Pretty sure I have Rootkit.ZeroAccess on my computer

Solved
By Syreynna
Jun 25, 2012
  1. It started about 2 days ago with my Google chrome redirecting and my MSE/windows firewall were no longer working when I tried to check on them. My boyfriend and I were trying to fix this because we didn't know it was a rootkit at the time. So I couldn't use the web browser or else I kept getting redirected. Skype/aim still worked so he sent me the mse.exe and the lines of command for resetting the firewall. I re installed MSE and it seems to be working fine. I also re installed/reset the windows firewall through the command prompt and that seems to working fine. He then sent me mbam.exe so I ran that as well as what he gave me next; combofix and tdsskiller. Yeah, I didn't know I shouldn't run those without someone that actually knows what they are doing to tell me to do so. My bad. Combofix is the one that is identifying the rootkit over and over again(I did run it w/o mbam and mse protection). TDSSkiller found 3 things and got rid of them. Those 2 seemed to have gotten rid of parts of the rootkit but not all. The reason I say that is because Google is no longer redirecting. Since I am using the sick computer to post with. I've also deleted combofix and tdsskiller just in case they might have messed up Gmer.

    I am now having a problem not being able to download DDS so I can get the log it creates. I went to the bleeping computer site and it wasn't starting automatically or when I clicked for it to start and now it's giving me an error saying "There appears to be an error with the application
    You can try to refresh the page by clicking
    here, if this does not fix the error, you can contact the board administrator by clicking here
    We apologise for any inconvenience".

    Anyways here's the mbam log and Gmer log at least.
    Do you want the mbam log from 2 days ago with what it found?
    Thanks in advance! :)

    Malwarebytes Anti-Malware (Trial) 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.06.25.09

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Admin1 :: DH7VCF91 [administrator]

    Protection: Enabled

    6/25/2012 7:55:18 PM
    mbam-log-2012-06-25 (19-55-18).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 275665
    Time elapsed: 9 minute(s), 31 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)


    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-06-25 19:43:53
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 SAMSUNG_ rev.ZH10
    Running: d4c1iup5.exe; Driver: C:\DOCUME~1\Admin1\LOCALS~1\Temp\pwlyapod.sys


    ---- Kernel code sections - GMER 1.0.15 ----

    .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB620A3C0, 0x9B091A, 0xE8000020]

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1960] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1960] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1960] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1960] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1960] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1960] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1960] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1960] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1960] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1960] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1960] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1960] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1960] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1960] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1960] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1960] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1960] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1960] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1960] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1960] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1960] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1960] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1960] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1960] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1960] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1960] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1960] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1960] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1960] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1960] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 33, 00] {SUB [EAX], AL; XOR EAX, [EAX]}
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 33, 00] {SUB [EBX], AL; XOR EAX, [EAX]}
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 33, 00]
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 33, 00] {TEST AL, 0x1; XOR EAX, [EAX]}
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91091A
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 33, 00] {TEST AL, 0x2; XOR EAX, [EAX]}
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 33, 00]
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 33, 00]
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91098B
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 33, 00] {TEST AL, 0x0; XOR EAX, [EAX]}
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B910AB9
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 33, 00] {SUB [ECX], AL; XOR EAX, [EAX]}
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 33, 00] {SUB [EDX], AL; XOR EAX, [EAX]}
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 33, 00]
    .text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1960] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002E0010
    IAT C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002C0010
    IAT C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3964] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002D0010
    IAT C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 003A0010

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@RequireSignedAppInit_DLLs 1

    ---- EOF - GMER 1.0.15 ----
  2. Broni

    Broni Malware Annihilator Posts: 46,171   +251

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ========================================================

    Download Bootkit Remover to your desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.

    =================================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
  3. Syreynna

    Syreynna Newcomer, in training Topic Starter Posts: 74

    aswMBR keeps crashing like halfway through the scan but the other worked fine.

    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`036e8e00
    Boot sector MD5 is: d151c79dcec0bf1ec983bea63558a0ef

    Size Device Name MBR Status
    --------------------------------------------
    74 GB \\.\PhysicalDrive0 Unknown boot code

    Unknown boot code has been found on some of your physical disks.
    To inspect the boot code manually, dump the master boot sector:
    remover.exe dump <device_name> [output_file]
    To disinfect the master boot sector, use the following command:
    remover.exe fix <device_name>


    Done;
    Press any key to quit...
  4. Broni

    Broni Malware Annihilator Posts: 46,171   +251

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  5. Syreynna

    Syreynna Newcomer, in training Topic Starter Posts: 74

    23:30:51.0578 3852TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
    23:30:51.0828 3852============================================================
    23:30:51.0828 3852Current date / time: 2012/06/25 23:30:51.0828
    23:30:51.0828 3852SystemInfo:
    23:30:51.0828 3852
    23:30:51.0828 3852OS Version: 5.1.2600 ServicePack: 3.0
    23:30:51.0828 3852Product type: Workstation
    23:30:51.0828 3852ComputerName: DH7VCF91
    23:30:51.0828 3852UserName: Admin1
    23:30:51.0828 3852Windows directory: C:\WINDOWS
    23:30:51.0828 3852System windows directory: C:\WINDOWS
    23:30:51.0828 3852Processor architecture: Intel x86
    23:30:51.0828 3852Number of processors: 2
    23:30:51.0828 3852Page size: 0x1000
    23:30:51.0828 3852Boot type: Normal boot
    23:30:51.0828 3852============================================================
    23:30:52.0734 3852Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    23:30:52.0750 3852Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    23:30:52.0750 3852============================================================
    23:30:52.0750 3852\Device\Harddisk0\DR0:
    23:30:52.0765 3852MBR partitions:
    23:30:52.0765 3852\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1B747, BlocksNum 0x8B966D7
    23:30:52.0765 3852\Device\Harddisk1\DR1:
    23:30:52.0765 3852MBR partitions:
    23:30:52.0765 3852============================================================
    23:30:52.0812 3852C: <-> \Device\Harddisk0\DR0\Partition0
    23:30:52.0812 3852============================================================
    23:30:52.0812 3852Initialize success
    23:30:52.0812 3852============================================================
    23:30:55.0093 0628============================================================
    23:30:55.0093 0628Scan started
    23:30:55.0093 0628Mode: Manual;
    23:30:55.0093 0628============================================================
    23:30:55.0500 0628Abiosdsk - ok
    23:30:55.0515 0628abp480n5 - ok
    23:30:55.0578 0628ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    23:30:55.0578 0628ACPI - ok
    23:30:55.0593 0628ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    23:30:55.0593 0628ACPIEC - ok
    23:30:55.0687 0628AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    23:30:55.0687 0628AdobeFlashPlayerUpdateSvc - ok
    23:30:55.0718 0628adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
    23:30:55.0718 0628adpu160m - ok
    23:30:55.0750 0628aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    23:30:55.0765 0628aec - ok
    23:30:55.0812 0628AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
    23:30:55.0812 0628AFD - ok
    23:30:55.0843 0628agp440 - ok
    23:30:55.0843 0628agpCPQ - ok
    23:30:55.0875 0628Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
    23:30:55.0875 0628Aha154x - ok
    23:30:55.0890 0628aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
    23:30:55.0890 0628aic78u2 - ok
    23:30:55.0890 0628aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
    23:30:55.0906 0628aic78xx - ok
    23:30:55.0953 0628Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
    23:30:55.0953 0628Alerter - ok
    23:30:55.0984 0628ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
    23:30:55.0984 0628ALG - ok
    23:30:55.0984 0628AliIde - ok
    23:30:56.0000 0628alim1541 - ok
    23:30:56.0000 0628amdagp - ok
    23:30:56.0015 0628amsint - ok
    23:30:56.0171 0628Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    23:30:56.0187 0628Apple Mobile Device - ok
    23:30:56.0234 0628AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
    23:30:56.0234 0628AppMgmt - ok
    23:30:56.0234 0628asc - ok
    23:30:56.0250 0628asc3350p - ok
    23:30:56.0250 0628asc3550 - ok
    23:30:56.0421 0628aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
    23:30:56.0453 0628aspnet_state - ok
    23:30:56.0500 0628AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    23:30:56.0500 0628AsyncMac - ok
    23:30:56.0531 0628atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    23:30:56.0531 0628atapi - ok
    23:30:56.0531 0628Atdisk - ok
    23:30:56.0593 0628Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    23:30:56.0593 0628Atmarpc - ok
    23:30:56.0625 0628AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
    23:30:56.0640 0628AudioSrv - ok
    23:30:56.0656 0628audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    23:30:56.0656 0628audstub - ok
    23:30:56.0765 0628Autodesk Content Service (1992c2a1867d95aa3a0802539358d162) C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
    23:30:56.0765 0628Autodesk Content Service - ok
    23:30:56.0828 0628Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    23:30:56.0828 0628Beep - ok
    23:30:56.0906 0628BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
    23:30:56.0921 0628BITS - ok
    23:30:57.0046 0628Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
    23:30:57.0046 0628Bonjour Service - ok
    23:30:57.0093 0628Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
    23:30:57.0109 0628Browser - ok
    23:30:57.0171 0628BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
    23:30:57.0171 0628BVRPMPR5 - ok
    23:30:57.0296 0628catchme - ok
    23:30:57.0343 0628cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
    23:30:57.0343 0628cbidf - ok
    23:30:57.0343 0628cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    23:30:57.0343 0628cbidf2k - ok
    23:30:57.0390 0628CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    23:30:57.0390 0628CCDECODE - ok
    23:30:57.0406 0628cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
    23:30:57.0406 0628cd20xrnt - ok
    23:30:57.0453 0628Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    23:30:57.0453 0628Cdaudio - ok
    23:30:57.0500 0628Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    23:30:57.0500 0628Cdfs - ok
    23:30:57.0562 0628Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    23:30:57.0562 0628Cdrom - ok
    23:30:57.0562 0628Changer - ok
    23:30:57.0625 0628CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
    23:30:57.0625 0628CiSvc - ok
    23:30:57.0640 0628ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
    23:30:57.0640 0628ClipSrv - ok
    23:30:57.0812 0628clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    23:30:58.0000 0628clr_optimization_v2.0.50727_32 - ok
    23:30:58.0078 0628clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    23:30:58.0171 0628clr_optimization_v4.0.30319_32 - ok
    23:30:58.0203 0628CmdIde - ok
    23:30:58.0203 0628COMSysApp - ok
    23:30:58.0234 0628Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
    23:30:58.0234 0628Cpqarray - ok
    23:30:58.0390 0628cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys
    23:30:58.0406 0628cpudrv - ok
    23:30:58.0484 0628CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
    23:30:58.0484 0628CryptSvc - ok
    23:30:58.0500 0628dac2w2k - ok
    23:30:58.0500 0628dac960nt - ok
    23:30:58.0562 0628DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
    23:30:58.0578 0628DcomLaunch - ok
    23:30:58.0640 0628Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
    23:30:58.0640 0628Dhcp - ok
    23:30:58.0703 0628Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    23:30:58.0703 0628Disk - ok
    23:30:58.0703 0628dlcc_device - ok
    23:30:58.0718 0628dmadmin - ok
    23:30:58.0781 0628dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    23:30:58.0796 0628dmboot - ok
    23:30:58.0812 0628dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    23:30:58.0812 0628dmio - ok
    23:30:58.0843 0628dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    23:30:58.0843 0628dmload - ok
    23:30:58.0875 0628dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
    23:30:58.0875 0628dmserver - ok
    23:30:58.0890 0628DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    23:30:58.0890 0628DMusic - ok
    23:30:58.0906 0628Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
    23:30:58.0906 0628Dnscache - ok
    23:30:58.0953 0628Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
    23:30:58.0953 0628Dot3svc - ok
    23:30:58.0984 0628dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
    23:30:58.0984 0628dpti2o - ok
    23:30:58.0984 0628drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    23:30:58.0984 0628drmkaud - ok
    23:30:59.0031 0628drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys
    23:30:59.0031 0628drvmcdb - ok
    23:30:59.0046 0628drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys
    23:30:59.0046 0628drvnddm - ok
    23:30:59.0093 0628E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
    23:30:59.0093 0628E100B - ok
    23:30:59.0140 0628e1express (5b75bbf89d8341f424171df7ad9dc465) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
    23:30:59.0140 0628e1express - ok
    23:30:59.0140 0628EagleNT - ok
    23:30:59.0140 0628EagleXNt - ok
    23:30:59.0187 0628EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
    23:30:59.0187 0628EapHost - ok
    23:30:59.0296 0628ehRecvr (5d1347aa5ae6e2f77d7f4f8372d95ac9) C:\WINDOWS\eHome\ehRecvr.exe
    23:30:59.0296 0628ehRecvr - ok
    23:30:59.0328 0628ehSched (a53243709439ac2a4c216b817f8d7411) C:\WINDOWS\eHome\ehSched.exe
    23:30:59.0328 0628ehSched - ok
    23:30:59.0375 0628ELacpi (1976fedf6d7f87135c9b7f5cb4c8c868) C:\WINDOWS\system32\DRIVERS\ELacpi.sys
    23:30:59.0375 0628ELacpi - ok
    23:30:59.0406 0628ELhid (ae65c02444907966378454138b9f99f0) C:\WINDOWS\system32\DRIVERS\ELhid.sys
    23:30:59.0406 0628ELhid - ok
    23:30:59.0406 0628ELkbd (e485c3ba1daddeef3e14fea1e8fda6e1) C:\WINDOWS\system32\DRIVERS\ELkbd.sys
    23:30:59.0406 0628ELkbd - ok
    23:30:59.0421 0628ELmon (0d87cb825ed6cb2ebcc147a10a42f1d6) C:\WINDOWS\system32\DRIVERS\ELmon.sys
    23:30:59.0421 0628ELmon - ok
    23:30:59.0421 0628ELmou (a4add3847b67bacab6fc851a2b60fdb3) C:\WINDOWS\system32\DRIVERS\ELmou.sys
    23:30:59.0421 0628ELmou - ok
    23:30:59.0546 0628ELService (d1de16926c682dcd3d99ae5500ca5522) C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
    23:30:59.0562 0628ELService - ok
    23:30:59.0609 0628ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
    23:30:59.0625 0628ERSvc - ok
    23:30:59.0656 0628Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
    23:30:59.0656 0628Eventlog - ok
    23:30:59.0703 0628EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
    23:30:59.0718 0628EventSystem - ok
    23:30:59.0750 0628Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    23:30:59.0765 0628Fastfat - ok
    23:30:59.0812 0628FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
    23:30:59.0812 0628FastUserSwitchingCompatibility - ok
    23:30:59.0843 0628Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
    23:30:59.0859 0628Fax - ok
    23:30:59.0875 0628Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    23:30:59.0875 0628Fdc - ok
    23:30:59.0921 0628Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    23:30:59.0921 0628Fips - ok
    23:31:00.0078 0628FLEXnet Licensing Service (73081cf28f0ae20a52ca4f67cee6e6b0) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    23:31:00.0234 0628FLEXnet Licensing Service - ok
    23:31:00.0281 0628Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    23:31:00.0281 0628Flpydisk - ok
    23:31:00.0328 0628FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    23:31:00.0343 0628FltMgr - ok
    23:31:00.0546 0628FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    23:31:00.0546 0628FontCache3.0.0.0 - ok
    23:31:00.0609 0628Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    23:31:00.0609 0628Fs_Rec - ok
    23:31:00.0640 0628Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    23:31:00.0640 0628Ftdisk - ok
    23:31:00.0718 0628GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    23:31:00.0718 0628GEARAspiWDM - ok
    23:31:00.0781 0628Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    23:31:00.0781 0628Gpc - ok
    23:31:00.0812 0628HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    23:31:00.0812 0628HDAudBus - ok
    23:31:00.0890 0628HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
    23:31:00.0890 0628HidServ - ok
    23:31:00.0953 0628HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    23:31:00.0953 0628HidUsb - ok
    23:31:01.0000 0628hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
    23:31:01.0015 0628hkmsvc - ok
    23:31:01.0078 0628hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
    23:31:01.0078 0628hpn - ok
    23:31:01.0218 0628HPSLPSVC (568e44f6dcfa173f3670172b69379891) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
    23:31:01.0234 0628HPSLPSVC - ok
    23:31:01.0281 0628HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
    23:31:01.0281 0628HPZid412 - ok
    23:31:01.0343 0628HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
    23:31:01.0343 0628HPZipr12 - ok
    23:31:01.0343 0628HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
    23:31:01.0359 0628HPZius12 - ok
    23:31:01.0406 0628HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    23:31:01.0406 0628HTTP - ok
    23:31:01.0453 0628HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
    23:31:01.0453 0628HTTPFilter - ok
    23:31:01.0500 0628i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
    23:31:01.0500 0628i2omgmt - ok
    23:31:01.0578 0628i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
    23:31:01.0578 0628i2omp - ok
    23:31:01.0609 0628i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    23:31:01.0609 0628i8042prt - ok
    23:31:01.0734 0628IAANTMon (d43e91e271c041bb86a6223462a41d28) C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    23:31:01.0734 0628IAANTMon - ok
    23:31:01.0796 0628iastor (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\drivers\iastor.sys
    23:31:01.0796 0628Suspicious file (Forged): C:\WINDOWS\system32\drivers\iastor.sys. Real md5: 62d318e9a0c8fc9b780008e724283707, Fake md5: 9a65e42664d1534b68512caad0efe963
    23:31:01.0796 0628iastor ( ForgedFile.Multi.Generic ) - warning
    23:31:01.0796 0628iastor - detected ForgedFile.Multi.Generic (1)
    23:31:01.0921 0628IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    23:31:01.0921 0628IDriverT - ok
    23:31:02.0171 0628idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    23:31:02.0171 0628idsvc - ok
    23:31:02.0234 0628Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    23:31:02.0234 0628Imapi - ok
    23:31:02.0296 0628ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
    23:31:02.0296 0628ImapiService - ok
    23:31:02.0343 0628ini910u - ok
    23:31:02.0390 0628IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
    23:31:02.0390 0628IntelIde - ok
    23:31:02.0453 0628intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    23:31:02.0453 0628intelppm - ok
    23:31:02.0484 0628Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    23:31:02.0484 0628Ip6Fw - ok
    23:31:02.0546 0628IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    23:31:02.0546 0628IpFilterDriver - ok
    23:31:02.0578 0628IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    23:31:02.0578 0628IpInIp - ok
    23:31:02.0609 0628IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    23:31:02.0609 0628IpNat - ok
    23:31:02.0781 0628iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
    23:31:02.0796 0628iPod Service - ok
    23:31:02.0812 0628IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    23:31:02.0812 0628IPSec - ok
    23:31:02.0843 0628IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    23:31:02.0859 0628IRENUM - ok
    23:31:02.0921 0628isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    23:31:02.0921 0628isapnp - ok
    23:31:03.0109 0628JavaQuickStarterService (de5d05fd449798ef88cc34ad4b1e7f85) C:\Program Files\Java\jre6\bin\jqs.exe
    23:31:03.0109 0628JavaQuickStarterService - ok
    23:31:03.0125 0628Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    23:31:03.0125 0628Kbdclass - ok
    23:31:03.0140 0628kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    23:31:03.0140 0628kbdhid - ok
    23:31:03.0203 0628kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    23:31:03.0203 0628kmixer - ok
    23:31:03.0250 0628KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    23:31:03.0250 0628KSecDD - ok
    23:31:03.0296 0628lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
    23:31:03.0312 0628lanmanserver - ok
    23:31:03.0375 0628lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
    23:31:03.0375 0628lanmanworkstation - ok
    23:31:03.0375 0628lbrtfdc - ok
    23:31:03.0437 0628LHidFilt (c91206ca84684057118265e8377c77b6) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
    23:31:03.0437 0628LHidFilt - ok
    23:31:03.0484 0628LHidUsbK (9ffc80e9cb4acc844e5b3cf2fa8ce1ec) C:\WINDOWS\system32\Drivers\LHidUsbK.Sys
    23:31:03.0484 0628LHidUsbK - ok
    23:31:03.0531 0628LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
    23:31:03.0531 0628LmHosts - ok
    23:31:03.0578 0628LMouFilt (9f03720fa5e6d14cd4dfea610f2c1a7c) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
    23:31:03.0578 0628LMouFilt - ok
    23:31:03.0578 0628LMouKE - ok
    23:31:03.0609 0628MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys
    23:31:03.0609 0628MBAMProtector - ok
    23:31:03.0750 0628MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    23:31:03.0750 0628MBAMService - ok
    23:31:03.0859 0628McrdSvc (df0a511f38f16016bf658fca0090cb87) C:\WINDOWS\ehome\mcrdsvc.exe
    23:31:03.0859 0628McrdSvc - ok
    23:31:03.0984 0628MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    23:31:03.0984 0628MDM - ok
    23:31:04.0062 0628Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
    23:31:04.0062 0628Messenger - ok
    23:31:04.0109 0628MHN (b7521f69c0a9b29d356157229376fb21) C:\WINDOWS\System32\mhn.dll
    23:31:04.0109 0628MHN - ok
    23:31:04.0203 0628MHNDRV - ok
    23:31:04.0234 0628mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    23:31:04.0234 0628mnmdd - ok
    23:31:04.0296 0628mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
    23:31:04.0296 0628mnmsrvc - ok
    23:31:04.0375 0628Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    23:31:04.0375 0628Modem - ok
    23:31:04.0406 0628Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    23:31:04.0406 0628Mouclass - ok
    23:31:04.0453 0628mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    23:31:04.0453 0628mouhid - ok
    23:31:04.0468 0628MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    23:31:04.0468 0628MountMgr - ok
    23:31:04.0500 0628MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
    23:31:04.0500 0628MpFilter - ok
    23:31:04.0750 0628MpKsl1cb3245a (a69630d039c38018689190234f866d77) C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A4A6C516-9C8E-4F0D-80C2-3FE03BF91FDB}\MpKsl1cb3245a.sys
    23:31:04.0750 0628MpKsl1cb3245a - ok
    23:31:04.0750 0628mraid35x - ok
    23:31:04.0859 0628MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    23:31:04.0859 0628MRxDAV - ok
    23:31:04.0968 0628MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    23:31:04.0968 0628MRxSmb - ok
    23:31:05.0140 0628MSCamSvc (b03e3f64b70f8031e65eb26da23de91a) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    23:31:05.0156 0628MSCamSvc - ok
    23:31:05.0203 0628MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
    23:31:05.0218 0628MSDTC - ok
    23:31:05.0250 0628Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    23:31:05.0250 0628Msfs - ok
    23:31:05.0281 0628MSHUSBVideo (7a0f9cbdbdb135113b9a3c138e20c85d) C:\WINDOWS\system32\Drivers\nx6000.sys
    23:31:05.0281 0628MSHUSBVideo - ok
    23:31:05.0281 0628MSIServer - ok
    23:31:05.0328 0628MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    23:31:05.0328 0628MSKSSRV - ok
    23:31:05.0375 0628MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    23:31:05.0375 0628MsMpSvc - ok
    23:31:05.0437 0628MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    23:31:05.0437 0628MSPCLOCK - ok
    23:31:05.0437 0628MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    23:31:05.0437 0628MSPQM - ok
    23:31:05.0500 0628mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    23:31:05.0500 0628mssmbios - ok
    23:31:05.0546 0628MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
    23:31:05.0546 0628MSTEE - ok
    23:31:05.0578 0628Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    23:31:05.0578 0628Mup - ok
    23:31:05.0640 0628NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    23:31:05.0656 0628NABTSFEC - ok
    23:31:05.0718 0628napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
    23:31:05.0718 0628napagent - ok
    23:31:05.0765 0628NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    23:31:05.0765 0628NDIS - ok
    23:31:05.0828 0628NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    23:31:05.0828 0628NdisIP - ok
    23:31:05.0875 0628NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    23:31:05.0875 0628NdisTapi - ok
    23:31:05.0890 0628Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    23:31:05.0890 0628Ndisuio - ok
    23:31:05.0921 0628NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    23:31:05.0921 0628NdisWan - ok
    23:31:05.0968 0628NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    23:31:05.0968 0628NDProxy - ok
    23:31:05.0984 0628Net Driver HPZ12 (510c138564486ff926a3f773205c63d1) C:\WINDOWS\system32\HPZinw12.dll
    23:31:06.0000 0628Net Driver HPZ12 - ok
    23:31:06.0015 0628NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    23:31:06.0015 0628NetBIOS - ok
    23:31:06.0062 0628NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    23:31:06.0078 0628NetBT - ok
    23:31:06.0125 0628NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
    23:31:06.0125 0628NetDDE - ok
    23:31:06.0125 0628NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
    23:31:06.0125 0628NetDDEdsdm - ok
    23:31:06.0203 0628Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    23:31:06.0203 0628Netlogon - ok
    23:31:06.0265 0628Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
    23:31:06.0281 0628Netman - ok
    23:31:06.0500 0628NetSvc (9da26b773bd04b867a8e9f427cd048fc) C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    23:31:06.0578 0628NetSvc - ok
    23:31:06.0734 0628NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    23:31:06.0765 0628NetTcpPortSharing - ok
    23:31:06.0812 0628Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
    23:31:06.0812 0628Nla - ok
    23:31:06.0875 0628Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    23:31:06.0875 0628Npfs - ok
    23:31:06.0921 0628Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    23:31:06.0937 0628Ntfs - ok
    23:31:07.0000 0628NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    23:31:07.0000 0628NtLmSsp - ok
    23:31:07.0093 0628NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
    23:31:07.0109 0628NtmsSvc - ok
    23:31:07.0140 0628Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    23:31:07.0140 0628Null - ok
    23:31:08.0156 0628nv (7b5a17bd54bb9142843dbe99a1caaed8) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    23:31:08.0531 0628nv - ok
    23:31:08.0718 0628NVHDA (fb61db41abb47ff893a35dca09628d12) C:\WINDOWS\system32\drivers\nvhda32.sys
    23:31:08.0718 0628NVHDA - ok
    23:31:08.0765 0628nvsvc (5150b108ea88831e1c599603d8b89621) C:\WINDOWS\system32\nvsvc32.exe
    23:31:08.0765 0628nvsvc - ok
    23:31:08.0968 0628nvUpdatusService (83e8ab7bb3c8956c53fec071c94f0bbb) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    23:31:09.0000 0628nvUpdatusService - ok
    23:31:09.0078 0628NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    23:31:09.0078 0628NwlnkFlt - ok
    23:31:09.0093 0628NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    23:31:09.0093 0628NwlnkFwd - ok
    23:31:09.0171 0628ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    23:31:09.0171 0628ose - ok
    23:31:09.0218 0628Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    23:31:09.0218 0628Parport - ok
    23:31:09.0250 0628PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    23:31:09.0250 0628PartMgr - ok
    23:31:09.0281 0628ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    23:31:09.0281 0628ParVdm - ok
    23:31:09.0281 0628PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    23:31:09.0281 0628PCI - ok
    23:31:09.0296 0628PCIDump - ok
    23:31:09.0296 0628PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    23:31:09.0296 0628PCIIde - ok
    23:31:09.0343 0628Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    23:31:09.0343 0628Pcmcia - ok
    23:31:09.0343 0628PDCOMP - ok
    23:31:09.0359 0628PDFRAME - ok
    23:31:09.0359 0628PDRELI - ok
    23:31:09.0375 0628PDRFRAME - ok
    23:31:09.0406 0628perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
    23:31:09.0406 0628perc2 - ok
    23:31:09.0421 0628perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
    23:31:09.0421 0628perc2hib - ok
    23:31:09.0500 0628PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
    23:31:09.0500 0628PlugPlay - ok
    23:31:09.0546 0628Pml Driver HPZ12 (37e5e8ffbad35605daeec3224ea0e465) C:\WINDOWS\system32\HPZipm12.dll
    23:31:09.0546 0628Pml Driver HPZ12 - ok
    23:31:09.0578 0628PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    23:31:09.0578 0628PolicyAgent - ok
    23:31:09.0609 0628PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    23:31:09.0609 0628PptpMiniport - ok
    23:31:09.0609 0628ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    23:31:09.0625 0628ProtectedStorage - ok
    23:31:09.0625 0628PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    23:31:09.0625 0628PSched - ok
    23:31:09.0687 0628Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    23:31:09.0687 0628Ptilink - ok
    23:31:09.0765 0628pwdrvio (c50de6d0c04b230f185a13fde0f047fa) C:\WINDOWS\system32\pwdrvio.sys
    23:31:09.0796 0628pwdrvio - ok
    23:31:09.0828 0628pwdspio (cdc5704308222400ad606bcf87b006a5) C:\WINDOWS\system32\pwdspio.sys
    23:31:09.0843 0628pwdspio - ok
    23:31:09.0890 0628PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    23:31:09.0890 0628PxHelp20 - ok
    23:31:09.0890 0628ql1080 - ok
    23:31:09.0906 0628Ql10wnt - ok
    23:31:09.0906 0628ql12160 - ok
    23:31:09.0921 0628ql1240 - ok
    23:31:09.0921 0628ql1280 - ok
    23:31:09.0937 0628RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    23:31:09.0937 0628RasAcd - ok
    23:31:09.0984 0628RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
    23:31:10.0000 0628RasAuto - ok
    23:31:10.0015 0628Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    23:31:10.0031 0628Rasl2tp - ok
    23:31:10.0093 0628RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
    23:31:10.0109 0628RasMan - ok
    23:31:10.0109 0628RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    23:31:10.0109 0628RasPppoe - ok
    23:31:10.0125 0628Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    23:31:10.0125 0628Raspti - ok
    23:31:10.0187 0628Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    23:31:10.0187 0628Rdbss - ok
    23:31:10.0234 0628RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    23:31:10.0234 0628RDPCDD - ok
    23:31:10.0250 0628rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    23:31:10.0265 0628rdpdr - ok
    23:31:10.0328 0628RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
    23:31:10.0328 0628RDPWD - ok
    23:31:10.0390 0628RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
    23:31:10.0406 0628RDSessMgr - ok
    23:31:10.0437 0628redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    23:31:10.0437 0628redbook - ok
    23:31:10.0515 0628RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
    23:31:10.0515 0628RemoteAccess - ok
    23:31:10.0593 0628RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
    23:31:10.0609 0628RemoteRegistry - ok
    23:31:10.0656 0628RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
    23:31:10.0671 0628RpcLocator - ok
    23:31:10.0750 0628RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
    23:31:10.0765 0628RpcSs - ok
    23:31:10.0828 0628RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
    23:31:10.0843 0628RSVP - ok
    23:31:10.0859 0628SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    23:31:10.0875 0628SamSs - ok
    23:31:10.0937 0628SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
    23:31:10.0937 0628SCardSvr - ok
    23:31:11.0015 0628Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
    23:31:11.0015 0628Schedule - ok
    23:31:11.0078 0628Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    23:31:11.0078 0628Secdrv - ok
    23:31:11.0078 0628seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
    23:31:11.0093 0628seclogon - ok
    23:31:11.0093 0628SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
    23:31:11.0093 0628SENS - ok
    23:31:11.0140 0628serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    23:31:11.0140 0628serenum - ok
    23:31:11.0187 0628Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    23:31:11.0187 0628Serial - ok
    23:31:11.0265 0628Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
    23:31:11.0265 0628Sfloppy - ok
    23:31:11.0343 0628SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
    23:31:11.0343 0628SharedAccess - ok
    23:31:11.0406 0628ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
    23:31:11.0406 0628ShellHWDetection - ok
    23:31:11.0421 0628Simbad - ok
    23:31:11.0453 0628sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
    23:31:11.0453 0628sisagp - ok
    23:31:11.0906 0628Skype C2C Service (4ca43b85f22c7739311788b651a779cb) C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    23:31:11.0953 0628Skype C2C Service - ok
    23:31:12.0078 0628SkypeUpdate (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files\Skype\Updater\Updater.exe
    23:31:12.0078 0628SkypeUpdate - ok
    23:31:12.0234 0628SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    23:31:12.0234 0628SLIP - ok
    23:31:12.0281 0628Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
    23:31:12.0281 0628Sparrow - ok
    23:31:12.0296 0628splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    23:31:12.0296 0628splitter - ok
    23:31:12.0343 0628Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
    23:31:12.0359 0628Spooler - ok
    23:31:12.0375 0628sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    23:31:12.0375 0628sr - ok
    23:31:12.0453 0628srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
    23:31:12.0468 0628srservice - ok
    23:31:12.0500 0628Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    23:31:12.0500 0628Srv - ok
    23:31:12.0531 0628sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
    23:31:12.0531 0628sscdbhk5 - ok
    23:31:12.0531 0628SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
    23:31:12.0546 0628SSDPSRV - ok
    23:31:12.0546 0628ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
    23:31:12.0546 0628ssrtln - ok
    23:31:12.0593 0628STHDA (352b663a81402be7cd7bd4ea27c9998c) C:\WINDOWS\system32\drivers\sthda.sys
    23:31:12.0593 0628STHDA - ok
    23:31:12.0625 0628stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
    23:31:12.0640 0628stisvc - ok
    23:31:12.0656 0628streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    23:31:12.0671 0628streamip - ok
    23:31:12.0703 0628swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    23:31:12.0703 0628swenum - ok
    23:31:12.0875 0628SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    23:31:12.0875 0628SwitchBoard - ok
    23:31:12.0890 0628swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    23:31:12.0890 0628swmidi - ok
    23:31:12.0890 0628SwPrv - ok
    23:31:12.0953 0628symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
    23:31:12.0953 0628symc810 - ok
    23:31:12.0953 0628symc8xx - ok
    23:31:12.0968 0628sym_hi - ok
    23:31:12.0968 0628sym_u3 - ok
    23:31:13.0031 0628sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    23:31:13.0031 0628sysaudio - ok
    23:31:13.0062 0628SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
    23:31:13.0078 0628SysmonLog - ok
    23:31:13.0140 0628TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
    23:31:13.0140 0628TapiSrv - ok
    23:31:13.0218 0628Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    23:31:13.0218 0628Tcpip - ok
    23:31:13.0250 0628TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    23:31:13.0250 0628TDPIPE - ok
    23:31:13.0312 0628TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    23:31:13.0312 0628TDTCP - ok
    23:31:13.0343 0628TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    23:31:13.0359 0628TermDD - ok
    23:31:13.0390 0628TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
    23:31:13.0390 0628TermService - ok
    23:31:13.0468 0628tfsnboio (30698355067d07da5f9eb81132c9fdd6) C:\WINDOWS\system32\dla\tfsnboio.sys
    23:31:13.0500 0628tfsnboio - ok
    23:31:13.0500 0628tfsncofs (fb9d825bb4a2abdf24600f7505050e2b) C:\WINDOWS\system32\dla\tfsncofs.sys
    23:31:13.0531 0628tfsncofs - ok
    23:31:13.0531 0628tfsndrct (cafd8cca11aa1e8b6d2ea1ba8f70ec33) C:\WINDOWS\system32\dla\tfsndrct.sys
    23:31:13.0546 0628tfsndrct - ok
    23:31:13.0609 0628tfsndres (8db1e78fbf7c426d8ec3d8f1a33d6485) C:\WINDOWS\system32\dla\tfsndres.sys
    23:31:13.0625 0628tfsndres - ok
    23:31:13.0625 0628tfsnifs (b92f67a71cc8176f331b8aa8d9f555ad) C:\WINDOWS\system32\dla\tfsnifs.sys
    23:31:13.0687 0628tfsnifs - ok
    23:31:13.0687 0628tfsnopio (85985faa9a71e2358fcc2edefc2a3c5c) C:\WINDOWS\system32\dla\tfsnopio.sys
    23:31:13.0718 0628tfsnopio - ok
    23:31:13.0718 0628tfsnpool (bba22094f0f7c210567efdaf11f64495) C:\WINDOWS\system32\dla\tfsnpool.sys
    23:31:13.0734 0628tfsnpool - ok
    23:31:13.0750 0628tfsnudf (81340bef80b9811e98ce64611e67e3ff) C:\WINDOWS\system32\dla\tfsnudf.sys
    23:31:13.0812 0628tfsnudf - ok
    23:31:13.0828 0628tfsnudfa (c035fd116224ccc8325f384776b6a8bb) C:\WINDOWS\system32\dla\tfsnudfa.sys
    23:31:13.0890 0628tfsnudfa - ok
    23:31:13.0921 0628Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
    23:31:13.0937 0628Themes - ok
    23:31:13.0968 0628tifsfilter (b0b3122bff3910e0ba97014045467778) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
    23:31:13.0968 0628tifsfilter - ok
    23:31:14.0000 0628timounter (13bfe330880ac0ce8672d00aa5aff738) C:\WINDOWS\system32\DRIVERS\timntr.sys
    23:31:14.0015 0628timounter - ok
    23:31:14.0062 0628TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
    23:31:14.0062 0628TlntSvr - ok
    23:31:14.0078 0628TosIde - ok
    23:31:14.0125 0628TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
    23:31:14.0140 0628TrkWks - ok
    23:31:14.0312 0628TuneUp.UtilitiesSvc (118edc3e712ff83ce25612081a69075d) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
    23:31:14.0328 0628TuneUp.UtilitiesSvc - ok
    23:31:14.0375 0628TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys
    23:31:14.0375 0628TuneUpUtilitiesDrv - ok
    23:31:14.0546 0628Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    23:31:14.0546 0628Udfs - ok
    23:31:14.0546 0628ultra - ok
    23:31:14.0609 0628Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    23:31:14.0625 0628Update - ok
    23:31:14.0687 0628upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
    23:31:14.0703 0628upnphost - ok
    23:31:14.0718 0628UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
    23:31:14.0718 0628UPS - ok
    23:31:14.0812 0628USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\WINDOWS\system32\Drivers\usbaapl.sys
    23:31:14.0812 0628USBAAPL - ok
    23:31:14.0859 0628usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
    23:31:14.0859 0628usbaudio - ok
    23:31:14.0890 0628usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    23:31:14.0906 0628usbccgp - ok
    23:31:14.0906 0628usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    23:31:14.0906 0628usbehci - ok
    23:31:14.0953 0628usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    23:31:14.0953 0628usbhub - ok
    23:31:14.0984 0628usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    23:31:14.0984 0628usbprint - ok
    23:31:15.0000 0628usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    23:31:15.0000 0628usbscan - ok
    23:31:15.0015 0628USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    23:31:15.0015 0628USBSTOR - ok
    23:31:15.0031 0628usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    23:31:15.0031 0628usbuhci - ok
    23:31:15.0046 0628usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
    23:31:15.0046 0628usbvideo - ok
    23:31:15.0078 0628usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
    23:31:15.0078 0628usb_rndisx - ok
    23:31:15.0125 0628UxTuneUp (24f51fba322f06a3e336c301025d6d12) C:\WINDOWS\System32\uxtuneup.dll
    23:31:15.0125 0628UxTuneUp - ok
    23:31:15.0171 0628VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    23:31:15.0171 0628VgaSave - ok
    23:31:15.0218 0628viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
    23:31:15.0234 0628viaagp - ok
    23:31:15.0296 0628ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
    23:31:15.0296 0628ViaIde - ok
    23:31:15.0437 0628Viewpoint Service (00a204be7084b214605db4d433c9a7e2) C:\Program Files\Viewpoint\Common\ViewpointService.exe
    23:31:15.0437 0628Viewpoint Service - ok
    23:31:15.0500 0628VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    23:31:15.0500 0628VolSnap - ok
    23:31:15.0593 0628VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
    23:31:15.0593 0628VSS - ok
    23:31:15.0656 0628w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
    23:31:15.0656 0628w32time - ok
    23:31:15.0687 0628Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    23:31:15.0687 0628Wanarp - ok
    23:31:15.0687 0628wanatw - ok
    23:31:15.0750 0628wceusbsh (46a247f6617526afe38b6f12f5512120) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
    23:31:15.0750 0628wceusbsh - ok
    23:31:15.0859 0628Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
    23:31:15.0859 0628Wdf01000 - ok
    23:31:15.0859 0628WDICA - ok
    23:31:15.0937 0628wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    23:31:15.0937 0628wdmaud - ok
    23:31:15.0984 0628WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
    23:31:15.0984 0628WebClient - ok
    23:31:16.0125 0628winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
    23:31:16.0125 0628winmgmt - ok
    23:31:16.0187 0628WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
    23:31:16.0187 0628WinUSB - ok
    23:31:16.0390 0628wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    23:31:16.0421 0628wlidsvc - ok
    23:31:16.0562 0628WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
    23:31:16.0562 0628WmdmPmSN - ok
    23:31:16.0656 0628Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
    23:31:16.0656 0628Wmi - ok
    23:31:16.0734 0628WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
    23:31:16.0734 0628WmiApSrv - ok
    23:31:16.0921 0628WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
    23:31:16.0937 0628WMPNetworkSvc - ok
    23:31:16.0984 0628WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
    23:31:16.0984 0628WpdUsb - ok
    23:31:17.0234 0628WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    23:31:17.0234 0628WPFFontCache_v0400 - ok
    23:31:17.0265 0628WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
    23:31:17.0265 0628WS2IFSL - ok
    23:31:17.0312 0628wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
    23:31:17.0328 0628wscsvc - ok
    23:31:17.0375 0628WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    23:31:17.0375 0628WSTCODEC - ok
    23:31:17.0375 0628wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
    23:31:17.0390 0628wuauserv - ok
    23:31:17.0453 0628WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    23:31:17.0453 0628WudfPf - ok
    23:31:17.0515 0628WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    23:31:17.0515 0628WudfRd - ok
    23:31:17.0562 0628WudfSvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\WINDOWS\System32\WUDFSvc.dll
    23:31:17.0562 0628WudfSvc - ok
    23:31:17.0656 0628WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
    23:31:17.0671 0628WZCSVC - ok
    23:31:17.0734 0628xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
    23:31:17.0750 0628xmlprov - ok
    23:31:17.0750 0628zumbus - ok
    23:31:17.0796 0628MBR (0x1B8) (5cb90281d1a59b251f6603134774eec3) \Device\Harddisk0\DR0
    23:31:18.0375 0628\Device\Harddisk0\DR0 - ok
    23:31:18.0390 0628MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
    23:31:18.0390 0628\Device\Harddisk1\DR1 - ok
    23:31:18.0406 0628Boot (0x1200) (0dc39518c2bb8f6dd12a59822cbdc8df) \Device\Harddisk0\DR0\Partition0
    23:31:18.0406 0628\Device\Harddisk0\DR0\Partition0 - ok
    23:31:18.0406 0628============================================================
    23:31:18.0406 0628Scan finished
    23:31:18.0406 0628============================================================
    23:31:18.0406 2232Detected object count: 1
    23:31:18.0406 2232Actual detected object count: 1
    23:31:24.0000 2232iastor ( ForgedFile.Multi.Generic ) - skipped by user
    23:31:24.0000 2232iastor ( ForgedFile.Multi.Generic ) - User select action: Skip
  6. Broni

    Broni Malware Annihilator Posts: 46,171   +251

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  7. Syreynna

    Syreynna Newcomer, in training Topic Starter Posts: 74

    Alright, the computer was restarting because combo fix detected rootkit activity. When starting up I get a blue screen that says: a problem has been detected and windows has been shut down to prevent damage to your computer.
    If this is the first time you've seen this stop error screen, restart your computer. If this screen appears again, follow these steps:
    Check for viruses on your computer. Remove any newly installed hard drives or hard drive controllers. Check your hard driveto make sure it is properly configured and terminated. Run chkdsk /F to check for hard drive corruption, and then restart your computer. Technical information: ***STOP: 0X0000007B (0XF789E524, 0XC0000034 , 0X00000000 , 0X00000000). I am currently posting this from my iPad.
  8. Syreynna

    Syreynna Newcomer, in training Topic Starter Posts: 74

    Should I try and run combo fix from safe mode, even though it had been running fine until restart and blue screen.
  9. Broni

    Broni Malware Annihilator Posts: 46,171   +251

    Go ahead and try safe mode.
  10. Syreynna

    Syreynna Newcomer, in training Topic Starter Posts: 74

    I have to go for now.. I will try that tomorrow and I will let you know how it goes.

    Thanks for the help so far!
  11. Syreynna

    Syreynna Newcomer, in training Topic Starter Posts: 74

    Just tried to run the computer in safe mode and it blue screened again :x
     
  12. Broni

    Broni Malware Annihilator Posts: 46,171   +251

    Let's try to boot your computer using the Ultimate Boot CD for Windows (UBCD4win).

    Please print this guide for future reference!

    You will need a blank CD, a clean computer and a flash drive.

    Please follow the steps below and let me know if you were successful. If you were unable to create the UBCD4win, please tell me what error messages you got and/or what steps you got hung up on.

    :step1:

    1. Download and Run Ultimate Boot CD for Windows
    • Save it to your Desktop.
    • Double-Click on the UBCD4Win.EXE that you just downloaded to your desktop.
    • Follow all of the instructions/prompts that come up.
      NOTES:
      • Do not install to a folder with spaces in it's name.
      • Your Anti-Virus may report viruses or trojans when you extract UBCD4Win, these are "False-Positives." Read HERE for information regarding the files that normally trigger AV software.
    2. Insert your XP CD with SP1/SP2/SP3 into a CD Rom drive
    • Double-Click on UBCD4WinBuilder.exe located in your C:\ubcd4win folder.
    • Click "I agree" to the Builders License.
    • Click NO to Search for Windows Installation Files
    • Make the following selections from the Main Screen that pops up:
      • Builder
        • Source:(path to Windows installation files)
          • Enter the path to the drive where your XP CD is located.
          • You can click on the "..." button on the right to navigate to the path as well.
        • Custom: (include files and folders from this directory)
          • No information is necessary, leave blank.
        • Output: (C:\ubcd4win\BartPE)
          • Keep the default BartPE
      • Media output
        • Choose Create ISO image
        • Do not choose Burn to CD/DVD


        Please note: If your XP install disc is SP1 then please .....
        1. Disable- DComLaunch Service
        2. Enable- LargeIDE Fix

          This can be done by pressing the "Plugin" button and checking or unchecking the appropriate selections

        Also note: If you have a Dell XP install disc you will need to follow the instructions here
        http://www.ubcd4win.com/faq.htm#dell

      3. Click on the "Build" button
      • You will see the Windows EULA message. Click on I Agree
      • You will now see the Build Screen. Let it run it's course
      • When the Build is finished you can click close, then exit


      4. Burn your ISO file to CD
      • Please see HERE on how to burn an ISO to CD.

    ==========

    :step2:

    Next, from your clean computer:

    Download Farbar Recovery Scan Tool
    and save it to your flash drive.

    Now plug your flashdrive back into your sick computer and follow the next instructions:

    ==========

    :step3:

    1. Restart Your sick Computer Using the UBCD4Win Disc That You Have Created
    • Insert the UBCD4Win disc in to one of your CD/DVD drives.
    • Restart your computer.
      • The computer should choose to boot from the UBCD4Win CD automatically. If it doesn't and you are asked if you want to boot from CD, then choose that option.
    • In the window that pops up select Launch The Ultimate Boot CD For Windows and press Enter.
      • It may take a little longer for the Desktop to appear than it does when you start your computer normally. Just let the process run itself until the desktop appears.
    • Once the desktop appears, you will receive a message asking: Do you want to start Network support?
      • Click on Yes if you want to use the PE environment to get online post your log and reply by way of an Ethernet connection.
    • You should now have a desktop that looks like this:
      [​IMG]

    ==========

    :step4:

    • Single click My computer from your UBCD4W desktop to navigate to the Farbar Recovery Scan Tool you saved to your flash drive.
    • Double click on it to begin running the tool.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your next reply.
  13. Syreynna

    Syreynna Newcomer, in training Topic Starter Posts: 74

    I've got a windows xp disc with sp2 and a blue disc from dell that says drivers and utilities(looks like its for the printer setup though lol). Would I be trying to follow the dell xp install disc instructions?
  14. Broni

    Broni Malware Annihilator Posts: 46,171   +251

    xp disc with sp2 is what you want.
  15. Syreynna

    Syreynna Newcomer, in training Topic Starter Posts: 74

    It is still blue screening even with the cd in. Could me having to f1 through it because it thinks there is a cpu fan failure/card cage fan failure (there is one, my dad just had replaced it a while ago) have something to do with it not wanting to run this cd properly? It gets to the windows loading bar then blue screen but I can see the safe mode option and the last know good configuration before then.
  16. Broni

    Broni Malware Annihilator Posts: 46,171   +251

    I need more details.
    At what exact step are you getting BSOD?

    It doesn't look like you're booting to the CD.
    You may need to check "boot order" in BIOS.
    If you don't know how to do it, see HERE
  17. Syreynna

    Syreynna Newcomer, in training Topic Starter Posts: 74

    You were right the only boot order selected was the hard drive. It's loading off the cd now. Will post farbar findings soon. Thanks :)
  18. Broni

    Broni Malware Annihilator Posts: 46,171   +251

    Cool beans :)
  19. Syreynna

    Syreynna Newcomer, in training Topic Starter Posts: 74

    Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 20-06-2012 01
    Ran by SYSTEM at 26-06-2012 21:38:13
    Running from D:\
    Microsoft Windows XP Service Pack 2 (X86) OS Language: Georgian
    The current controlset is ControlSet002
    ========================== Registry (Whitelisted) =============
    HKLM\...\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [53248 2005-02-23] (CyberLink Corp.)
    HKLM\...\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe" [425984 2005-07-22] (Dell)
    HKLM\...\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16 [69632 2005-06-07] ()
    HKLM\...\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
    HKLM\...\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe" [135536 2010-12-13] (Microsoft Corporation)
    HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [15504192 2012-05-15] (NVIDIA Corporation)
    HKLM\...\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login [x]
    HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
    HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-21] (Apple Inc.)
    HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation)
    HKLM\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462408 2012-04-04] (Malwarebytes Corporation)
    HKLM\...\Run: [combofix] "C:\ComboFix\CF3657.3XE" /c "C:\ComboFix\C.bat" [63909 2012-06-24] ()
    HKU\Admin1\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
    HKU\Administrator\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
    HKU\Default User\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
    HKU\GJNA&T\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
    HKU\GJNA&T\...\Run: [Aim6] [x]
    HKU\GJNA&T\...\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R [x]
    HKU\GJNA&T\...\Run: [A-ToolBar] C:\Program Files\A-ToolBar\AToolBar.exe s [x]
    HKU\GJNA&T\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
    HKU\GJNA&T\...\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [x]
    HKU\GJNA&T\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [x]
    HKU\GJNA&T\...\Run: [Google Update] "C:\Documents and Settings\GJNA&T\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c [136176 2010-12-19] (Google Inc.)
    HKU\UpdatusUser\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
    HKLM\...\RunOnce: [ComboFix_Pre] C:\ComboFix\Res.bat [399 2012-06-26] ()
    HKLM\...\RunOnce: [agp440] C:\WINDOWS\Regedit.exe /s "C:\ComboFix\SW_agp440.reg" [2562 2012-06-26] ()
    HKLM\...\RunOnce: [combofix] "C:\ComboFix\CF3657.3XE" /c "C:\ComboFix\C.bat" [63909 2012-06-24] ()
    HKLM\...\runonceex: [flags] 8 [x]
    Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    HKLM\...\InprocServer32: [Default-shell32] %SystemRoot%\system32\shdocvw.dll ATTENTION! ====> ZeroAccess
    ================================ Services (Whitelisted) ==================
    4 Autodesk Content Service; "C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe" [18656 2011-02-02] ()
    3 dlcc_device; C:\WINDOWS\system32\dlcccoms.exe -service [491520 2005-06-21] ()
    2 ehRecvr; C:\WINDOWS\eHome\ehRecvr.exe [237568 2006-10-09] (Microsoft Corporation)
    2 ehSched; C:\WINDOWS\eHome\ehSched.exe [102912 2005-08-05] (Microsoft Corporation)
    2 ELService; "C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe" [180224 2005-12-12] (Intel Corporation)
    2 Eventlog; C:\Windows\System32\services.exe [110592 2009-02-06] (Microsoft Corporation)
    3 FLEXnet Licensing Service; "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" [1044816 2012-02-28] (Flexera Software, Inc.)
    2 helpsvc; C:\Windows\System32\svchost.exe -k netsvcs [14336 2008-04-14] (Microsoft Corporation)
    2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)
    2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)
    2 MDM; "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE" [322120 2003-06-20] (Microsoft Corporation)
    2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [11552 2012-03-26] (Microsoft Corporation)
    3 NetSvc; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [147456 2004-11-19] (Intel(R) Corporation)
    4 NetTcpPortSharing; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
    3 NtmsSvc; C:\Windows\System32\ntmssvc.dll [435200 2008-04-14] (Microsoft Corporation)
    2 nvUpdatusService; C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [1262400 2012-05-15] (NVIDIA Corporation)
    4 Skype C2C Service; "C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe" [3048136 2012-05-30] (Skype Technologies S.A.)
    2 SkypeUpdate; "C:\Program Files\Skype\Updater\Updater.exe" [160944 2012-06-05] (Skype Technologies)
    3 SwitchBoard; "C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [517096 2010-02-19] (Adobe Systems Incorporated)
    2 TuneUp.UtilitiesSvc; "C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe" [1527104 2011-12-08] (TuneUp Software)
    2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [29504 2011-12-08] (TuneUp Software)
    2 Viewpoint Service; "C:\Program Files\Viewpoint\Common\ViewpointService.exe" [30152 2008-04-04] (Viewpoint Corporation)
    3 FontCache3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [x]
    2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" [x]
    ========================== Drivers (Whitelisted) =============
    4 abp480n5; C:\Windows\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] ()
    4 agp440; C:\Windows\System32\Drivers\agp440.svs [42368 2008-04-13] (Microsoft Corporation)
    4 AliIde; C:\Windows\system32\DRIVERS\aliide.sys [5248 2001-08-17] ()
    4 alim1541; C:\Windows\system32\DRIVERS\alim1541.sys [42752 2008-04-13] ()
    4 amdagp; C:\Windows\system32\DRIVERS\amdagp.sys [43008 2008-04-13] ()
    4 amsint; C:\Windows\system32\DRIVERS\amsint.sys [12032 2001-08-17] ()
    4 asc; C:\Windows\system32\DRIVERS\asc.sys [26496 2001-08-17] ()
    4 asc3350p; C:\Windows\system32\DRIVERS\asc3350p.sys [22400 2001-08-17] ()
    4 asc3550; C:\Windows\system32\DRIVERS\asc3550.sys [14848 2001-08-17] ()
    3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
    4 CmdIde; C:\Windows\system32\DRIVERS\cmdide.sys [6656 2001-08-17] ()
    3 cpudrv; \??\C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2009-12-18] ()
    4 dac2w2k; C:\Windows\system32\DRIVERS\dac2w2k.sys [179584 2001-08-17] ()
    4 dac960nt; C:\Windows\system32\DRIVERS\dac960nt.sys [14720 2001-08-17] ()
    2 drvnddm; C:\Windows\System32\drivers\drvnddm.sys [40480 2004-11-23] (Sonic Solutions)
    3 e1express; C:\Windows\System32\DRIVERS\e1e5132.sys [176128 2005-08-26] (Intel Corporation)
    3 ELacpi; C:\Windows\System32\DRIVERS\ELacpi.sys [7808 2005-12-12] (Intel Corporation)
    1 ELhid; C:\Windows\System32\DRIVERS\ELhid.sys [10112 2005-12-12] (Intel Corporation)
    1 ELkbd; C:\Windows\System32\DRIVERS\ELkbd.sys [6912 2005-12-12] (Intel Corporation)
    1 ELmon; C:\Windows\System32\DRIVERS\ELmon.sys [7040 2005-12-12] (Intel Corporation)
    1 ELmou; C:\Windows\System32\DRIVERS\ELmou.sys [6400 2005-12-12] (Intel Corporation)
    3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows (R) Server 2003 DDK provider)
    3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [49920 2009-05-18] (HP)
    3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2009-05-18] (HP)
    3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21568 2009-05-18] (HP)
    0 iastor; C:\Windows\System32\drivers\iastor.sys [872064 2005-06-17] ()
    4 ini910u; C:\Windows\system32\DRIVERS\ini910u.sys [16000 2001-08-17] ()
    3 LHidFilt; C:\Windows\System32\DRIVERS\LHidFilt.Sys [34576 2007-01-23] (Logitech, Inc.)
    3 LHidUsbK; C:\Windows\System32\Drivers\LHidUsbK.Sys [36736 2006-05-10] (Logitech, Inc.)
    3 LMouFilt; C:\Windows\System32\DRIVERS\LMouFilt.Sys [33296 2007-01-23] (Logitech, Inc.)
    3 MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys [22344 2012-04-04] (Malwarebytes Corporation)
    3 MHNDRV; C:\Windows\System32\DRIVERS\mhndrv.sys [11008 2004-08-10] ()
    0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-21] (Microsoft Corporation)
    4 mraid35x; C:\Windows\system32\DRIVERS\mraid35x.sys [17280 2001-08-17] ()
    3 MSHUSBVideo; C:\Windows\System32\Drivers\nx6000.sys [30576 2010-12-13] (Microsoft Corporation)
    3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-13] (Microsoft Corporation)
    3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
    3 NVHDA; C:\Windows\System32\drivers\nvhda32.sys [123840 2012-04-18] (NVIDIA Corporation)
    3 PSched; C:\Windows\System32\DRIVERS\psched.sys [69120 2008-04-13] (Microsoft Corporation)
    3 Ptilink; C:\Windows\System32\DRIVERS\ptilink.sys [17792 2004-08-10] (Parallel Technologies, Inc.)
    3 pwdrvio; \??\C:\WINDOWS\system32\pwdrvio.sys [16472 2010-08-16] ()
    3 pwdspio; \??\C:\WINDOWS\system32\pwdspio.sys [11104 2010-08-16] ()
    4 ql1080; C:\Windows\system32\DRIVERS\ql1080.sys [40320 2001-08-17] ()
    4 Ql10wnt; C:\Windows\system32\DRIVERS\ql10wnt.sys [33152 2001-08-17] ()
    4 ql12160; C:\Windows\system32\DRIVERS\ql12160.sys [45312 2001-08-17] ()
    4 ql1240; C:\Windows\system32\DRIVERS\ql1240.sys [40448 2001-08-17] ()
    3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-13] (Microsoft Corporation)
    4 Sparrow; C:\Windows\system32\DRIVERS\sparrow.sys [19072 2001-08-17] (Adaptec, Inc.)
    1 sscdbhk5; C:\Windows\System32\drivers\sscdbhk5.sys [5627 2004-07-14] (Sonic Solutions)
    1 ssrtln; C:\Windows\System32\drivers\ssrtln.sys [23545 2004-07-14] (Sonic Solutions)
    3 STHDA; C:\Windows\System32\drivers\sthda.sys [180864 2005-06-15] (SigmaTel, Inc.)
    3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-13] (Microsoft Corporation)
    4 symc810; C:\Windows\system32\DRIVERS\symc810.sys [16256 2001-08-17] (Symbios Logic Inc.)
    4 symc8xx; C:\Windows\system32\DRIVERS\symc8xx.sys [32640 2001-08-17] ()
    4 sym_hi; C:\Windows\system32\DRIVERS\sym_hi.sys [28384 2001-08-17] ()
    4 sym_u3; C:\Windows\system32\DRIVERS\sym_u3.sys [30688 2001-08-17] ()
    2 tfsnboio; C:\Windows\System32\dla\tfsnboio.sys [25883 2004-12-06] (Sonic Solutions)
    2 tfsncofs; C:\Windows\System32\dla\tfsncofs.sys [34843 2004-12-06] (Sonic Solutions)
    2 tfsndrct; C:\Windows\System32\dla\tfsndrct.sys [4123 2004-12-06] (Sonic Solutions)
    2 tfsndres; C:\Windows\System32\dla\tfsndres.sys [2239 2004-12-06] (Sonic Solutions)
    2 tfsnifs; C:\Windows\System32\dla\tfsnifs.sys [86586 2004-12-06] (Sonic Solutions)
    2 tfsnopio; C:\Windows\System32\dla\tfsnopio.sys [15227 2004-12-06] (Sonic Solutions)
    2 tfsnpool; C:\Windows\System32\dla\tfsnpool.sys [6363 2004-12-06] (Sonic Solutions)
    2 tfsnudf; C:\Windows\System32\dla\tfsnudf.sys [98714 2004-12-06] (Sonic Solutions)
    2 tfsnudfa; C:\Windows\System32\dla\tfsnudfa.sys [100603 2004-12-06] (Sonic Solutions)
    2 tifsfilter; C:\Windows\System32\DRIVERS\tifsfilt.sys [44384 2010-12-19] (Acronis)
    0 timounter; C:\Windows\System32\DRIVERS\timntr.sys [441760 2010-12-19] (Acronis)
    4 TosIde; C:\Windows\system32\DRIVERS\toside.sys [4992 2001-08-17] ()
    3 TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [10064 2011-07-07] (TuneUp Software)
    4 ultra; C:\Windows\system32\DRIVERS\ultra.sys [36736 2001-08-17] ()
    3 usb_rndisx; C:\Windows\System32\DRIVERS\usb8023x.sys [12800 2008-04-13] (Microsoft Corporation)
    0 vkquwexg; C:\Windows\System32\drivers\Combo-Fix.sys [60416 2012-06-26] ()
    3 wceusbsh; C:\Windows\System32\DRIVERS\wceusbsh.sys [28672 2006-11-06] (Microsoft Corporation)
    3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-13] (Microsoft Corporation)
    4 Abiosdsk; [x]
    4 Atdisk; [x]
    3 catchme; \??\C:\DOCUME~1\Admin1\LOCALS~1\Temp\catchme.sys [x]
    1 Changer; [x]
    3 EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys [x]
    3 EagleXNt; \??\C:\WINDOWS\system32\drivers\EagleXNt.sys [x]
    1 lbrtfdc; [x]
    3 LMouKE; C:\Windows\System32\DRIVERS\LMouKE.Sys [x]
    1 MpKsl1cb3245a; \??\C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A4A6C516-9C8E-4F0D-80C2-3FE03BF91FDB}\MpKsl1cb3245a.sys [x]
    1 PCIDump; [x]
    3 PDCOMP; [x]
    3 PDFRAME; [x]
    3 PDRELI; [x]
    3 PDRFRAME; [x]
    4 Simbad; [x]
    3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [x]
    3 WDICA; [x]
    2 zumbus; C:\Windows\System32\DRIVERS\zumbus.sys [x]
    ========================== NetSvcs (Whitelisted) ===========
    NETSVC: UxTuneUp -> C:\Windows\System32\uxtuneup.dll (TuneUp Software)
    ============ One Month Created Files and Folders ==============
    2012-06-26 21:38 - 2012-06-26 21:38 - 00000000 ____D C:\FRST
    2012-06-26 03:43 - 2012-06-26 03:43 - 00008192 ___AH C:\Windows\System32\config\SECURITY.tmp.LOG
    2012-06-26 03:43 - 2012-06-26 03:43 - 00000000 ___AH C:\Windows\System32\config\SYSTEM.tmp.LOG
    2012-06-26 03:43 - 2012-06-26 03:43 - 00000000 ___AH C:\Windows\System32\config\SOFTWARE.tmp.LOG
    2012-06-26 03:43 - 2012-06-26 03:43 - 00000000 ___AH C:\Windows\System32\config\SAM.tmp.LOG
    2012-06-26 03:43 - 2012-06-26 03:43 - 00000000 ___AH C:\Windows\System32\config\DEFAULT.tmp.LOG
    2012-06-26 03:42 - 2012-06-26 03:42 - 00060416 ____A C:\Windows\System32\Drivers\Combo-Fix.sys
    2012-06-26 03:42 - 2008-04-13 18:36 - 00042368 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\agp440.svs
    2012-06-26 03:40 - 2012-06-26 03:43 - 00000000 ___SD C:\ComboFix
    2012-06-26 03:38 - 2012-06-26 03:38 - 04569239 ____R (Swearware) C:\Documents and Settings\Admin1\Desktop\ComboFix.exe
    2012-06-26 03:30 - 2012-06-26 03:30 - 02109806 ____A C:\Documents and Settings\Admin1\Desktop\tdsskiller.zip
    2012-06-26 03:30 - 2012-06-21 01:11 - 02128472 ____A (Kaspersky Lab ZAO) C:\Documents and Settings\Admin1\Desktop\TDSSKiller.exe
    2012-06-26 03:30 - 2011-01-01 05:14 - 00002254 ___RA C:\Documents and Settings\Admin1\Desktop\eula.txt
    2012-06-26 02:58 - 2012-06-26 02:58 - 04731392 ____A (AVAST Software) C:\Documents and Settings\Admin1\Desktop\aswMBR.exe
    2012-06-26 02:58 - 2012-06-26 02:58 - 00000755 ____A C:\Documents and Settings\Admin1\Desktop\bootcleaner.txt
    2012-06-26 02:55 - 2012-06-26 02:54 - 00044607 ____A C:\Documents and Settings\Admin1\Desktop\bootkit_remover.zip
    2012-06-26 02:55 - 2011-09-21 22:11 - 00003641 ____A C:\Documents and Settings\Admin1\Desktop\readme_ru.txt
    2012-06-26 02:55 - 2011-09-21 22:11 - 00003114 ____A C:\Documents and Settings\Admin1\Desktop\readme_en.txt
    2012-06-26 02:55 - 2011-09-20 07:02 - 00083968 ____A (Esage Lab) C:\Documents and Settings\Admin1\Desktop\boot_cleaner.exe
    2012-06-25 23:43 - 2012-06-25 23:43 - 00028169 ____A C:\Documents and Settings\Admin1\Desktop\gmer.log
    2012-06-25 20:22 - 2012-06-25 20:21 - 00302592 ____A C:\Documents and Settings\Admin1\Desktop\d4c1iup5.exe
    2012-06-25 20:17 - 2012-06-25 20:17 - 00000794 ____A C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    2012-06-25 20:16 - 2012-06-25 20:17 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
    2012-06-25 20:16 - 2012-04-04 19:56 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-06-25 20:15 - 2012-06-24 07:01 - 10063000 ____A (Malwarebytes Corporation ) C:\Documents and Settings\Admin1\Desktop\mbam-setup-1.61.0.1400.exe
    2012-06-25 07:28 - 2012-06-25 23:44 - 00002727 ____A C:\Windows\setupapi.log
    2012-06-25 07:28 - 2004-08-10 11:00 - 00169984 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\iisui.dll
    2012-06-25 07:28 - 2004-08-10 11:00 - 00094720 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\certmap.ocx
    2012-06-25 07:28 - 2004-08-10 11:00 - 00019968 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\inetsloc.dll
    2012-06-25 07:28 - 2004-08-10 11:00 - 00014336 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\iisreset.exe
    2012-06-25 07:28 - 2004-08-10 11:00 - 00007680 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\inetmgr.exe
    2012-06-25 07:28 - 2004-08-10 11:00 - 00007168 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\wamregps.dll
    2012-06-25 07:28 - 2004-08-10 11:00 - 00006144 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\ftpsapi2.dll
    2012-06-25 07:28 - 2004-08-10 11:00 - 00005632 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\iisrstap.dll
    2012-06-25 07:28 - 2001-08-17 18:56 - 00066048 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\s3legacy.dll
    2012-06-25 03:04 - 2012-06-25 03:04 - 00000000 ____D C:\Documents and Settings\Admin1\Application Data\SunRay Games
    2012-06-25 02:50 - 2012-06-25 02:50 - 00000000 ____D C:\Windows\Mystic Diary 3 - Missing Pages With Guide
    2012-06-25 01:05 - 2012-06-25 01:05 - 00098992 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\60941195.sys
    2012-06-25 00:03 - 2012-06-25 00:03 - 00000000 RASHD C:\cmdcons
    2012-06-25 00:03 - 2010-12-19 19:12 - 00000209 ____A C:\Boot.bak
    2012-06-25 00:03 - 2004-08-04 03:00 - 00260272 _RASH C:\cmldr
    2012-06-25 00:00 - 2011-06-26 06:45 - 00256000 ____A C:\Windows\PEV.exe
    2012-06-25 00:00 - 2010-11-07 17:20 - 00208896 ____A C:\Windows\MBR.exe
    2012-06-25 00:00 - 2009-04-20 04:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
    2012-06-25 00:00 - 2000-08-31 00:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
    2012-06-25 00:00 - 2000-08-31 00:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
    2012-06-25 00:00 - 2000-08-31 00:00 - 00212480 ____A (SteelWerX) C:\Windows\SWXCACLS.exe
    2012-06-25 00:00 - 2000-08-31 00:00 - 00098816 ____A C:\Windows\sed.exe
    2012-06-25 00:00 - 2000-08-31 00:00 - 00080412 ____A C:\Windows\grep.exe
    2012-06-25 00:00 - 2000-08-31 00:00 - 00068096 ____A C:\Windows\zip.exe
    2012-06-24 23:27 - 2012-06-24 23:27 - 00000000 ____D C:\TDSSKiller_Quarantine
    2012-06-24 23:20 - 2012-06-26 03:42 - 00000000 ____D C:\Windows\erdnt
    2012-06-24 23:20 - 2012-06-25 09:05 - 00000000 ____D C:\Qoobox
    2012-06-24 23:02 - 2012-06-24 23:02 - 00000218 ____A C:\Documents and Settings\Admin1\.recently-used.xbel
    2012-06-24 06:15 - 2012-06-26 02:54 - 00000366 ___AH C:\Windows\Tasks\MpIdleTask.job
    2012-06-24 06:15 - 2012-06-26 00:21 - 00000384 ___AH C:\Windows\Tasks\Microsoft Antimalware Scheduled Scan.job
    2012-06-24 06:05 - 2012-06-24 06:05 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2012-06-24 06:02 - 2012-06-24 06:02 - 00000000 ____D C:\Documents and Settings\UpdatusUser\Application Data\Macromedia
    2012-06-24 06:02 - 2012-06-24 06:02 - 00000000 ____D C:\Documents and Settings\UpdatusUser\Application Data\Adobe
    2012-06-24 05:11 - 2012-06-24 05:11 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Macromedia
    2012-06-24 05:11 - 2012-06-24 05:11 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Adobe
    2012-06-16 14:04 - 2012-06-16 14:04 - 00476936 ____A (Sun Microsystems, Inc.) C:\Windows\System32\npdeployJava1.dll
    2012-06-16 14:04 - 2012-06-16 14:04 - 00157448 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaws.exe
    2012-06-16 14:04 - 2012-06-16 14:04 - 00149256 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaw.exe
    2012-06-16 14:04 - 2012-06-16 14:04 - 00149256 ____A (Sun Microsystems, Inc.) C:\Windows\System32\java.exe
    2012-06-15 16:09 - 2012-06-15 16:09 - 00000000 ____D C:\Documents and Settings\GJNA&T\Application Data\TuneUp Software
    2012-06-14 15:20 - 2012-06-26 03:43 - 00065536 ____A C:\Windows\System32\config\TuneUp.evt
    2012-06-14 15:20 - 2011-12-08 21:38 - 00031552 ____A (TuneUp Software) C:\Windows\System32\TURegOpt.exe
    2012-06-14 15:20 - 2011-12-08 21:31 - 00029504 ____A (TuneUp Software) C:\Windows\System32\uxtuneup.dll
    2012-06-14 15:19 - 2012-06-16 19:51 - 00000000 ____D C:\Program Files\TuneUp Utilities 2011
    2012-06-14 15:19 - 2012-06-14 15:20 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\TuneUp Software
    2012-06-14 15:19 - 2012-06-14 15:19 - 00000000 ____D C:\Documents and Settings\Admin1\Application Data\TuneUp Software
    2012-06-14 15:18 - 2012-06-14 15:18 - 00000000 __SHD C:\Documents and Settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
    2012-06-13 09:04 - 2012-06-22 07:16 - 00000000 __HDC C:\Windows\$NtUninstallKB2709162$
    2012-06-13 06:28 - 2012-05-11 14:42 - 00521728 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\jsdbgui.dll
  20. Syreynna

    Syreynna Newcomer, in training Topic Starter Posts: 74

    ============ 3 Months Modified Files and Folders ===============
    2012-06-26 21:38 - 2012-06-26 21:38 - 00000000 ____D C:\FRST
    2012-06-26 03:43 - 2012-06-26 03:43 - 00008192 ___AH C:\Windows\System32\config\SECURITY.tmp.LOG
    2012-06-26 03:43 - 2012-06-26 03:43 - 00000000 ___AH C:\Windows\System32\config\SYSTEM.tmp.LOG
    2012-06-26 03:43 - 2012-06-26 03:43 - 00000000 ___AH C:\Windows\System32\config\SOFTWARE.tmp.LOG
    2012-06-26 03:43 - 2012-06-26 03:43 - 00000000 ___AH C:\Windows\System32\config\SAM.tmp.LOG
    2012-06-26 03:43 - 2012-06-26 03:43 - 00000000 ___AH C:\Windows\System32\config\DEFAULT.tmp.LOG
    2012-06-26 03:43 - 2012-06-26 03:40 - 00000000 ___SD C:\ComboFix
    2012-06-26 03:43 - 2012-06-14 15:20 - 00065536 ____A C:\Windows\System32\config\TuneUp.evt
    2012-06-26 03:43 - 2006-02-13 00:40 - 00000278 __ASH C:\Documents and Settings\Admin1\ntuser.ini
    2012-06-26 03:43 - 2006-02-06 21:04 - 47972352 ____A C:\Windows\System32\config\SOFTWARE.bak
    2012-06-26 03:43 - 2006-02-06 21:04 - 13369344 ____A C:\Windows\System32\config\SYSTEM.bak
    2012-06-26 03:43 - 2006-02-06 15:20 - 00196608 ____A C:\Windows\System32\config\IntelDH.evt
    2012-06-26 03:43 - 2005-08-16 10:40 - 01514793 ____A C:\Windows\WindowsUpdate.log
    2012-06-26 03:43 - 2005-08-16 10:35 - 00000275 ____A C:\Windows\wiadebug.log
    2012-06-26 03:43 - 2005-08-16 10:35 - 00000049 ____A C:\Windows\wiaservc.log
    2012-06-26 03:43 - 2005-08-16 04:27 - 05242880 ____A C:\Windows\System32\config\DEFAULT.bak
    2012-06-26 03:43 - 2005-08-16 04:27 - 00262144 ____A C:\Windows\System32\config\SECURITY.bak
    2012-06-26 03:43 - 2005-08-16 04:27 - 00028672 ____A C:\Windows\System32\config\SAM.bak
    2012-06-26 03:42 - 2012-06-26 03:42 - 00060416 ____A C:\Windows\System32\Drivers\Combo-Fix.sys
    2012-06-26 03:42 - 2012-06-24 23:20 - 00000000 ____D C:\Windows\erdnt
    2012-06-26 03:40 - 2005-08-16 10:49 - 00032308 ____A C:\Windows\SchedLgU.Txt
    2012-06-26 03:40 - 2005-08-16 10:49 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-06-26 03:38 - 2012-06-26 03:38 - 04569239 ____R (Swearware) C:\Documents and Settings\Admin1\Desktop\ComboFix.exe
    2012-06-26 03:30 - 2012-06-26 03:30 - 02109806 ____A C:\Documents and Settings\Admin1\Desktop\tdsskiller.zip
    2012-06-26 03:25 - 2010-12-19 04:45 - 00000982 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-762019420-644879084-276493692-1007UA.job
    2012-06-26 02:58 - 2012-06-26 02:58 - 04731392 ____A (AVAST Software) C:\Documents and Settings\Admin1\Desktop\aswMBR.exe
    2012-06-26 02:58 - 2012-06-26 02:58 - 00000755 ____A C:\Documents and Settings\Admin1\Desktop\bootcleaner.txt
    2012-06-26 02:57 - 2012-04-03 17:48 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-06-26 02:57 - 2010-12-19 01:12 - 00000982 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-762019420-644879084-276493692-1006UA.job
    2012-06-26 02:54 - 2012-06-26 02:55 - 00044607 ____A C:\Documents and Settings\Admin1\Desktop\bootkit_remover.zip
    2012-06-26 02:54 - 2012-06-24 06:15 - 00000366 ___AH C:\Windows\Tasks\MpIdleTask.job
    2012-06-26 02:12 - 2010-08-03 22:54 - 00000000 ____D C:\Documents and Settings\Admin1\Application Data\Skype
    2012-06-26 01:33 - 2012-01-08 04:13 - 00002265 ____A C:\Documents and Settings\All Users\Desktop\Skype.lnk
    2012-06-26 00:21 - 2012-06-24 06:15 - 00000384 ___AH C:\Windows\Tasks\Microsoft Antimalware Scheduled Scan.job
    2012-06-26 00:14 - 2006-02-22 22:01 - 00103607 ____A C:\dlccscan.log
    2012-06-26 00:14 - 2006-02-13 00:40 - 00000062 __ASH C:\Documents and Settings\Admin1\Local Settings\desktop.ini
    2012-06-26 00:14 - 2005-08-16 10:18 - 00002206 ____A C:\Windows\System32\wpa.dbl
    2012-06-26 00:11 - 2012-02-21 21:18 - 00000062 __ASH C:\Documents and Settings\UpdatusUser\Local Settings\desktop.ini
    2012-06-26 00:11 - 2005-08-16 10:38 - 00000000 ____D C:\Windows\Registration
    2012-06-26 00:10 - 2005-08-16 10:49 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
    2012-06-26 00:10 - 2005-08-16 10:49 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
    2012-06-25 23:44 - 2012-06-25 07:28 - 00002727 ____A C:\Windows\setupapi.log
    2012-06-25 23:43 - 2012-06-25 23:43 - 00028169 ____A C:\Documents and Settings\Admin1\Desktop\gmer.log
    2012-06-25 22:25 - 2010-12-19 04:45 - 00000930 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-762019420-644879084-276493692-1007Core.job
    2012-06-25 20:21 - 2012-06-25 20:22 - 00302592 ____A C:\Documents and Settings\Admin1\Desktop\d4c1iup5.exe
    2012-06-25 20:17 - 2012-06-25 20:17 - 00000794 ____A C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    2012-06-25 20:17 - 2012-06-25 20:16 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
    2012-06-25 09:05 - 2012-06-24 23:20 - 00000000 ____D C:\Qoobox
    2012-06-25 08:58 - 2005-08-16 10:18 - 00000227 ____A C:\Windows\system.ini
    2012-06-25 06:54 - 2011-11-14 21:05 - 00000000 ____D C:\Documents and Settings\Admin1\Application Data\.purple
    2012-06-25 03:04 - 2012-06-25 03:04 - 00000000 ____D C:\Documents and Settings\Admin1\Application Data\SunRay Games
    2012-06-25 02:50 - 2012-06-25 02:50 - 00000000 ____D C:\Windows\Mystic Diary 3 - Missing Pages With Guide
    2012-06-25 02:47 - 2011-11-17 15:59 - 00000000 ____D C:\Documents and Settings\Admin1\Application Data\uTorrent
    2012-06-25 01:05 - 2012-06-25 01:05 - 00098992 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\60941195.sys
    2012-06-25 00:42 - 2010-12-19 04:56 - 00001917 ____A C:\Windows\epplauncher.mif
    2012-06-25 00:33 - 2005-08-16 10:18 - 00000027 ____A C:\Windows\System32\Drivers\etc\hosts.bak
    2012-06-25 00:31 - 2006-02-18 08:02 - 00000000 ____D C:\Documents and Settings\Admin1\Application Data\Adobe
    2012-06-25 00:03 - 2012-06-25 00:03 - 00000000 RASHD C:\cmdcons
    2012-06-25 00:03 - 2006-02-06 15:04 - 00000325 _RASH C:\boot.ini
    2012-06-24 23:35 - 2005-08-16 10:22 - 00000000 ___DC C:\Windows\$NtUninstallKB56711$
    2012-06-24 23:35 - 2005-08-16 10:18 - 00075264 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ipsec.sys
    2012-06-24 23:35 - 2005-08-16 10:18 - 00075264 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\ipsec.sys
    2012-06-24 23:27 - 2012-06-24 23:27 - 00000000 ____D C:\TDSSKiller_Quarantine
    2012-06-24 23:02 - 2012-06-24 23:02 - 00000218 ____A C:\Documents and Settings\Admin1\.recently-used.xbel
    2012-06-24 23:00 - 2011-11-17 17:21 - 00000000 ____D C:\Documents and Settings\Admin1\Application Data\vlc
    2012-06-24 20:13 - 2011-11-26 05:05 - 00000000 ____D C:\Documents and Settings\Admin1\Application Data\gtk-2.0
    2012-06-24 07:17 - 2008-08-28 04:05 - 00002644 ____A C:\Windows\System32\d3d9caps.dat
    2012-06-24 07:01 - 2012-06-25 20:15 - 10063000 ____A (Malwarebytes Corporation ) C:\Documents and Settings\Admin1\Desktop\mbam-setup-1.61.0.1400.exe
    2012-06-24 06:46 - 2005-08-16 10:22 - 00000000 ____D C:\Windows\security
    2012-06-24 06:05 - 2012-06-24 06:05 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2012-06-24 06:02 - 2012-06-24 06:02 - 00000000 ____D C:\Documents and Settings\UpdatusUser\Application Data\Macromedia
    2012-06-24 06:02 - 2012-06-24 06:02 - 00000000 ____D C:\Documents and Settings\UpdatusUser\Application Data\Adobe
    2012-06-24 05:11 - 2012-06-24 05:11 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Macromedia
    2012-06-24 05:11 - 2012-06-24 05:11 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Adobe
    2012-06-24 00:13 - 2012-04-03 17:48 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
    2012-06-24 00:13 - 2011-05-26 14:52 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
    2012-06-23 18:57 - 2010-12-19 01:12 - 00000930 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-762019420-644879084-276493692-1006Core.job
    2012-06-22 20:03 - 2009-03-18 18:16 - 00000000 ____D C:\Program Files\Common Files\Blizzard Entertainment
    2012-06-22 20:02 - 2006-02-13 00:49 - 00000278 __ASH C:\Documents and Settings\GJNA&T\ntuser.ini
    2012-06-22 15:28 - 2006-02-13 00:49 - 00000062 __ASH C:\Documents and Settings\GJNA&T\Local Settings\desktop.ini
    2012-06-22 07:27 - 2012-02-21 21:18 - 00000178 ___SH C:\Documents and Settings\UpdatusUser\ntuser.ini
    2012-06-22 07:17 - 2011-07-12 19:00 - 00000000 __HDC C:\Windows\$NtUninstallKB2555917$
    2012-06-22 07:17 - 2011-04-17 19:16 - 00000000 __HDC C:\Windows\$NtUninstallKB2506223$
    2012-06-22 07:17 - 2011-04-17 19:15 - 00000000 __HDC C:\Windows\$NtUninstallKB2412687$
    2012-06-22 07:17 - 2011-04-17 19:05 - 00000000 __HDC C:\Windows\$NtUninstallKB2508429$
    2012-06-22 07:17 - 2011-03-24 03:39 - 00000000 __HDC C:\Windows\$NtUninstallKB2524375$
    2012-06-22 07:17 - 2011-02-09 07:49 - 00000000 __HDC C:\Windows\$NtUninstallKB2479628$
    2012-06-22 07:17 - 2010-12-16 06:55 - 00000000 __HDC C:\Windows\$NtUninstallKB2436673$
    2012-06-22 07:17 - 2010-12-16 06:54 - 00000000 __HDC C:\Windows\$NtUninstallKB2467659$
    2012-06-22 07:17 - 2010-12-16 06:49 - 00000000 __HDC C:\Windows\$NtUninstallKB2423089$
    2012-06-22 07:17 - 2010-10-14 06:03 - 00000000 __HDC C:\Windows\$NtUninstallKB2345886$
    2012-06-22 07:17 - 2010-10-14 06:02 - 00000000 __HDC C:\Windows\$NtUninstallKB2378111_WM9$
    2012-06-22 07:17 - 2010-09-15 08:43 - 00000000 __HDC C:\Windows\$NtUninstallKB2121546$
    2012-06-22 07:17 - 2010-08-12 04:18 - 00000000 __HDC C:\Windows\$NtUninstallKB2160329$
    2012-06-22 07:17 - 2006-12-18 18:12 - 00000000 __HDC C:\Windows\$NtServicePackUninstallIDNMitigationAPIs$
    2012-06-22 07:17 - 2006-12-18 18:11 - 00000000 __HDC C:\Windows\$NtServicePackUninstallNLSDownlevelMapping$
    2012-06-22 07:17 - 2005-08-17 03:04 - 00000000 ___HD C:\Windows\$NtUninstallEmeraldQFE2$
    2012-06-22 07:16 - 2012-06-13 09:04 - 00000000 __HDC C:\Windows\$NtUninstallKB2709162$
    2012-06-22 07:16 - 2012-05-10 19:01 - 00000000 __HDC C:\Windows\$NtUninstallKB2659262$
    2012-06-22 07:16 - 2012-05-10 18:51 - 00000000 __HDC C:\Windows\$NtUninstallKB2686509$
    2012-06-22 07:16 - 2012-04-12 04:26 - 00000000 __HDC C:\Windows\$NtUninstallKB2656378$
    2012-06-22 07:16 - 2012-03-14 19:07 - 00000000 __HDC C:\Windows\$NtUninstallKB2641653$
    2012-06-22 07:16 - 2012-02-16 20:09 - 00000000 __HDC C:\Windows\$NtUninstallKB2660465$
    2012-06-22 07:16 - 2012-02-16 20:00 - 00000000 __HDC C:\Windows\$NtUninstallKB2661637$
    2012-06-22 07:16 - 2012-01-18 16:16 - 00000000 __HDC C:\Windows\$NtUninstallKB2646524$
    2012-06-22 07:16 - 2011-12-14 20:03 - 00000000 __HDC C:\Windows\$NtUninstallKB2639417$
    2012-06-22 07:16 - 2011-10-14 08:04 - 00000000 __HDC C:\Windows\$NtUninstallKB2567053$
    2012-06-22 07:16 - 2011-08-12 04:47 - 00000000 __HDC C:\Windows\$NtUninstallKB973442_WM11$
    2012-06-22 07:16 - 2011-08-11 05:19 - 00000000 __HDC C:\Windows\$NtUninstallKB2567680$
    2012-06-22 07:16 - 2010-10-14 06:02 - 00000000 __HDC C:\Windows\$NtUninstallKB982132$
    2012-06-22 07:16 - 2010-10-14 04:52 - 00000000 __HDC C:\Windows\$NtUninstallKB981957$
    2012-06-22 07:16 - 2010-09-15 08:42 - 00000000 __HDC C:\Windows\$NtUninstallKB981322$
    2012-06-22 07:16 - 2010-08-12 04:25 - 00000000 __HDC C:\Windows\$NtUninstallKB982214$
    2012-06-22 07:16 - 2010-06-13 19:15 - 00000000 __HDC C:\Windows\$NtUninstallKB979904$
    2012-06-22 07:16 - 2010-06-13 19:12 - 00000000 __HDC C:\Windows\$NtUninstallKB979559$
    2012-06-22 07:16 - 2010-06-13 19:08 - 00000000 __HDC C:\Windows\$NtUninstallKB978695_WM9$
    2012-06-22 07:16 - 2010-04-18 10:05 - 00000000 __HDC C:\Windows\$NtUninstallKB978601$
    2012-06-22 07:16 - 2010-02-11 01:20 - 00000000 __HDC C:\Windows\$NtUninstallKB971468$
    2012-06-22 07:16 - 2009-12-10 01:04 - 00000000 __HDC C:\Windows\$NtUninstallKB971737$
    2012-06-22 07:16 - 2009-11-13 10:28 - 00000000 __HDC C:\Windows\$NtUninstallKB969947$
    2012-06-22 07:16 - 2009-10-17 10:13 - 00000000 __HDC C:\Windows\$NtUninstallKB958869$
    2012-06-22 07:16 - 2009-10-17 10:10 - 00000000 __HDC C:\Windows\$NtUninstallKB974112$
    2012-06-22 07:16 - 2009-10-17 10:10 - 00000000 __HDC C:\Windows\$NtUninstallKB954155_WM9$
    2012-06-22 07:16 - 2009-09-25 19:32 - 00000000 __HDC C:\Windows\$NtUninstallWdf01009$
    2012-06-22 07:16 - 2009-09-12 15:28 - 00000000 __HDC C:\Windows\$NtUninstallKB968816_WM9$
    2012-06-22 07:16 - 2009-09-12 15:27 - 00000000 __HDC C:\Windows\$NtUninstallKB956844$
    2012-06-22 07:16 - 2009-09-05 06:22 - 00000000 __HDC C:\Windows\$NtUninstallwinusb0100$
    2012-06-22 07:16 - 2009-09-05 06:20 - 00000000 __HDC C:\Windows\$NtUninstallWdf01007$
    2012-06-22 07:16 - 2009-08-14 02:24 - 00000000 __HDC C:\Windows\$NtUninstallKB960859$
    2012-06-22 07:16 - 2009-08-14 02:23 - 00000000 __HDC C:\Windows\$NtUninstallKB971657$
    2012-06-22 07:16 - 2009-08-14 02:22 - 00000000 __HDC C:\Windows\$NtUninstallKB973540_WM9$
    2012-06-22 07:16 - 2009-06-14 07:28 - 00000000 __HDC C:\Windows\$NtUninstallKB968537$
    2012-06-22 07:16 - 2009-04-19 19:02 - 00000000 __HDC C:\Windows\$NtUninstallKB960803$
    2012-06-22 07:16 - 2009-03-13 12:26 - 00000000 __HDC C:\Windows\$NtUninstallKB958690$
    2012-06-22 07:16 - 2009-03-13 12:25 - 00000000 __HDC C:\Windows\$NtUninstallKB959772_WM11$
    2012-06-22 07:16 - 2009-01-15 18:11 - 00000000 __HDC C:\Windows\$NtUninstallKB958687$
    2012-06-22 07:16 - 2008-12-15 05:37 - 00000000 __HDC C:\Windows\$NtUninstallKB955839$
    2012-06-22 07:16 - 2008-12-15 05:33 - 00000000 __HDC C:\Windows\$NtUninstallKB954600$
    2012-06-22 07:16 - 2008-11-05 15:29 - 00000000 __HDC C:\Windows\$NtUninstallKB957095$
    2012-06-22 07:16 - 2008-11-05 15:27 - 00000000 __HDC C:\Windows\$NtUninstallKB954211$
    2012-06-22 07:16 - 2008-09-10 01:18 - 00000000 __HDC C:\Windows\$NtUninstallKB954154_WM11$
    2012-06-22 07:16 - 2008-09-10 01:18 - 00000000 __HDC C:\Windows\$NtUninstallKB938464$
    2012-06-22 07:16 - 2008-08-17 15:57 - 00000000 __HDC C:\Windows\$NtUninstallKB951072-v2$
    2012-06-22 07:16 - 2008-04-13 18:46 - 00000000 __HDC C:\Windows\$NtUninstallKB941693$
    2012-06-22 07:16 - 2008-01-15 04:34 - 00000000 __HDC C:\Windows\$NtUninstallKB941644$
    2012-06-22 07:16 - 2007-12-16 18:27 - 00000000 __HDC C:\Windows\$NtUninstallKB942763$
    2012-06-22 07:16 - 2007-12-16 18:27 - 00000000 __HDC C:\Windows\$NtUninstallKB941569$
    2012-06-22 07:16 - 2007-11-17 13:58 - 00000000 __HDC C:\Windows\$NtUninstallKB939683$
    2012-06-22 07:16 - 2007-11-12 19:11 - 00000000 __HDC C:\Windows\$NtUninstallMSCompPackV1$
    2012-06-22 07:16 - 2007-11-12 19:10 - 00000000 __HDC C:\Windows\$NtUninstallWudf01000$
    2012-06-22 07:16 - 2007-08-29 17:15 - 00000000 __HDC C:\Windows\$NtUninstallKB933360$
    2012-06-22 07:16 - 2007-08-18 16:23 - 00000000 __HDC C:\Windows\$NtUninstallKB936782_WMP10$
    2012-06-22 07:16 - 2007-07-17 00:44 - 00000000 __HDC C:\Windows\$NtUninstallKB936357$
    2012-06-22 07:16 - 2007-04-12 21:01 - 00000000 __HDC C:\Windows\$NtUninstallKB931261$
    2012-06-22 07:16 - 2007-04-12 21:00 - 00000000 __HDC C:\Windows\$NtUninstallKB930178$
    2012-06-22 07:16 - 2007-04-07 21:24 - 00000000 __HDC C:\Windows\$NtUninstallWdf01005$
    2012-06-22 07:16 - 2007-02-22 00:50 - 00000000 __HDC C:\Windows\$NtUninstallKB927802$
    2012-06-22 07:16 - 2007-02-22 00:49 - 00000000 __HDC C:\Windows\$NtUninstallKB931836$
    2012-06-22 07:16 - 2006-12-18 18:11 - 00000000 __HDC C:\Windows\$NtUninstallKB915865$
    2012-06-22 07:16 - 2006-12-18 18:10 - 00000000 __HDC C:\Windows\$NtUninstallKB914440$
    2012-06-22 07:16 - 2006-12-18 18:10 - 00000000 __HDC C:\Windows\$NtUninstallKB904942$
    2012-06-22 07:16 - 2006-12-15 16:51 - 00000000 __HDC C:\Windows\$NtUninstallKB923689$
    2012-06-22 07:16 - 2006-12-15 16:50 - 00000000 __HDC C:\Windows\$NtUninstallKB926255$
    2012-06-22 07:16 - 2006-10-14 18:27 - 00000000 __HDC C:\Windows\$NtUninstallKB923414$
    2012-06-22 07:16 - 2006-09-26 18:10 - 00000000 __HDC C:\Windows\$NtUninstallKB925486$
    2012-06-22 07:16 - 2006-07-13 01:09 - 00000000 __HDC C:\Windows\$NtUninstallKB917159$
    2012-06-22 07:16 - 2006-06-17 06:40 - 00000000 __HDC C:\Windows\$NtUninstallKB917734_WMP10$
    2012-06-22 07:16 - 2006-06-17 06:38 - 00000000 __HDC C:\Windows\$NtUninstallKB917953$
    2012-06-22 07:16 - 2006-02-18 08:03 - 00000000 __HDC C:\Windows\$NtUninstallKB911927$
    2012-06-22 07:16 - 2006-02-18 08:03 - 00000000 __HDC C:\Windows\$NtUninstallKB911565$
    2012-06-22 07:16 - 2006-02-18 08:02 - 00000000 __HDC C:\Windows\$NtUninstallKB913446$
    2012-06-22 07:16 - 2006-02-13 01:56 - 00000000 __HDC C:\Windows\$NtUninstallKB910393$
    2012-06-22 07:16 - 2006-02-13 01:56 - 00000000 __HDC C:\Windows\$NtUninstallKB896424$
    2012-06-22 07:16 - 2006-02-13 01:55 - 00000000 __HDC C:\Windows\$NtUninstallKB887998$
    2012-06-22 07:16 - 2006-02-13 01:54 - 00000000 __HDC C:\Windows\$NtUninstallKB893066$
    2012-06-22 07:16 - 2006-02-13 01:53 - 00000000 __HDC C:\Windows\$NtUninstallKB888302$
    2012-06-22 07:16 - 2006-02-13 01:52 - 00000000 __HDC C:\Windows\$NtUninstallKB905749$
    2012-06-22 07:16 - 2006-02-13 01:52 - 00000000 __HDC C:\Windows\$NtUninstallKB896428$
    2012-06-22 07:16 - 2006-02-13 01:22 - 00000000 __HDC C:\Windows\$NtUninstallKB898461$
    2012-06-22 07:16 - 2006-02-06 15:18 - 00000000 __HDC C:\Windows\$NtUninstallKB835221WXP$
    2012-06-22 07:16 - 2005-08-17 03:07 - 00000000 ___HD C:\Windows\$NtUninstallKB902841$
    2012-06-22 07:16 - 2005-08-17 03:06 - 00000000 ___HD C:\Windows\$NtUninstallKB903157$
    2012-06-22 07:16 - 2005-08-17 03:06 - 00000000 ___HD C:\Windows\$NtUninstallKB899510$
    2012-06-22 07:16 - 2005-08-17 03:06 - 00000000 ___HD C:\Windows\$NtUninstallKB895961$
    2012-06-22 07:01 - 2006-10-20 22:54 - 00000000 ____D C:\Windows\Minidump
    2012-06-22 06:50 - 2009-04-21 20:13 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Google
    2012-06-22 06:50 - 2006-02-13 00:40 - 00000000 ____D C:\Documents and Settings\Admin1\Local Settings\Application Data\Google
    2012-06-22 06:50 - 2006-02-06 15:32 - 00000000 ____D C:\Program Files\Google
    2012-06-21 16:02 - 2005-08-16 10:22 - 00000000 ____D C:\Windows\Help
    2012-06-21 01:11 - 2012-06-26 03:30 - 02128472 ____A (Kaspersky Lab ZAO) C:\Documents and Settings\Admin1\Desktop\TDSSKiller.exe
    2012-06-20 22:35 - 2012-05-15 18:20 - 00000000 ____D C:\Documents and Settings\Admin1\My Documents\Diablo III
    2012-06-20 16:36 - 2006-02-15 02:08 - 00000000 ____D C:\Program Files\Dl_cats
    2012-06-19 00:54 - 2006-12-15 21:42 - 00052736 ___AC C:\Documents and Settings\Admin1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2012-06-17 07:05 - 2005-08-16 10:33 - 00609122 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-06-17 07:05 - 2005-08-16 10:22 - 00000000 ____D C:\Windows\System32\inetsrv
    2012-06-16 19:51 - 2012-06-14 15:19 - 00000000 ____D C:\Program Files\TuneUp Utilities 2011
    2012-06-16 14:04 - 2012-06-16 14:04 - 00476936 ____A (Sun Microsystems, Inc.) C:\Windows\System32\npdeployJava1.dll
    2012-06-16 14:04 - 2012-06-16 14:04 - 00157448 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaws.exe
    2012-06-16 14:04 - 2012-06-16 14:04 - 00149256 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaw.exe
    2012-06-16 14:04 - 2012-06-16 14:04 - 00149256 ____A (Sun Microsystems, Inc.) C:\Windows\System32\java.exe
    2012-06-16 14:04 - 2011-05-07 01:55 - 00472840 ____A (Sun Microsystems, Inc.) C:\Windows\System32\deployJava1.dll
    2012-06-16 14:04 - 2008-08-08 17:11 - 00073728 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javacpl.cpl
    2012-06-15 16:09 - 2012-06-15 16:09 - 00000000 ____D C:\Documents and Settings\GJNA&T\Application Data\TuneUp Software
    2012-06-15 08:01 - 2012-01-08 04:13 - 00000000 ___RD C:\Program Files\Skype
    2012-06-15 08:01 - 2010-08-03 22:53 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Skype
    2012-06-14 15:20 - 2012-06-14 15:19 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\TuneUp Software
    2012-06-14 15:19 - 2012-06-14 15:19 - 00000000 ____D C:\Documents and Settings\Admin1\Application Data\TuneUp Software
    2012-06-14 15:18 - 2012-06-14 15:18 - 00000000 __SHD C:\Documents and Settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
    2012-06-14 07:07 - 2006-02-18 08:02 - 00000000 ____D C:\Documents and Settings\Admin1\Local Settings\Application Data\Adobe
    2012-06-13 18:28 - 2010-12-19 04:46 - 00002303 ____A C:\Documents and Settings\GJNA&T\Desktop\Google Chrome.lnk
    2012-06-13 17:28 - 2005-08-16 10:38 - 00000000 ____D C:\Windows\Microsoft.NET
    2012-06-13 17:19 - 2005-08-16 10:27 - 03534552 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-06-13 09:12 - 2006-02-13 01:57 - 56731752 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-06-13 09:09 - 2006-02-06 15:14 - 00000000 ___HD C:\Windows\$hf_mig$
    2012-06-12 04:02 - 2010-12-19 01:12 - 00002303 ____A C:\Documents and Settings\Admin1\Desktop\Google Chrome.lnk
    2012-06-04 16:19 - 2008-09-02 20:12 - 00002644 ___AC C:\Documents and Settings\GJNA&T\Local Settings\Application Data\d3d9caps.tmp
    2012-06-04 13:39 - 2012-01-05 19:51 - 00000000 ____D C:\Documents and Settings\GJNA&T\Application Data\vlc
    2012-06-02 19:19 - 2007-06-20 23:22 - 00022040 ____A (Microsoft Corporation) C:\Windows\System32\wucltui.dll.mui
    2012-06-02 19:19 - 2007-06-20 23:22 - 00017944 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll.mui
    2012-06-02 19:19 - 2007-06-20 23:22 - 00015384 ____A (Microsoft Corporation) C:\Windows\System32\wuaucpl.cpl.mui
    2012-06-02 19:19 - 2007-06-20 23:22 - 00015384 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll.mui
    2012-06-02 19:19 - 2005-08-16 10:40 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-02 19:19 - 2005-08-16 10:40 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\wuaueng.dll
    2012-06-02 19:19 - 2005-08-16 10:40 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-02 19:19 - 2005-08-16 10:40 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\wuapi.dll
    2012-06-02 19:19 - 2005-08-16 10:40 - 00329240 ____A (Microsoft Corporation) C:\Windows\System32\wucltui.dll
    2012-06-02 19:19 - 2005-08-16 10:40 - 00329240 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\wucltui.dll
    2012-06-02 19:19 - 2005-08-16 10:40 - 00219160 ____A (Microsoft Corporation) C:\Windows\System32\wuaucpl.cpl
    2012-06-02 19:19 - 2005-08-16 10:40 - 00219160 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\wuaucpl.cpl
    2012-06-02 19:19 - 2005-08-16 10:40 - 00210968 ____A (Microsoft Corporation) C:\Windows\System32\wuweb.dll
    2012-06-02 19:19 - 2005-08-16 10:40 - 00210968 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\wuweb.dll
    2012-06-02 19:19 - 2005-08-16 10:40 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-02 19:19 - 2005-08-16 10:40 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\wuauclt.exe
    2012-06-02 19:19 - 2005-08-16 10:40 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-02 19:19 - 2005-08-16 10:40 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\wups.dll
    2012-06-02 19:19 - 2005-08-16 10:18 - 00097304 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\cdm.dll
    2012-06-02 19:19 - 2005-08-16 10:18 - 00097304 ____A (Microsoft Corporation) C:\Windows\System32\cdm.dll
    2012-06-02 19:19 - 2005-05-26 09:16 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-02 19:18 - 2007-06-21 21:23 - 00017136 ____A (Microsoft Corporation) C:\Windows\System32\mucltui.dll.mui
    2012-06-02 19:18 - 2006-12-19 07:36 - 00275696 ____A (Microsoft Corporation) C:\Windows\System32\mucltui.dll
    2012-06-02 19:18 - 2005-05-26 09:19 - 00214256 ____A (Microsoft Corporation) C:\Windows\System32\muweb.dll
    2012-06-02 07:09 - 2006-02-15 13:29 - 00118708 ____A C:\dlcc.log
    2012-05-31 13:22 - 2005-08-16 10:18 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\crypt32.dll
    2012-05-31 13:22 - 2005-08-16 10:18 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-05-27 19:31 - 2006-02-06 15:06 - 00000000 ____D C:\Windows\System32\ReinstallBackups
    2012-05-27 19:30 - 2011-09-16 19:09 - 01075248 ____A C:\Windows\System32\nvdrsdb1.bin
    2012-05-27 19:30 - 2011-09-16 19:09 - 01075248 ____A C:\Windows\System32\nvdrsdb0.bin
    2012-05-27 19:30 - 2011-09-16 19:09 - 00000001 ____A C:\Windows\System32\nvdrssel.bin
    2012-05-27 19:30 - 2010-01-10 00:25 - 00000000 ____D C:\Program Files\NVIDIA Corporation
    2012-05-16 15:08 - 2005-08-16 10:18 - 00916992 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-05-16 15:08 - 2005-08-16 10:18 - 00916992 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\wininet.dll
    2012-05-15 18:05 - 2012-05-15 17:10 - 00000678 ____A C:\Documents and Settings\All Users\Desktop\Diablo III.lnk
    2012-05-15 17:06 - 2012-05-15 17:06 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Battle.net
    2012-05-15 13:20 - 2008-11-03 07:58 - 01863168 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\win32k.sys
    2012-05-15 13:20 - 2005-08-16 10:18 - 01863168 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-05-15 10:18 - 2012-04-19 19:58 - 00010264 ____A C:\Windows\System32\nvinfo.pb
    2012-05-15 10:18 - 2011-09-16 19:22 - 01000768 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco32.dll
    2012-05-15 10:18 - 2011-09-16 19:22 - 00883008 ____A (NVIDIA Corporation) C:\Windows\System32\nvgenco32.dll
    2012-05-15 10:18 - 2011-07-02 08:46 - 02807708 ____A C:\Windows\System32\nvdata.data
    2012-05-15 10:18 - 2010-07-31 14:47 - 18771968 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglnt.dll
    2012-05-15 10:18 - 2010-07-31 14:47 - 17543168 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
    2012-05-15 10:18 - 2010-07-31 14:47 - 06012928 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
    2012-05-15 10:18 - 2010-07-31 14:47 - 02530624 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
    2012-05-15 10:18 - 2010-07-31 14:47 - 02445120 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
    2012-05-15 10:18 - 2010-07-31 14:47 - 02359808 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi.dll
    2012-05-15 10:18 - 2010-07-31 14:47 - 00065536 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll
    2012-05-15 10:18 - 2005-08-16 10:35 - 14014656 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nv4_mini.sys
    2012-05-15 10:18 - 2005-08-16 10:35 - 14014656 ____A (NVIDIA Corporation) C:\Windows\System32\dllcache\nv4_mini.sys
    2012-05-15 10:18 - 2005-08-16 10:35 - 04373248 ____A (NVIDIA Corporation) C:\Windows\System32\nv4_disp.dll
    2012-05-15 09:40 - 2011-09-16 19:23 - 15504192 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
    2012-05-15 09:40 - 2011-09-16 19:23 - 00164160 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc32.exe
    2012-05-15 09:40 - 2011-09-16 19:23 - 00143680 ____A (NVIDIA Corporation) C:\Windows\System32\nvcolor.exe
    2012-05-15 09:40 - 2011-09-16 19:23 - 00108352 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
    2012-05-15 09:40 - 2011-09-16 19:23 - 00054272 ____A (NVIDIA Corporation) C:\Windows\System32\nvwddi.dll
    2012-05-14 19:33 - 2008-12-05 20:48 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2012-05-12 23:14 - 2012-05-12 23:14 - 00001366 ____A C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    2012-05-12 23:13 - 2012-05-12 23:13 - 00000000 ____D C:\Program Files\iPod
    2012-05-12 23:13 - 2012-03-27 23:55 - 00000000 ____D C:\Program Files\Common Files\Apple
    2012-05-12 18:12 - 2012-04-09 15:16 - 00000000 ____D C:\Documents and Settings\GJNA&T\Application Data\Skype
    2012-05-12 00:12 - 2007-05-11 14:34 - 11111424 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\ieframe.dll
    2012-05-12 00:12 - 2006-11-08 02:03 - 11111424 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-05-11 14:42 - 2012-06-13 06:28 - 00521728 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\jsdbgui.dll
    2012-05-11 14:42 - 2010-06-10 02:22 - 00743424 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\iedvtool.dll
    2012-05-11 14:42 - 2009-07-05 05:00 - 00247808 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\ieproxy.dll
    2012-05-11 14:42 - 2009-07-05 05:00 - 00012800 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\xpshims.dll
    2012-05-11 14:42 - 2007-05-11 14:34 - 02000384 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\iertutil.dll
    2012-05-11 14:42 - 2007-05-11 14:34 - 00629760 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\msfeeds.dll
    2012-05-11 14:42 - 2007-05-11 14:34 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\msfeedsbs.dll
    2012-05-11 14:42 - 2006-11-08 02:03 - 00629760 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2012-05-11 14:42 - 2006-11-08 02:03 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
    2012-05-11 14:42 - 2006-11-07 08:27 - 00387584 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\iedkcs32.dll
    2012-05-11 14:42 - 2006-10-17 17:05 - 01469440 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\inetcpl.cpl
    2012-05-11 14:42 - 2006-10-17 17:05 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\licmgr10.dll
    2012-05-11 14:42 - 2006-10-17 17:04 - 00206848 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\occache.dll
    2012-05-11 14:42 - 2006-10-17 16:57 - 02000384 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-05-11 14:42 - 2006-05-19 15:06 - 06007808 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\mshtml.dll
    2012-05-11 14:42 - 2006-05-10 05:25 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\iepeers.dll
    2012-05-11 14:42 - 2006-05-10 05:25 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\mshtmled.dll
    2012-05-11 14:42 - 2005-08-16 10:18 - 06007808 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-05-11 14:42 - 2005-08-16 10:18 - 01469440 ____N (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-05-11 14:42 - 2005-08-16 10:18 - 01212416 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-05-11 14:42 - 2005-08-16 10:18 - 01212416 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\urlmon.dll
    2012-05-11 14:42 - 2005-08-16 10:18 - 00611840 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
    2012-05-11 14:42 - 2005-08-16 10:18 - 00611840 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\mstime.dll
    2012-05-11 14:42 - 2005-08-16 10:18 - 00387584 ____N (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
    2012-05-11 14:42 - 2005-08-16 10:18 - 00206848 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
    2012-05-11 14:42 - 2005-08-16 10:18 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
    2012-05-11 14:42 - 2005-08-16 10:18 - 00105984 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-05-11 14:42 - 2005-08-16 10:18 - 00105984 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\url.dll
    2012-05-11 14:42 - 2005-08-16 10:18 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-05-11 14:42 - 2005-08-16 10:18 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
    2012-05-11 14:42 - 2005-08-16 10:18 - 00025600 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-05-11 14:42 - 2005-08-16 10:18 - 00025600 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\jsproxy.dll
    2012-05-11 11:38 - 2006-11-07 08:26 - 00174080 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\ie4uinit.exe
    2012-05-11 11:38 - 2005-08-16 10:18 - 00385024 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
    2012-05-11 11:38 - 2005-08-16 10:18 - 00174080 ____N (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
    2012-05-10 18:50 - 2005-08-16 10:18 - 00000687 ____A C:\Windows\win.ini
    2012-05-04 20:40 - 2012-05-04 20:40 - 00000000 ____D C:\Documents and Settings\Admin1\My Documents\Almost Human
    2012-05-04 20:40 - 2005-08-16 10:40 - 00000000 ____D C:\Windows\System32\DirectX
    2012-05-04 13:16 - 2005-08-16 10:18 - 02148352 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-05-04 13:16 - 2005-08-16 10:18 - 02148352 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\ntkrnlmp.exe
    2012-05-04 13:12 - 2008-11-03 07:57 - 02192640 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\ntoskrnl.exe
    2012-05-04 12:32 - 2008-11-03 07:57 - 02069120 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\ntkrnlpa.exe
    2012-05-04 12:32 - 2008-11-03 07:57 - 02026496 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\ntkrpamp.exe
    2012-05-04 12:32 - 2004-08-04 04:59 - 02026496 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
    2012-05-02 13:46 - 2011-08-11 03:33 - 00139656 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\rdpwd.sys
    2012-05-02 13:46 - 2005-08-16 10:37 - 00139656 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-04-23 18:08 - 2012-04-23 18:08 - 00020480 ____A C:\Documents and Settings\Admin1\My Documents\rpc5.xls
    2012-04-19 21:00 - 2012-04-12 21:12 - 00000000 ____D C:\Documents and Settings\Admin1\Local Settings\Application Data\TERA-Diagnostic
    2012-04-19 20:29 - 2005-08-16 10:38 - 00065536 ____A C:\Windows\System32\config\Media Ce.evt
    2012-04-19 19:59 - 2010-12-03 23:54 - 00000000 ____D C:\NVIDIA
    2012-04-18 17:08 - 2012-02-21 21:15 - 00876864 ____A (NVIDIA Corporation) C:\Windows\System32\nvhdagenco3220103.dll
    2012-04-18 17:08 - 2011-09-16 19:11 - 00123840 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvhda32.sys
    2012-04-18 17:08 - 2011-09-16 19:11 - 00027968 ____A (NVIDIA Corporation) C:\Windows\System32\nvhdap32.dll
    2012-04-16 19:06 - 2012-04-16 19:06 - 00000000 ____D C:\Program Files\Common Files\Skype
    2012-04-12 21:31 - 2007-11-08 19:48 - 00000000 ____D C:\Program Files\DivX
    2012-04-12 21:19 - 2010-03-29 14:34 - 00000000 ____D C:\Documents and Settings\Admin1\Desktop\Unused Desktop Shortcuts
    2012-04-11 20:46 - 2012-04-11 20:46 - 00000000 ____D C:\Program Files\NCsoft
    2012-04-11 20:46 - 2012-04-11 20:46 - 00000000 ____D C:\Program Files\Common Files\Stardock
    2012-04-11 20:20 - 2011-11-17 03:14 - 00000000 ____D C:\Documents and Settings\Admin1\My Documents\My Games
    2012-04-11 04:47 - 2012-04-11 04:39 - 00000000 ____D C:\Documents and Settings\Admin1\Application Data\Stardock
    2012-04-11 04:39 - 2012-04-11 04:39 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Gibraltar
    2012-04-11 04:38 - 2012-04-11 04:38 - 00000588 ____A C:\Documents and Settings\All Users\Desktop\GameStop.lnk
    2012-04-11 04:38 - 2012-04-11 04:38 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Stardock
    2012-04-11 04:38 - 2012-04-11 04:37 - 00000000 __HDC C:\Documents and Settings\All Users\Application Data\{EB424B13-2E57-4A45-936F-A4DFB6DB1688}
    2012-04-11 04:35 - 2012-04-11 04:35 - 00000000 ____D C:\Documents and Settings\Admin1\Local Settings\Application Data\PackageAware
    2012-04-08 23:33 - 2012-04-08 23:33 - 00000000 ____D C:\Documents and Settings\Admin1\My Documents\Electronic Arts
    2012-04-07 00:28 - 2012-04-07 00:28 - 00000000 ____D C:\Documents and Settings\Admin1\Local Settings\Application Data\TERA
    2012-04-06 19:01 - 2010-07-25 08:32 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Electronic Arts
    2012-04-06 18:14 - 2012-04-06 18:14 - 00000794 ____A C:\Documents and Settings\All Users\Desktop\EA Download Manager.lnk
    2012-04-06 17:47 - 2012-04-06 17:47 - 00001723 ____A C:\Documents and Settings\All Users\Desktop\The Sims™ 3.lnk
    2012-04-06 17:30 - 2010-07-25 07:56 - 00000000 ____D C:\Program Files\Electronic Arts
    2012-04-06 17:30 - 2006-02-06 15:20 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
    2012-04-04 19:56 - 2012-06-25 20:16 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-04-03 17:59 - 2012-04-03 17:53 - 00000000 ____D C:\Documents and Settings\Admin1\My Documents\RCT3
    2012-04-03 17:57 - 2012-04-03 17:53 - 00043520 ____A C:\Windows\System32\CmdLineExt03.dll
    2012-04-03 17:53 - 2012-04-03 17:53 - 00000000 ____D C:\Documents and Settings\Admin1\Application Data\Atari
    2012-04-02 15:12 - 2012-04-01 15:17 - 00000000 ____D C:\Documents and Settings\GJNA&T\My Documents\RCT3
    2012-04-01 15:17 - 2012-04-01 15:17 - 00000000 ____D C:\Documents and Settings\GJNA&T\Application Data\Atari
    2012-03-30 18:47 - 2012-03-30 18:47 - 00000460 ____A C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
    2012-03-30 18:47 - 2012-03-30 18:46 - 00000000 ____D C:\VLC
  21. Syreynna

    Syreynna Newcomer, in training Topic Starter Posts: 74

    ========================= Known DLLs (Whitelisted) ============

    ========================= Bamital & volsnap Check ============
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
    ==================== EXE ASSOCIATION =====================
    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK
    ==================== Restore Points (XP) =====================
    RP: -> 2012-06-25 02:08 - 028672 _restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP2786
    RP: -> 2012-06-24 06:08 - 028672 _restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP2785
    RP: -> 2012-06-23 20:15 - 028672 _restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP2784

    ========================= Memory info ======================
    Percentage of memory in use: 24%
    Total physical RAM: 3070.09 MB
    Available physical RAM: 2312.59 MB
    Total Pagefile: 2894.75 MB
    Available Pagefile: 2359.29 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 2001.55 MB
    ======================= Partitions =========================
    1 Drive b: (RAMDisk) (Fixed) (Total:0.5 GB) (Free:0.5 GB) FAT
    2 Drive c: (Local Disk) (Fixed) (Total:69.79 GB) (Free:27.53 GB) NTFS ==>[Drive with boot components (Windows XP)]
    3 Drive d: () (Removable) (Total:3.8 GB) (Free:3.79 GB) FAT32
    4 Drive e: (Sims3) (CDROM) (Total:5.54 GB) (Free:0 GB) UDFFS10
    5 Drive f: (New Volume) (Fixed) (Total:465.76 GB) (Free:341.46 GB) NTFS
    6 Drive x: (UBCD4Windows) (CDROM) (Total:0.63 GB) (Free:0 GB) CDFS
    Disk ### Status Size Free Dyn Gpt
    -------- ---------- ------- ------- --- ---
    Disk 0 Online 74 GB 0 B
    Disk 1 Online 466 GB 0 B *
    Partitions of Disk 0:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 OEM 55 MB 32 KB
    Partition 2 Primary 70 GB 55 MB
    Partition 3 Unknown 4754 MB 70 GB
    ======================================================================================================
    Disk: 0
    Partition 1
    Type : DE
    Hidden: Yes
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 FAT Partition 55 MB Healthy
    ======================================================================================================
    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 C Local Disk NTFS Partition 70 GB Healthy
    ======================================================================================================
    Disk: 0
    Partition 3
    Type : DB
    Hidden: Yes
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 5 FAT32 Partition 4754 MB Healthy
    ======================================================================================================
    Partitions of Disk 1:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Dynamic Data 466 GB 32 KB
    ======================================================================================================
    Disk: 1
    Partition 1
    Type : 42
    Hidden: Yes
    Active: No
    There is no volume associated with this partition.
    ======================================================================================================
    ======================= End Of Log ==========================
  22. Broni

    Broni Malware Annihilator Posts: 46,171   +251

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Next....

    Restart normally.

    Delete your Combofix file, download fresh one and try to run it again.

    Attached Files:

  23. Syreynna

    Syreynna Newcomer, in training Topic Starter Posts: 74

    How do I boot into the UBCD? Also.. Does the usb have to be able to try and run during boot up like the cdrom drive did?
  24. Syreynna

    Syreynna Newcomer, in training Topic Starter Posts: 74

    oh, that was a total derp moment. that's the cd ive been working off of ><
  25. Broni

    Broni Malware Annihilator Posts: 46,171   +251

    Follow very steps you just did to create FRST report.
    Make sure you save fixlist.txt to the very same USB stick.
    This time you'll click on "Fix" button instead of "Scan" button.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.