Starter Posts: 75

    13:13:31.0031 2808 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
    13:13:31.0458 2808 ============================================================
    13:13:31.0458 2808 Current date / time: 2011/12/03 13:13:31.0458
    13:13:31.0458 2808 SystemInfo:
    13:13:31.0458 2808
    13:13:31.0458 2808 OS Version: 6.1.7600 ServicePack: 0.0
    13:13:31.0458 2808 Product type: Workstation
    13:13:31.0458 2808 ComputerName: ELNEGROBRUTAL
    13:13:31.0458 2808 UserName: gamers
    13:13:31.0458 2808 Windows directory: C:\Windows
    13:13:31.0458 2808 System windows directory: C:\Windows
    13:13:31.0458 2808 Processor architecture: Intel x86
    13:13:31.0458 2808 Number of processors: 2
    13:13:31.0458 2808 Page size: 0x1000
    13:13:31.0458 2808 Boot type: Normal boot
    13:13:31.0458 2808 ============================================================
    13:13:32.0466 2808 Initialize success
    13:13:34.0494 4016 ============================================================
    13:13:34.0494 4016 Scan started
    13:13:34.0494 4016 Mode: Manual;
    13:13:34.0494 4016 ============================================================
    13:13:35.0090 4016 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
    13:13:35.0093 4016 1394ohci - ok
    13:13:35.0114 4016 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
    13:13:35.0118 4016 ACPI - ok
    13:13:35.0140 4016 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
    13:13:35.0141 4016 AcpiPmi - ok
    13:13:35.0169 4016 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
    13:13:35.0174 4016 adp94xx - ok
    13:13:35.0194 4016 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
    13:13:35.0198 4016 adpahci - ok
    13:13:35.0225 4016 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
    13:13:35.0227 4016 adpu320 - ok
    13:13:35.0292 4016 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
    13:13:35.0296 4016 AFD - ok
    13:13:35.0304 4016 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
    13:13:35.0306 4016 agp440 - ok
    13:13:35.0347 4016 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
    13:13:35.0349 4016 aic78xx - ok
    13:13:35.0371 4016 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
    13:13:35.0372 4016 aliide - ok
    13:13:35.0398 4016 amacpi (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\DRIVERS\null.sys
    13:13:35.0399 4016 amacpi - ok
    13:13:35.0408 4016 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
    13:13:35.0410 4016 amdagp - ok
    13:13:35.0426 4016 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
    13:13:35.0428 4016 amdide - ok
    13:13:35.0461 4016 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
    13:13:35.0462 4016 AmdK8 - ok
    13:13:35.0480 4016 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
    13:13:35.0482 4016 AmdPPM - ok
    13:13:35.0502 4016 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
    13:13:35.0504 4016 amdsata - ok
    13:13:35.0530 4016 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
    13:13:35.0532 4016 amdsbs - ok
    13:13:35.0550 4016 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
    13:13:35.0551 4016 amdxata - ok
    13:13:35.0578 4016 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
    13:13:35.0580 4016 AppID - ok
    13:13:35.0621 4016 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
    13:13:35.0623 4016 arc - ok
    13:13:35.0648 4016 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
    13:13:35.0649 4016 arcsas - ok
    13:13:35.0671 4016 ASPI32 - ok
    13:13:35.0685 4016 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
    13:13:35.0687 4016 AsyncMac - ok
    13:13:35.0704 4016 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
    13:13:35.0705 4016 atapi - ok
    13:13:35.0754 4016 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
    13:13:35.0760 4016 b06bdrv - ok
    13:13:35.0786 4016 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
    13:13:35.0789 4016 b57nd60x - ok
    13:13:35.0808 4016 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
    13:13:35.0809 4016 Beep - ok
    13:13:35.0859 4016 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
    13:13:35.0860 4016 blbdrive - ok
    13:13:35.0880 4016 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
    13:13:35.0881 4016 bowser - ok
    13:13:35.0890 4016 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    13:13:35.0891 4016 BrFiltLo - ok
    13:13:35.0901 4016 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    13:13:35.0902 4016 BrFiltUp - ok
    13:13:35.0930 4016 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\system32\DRIVERS\BrSerId.sys
    13:13:35.0933 4016 Brserid - ok
    13:13:35.0942 4016 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
    13:13:35.0944 4016 BrSerWdm - ok
    13:13:35.0953 4016 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
    13:13:35.0955 4016 BrUsbMdm - ok
    13:13:35.0964 4016 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\DRIVERS\BrUsbSer.sys
    13:13:35.0966 4016 BrUsbSer - ok
    13:13:35.0985 4016 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
    13:13:35.0986 4016 BTHMODEM - ok
    13:13:36.0105 4016 catchme - ok
    13:13:36.0125 4016 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
    13:13:36.0129 4016 cdfs - ok
    13:13:36.0151 4016 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
    13:13:36.0153 4016 cdrom - ok
    13:13:36.0177 4016 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
    13:13:36.0180 4016 circlass - ok
    13:13:36.0205 4016 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
    13:13:36.0209 4016 CLFS - ok
    13:13:36.0227 4016 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
    13:13:36.0228 4016 CmBatt - ok
    13:13:36.0247 4016 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
    13:13:36.0248 4016 cmdide - ok
    13:13:36.0262 4016 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
    13:13:36.0266 4016 CNG - ok
    13:13:36.0282 4016 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
    13:13:36.0283 4016 Compbatt - ok
    13:13:36.0300 4016 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
    13:13:36.0301 4016 CompositeBus - ok
    13:13:36.0330 4016 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
    13:13:36.0331 4016 crcdisk - ok
    13:13:36.0369 4016 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
    13:13:36.0374 4016 CSC - ok
    13:13:36.0413 4016 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
    13:13:36.0415 4016 DfsC - ok
    13:13:36.0428 4016 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
    13:13:36.0429 4016 discache - ok
    13:13:36.0441 4016 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
    13:13:36.0442 4016 Disk - ok
    13:13:36.0475 4016 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
    13:13:36.0476 4016 drmkaud - ok
    13:13:36.0515 4016 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
    13:13:36.0523 4016 DXGKrnl - ok
    13:13:36.0596 4016 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
    13:13:36.0648 4016 ebdrv - ok
    13:13:36.0697 4016 ElbyCDFL (ce37e3d51912e59c80c6d84337c0b4cd) C:\Windows\system32\Drivers\ElbyCDFL.sys
    13:13:36.0698 4016 ElbyCDFL - ok
    13:13:36.0738 4016 ElbyCDIO (178cc9403816c082d22a1d47fa1f9c85) C:\Windows\system32\Drivers\ElbyCDIO.sys
    13:13:36.0740 4016 ElbyCDIO - ok
    13:13:36.0767 4016 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
    13:13:36.0773 4016 elxstor - ok
    13:13:36.0794 4016 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
    13:13:36.0795 4016 ErrDev - ok
    13:13:36.0821 4016 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
    13:13:36.0823 4016 exfat - ok
    13:13:36.0844 4016 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
    13:13:36.0846 4016 fastfat - ok
    13:13:36.0870 4016 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
    13:13:36.0871 4016 fdc - ok
    13:13:36.0897 4016 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
    13:13:36.0898 4016 FileInfo - ok
    13:13:36.0920 4016 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
    13:13:36.0921 4016 Filetrace - ok
    13:13:36.0930 4016 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
    13:13:36.0931 4016 flpydisk - ok
    13:13:36.0952 4016 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
    13:13:36.0955 4016 FltMgr - ok
    13:13:36.0970 4016 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
    13:13:36.0972 4016 FsDepends - ok
    13:13:36.0996 4016 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
    13:13:36.0997 4016 Fs_Rec - ok
    13:13:37.0018 4016 fvevol (5592f5dba26282d24d2b080eb438a4d7) C:\Windows\system32\DRIVERS\fvevol.sys
    13:13:37.0021 4016 fvevol - ok
    13:13:37.0042 4016 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
    13:13:37.0044 4016 gagp30kx - ok
    13:13:37.0074 4016 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    13:13:37.0075 4016 GEARAspiWDM - ok
    13:13:37.0119 4016 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
    13:13:37.0120 4016 hamachi - ok
    13:13:37.0145 4016 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
    13:13:37.0160 4016 hcw85cir - ok
    13:13:37.0203 4016 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
    13:13:37.0210 4016 HdAudAddService - ok
    13:13:37.0234 4016 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
    13:13:37.0237 4016 HDAudBus - ok
    13:13:37.0250 4016 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
    13:13:37.0253 4016 HidBatt - ok
    13:13:37.0275 4016 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
    13:13:37.0277 4016 HidBth - ok
    13:13:37.0305 4016 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
    13:13:37.0306 4016 HidIr - ok
    13:13:37.0354 4016 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
    13:13:37.0355 4016 HidUsb - ok
    13:13:37.0390 4016 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
    13:13:37.0392 4016 HpSAMD - ok
    13:13:37.0420 4016 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
    13:13:37.0427 4016 HTTP - ok
    13:13:37.0448 4016 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
    13:13:37.0450 4016 hwpolicy - ok
    13:13:37.0469 4016 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
    13:13:37.0471 4016 i8042prt - ok
    13:13:37.0500 4016 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
    13:13:37.0505 4016 iaStorV - ok
    13:13:37.0527 4016 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
    13:13:37.0529 4016 iirsp - ok
    13:13:37.0549 4016 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
    13:13:37.0550 4016 intelide - ok
    13:13:37.0571 4016 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
    13:13:37.0572 4016 intelppm - ok
    13:13:37.0593 4016 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    13:13:37.0595 4016 IpFilterDriver - ok
    13:13:37.0621 4016 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
    13:13:37.0622 4016 IPMIDRV - ok
    13:13:37.0633 4016 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
    13:13:37.0635 4016 IPNAT - ok
    13:13:37.0672 4016 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
    13:13:37.0685 4016 IRENUM - ok
    13:13:37.0720 4016 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
    13:13:37.0721 4016 isapnp - ok
    13:13:37.0748 4016 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
    13:13:37.0765 4016 iScsiPrt - ok
    13:13:37.0802 4016 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
    13:13:37.0804 4016 kbdclass - ok
    13:13:37.0818 4016 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
    13:13:37.0821 4016 kbdhid - ok
    13:13:37.0860 4016 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
    13:13:37.0862 4016 KSecDD - ok
    13:13:37.0888 4016 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
    13:13:37.0891 4016 KSecPkg - ok
    13:13:37.0932 4016 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
    13:13:37.0934 4016 lltdio - ok
    13:13:37.0955 4016 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
    13:13:37.0957 4016 LSI_FC - ok
    13:13:37.0984 4016 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
    13:13:37.0986 4016 LSI_SAS - ok
    13:13:37.0995 4016 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    13:13:37.0997 4016 LSI_SAS2 - ok
    13:13:38.0008 4016 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    13:13:38.0010 4016 LSI_SCSI - ok
    13:13:38.0031 4016 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
    13:13:38.0032 4016 luafv - ok
    13:13:38.0078 4016 Maplom (05c4a825c75ff705fe8e987a2f1cc11c) C:\Windows\system32\drivers\Maplom.sys
    13:13:38.0079 4016 Maplom - ok
    13:13:38.0124 4016 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
    13:13:38.0126 4016 megasas - ok
    13:13:38.0137 4016 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
    13:13:38.0141 4016 MegaSR - ok
    13:13:38.0165 4016 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
    13:13:38.0167 4016 Modem - ok
    13:13:38.0184 4016 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
    13:13:38.0185 4016 monitor - ok
    13:13:38.0194 4016 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
    13:13:38.0196 4016 mouclass - ok
    13:13:38.0206 4016 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
    13:13:38.0208 4016 mouhid - ok
    13:13:38.0226 4016 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
    13:13:38.0227 4016 mountmgr - ok
    13:13:38.0251 4016 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
    13:13:38.0253 4016 mpio - ok
    13:13:38.0268 4016 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
    13:13:38.0269 4016 mpsdrv - ok
    13:13:38.0283 4016 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
    13:13:38.0285 4016 MRxDAV - ok
    13:13:38.0327 4016 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
    13:13:38.0343 4016 mrxsmb - ok
    13:13:38.0379 4016 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    13:13:38.0384 4016 mrxsmb10 - ok
    13:13:38.0420 4016 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    13:13:38.0423 4016 mrxsmb20 - ok
    13:13:38.0449 4016 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
    13:13:38.0450 4016 msahci - ok
    13:13:38.0472 4016 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
    13:13:38.0474 4016 msdsm - ok
    13:13:38.0489 4016 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
    13:13:38.0490 4016 Msfs - ok
    13:13:38.0507 4016 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
    13:13:38.0508 4016 mshidkmdf - ok
    13:13:38.0531 4016 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
    13:13:38.0531 4016 msisadrv - ok
    13:13:38.0555 4016 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
    13:13:38.0557 4016 MSKSSRV - ok
    13:13:38.0570 4016 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
    13:13:38.0571 4016 MSPCLOCK - ok
    13:13:38.0587 4016 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
    13:13:38.0589 4016 MSPQM - ok
    13:13:38.0612 4016 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
    13:13:38.0614 4016 MsRPC - ok
    13:13:38.0632 4016 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
    13:13:38.0632 4016 mssmbios - ok
    13:13:38.0646 4016 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
    13:13:38.0647 4016 MSTEE - ok
    13:13:38.0681 4016 msvad_simple (00c7b2306f1ca5389a1ac6d1df9c2e25) C:\Windows\system32\drivers\povrtdev.sys
    13:13:38.0698 4016 msvad_simple - ok
    13:13:38.0721 4016 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
    13:13:38.0722 4016 MTConfig - ok
    13:13:38.0746 4016 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
    13:13:38.0747 4016 Mup - ok
    13:13:38.0766 4016 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
    13:13:38.0769 4016 NativeWifiP - ok
    13:13:38.0797 4016 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
    13:13:38.0804 4016 NDIS - ok
    13:13:38.0821 4016 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
    13:13:38.0823 4016 NdisCap - ok
    13:13:38.0842 4016 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
    13:13:38.0843 4016 NdisTapi - ok
    13:13:38.0866 4016 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
    13:13:38.0867 4016 Ndisuio - ok
    13:13:38.0884 4016 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
    13:13:38.0886 4016 NdisWan - ok
    13:13:38.0899 4016 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
    13:13:38.0900 4016 NDProxy - ok
    13:13:38.0938 4016 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
    13:13:38.0940 4016 NetBIOS - ok
    13:13:38.0973 4016 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
    13:13:38.0989 4016 NetBT - ok
    13:13:39.0053 4016 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
    13:13:39.0055 4016 nfrd960 - ok
    13:13:39.0078 4016 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
    13:13:39.0080 4016 Npfs - ok
    13:13:39.0094 4016 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
    13:13:39.0096 4016 nsiproxy - ok
    13:13:39.0141 4016 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
    13:13:39.0155 4016 Ntfs - ok
    13:13:39.0173 4016 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
    13:13:39.0174 4016 Null - ok
    13:13:39.0214 4016 NVENETFD (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys
    13:13:39.0220 4016 NVENETFD - ok
    13:13:39.0746 4016 nvlddmkm (6ef47521dce982602a25afb41dd13d4f) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    13:13:39.0910 4016 nvlddmkm - ok
    13:13:39.0937 4016 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
    13:13:39.0939 4016 nvraid - ok
    13:13:39.0959 4016 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
    13:13:39.0961 4016 nvstor - ok
    13:13:39.0977 4016 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
    13:13:39.0979 4016 nv_agp - ok
    13:13:39.0988 4016 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
    13:13:39.0990 4016 ohci1394 - ok
    13:13:40.0024 4016 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
    13:13:40.0026 4016 Parport - ok
    13:13:40.0043 4016 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
    13:13:40.0044 4016 partmgr - ok
    13:13:40.0064 4016 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
    13:13:40.0065 4016 Parvdm - ok
    13:13:40.0090 4016 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
    13:13:40.0092 4016 pci - ok
    13:13:40.0106 4016 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
    13:13:40.0107 4016 pciide - ok
    13:13:40.0126 4016 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
    13:13:40.0129 4016 pcmcia - ok
    13:13:40.0150 4016 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
    13:13:40.0151 4016 pcw - ok
    13:13:40.0177 4016 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
    13:13:40.0184 4016 PEAUTH - ok
    13:13:40.0234 4016 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
    13:13:40.0246 4016 PptpMiniport - ok
    13:13:40.0264 4016 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
    13:13:40.0266 4016 Processor - ok
    13:13:40.0289 4016 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
    13:13:40.0290 4016 Psched - ok
    13:13:40.0334 4016 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
    13:13:40.0349 4016 ql2300 - ok
    13:13:40.0370 4016 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
    13:13:40.0372 4016 ql40xx - ok
    13:13:40.0395 4016 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
    13:13:40.0397 4016 QWAVEdrv - ok
    13:13:40.0420 4016 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
    13:13:40.0421 4016 RasAcd - ok
    13:13:40.0438 4016 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
    13:13:40.0440 4016 RasAgileVpn - ok
    13:13:40.0457 4016 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
    13:13:40.0458 4016 Rasl2tp - ok
    13:13:40.0487 4016 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
    13:13:40.0488 4016 RasPppoe - ok
    13:13:40.0511 4016 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
    13:13:40.0513 4016 RasSstp - ok
    13:13:40.0552 4016 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
    13:13:40.0556 4016 rdbss - ok
    13:13:40.0569 4016 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
    13:13:40.0571 4016 rdpbus - ok
    13:13:40.0585 4016 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
    13:13:40.0586 4016 RDPCDD - ok
    13:13:40.0599 4016 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
    13:13:40.0602 4016 RDPDR - ok
    13:13:40.0615 4016 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
    13:13:40.0616 4016 RDPENCDD - ok
    13:13:40.0628 4016 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
    13:13:40.0629 4016 RDPREFMP - ok
    13:13:40.0653 4016 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
    13:13:40.0656 4016 RDPWD - ok
    13:13:40.0678 4016 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
    13:13:40.0680 4016 rdyboost - ok
    13:13:40.0710 4016 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
    13:13:40.0712 4016 rspndr - ok
    13:13:40.0756 4016 RTL8187B (ca5a4fbfe341f13733955b8aac98f0b5) C:\Windows\system32\DRIVERS\RTL8187B.sys
    13:13:40.0761 4016 RTL8187B - ok
    13:13:40.0787 4016 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
    13:13:40.0788 4016 s3cap - ok
    13:13:40.0823 4016 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
    13:13:40.0824 4016 sbp2port - ok
    13:13:40.0837 4016 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
    13:13:40.0838 4016 scfilter - ok
    13:13:40.0874 4016 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    13:13:40.0875 4016 secdrv - ok
    13:13:40.0910 4016 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
    13:13:40.0911 4016 Serenum - ok
    13:13:40.0921 4016 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
    13:13:40.0923 4016 Serial - ok
    13:13:40.0942 4016 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
    13:13:40.0944 4016 sermouse - ok
    13:13:40.0972 4016 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
    13:13:40.0973 4016 sffdisk - ok
    13:13:40.0983 4016 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
    13:13:40.0984 4016 sffp_mmc - ok
    13:13:40.0994 4016 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
    13:13:40.0995 4016 sffp_sd - ok
    13:13:41.0006 4016 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
    13:13:41.0007 4016 sfloppy - ok
    13:13:41.0071 4016 Sftfs (74744f4d9eb18ddd0eb45e03cfdd648e) C:\Windows\system32\DRIVERS\Sftfslh.sys
    13:13:41.0082 4016 Sftfs - ok
    13:13:41.0129 4016 Sftplay (cbc5be6f81e86cc73656e61767002da9) C:\Windows\system32\DRIVERS\Sftplaylh.sys
    13:13:41.0134 4016 Sftplay - ok
    13:13:41.0153 4016 Sftredir (961e50666e6d6949328b1ffbc33adf43) C:\Windows\system32\DRIVERS\Sftredirlh.sys
    13:13:41.0154 4016 Sftredir - ok
    13:13:41.0165 4016 Sftvol (c8c02c8fe267751ec62b7e7d8d214c63) C:\Windows\system32\DRIVERS\Sftvollh.sys
    13:13:41.0167 4016 Sftvol - ok
    13:13:41.0197 4016 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
    13:13:41.0206 4016 sisagp - ok
    13:13:41.0230 4016 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    13:13:41.0233 4016 SiSRaid2 - ok
    13:13:41.0258 4016 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
    13:13:41.0260 4016 SiSRaid4 - ok
    13:13:41.0272 4016 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
    13:13:41.0274 4016 Smb - ok
    13:13:41.0302 4016 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
    13:13:41.0303 4016 spldr - ok
    13:13:41.0376 4016 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
    13:13:41.0376 4016 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
    13:13:41.0379 4016 sptd ( LockedFile.Multi.Generic ) - warning
    13:13:41.0379 4016 sptd - detected LockedFile.Multi.Generic (1)
    13:13:41.0423 4016 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys
    13:13:41.0427 4016 srv - ok
    13:13:41.0474 4016 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys
    13:13:41.0478 4016 srv2 - ok
    13:13:41.0521 4016 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys
    13:13:41.0524 4016 srvnet - ok
    13:13:41.0592 4016 stdriver (5c031c715e14f10dfc9395004f54ee21) C:\Windows\system32\DRIVERS\stdriver32.sys
    13:13:41.0594 4016 stdriver - ok
    13:13:41.0616 4016 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
    13:13:41.0620 4016 stexstor - ok
    13:13:41.0652 4016 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
    13:13:41.0653 4016 storflt - ok
    13:13:41.0662 4016 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
    13:13:41.0664 4016 storvsc - ok
    13:13:41.0675 4016 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
    13:13:41.0676 4016 swenum - ok
    13:13:41.0753 4016 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
    13:13:41.0767 4016 Tcpip - ok
    13:13:41.0792 4016 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
    13:13:41.0800 4016 TCPIP6 - ok
    13:13:41.0821 4016 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
    13:13:41.0822 4016 tcpipreg - ok
    13:13:41.0835 4016 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
    13:13:41.0836 4016 TDPIPE - ok
    13:13:41.0855 4016 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
    13:13:41.0856 4016 TDTCP - ok
    13:13:41.0889 4016 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
    13:13:41.0891 4016 tdx - ok
    13:13:41.0904 4016 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
    13:13:41.0905 4016 TermDD - ok
    13:13:41.0933 4016 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
    13:13:41.0935 4016 tssecsrv - ok
    13:13:41.0963 4016 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
    13:13:41.0965 4016 tunnel - ok
    13:13:41.0982 4016 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
    13:13:41.0984 4016 uagp35 - ok
    13:13:42.0008 4016 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
    13:13:42.0011 4016 udfs - ok
    13:13:42.0039 4016 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
    13:13:42.0041 4016 uliagpkx - ok
    13:13:42.0065 4016 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
    13:13:42.0066 4016 umbus - ok
    13:13:42.0081 4016 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
    13:13:42.0082 4016 UmPass - ok
    13:13:42.0125 4016 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
    13:13:42.0126 4016 USBAAPL - ok
    13:13:42.0165 4016 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys
    13:13:42.0166 4016 usbaudio - ok
    13:13:42.0210 4016 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
    13:13:42.0213 4016 usbccgp - ok
    13:13:42.0228 4016 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
    13:13:42.0232 4016 usbcir - ok
    13:13:42.0249 4016 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
    13:13:42.0251 4016 usbehci - ok
    13:13:42.0278 4016 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
    13:13:42.0285 4016 usbhub - ok
    13:13:42.0299 4016 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
    13:13:42.0300 4016 usbohci - ok
    13:13:42.0325 4016 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
    13:13:42.0326 4016 usbprint - ok
    13:13:42.0355 4016 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
    13:13:42.0357 4016 usbscan - ok
    13:13:42.0374 4016 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    13:13:42.0376 4016 USBSTOR - ok
    13:13:42.0397 4016 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
    13:13:42.0399 4016 usbuhci - ok
    13:13:42.0427 4016 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
    13:13:42.0429 4016 vdrvroot - ok
    13:13:42.0452 4016 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
    13:13:42.0454 4016 vga - ok
    13:13:42.0465 4016 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
    13:13:42.0467 4016 VgaSave - ok
    13:13:42.0481 4016 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
    13:13:42.0484 4016 vhdmp - ok
    13:13:42.0499 4016 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
    13:13:42.0501 4016 viaagp - ok
    13:13:42.0518 4016 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
    13:13:42.0520 4016 ViaC7 - ok
    13:13:42.0531 4016 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
    13:13:42.0532 4016 viaide - ok
    13:13:42.0563 4016 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
    13:13:42.0567 4016 vmbus - ok
    13:13:42.0578 4016 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
    13:13:42.0579 4016 VMBusHID - ok
    13:13:42.0599 4016 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
    13:13:42.0600 4016 volmgr - ok
    13:13:42.0624 4016 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
    13:13:42.0628 4016 volmgrx - ok
    13:13:42.0650 4016 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
    13:13:42.0652 4016 volsnap - ok
    13:13:42.0686 4016 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
    13:13:42.0689 4016 vsmraid - ok
    13:13:42.0701 4016 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
    13:13:42.0703 4016 vwifibus - ok
    13:13:42.0723 4016 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
    13:13:42.0725 4016 WacomPen - ok
    13:13:42.0743 4016 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
    13:13:42.0745 4016 WANARP - ok
    13:13:42.0749 4016 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
    13:13:42.0750 4016 Wanarpv6 - ok
    13:13:42.0775 4016 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
    13:13:42.0777 4016 Wd - ok
    13:13:42.0800 4016 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
    13:13:42.0805 4016 Wdf01000 - ok
    13:13:42.0838 4016 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
    13:13:42.0839 4016 WfpLwf - ok
    13:13:42.0859 4016 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
    13:13:42.0860 4016 WIMMount - ok
    13:13:42.0924 4016 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
    13:13:42.0927 4016 WinUsb - ok
    13:13:42.0961 4016 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
    13:13:42.0963 4016 WmiAcpi - ok
    13:13:43.0040 4016 WRfiltv (abc8bbea8f643e200508c3a2a8e475a9) C:\Windows\system32\drivers\WRfiltv.sys
    13:13:43.0042 4016 WRfiltv - ok
    13:13:43.0053 4016 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
    13:13:43.0054 4016 ws2ifsl - ok
    13:13:43.0087 4016 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
    13:13:43.0089 4016 WudfPf - ok
    13:13:43.0114 4016 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
    13:13:43.0116 4016 WUDFRd - ok
    13:13:43.0144 4016 XBCD - ok
    13:13:43.0187 4016 xnacc (ce0c846127d6abb1e2a22e59682b2527) C:\Windows\system32\DRIVERS\xnacc.sys
    13:13:43.0193 4016 xnacc - ok
    13:13:43.0243 4016 xusb21 (a640c90b007762939507c28a021be3b3) C:\Windows\system32\DRIVERS\xusb21.sys
    13:13:43.0245 4016 xusb21 - ok
    13:13:43.0269 4016 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    13:13:43.0274 4016 \Device\Harddisk0\DR0 - ok
    13:13:43.0278 4016 Boot (0x1200) (8e15cb12d869e8c5a4df0c6a6a0e6847) \Device\Harddisk0\DR0\Partition0
    13:13:43.0279 4016 \Device\Harddisk0\DR0\Partition0 - ok
    13:13:43.0280 4016 ============================================================
    13:13:43.0281 4016 Scan finished
    13:13:43.0281 4016 ============================================================
    13:13:43.0293 1616 Detected object count: 1
    13:13:43.0293 1616 Actual detected object count: 1
    13:13:58.0664 1616 HKLM\SYSTEM\ControlSet001\services\sptd - will be deleted on reboot
    13:13:58.0683 1616 HKLM\SYSTEM\ControlSet002\services\sptd - will be deleted on reboot
    13:13:58.0702 1616 C:\Windows\system32\Drivers\sptd.sys - will be deleted on reboot
    13:13:58.0702 1616 sptd ( LockedFile.Multi.Generic ) - User select action: Delete
  10. Brutal Black

    Brutal Black Newcomer, in training Topic Starter Posts: 75

    Not sure if I should've deleted those, I reacted to quickly instead of asking.... Dumb.

    One seems to have effected burning software (Daemontools) SPTD 1.60 I believe, but I'm sure it's just a quick component fix.
  11. Brutal Black

    Brutal Black Newcomer, in training Topic Starter Posts: 75

    Combfix ran successfully, went through all stages starting from 1, as where before it would start at 49. Lots of the virus that I recognize by name (AVG 2011) was cleared. Here's the log.

    ComboFix 11-12-03.01 - gamers 12/03/2011 13:20:33.4.2 - x86
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3072.1995 [GMT -5:00]
    Running from: c:\users\gamers\Desktop\Yourname.exe
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\AMMYY
    c:\programdata\AMMYY\hr
    c:\programdata\AMMYY\settings.bin
    c:\users\gamers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AV Protection 2011
    c:\users\gamers\Documents\~WRL0003.tmp
    c:\users\gamers\Documents\~WRL1992.tmp
    c:\users\gamers\Documents\~WRL3552.tmp
    .
    ---- Previous Run -------
    .
    c:\users\gamers\AppData\Local\Temp\nsmF642.tmp\SWREG.DAT
    c:\users\gamers\AppData\Local\Temp\nsmF642.tmp\System.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-11-03 to 2011-12-03 )))))))))))))))))))))))))))))))
    .
    .
    2011-12-03 18:28 . 2011-12-03 18:28 -------- d-----w- c:\users\gamers\AppData\Local\temp
    2011-12-03 18:18 . 2011-12-03 18:18 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{154C79A3-A819-45FF-99F1-DE9028666280}\offreg.dll
    2011-12-03 18:16 . 2011-12-03 18:16 6429 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
    2011-12-03 18:16 . 2011-12-03 18:16 63115 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
    2011-12-03 18:16 . 2011-12-03 18:16 4599 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
    2011-12-03 00:53 . 2011-12-03 18:11 -------- d-----w- C:\FRST
    2011-12-02 01:38 . 2009-07-13 23:12 338944 ----a-w- c:\windows\system32\drivers\afd.sys
    2011-11-24 19:53 . 2011-10-18 06:28 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{154C79A3-A819-45FF-99F1-DE9028666280}\mpengine.dll
    2011-11-23 18:22 . 2011-11-23 18:22 -------- d-----w- c:\windows\system32\wbem\Logs
    2011-11-23 17:11 . 2011-11-23 17:11 -------- d-----w- c:\program files\somototoolbar
    2011-11-23 17:10 . 2011-11-23 17:10 -------- d-----w- c:\program files\Temp File Cleaner
    2011-11-23 12:29 . 2011-11-23 12:36 -------- d-----w- c:\users\gamers\AppData\Roaming\AVG
    2011-11-23 11:45 . 2011-11-23 11:45 -------- d-----w- c:\programdata\Kaspersky Lab
    2011-11-23 11:42 . 2011-11-23 11:42 -------- d-----w- c:\users\gamers\AppData\Roaming\QuickScan
    2011-11-23 11:39 . 2011-11-23 11:39 -------- d-----w- c:\programdata\boost_interprocess
    2011-11-23 11:02 . 2011-11-23 11:02 388096 ----a-r- c:\users\gamers\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-11-23 11:02 . 2011-11-23 11:02 -------- d-----w- c:\program files\Trend Micro
    2011-11-21 22:57 . 2011-11-21 22:57 -------- d-----w- c:\users\gamers\AppData\Roaming\Malwarebytes
    2011-11-21 22:56 . 2011-11-21 22:56 -------- d-----w- c:\programdata\Malwarebytes
    2011-11-21 22:56 . 2011-11-21 22:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-11-20 14:17 . 2011-11-20 14:17 -------- d-----w- C:\$AVG
    2011-11-20 13:40 . 2011-11-24 19:27 -------- d-----w- c:\programdata\AVG2012
    2011-11-20 13:37 . 2011-11-24 19:25 -------- d-----w- c:\programdata\MFAData
    2011-11-20 13:18 . 2011-11-20 13:21 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
    2011-11-19 11:16 . 2011-11-19 11:16 -------- d--h--w- c:\programdata\Common Files
    2011-11-19 11:13 . 2011-11-24 19:27 -------- d-----w- c:\program files\AVG
    2011-11-19 10:33 . 2011-11-19 14:18 -------- d-----w- c:\programdata\AVAST Software
    2011-11-19 10:33 . 2011-11-19 10:33 -------- d-----w- c:\program files\AVAST Software
    2011-11-19 09:17 . 2011-11-19 09:17 -------- d-----w- c:\users\gamers\AppData\Roaming\jFF44pmG5sQJdE8
    2011-11-19 08:59 . 2011-11-19 08:59 -------- d-----w- c:\users\gamers\AppData\Roaming\tppmmG55aJ6KfLh
    2011-11-19 08:10 . 2011-11-19 09:30 -------- d-----w- c:\users\gamers\AppData\Roaming\B424F
    2011-11-19 08:10 . 2011-11-19 08:10 -------- d-----w- c:\users\gamers\AppData\Roaming\FiiibFF3pnGa
    2011-11-19 08:10 . 2011-11-19 08:10 -------- d-----w- c:\users\gamers\AppData\Roaming\wcccS11ivD
    2011-11-19 08:10 . 2011-11-19 08:10 -------- d-----w- c:\users\gamers\AppData\Roaming\kttxxP0uuS1
    2011-11-16 18:20 . 2011-11-19 09:28 -------- d-----w- c:\users\gamers\AppData\Local\Black_Tree_Gaming
    2011-11-16 18:20 . 2011-11-23 21:36 -------- d-----w- c:\program files\Nexus Mod Manager
    2011-11-15 22:24 . 2011-11-15 22:24 -------- d-----w- c:\programdata\NCH Software
    2011-11-10 21:16 . 2011-11-10 21:16 -------- d--h--w- c:\users\gamers\AppData\Local\Skyrim
    2011-11-10 20:50 . 2011-11-29 06:40 -------- d-----w- c:\program files\The Elder Scrolls V Skyrim
    2011-11-10 20:45 . 2011-11-19 09:31 -------- d-----w- C:\Elder Scrolls
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-03-28 16:21 . 2011-08-12 15:27 1187840 ----a-w- c:\program files\Hook.dll
    2008-09-06 21:00 . 2011-08-12 15:27 224256 ----a-w- c:\program files\launcher_gui.exe
    2008-01-29 14:29 . 2011-08-12 15:27 385536 ----a-w- c:\program files\launcher.exe
    2011-11-05 06:53 . 2011-11-09 17:35 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [-] 2011-03-14 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
    [7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-11-10 39408]
    "ComcastAntispyClient"="c:\program files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" [2009-08-19 1589208]
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
    "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
    "Steam"="c:\program files\Steam\steam.exe" [2011-08-12 1242448]
    "EADM"="c:\program files\Electronic Arts\EADM\EADMUI.exe" [2011-03-19 11857920]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
    "PlayOn"="c:\program files\MediaMall\PlayOn.exe" [2011-05-30 53248]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe" [2010-02-12 240992]
    "Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
    "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
    "Recordpad"="c:\program files\NCH Swift Sound\Recordpad\recordpad.exe" [2011-03-30 1298436]
    "LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-15 1955208]
    "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
    .
    c:\users\gamers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    CurseClientStartup.ccip [2010-12-28 0]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
    .
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-11-10 135664]
    R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\BitComet\tools\BitCometService.exe [2010-12-28 1296728]
    R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-03-29 79360]
    R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-03-29 79360]
    R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-11-10 135664]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
    R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2009-07-13 347136]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-01 1343400]
    S0 amacpi;Microsoft Away Mode System;c:\windows\system32\DRIVERS\null.sys [2009-07-13 4608]
    S2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [2009-06-17 616408]
    S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
    S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2011-08-15 1361288]
    S2 MediaMall Server;MediaMall Server;c:\program files\MediaMall\MediaMallServer.exe [2011-05-30 4208496]
    S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2009-12-03 483688]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2009-12-03 550760]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2009-12-03 195944]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2009-12-03 21864]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2009-12-03 19304]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-03 209768]
    S3 stdriver;Sound Tap Upper Class Filter Driver v2.0.0.0;c:\windows\system32\DRIVERS\stdriver32.sys [2011-03-30 49240]
    S3 WRfiltv;WRfiltv;c:\windows\system32\drivers\WRfiltv.sys [2009-07-31 17920]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - 06191137
    *Deregistered* - 06191137
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2008-06-09 15:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-10 02:20]
    .
    2011-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-10 02:20]
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Settings,ProxyOverride = *.local
    IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
    IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
    IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
    FF - ProfilePath - c:\users\gamers\AppData\Roaming\Mozilla\Firefox\Profiles\jxpiwbqm.default\
    FF - prefs.js: browser.search.selectedEngine - Bing
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z133&form=ZGAADF&install_date=20111123&q=
    FF - prefs.js: network.proxy.type - 0
    .
    - - - - ORPHANS REMOVED - - - -
    .
    BHO-{0974BA1E-64EC-11DE-B2A5-E43756D89593} - (no file)
    BHO-{74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - (no file)
    Toolbar-{0974BA1E-64EC-11DE-B2A5-E43756D89593} - (no file)
    Toolbar-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
    SafeBoot-06191137.sys
    AddRemove-DealBulldog Toolbar - c:\program files\DealBulldog Toolbar\UninstallToolbar.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(548)
    c:\program files\CA\PPRT\bin\CACheck.dll
    c:\program files\CA\PPRT\bin\CAHook.dll
    c:\program files\CA\PPRT\bin\CAServer.dll
    .
    Completion time: 2011-12-03 13:32:41
    ComboFix-quarantined-files.txt 2011-12-03 18:32
    .
    Pre-Run: 96,885,346,304 bytes free
    Post-Run: 96,746,856,448 bytes free
    .
    - - End Of File - - A7423DCFEBED82B3E3E4328AD7C38950
  12. Broni

    Broni Malware Annihilator Posts: 45,175   +242

    Very well done :)....and good news :)

    Uninstall Eusing Free Registry Cleaner.
    Registry cleaners/optimizers are not recommended for several reasons:

    • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

      The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
    • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
    • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
    • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
    • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
    Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.


    ==============================================================

    1. Please open Notepad (Start>All Programs>Accessories>Notepad).

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    FCopy::
    c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll | c:\windows\System32\user32.dll
    
    Folder::
    c:\users\gamers\AppData\Roaming\kttxxP0uuS1
    c:\users\gamers\AppData\Roaming\wcccS11ivD
    c:\users\gamers\AppData\Roaming\FiiibFF3pnGa
    c:\users\gamers\AppData\Roaming\B424F
    c:\users\gamers\AppData\Roaming\tppmmG55aJ6KfLh
    c:\users\gamers\AppData\Roaming\jFF44pmG5sQJdE8
    
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
  13. Brutal Black

    Brutal Black Newcomer, in training Topic Starter Posts: 75

    ComboFix 11-12-03.01 - gamers 12/03/2011 17:03:44.5.2 - x86
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3072.1782 [GMT -5:00]
    Running from: c:\users\gamers\Desktop\Yourname.exe
    Command switches used :: c:\users\gamers\Documents\CFScript.txt
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\gamers\AppData\Roaming\B424F
    c:\users\gamers\AppData\Roaming\B424F\FBEC.424
    c:\users\gamers\AppData\Roaming\FiiibFF3pnGa
    c:\users\gamers\AppData\Roaming\jFF44pmG5sQJdE8
    c:\users\gamers\AppData\Roaming\kttxxP0uuS1
    c:\users\gamers\AppData\Roaming\tppmmG55aJ6KfLh
    c:\users\gamers\AppData\Roaming\wcccS11ivD
    .
    .
    --------------- FCopy ---------------
    .
    c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll --> c:\windows\System32\user32.dll
    .
    ((((((((((((((((((((((((( Files Created from 2011-11-03 to 2011-12-03 )))))))))))))))))))))))))))))))
    .
    .
    2011-12-03 22:10 . 2011-12-03 22:10 -------- d-----w- c:\users\gamers\AppData\Local\temp
    2011-12-03 22:10 . 2011-12-03 22:10 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-12-03 22:10 . 2011-12-03 22:10 -------- d-----w- c:\users\Administrator\AppData\Local\temp
    2011-12-03 18:18 . 2011-12-03 18:18 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{154C79A3-A819-45FF-99F1-DE9028666280}\offreg.dll
    2011-12-03 18:16 . 2011-12-03 18:16 6429 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
    2011-12-03 18:16 . 2011-12-03 18:16 63115 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
    2011-12-03 18:16 . 2011-12-03 18:16 4599 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
    2011-12-03 00:53 . 2011-12-03 18:11 -------- d-----w- C:\FRST
    2011-12-02 01:38 . 2009-07-13 23:12 338944 ----a-w- c:\windows\system32\drivers\afd.sys
    2011-11-24 19:53 . 2011-10-18 06:28 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{154C79A3-A819-45FF-99F1-DE9028666280}\mpengine.dll
    2011-11-23 18:22 . 2011-11-23 18:22 -------- d-----w- c:\windows\system32\wbem\Logs
    2011-11-23 17:11 . 2011-11-23 17:11 -------- d-----w- c:\program files\somototoolbar
    2011-11-23 17:10 . 2011-11-23 17:10 -------- d-----w- c:\program files\Temp File Cleaner
    2011-11-23 12:29 . 2011-11-23 12:36 -------- d-----w- c:\users\gamers\AppData\Roaming\AVG
    2011-11-23 11:45 . 2011-11-23 11:45 -------- d-----w- c:\programdata\Kaspersky Lab
    2011-11-23 11:42 . 2011-11-23 11:42 -------- d-----w- c:\users\gamers\AppData\Roaming\QuickScan
    2011-11-23 11:39 . 2011-11-23 11:39 -------- d-----w- c:\programdata\boost_interprocess
    2011-11-23 11:02 . 2011-11-23 11:02 388096 ----a-r- c:\users\gamers\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-11-23 11:02 . 2011-11-23 11:02 -------- d-----w- c:\program files\Trend Micro
    2011-11-21 22:57 . 2011-11-21 22:57 -------- d-----w- c:\users\gamers\AppData\Roaming\Malwarebytes
    2011-11-21 22:56 . 2011-11-21 22:56 -------- d-----w- c:\programdata\Malwarebytes
    2011-11-21 22:56 . 2011-11-21 22:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-11-20 14:17 . 2011-11-20 14:17 -------- d-----w- C:\$AVG
    2011-11-20 13:40 . 2011-11-24 19:27 -------- d-----w- c:\programdata\AVG2012
    2011-11-20 13:37 . 2011-11-24 19:25 -------- d-----w- c:\programdata\MFAData
    2011-11-20 13:18 . 2011-11-20 13:21 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
    2011-11-19 11:16 . 2011-11-19 11:16 -------- d--h--w- c:\programdata\Common Files
    2011-11-19 11:13 . 2011-11-24 19:27 -------- d-----w- c:\program files\AVG
    2011-11-19 10:33 . 2011-11-19 14:18 -------- d-----w- c:\programdata\AVAST Software
    2011-11-19 10:33 . 2011-11-19 10:33 -------- d-----w- c:\program files\AVAST Software
    2011-11-16 18:20 . 2011-11-19 09:28 -------- d-----w- c:\users\gamers\AppData\Local\Black_Tree_Gaming
    2011-11-16 18:20 . 2011-11-23 21:36 -------- d-----w- c:\program files\Nexus Mod Manager
    2011-11-15 22:24 . 2011-11-15 22:24 -------- d-----w- c:\programdata\NCH Software
    2011-11-10 21:16 . 2011-11-10 21:16 -------- d--h--w- c:\users\gamers\AppData\Local\Skyrim
    2011-11-10 20:50 . 2011-11-29 06:40 -------- d-----w- c:\program files\The Elder Scrolls V Skyrim
    2011-11-10 20:45 . 2011-11-19 09:31 -------- d-----w- C:\Elder Scrolls
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-03-28 16:21 . 2011-08-12 15:27 1187840 ----a-w- c:\program files\Hook.dll
    2008-09-06 21:00 . 2011-08-12 15:27 224256 ----a-w- c:\program files\launcher_gui.exe
    2008-01-29 14:29 . 2011-08-12 15:27 385536 ----a-w- c:\program files\launcher.exe
    2011-11-05 06:53 . 2011-11-09 17:35 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-11-10 39408]
    "ComcastAntispyClient"="c:\program files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" [2009-08-19 1589208]
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
    "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
    "Steam"="c:\program files\Steam\steam.exe" [2011-08-12 1242448]
    "EADM"="c:\program files\Electronic Arts\EADM\EADMUI.exe" [2011-03-19 11857920]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
    "PlayOn"="c:\program files\MediaMall\PlayOn.exe" [2011-05-30 53248]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe" [2010-02-12 240992]
    "Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
    "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
    "Recordpad"="c:\program files\NCH Swift Sound\Recordpad\recordpad.exe" [2011-03-30 1298436]
    "LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-15 1955208]
    "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
    .
    c:\users\gamers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    CurseClientStartup.ccip [2010-12-28 0]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
    .
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-11-10 135664]
    R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\BitComet\tools\BitCometService.exe [2010-12-28 1296728]
    R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-03-29 79360]
    R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-03-29 79360]
    R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-11-10 135664]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
    R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2009-07-13 347136]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-01 1343400]
    S0 amacpi;Microsoft Away Mode System;c:\windows\system32\DRIVERS\null.sys [2009-07-13 4608]
    S2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [2009-06-17 616408]
    S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
    S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2011-08-15 1361288]
    S2 MediaMall Server;MediaMall Server;c:\program files\MediaMall\MediaMallServer.exe [2011-05-30 4208496]
    S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2009-12-03 483688]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2009-12-03 550760]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2009-12-03 195944]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2009-12-03 21864]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2009-12-03 19304]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-03 209768]
    S3 stdriver;Sound Tap Upper Class Filter Driver v2.0.0.0;c:\windows\system32\DRIVERS\stdriver32.sys [2011-03-30 49240]
    S3 WRfiltv;WRfiltv;c:\windows\system32\drivers\WRfiltv.sys [2009-07-31 17920]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - 06191137
    *Deregistered* - 06191137
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2008-06-09 15:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-10 02:20]
    .
    2011-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-10 02:20]
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Settings,ProxyOverride = *.local
    IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
    IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
    IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
    FF - ProfilePath - c:\users\gamers\AppData\Roaming\Mozilla\Firefox\Profiles\jxpiwbqm.default\
    FF - prefs.js: browser.search.selectedEngine - Bing
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z133&form=ZGAADF&install_date=20111123&q=
    FF - prefs.js: network.proxy.type - 0
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(548)
    c:\program files\CA\PPRT\bin\CACheck.dll
    c:\program files\CA\PPRT\bin\CAHook.dll
    c:\program files\CA\PPRT\bin\CAServer.dll
    .
    Completion time: 2011-12-03 17:14:19
    ComboFix-quarantined-files.txt 2011-12-03 22:14
    ComboFix2.txt 2011-12-03 18:32
    .
    Pre-Run: 96,810,344,448 bytes free
    Post-Run: 96,756,523,008 bytes free
    .
    - - End Of File - - 286128597FA5717CC64FE074FDFD3302
     
  14. Brutal Black

    Brutal Black Newcomer, in training Topic Starter Posts: 75

    I uninstalled the registry cleaner AFTER running CF using the new script you gave me, that was a separate process, correct?

    I only installed the registry cleaner due to the virus. I was taking extreme measures for the greater good, but that was before I put my head on straight and started seeking out help. Definitely good information to know.
  15. Broni

    Broni Malware Annihilator Posts: 45,175   +242

    Combofix log looks good.

    Any current issues?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  16. Brutal Black

    Brutal Black Newcomer, in training Topic Starter Posts: 75

    I can't take the next step just yet. I seem to have connectivity issues ever since the last time I ran Combofix. It's basically telling me windows cannot automatically detect the proxy settings on the connection. I believe it may have deleted my nForce drivers, although I'm completely unsure, I've never had this issue before. I'm posting from my laptop at the moment, it has no issues on the exact same connection. I've been trying to download drivers however I'm having troub le identifying which nForce controller I have.
  17. Brutal Black

    Brutal Black Newcomer, in training Topic Starter Posts: 75

    I'm sure a restore would fix it, but it may restore some of the virus if that's possible. I'll await a response before I bother, I'm once again out of my league.
  18. Broni

    Broni Malware Annihilator Posts: 45,175   +242

    Please download Farbar Service Scanner and run it on the computer with the issue.
    • Check "Include All Files" option.
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.
  19. Brutal Black

    Brutal Black Newcomer, in training Topic Starter Posts: 75

    I managed to update my drivers to the most current editions after finding a program that could read nForce controller versions. This didn't resolve the issue.

    I used a disk that is in flashdrive mode to copy Farbar Service Scanner over to the troubled PC, however I recieved an error. It reads:

    Line 2342 (File "C:\Users\gamers\Desktop\FSS.exe"):

    Error: Error in expression.
  20. Broni

    Broni Malware Annihilator Posts: 45,175   +242

    You got that error when exactly?

    Try to download fresh copy.
  21. Brutal Black

    Brutal Black Newcomer, in training Topic Starter Posts: 75

    I'll re-download it and transfer it over again.

    I got it after hitting the "Scan" button. The program opens without a problem.
  22. Brutal Black

    Brutal Black Newcomer, in training Topic Starter Posts: 75

    Different disk this time, closed the session to ensure that transferring from the open disk wasn't effecting things. Same error.

    It also happens if I run the program directly from the disk, the error just changes to the D:\ drive.
  23. Broni

    Broni Malware Annihilator Posts: 45,175   +242

    Very strange...

    Please download MiniToolBox and run it.

    Checkmark following boxes:
    • Report IE Proxy Settings
    • Report FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    Click Go and post the result.
  24. Brutal Black

    Brutal Black Newcomer, in training Topic Starter Posts: 75

    Ran successfully, here's the log:


    MiniToolBox by Farbar
    Ran by gamers (administrator) on 04-12-2011 at 00:20:52
    Windows 7 Ultimate (X86)

    ***************************************************************************

    ========================= IE Proxy Settings: ==============================

    Proxy is not enabled.
    No Proxy Server is set.

    ========================= FF Proxy Settings: ==============================

    "network.proxy.type", 0
    ========================= Hosts content: =================================

    127.0.0.1 localhost

    ========================= IP Configuration: ================================

    NVIDIA nForce 10/100/1000 Mbps Ethernet = Local Area Connection (Connecting)
    NVIDIA nForce 10/100/1000 Mbps Ethernet = Local Area Connection 2 (Connecting)
    Hamachi Network Interface = Hamachi (Connected)


    # ----------------------------------
    # IPv4 Configuration
    # ----------------------------------
    pushd interface ipv4

    reset
    set global icmpredirects=enabled


    popd
    # End of IPv4 configuration



    Windows IP Configuration

    Host Name . . . . . . . . . . . . : ElNegroBrutal
    Primary Dns Suffix . . . . . . . :
    Node Type . . . . . . . . . . . . : Hybrid
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No
    DNS Suffix Search List. . . . . . : hsd1.fl.comcast.net.

    Ethernet adapter Local Area Connection:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : NVIDIA nForce 10/100/1000 Mbps Ethernet
    Physical Address. . . . . . . . . : 00-15-58-3A-15-C2
    DHCP Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes
    Link-local IPv6 Address . . . . . : fe80::560:d16c:b62d:bde4%20(Deprecated)
    Autoconfiguration IPv4 Address. . : 169.254.189.228(Deprecated)
    Subnet Mask . . . . . . . . . . . : 255.255.0.0
    Default Gateway . . . . . . . . . :
    DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
    fec0:0:0:ffff::2%1
    fec0:0:0:ffff::3%1
    NetBIOS over Tcpip. . . . . . . . : Enabled

    Ethernet adapter Local Area Connection 2:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . : hsd1.fl.comcast.net.
    Description . . . . . . . . . . . : NVIDIA nForce 10/100/1000 Mbps Ethernet #2
    Physical Address. . . . . . . . . : 00-15-58-3A-15-C1
    DHCP Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes
    Link-local IPv6 Address . . . . . : fe80::491:270e:7478:f87a%11(Deprecated)
    Autoconfiguration IPv4 Address. . : 169.254.248.122(Tentative)
    Subnet Mask . . . . . . . . . . . : 255.255.0.0
    Default Gateway . . . . . . . . . :
    DNS Servers . . . . . . . . . . . : 75.75.75.75
    75.75.76.76
    NetBIOS over Tcpip. . . . . . . . : Enabled

    Tunnel adapter isatap.hsd1.fl.comcast.net.:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter Local Area Connection* 11:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter isatap.{7B1F357B-AF16-444B-B5D6-BAC1D11A381D}:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter 6TO4 Adapter:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Microsoft 6to4 Adapter #2
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes
    Server: UnKnown
    Address: 75.75.75.75

    Ping request could not find host google.com. Please check the name and try again.
    Server: UnKnown
    Address: 75.75.75.75

    Ping request could not find host yahoo.com. Please check the name and try again.
    Server: UnKnown
    Address: 75.75.75.75

    Ping request could not find host bleepingcomputer.com. Please check the name and try again.

    Pinging 127.0.0.1 with 32 bytes of data:
    Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
    Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

    Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
    ===========================================================================
    Interface List
    20...00 15 58 3a 15 c2 ......NVIDIA nForce 10/100/1000 Mbps Ethernet
    11...00 15 58 3a 15 c1 ......NVIDIA nForce 10/100/1000 Mbps Ethernet #2
    1...........................Software Loopback Interface 1
    14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
    12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
    16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
    19...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #2
    ===========================================================================

    IPv4 Route Table
    ===========================================================================
    Active Routes:
    Network Destination Netmask Gateway Interface Metric
    127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
    127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
    127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
    224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
    255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
    ===========================================================================
    Persistent Routes:
    None

    IPv6 Route Table
    ===========================================================================
    Active Routes:
    If Metric Network Destination Gateway
    1 306 ::1/128 On-link
    1 306 ff00::/8 On-link
    ===========================================================================
    Persistent Routes:
    None
    ========================= Winsock entries =====================================

    Catalog5 01 C:\Windows\system32\NLAapi.dll [51712] (Microsoft Corporation)
    Catalog5 02 C:\Windows\System32\mswsock.dll [232448] (Microsoft Corporation)
    Catalog5 03 C:\Windows\System32\winrnr.dll [20992] (Microsoft Corporation)
    Catalog5 04 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
    Catalog5 05 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
    Catalog5 06 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
    Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
    Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
    Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
    Catalog9 01 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)
    Catalog9 02 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)
    Catalog9 03 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)
    Catalog9 04 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)
    Catalog9 05 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)
    Catalog9 06 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)
    Catalog9 07 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 08 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 09 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 10 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 11 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 12 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 13 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 14 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 15 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 16 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 17 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 18 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 19 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 20 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 21 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 22 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 23 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 24 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 25 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 26 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 27 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 28 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 29 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 30 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 31 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 32 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 33 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 34 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 35 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 36 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 37 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 38 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 39 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 40 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 41 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 42 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 43 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 44 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 45 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)
    Catalog9 46 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)

    ========================= Event log errors: ===============================

    Application errors:
    ==================
    Error: (12/03/2011 11:46:07 PM) (Source: CVHSVC) (User: )
    Description: Information only.
    Error: Initialization failed 0x80080005 Type: 88::UnexpectedError.

    Error: (12/03/2011 11:34:36 PM) (Source: CVHSVC) (User: )
    Description: Information only.
    The action cannot be completed. Try the action again. If the problem continues, contact Microsoft Product Support.

    Error: (12/03/2011 11:34:33 PM) (Source: Winlogon) (User: )
    Description: Windows license activation failed. Error 0x80070005.

    Error: (12/03/2011 11:34:27 PM) (Source: Schedule) (User: )
    Description: Schedule error: 10050Initialize call failed, bailing out

    Error: (12/03/2011 11:31:36 PM) (Source: VSS) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
    .
    This is often caused by incorrect security settings in either the writer or requestor process.


    Operation:
    Gathering Writer Data

    Context:
    Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
    Writer Name: System Writer
    Writer Instance ID: {d60268a9-08b8-4212-8134-ffb0cb35a523}

    Error: (12/03/2011 10:50:31 PM) (Source: CVHSVC) (User: )
    Description: Information only.
    Error: Initialization failed 0x80080005 Type: 88::UnexpectedError.

    Error: (12/03/2011 10:39:15 PM) (Source: Winlogon) (User: )
    Description: Windows license activation failed. Error 0x80070005.

    Error: (12/03/2011 10:39:01 PM) (Source: CVHSVC) (User: )
    Description: Information only.
    The action cannot be completed. Try the action again. If the problem continues, contact Microsoft Product Support.

    Error: (12/03/2011 10:38:54 PM) (Source: Schedule) (User: )
    Description: Schedule error: 10050Initialize call failed, bailing out

    Error: (12/03/2011 10:20:36 PM) (Source: CVHSVC) (User: )
    Description: Information only.
    Error: Initialization failed 0x80080005 Type: 88::UnexpectedError.


    System errors:
    =============
    Error: (12/04/2011 00:21:04 AM) (Source: Service Control Manager) (User: )
    Description: The HTTP service failed to start due to the following error:
    %%22

    Error: (12/04/2011 00:21:04 AM) (Source: Service Control Manager) (User: )
    Description: The HTTP service failed to start due to the following error:
    %%22

    Error: (12/04/2011 00:04:28 AM) (Source: Service Control Manager) (User: )
    Description: The IPsec Policy Agent service terminated with the following error:
    %%10050

    Error: (12/04/2011 00:04:26 AM) (Source: Service Control Manager) (User: )
    Description: The IPsec Policy Agent service terminated with the following error:
    %%10050

    Error: (12/04/2011 00:04:26 AM) (Source: Service Control Manager) (User: )
    Description: The Server service depends on the Server SMB 1.xxx Driver service which failed to start because of the following error:
    %%1068

    Error: (12/04/2011 00:04:26 AM) (Source: Service Control Manager) (User: )
    Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
    %%1068

    Error: (12/04/2011 00:04:26 AM) (Source: Service Control Manager) (User: )
    Description: The Server SMB 1.xxx Driver service depends on the Server SMB 2.xxx Driver service which failed to start because of the following error:
    %%1068

    Error: (12/04/2011 00:04:26 AM) (Source: Service Control Manager) (User: )
    Description: The Workstation service depends on the SMB 2.0 MiniRedirector service which failed to start because of the following error:
    %%1068

    Error: (12/04/2011 00:04:26 AM) (Source: Service Control Manager) (User: )
    Description: The Server SMB 2.xxx Driver service depends on the srvnet service which failed to start because of the following error:
    %%22

    Error: (12/04/2011 00:04:26 AM) (Source: Service Control Manager) (User: )
    Description: The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:
    %%22


    Microsoft Office Sessions:
    =========================
    Error: (12/03/2011 11:46:07 PM) (Source: CVHSVC)(User: )
    Description: Error: Initialization failed 0x80080005 Type: 88::UnexpectedError.

    Error: (12/03/2011 11:34:36 PM) (Source: CVHSVC)(User: )
    Description: The action cannot be completed. Try the action again. If the problem continues, contact Microsoft Product Support.

    Error: (12/03/2011 11:34:33 PM) (Source: Winlogon)(User: )
    Description: 0x800700050x00000000

    Error: (12/03/2011 11:34:27 PM) (Source: Schedule)(User: )
    Description: Schedule error: 10050Initialize call failed, bailing out

    Error: (12/03/2011 11:31:36 PM) (Source: VSS)(User: )
    Description: 0x80070005, Access is denied.


    Operation:
    Gathering Writer Data

    Context:
    Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
    Writer Name: System Writer
    Writer Instance ID: {d60268a9-08b8-4212-8134-ffb0cb35a523}

    Error: (12/03/2011 10:50:31 PM) (Source: CVHSVC)(User: )
    Description: Error: Initialization failed 0x80080005 Type: 88::UnexpectedError.

    Error: (12/03/2011 10:39:15 PM) (Source: Winlogon)(User: )
    Description: 0x800700050x00000000

    Error: (12/03/2011 10:39:01 PM) (Source: CVHSVC)(User: )
    Description: The action cannot be completed. Try the action again. If the problem continues, contact Microsoft Product Support.

    Error: (12/03/2011 10:38:54 PM) (Source: Schedule)(User: )
    Description: Schedule error: 10050Initialize call failed, bailing out

    Error: (12/03/2011 10:20:36 PM) (Source: CVHSVC)(User: )
    Description: Error: Initialization failed 0x80080005 Type: 88::UnexpectedError.


    **** End of log ****
  25. Brutal Black

    Brutal Black Newcomer, in training Topic Starter Posts: 75

    This has been quite the mission for you and me both, I'd like to take another moment to thank you for your patience in helping me with this apparently unique problem. If there is such a thing as Saints among techies, you definitely qualify.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.