also @ TechSpot: Metro: Last Light Performance, Benchmarked

TechSpot

TechSpot News Products Downloads Forums

About
Sign in

Welcome to TechSpot

Why should I register?

Sign up for a new account or log in here:

Forgot your password?

Couldn't sign you in, please try again.

Stubborn infection

Discussion in 'Virus and Malware Removal' started by Michael King, Jul 23, 2012.

Post New Reply

Page 2 of 4

Michael King Newcomer, in training Posts: 48

RogueKiller V7.6.4 [07/17/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User: Administrator [Admin rights]
Mode: Shortcuts HJfix -- Date: 07/26/2012 19:00:32

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 0 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 0 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 47 / Fail 0
My documents: Success 0 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 4 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 830 / Fail 0
Backup: [FOUND] Success 17 / Fail 172

Drives:
[C:] \Device\HarddiskVolume1 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped
[E:] \Device\CdRom1 -- 0x5 --> Skipped
[F:] \Device\HarddiskVolume3 -- 0x2 --> Restored
[G:] \Device\HarddiskVolume4 -- 0x2 --> Restored
[H:] \Device\HarddiskVolume5 -- 0x2 --> Restored
[I:] \Device\HarddiskVolume6 -- 0x2 --> Restored
[J:] \Device\IsoCdRom0 -- 0x5 --> Skipped
[K:] \Device\CdRom2 -- 0x5 --> Skipped

¤¤¤ Infection : Rogue.FakeHDD ¤¤¤

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

Michael King, Jul 26, 2012

#21
Jay Pfoutz Malware Helper Posts: 4,286 +49

And now MBRCheck again, please.

Jay Pfoutz, Jul 27, 2012

#22
Michael King Newcomer, in training Posts: 48

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 64-bit
Base Board Manufacturer: Gigabyte Technology Co., Ltd.
BIOS Manufacturer: Award Software International, Inc.
System Manufacturer: Gigabyte Technology Co., Ltd.
System Product Name: GA-MA790X-UD4P
Logical Drives Mask: 0x000007fc

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Michael King, Jul 27, 2012

#23
Jay Pfoutz Malware Helper Posts: 4,286 +49
Download Farbar Recovery Scan Tool and save it to a flash drive.

Please make sure to download the 64-bit version.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

Restart the computer.

As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.

Use the arrow keys to select the Repair your computer menu item.

Choose your language settings, and then click Next.

Select the operating system you want to repair, and then click Next.

Select your user account and click Next.

To enter System Recovery Options by using Windows installation disc:

Insert the installation disc.

Restart your computer.

If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.

Click Repair your computer.

Choose your language settings, and then click Next.

Select the operating system you want to repair, and then click Next.

Select your user account an click Next.

On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

Select Command Prompt

In the command window type in notepad and press Enter.

The notepad opens. Under File menu select Open.

Select "Computer" and find your flash drive letter and close the notepad.

In the command window type e:\frst64 and press Enter
Note: Replace letter e with the drive letter of your flash drive.

The tool will start to run.

When the tool opens click Yes to the disclaimer.

Place a check next to List Drivers MD5 as well as the default check marks that are already there

Press Scan button.

type exit and reboot the computer normally

FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.
Jay Pfoutz, Jul 28, 2012

#24
Michael King Newcomer, in training Posts: 48

When I pressed F8 to enter advanced boot options, a "Repair your computer" option was not amongst those listed. When I booted with my Windows Vista dvd with the F8 advanced boot options, it also did not have that option. When I booted normally into the dvd, it automatically went to windows installation, but got stuck on when it prompted me for a drive. It said my primary drive was not an available option (possibly due to the faked MBR?). In short, I was not able to complete that step.

Did you want me to boot with the flash drive?

Should I attempt another MBRCheck fix immediately prior to trying this step?

Michael King, Jul 28, 2012

#25

Jay Pfoutz Malware Helper Posts: 4,286 +49

Actually, let's try this tool...as we can run FRST from it:

Download OTLPENet.exe to your desktop

Download Farbar Recovery Scan Tool and save it to a flash drive.

Ensure that you have a blank CD in the drive

Double click OTLPENet.exe and this will then open imgburn to burn the file to CD

Reboot your system using the boot CD you just created.

Note : If you do not know how to set your computer to boot from CD follow the steps here

As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads

Your system should now display a Reatogo desktop.

Note : as you are running from CD it is not exactly speedy

Insert the flash drive with FRST on it

Locate the flash drive and run FSRT

The tool will start to run.

When the tool opens click Yes to disclaimer.

Press Scan button.

It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Jay Pfoutz, Jul 29, 2012

#26

Michael King Newcomer, in training Posts: 48

Sorry for the delay, I've been working long hours and haven't had time to work on it.

While running REAToGo, I was able to run aswMBR which I was not able to previously. Here is the log for that.

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-01 11:03:14
-----------------------------
11:03:14.265 OS Version: Windows 5.1.2600
11:03:14.265 Number of processors: 1 586 0x402
11:03:14.265 ComputerName: REATOGO UserName: SYSTEM
11:03:15.671 Initialze error 0
11:03:30.453 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-8
11:03:30.453 Disk 0 Vendor: Hitachi_HDP725050GLA360 GM4OA5CA Size: 476938MB BusType: 3
11:03:30.453 Disk 0 MBR read successfully
11:03:30.468 Disk 0 MBR scan
11:03:30.468 Disk 0 Windows VISTA default MBR code
11:03:30.484 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 476936 MB offset 2048
11:03:30.515 Disk 0 Partition 2 80 (A) 17 Hidd HPFS/NTFS NTFS 1 MB offset 976766976
11:03:30.531 Disk 0 Partition 2 **SUSPICIOUS**
11:03:30.531 Disk 0 scanning sectors +976771039
11:03:30.562 Disk 0 scanning X:\i386\system32\drivers
11:03:30.562 Service scanning
11:03:31.828 Modules scanning
11:03:32.031 Disk 0 trace - called modules:
11:03:32.046 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys halaacpi.dll atapi.sys amdide1.SY_ PCIIDEX.SYS
11:03:33.812 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b2696a0]
11:03:33.890 3 CLASSPNP.SYS[f74e805b] -> nt!IofCallDriver -> \Device\0000004e[0x8b36b9e8]
11:03:33.968 5 acpi.sys[f73b3620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-8[0x8b2b3940]
11:03:34.046 Scan finished successfully
11:05:03.296 Disk 0 MBR has been saved successfully to "C:\Users\Administrator\Desktop\MBR.dat"
11:05:03.359 The log file has been saved successfully to "C:\Users\Administrator\Desktop\aswMBR.txt"

Michael King, Aug 1, 2012

#27
Michael King Newcomer, in training Posts: 48

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 25-07-2012 01
Ran by SYSTEM at 01-08-2012 13:42:23
Running from E:\
Windows Vista (TM) Home Premium (X86) OS Language: English(US)
The current controlset is ControlSet001

ATTENTION!:=====> THE OPERATING SYSTEM IS A X64 SYSTEM BUT THE BOOT DISK THAT IS USED TO BOOT TO RECOVERY ENVIRONMENT IS A X86 SYSTEM DISK.
========================== Registry (Whitelisted) =============

HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1584184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [6962208 2008-12-26] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2008-12-26] (Realtek Semiconductor Corp.)
HKU\Administrator\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1242448 2012-04-17] (Valve Corporation)
HKU\Administrator\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\Administrator\...\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe [x]
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Startup: C:\Users\Administrator\Start Menu\Programs\Startup\aasswwmMbBrR.exe (AVAST Software)
Startup: C:\Users\Administrator\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
Startup: C:\Users\Administrator\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

================================ Services (Whitelisted) ==================

2 AdobeARMservice; "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [63928 2012-01-03] (Adobe Systems Incorporated)
3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [250056 2012-07-26] (Adobe Systems Incorporated)
2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe /launchService [361984 2012-07-04] (Advanced Micro Devices, Inc.)
2 AntiVirSchedulerService; "C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe" [86224 2012-05-08] (Avira Operations GmbH & Co. KG)
2 AntiVirService; "C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe" [110032 2012-05-08] (Avira Operations GmbH & Co. KG)
4 clr_optimization_v2.0.50727_64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [89920 2009-03-30] (Microsoft Corporation)
2 clr_optimization_v4.0.30319_64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [138576 2010-03-18] (Microsoft Corporation)
2 DAZContentManagementService; "C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe" [22528 2011-05-05] ()
2 ES lite Service; "C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE" [68136 2008-12-24] ()
2 Eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [27648 2008-01-20] (Microsoft Corporation)
3 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [42840 2009-02-18] (Microsoft Corporation)
2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [136176 2012-05-25] (Google Inc.)
3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [136176 2012-05-25] (Google Inc.)
3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-11-06] (Hewlett-Packard Co.)
2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [139264 2007-11-06] (Hewlett-Packard Co.)
3 idsvc; "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe" [857432 2009-02-18] (Microsoft Corporation)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)
3 Microsoft Office Groove Audit Service; "C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe" [64856 2009-02-26] (Microsoft Corporation)
2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [223088 2011-04-26] ()
3 MozillaMaintenance; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [113120 2012-07-19] (Mozilla Foundation)
4 NetTcpPortSharing; "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe" [117592 2009-02-18] (Microsoft Corporation)
3 odserv; "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE" [440696 2011-07-20] (Microsoft Corporation)
3 ose; "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE" [145184 2006-10-26] (Microsoft Corporation)
3 PerfHost; C:\Windows\SysWow64\perfhost.exe [19968 2008-01-20] (Microsoft Corporation)
2 RalinkRegistryWriter; C:\Program Files (x86)\Rosewill\Common\RaRegistry.exe [185632 2009-10-20] (Ralink Technology, Corp.)
2 RalinkRegistryWriter64; C:\Program Files (x86)\Rosewill\Common\RaRegistry64.exe [212256 2009-10-20] (Ralink Technology, Corp.)
3 Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe /RunAsService [489256 2012-04-17] (Valve Corporation)
3 WPFFontCache_v0400; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [1020768 2010-03-18] (Microsoft Corporation)

========================== Drivers (Whitelisted) =============

0 amdide64; C:\Windows\System32\DRIVERS\amdide64.sys [10632 2007-10-11] (Advanced Micro Devices)
3 amdiox64; C:\Windows\System32\DRIVERS\amdiox64.sys [46136 2010-02-18] (Advanced Micro Devices)
2 AODDriver4.1; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98848 2012-05-08] (Avira GmbH)
1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132832 2012-05-08] (Avira GmbH)
1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [27760 2011-10-19] (Avira GmbH)
3 E1G60; C:\Windows\System32\DRIVERS\E1G6032E.sys [146176 2008-01-20] (Intel Corporation)
3 gcdbus; C:\Windows\System32\DRIVERS\gcdbus.sys [170496 2011-11-23] (Power Software Ltd)
3 gdrv; \??\C:\Windows\gdrv.sys [23080 2012-08-01] (Windows (R) Server 2003 DDK provider)
3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKVHD64.sys [1590048 2008-12-26] (Realtek Semiconductor Corp.)
1 ISODrive; \??\C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [105176 2007-04-13] (EZB Systems, Inc.)
0 JRAID; C:\Windows\System32\DRIVERS\jraid.sys [98144 2008-11-03] (JMicron Technology Corp.)
3 ksthunk; C:\Windows\system32\drivers\ksthunk.sys [20864 2008-01-20] (Microsoft Corporation)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)
3 netr28ux; C:\Windows\System32\DRIVERS\netr28ux.sys [1037664 2010-05-27] (Ralink Technology Corp.)
3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIVX.sys [190496 2008-12-25] (Realtek Semiconductor Corp.)
3 RTL8169; C:\Windows\System32\DRIVERS\Rtlh64.sys [184832 2008-11-10] (Realtek Corporation )
3 usb_rndisx; C:\Windows\System32\DRIVERS\usb8023x.sys [19456 2009-04-11] (Microsoft Corporation)
3 xnacc; C:\Windows\System32\DRIVERS\xnacc.sys [903168 2008-01-20] (Microsoft Corporation)
0 Cdr4vsd; [x]
1 Cdralwnt; [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-08-01 13:41 - 2012-08-01 13:41 - 00000000 ____D C:\FRST
2012-08-01 13:31 - 2012-08-01 13:31 - 00892822 ____A (Farbar) C:\Users\Administrator\Downloads\FRST.exe
2012-08-01 11:05 - 2012-08-01 11:05 - 00001724 ____A C:\Users\Administrator\Desktop\aswMBR.txt
2012-08-01 11:05 - 2012-08-01 11:05 - 00000512 ____A C:\Users\Administrator\Desktop\MBR.dat
2012-07-30 19:06 - 2012-07-30 19:10 - 127231689 ____A (Igor Pavlov) C:\Users\Administrator\Desktop\OTLPENet.exe
2012-07-29 18:57 - 2012-07-29 18:57 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_winusb_01009.Wdf
2012-07-29 18:54 - 2009-07-14 08:19 - 00020480 ____A (Microsoft Corporation) C:\Windows\System32\winusb.dll
2012-07-29 18:54 - 2009-07-14 08:12 - 00016896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\winusb.dll
2012-07-29 18:54 - 2009-07-13 20:06 - 00040448 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\winusb.sys
2012-07-29 18:51 - 2012-07-29 18:51 - 00000000 ___AH C:\Windows\System32\Drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2012-07-29 18:50 - 2009-07-14 14:18 - 00654928 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2012-07-29 18:50 - 2009-07-14 14:18 - 00042064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys
2012-07-29 18:50 - 2009-07-14 14:18 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
2012-07-29 18:39 - 2012-07-29 18:39 - 00000908 ____A C:\Users\Administrator\Desktop\Paper Jamz Pro.lnk
2012-07-29 18:36 - 2012-07-29 18:37 - 00000000 ____D C:\Program Files (x86)\QuickTime
2012-07-29 18:34 - 2012-07-29 18:34 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2012-07-29 18:33 - 2012-07-29 18:48 - 00000000 ____D C:\Users\Administrator\Documents\Paper Jamz
2012-07-29 18:32 - 2012-07-29 18:47 - 00000000 ____D C:\Program Files (x86)\Paper Jamz Pro
2012-07-29 18:26 - 2012-07-29 18:32 - 133924232 ____A C:\Users\Administrator\Downloads\PaperJamzPro.exe
2012-07-28 18:50 - 2012-07-28 18:51 - 00013285 ____A C:\Users\Administrator\Desktop\MBRCheck_07.28.12_17.50.12.txt
2012-07-28 10:50 - 2012-07-29 18:38 - 00013981 ____A C:\Users\Administrator\Documents\glyph_stockpiling.xlsx
2012-07-27 06:35 - 2012-07-27 06:42 - 00013356 ____A C:\Users\Administrator\Desktop\MBRCheck_07.27.12_05.35.03.txt
2012-07-26 20:00 - 2012-07-26 20:03 - 00001446 ____A C:\Users\Administrator\Desktop\RKreport[7].txt
2012-07-26 20:00 - 2012-04-30 12:20 - 00001027 ____A C:\Users\Public\Desktop\OpenOffice.org 3.3.lnk
2012-07-26 19:58 - 2012-07-26 19:58 - 00001928 ____A C:\Users\Administrator\Desktop\RKreport[6].txt
2012-07-26 19:57 - 2012-07-26 19:57 - 00000709 ____A C:\Users\Administrator\Desktop\RKreport[5].txt
2012-07-26 19:57 - 2012-07-26 19:57 - 00000672 ____A C:\Users\Administrator\Desktop\RKreport[4].txt
2012-07-26 19:56 - 2012-07-26 19:56 - 00000570 ____A C:\Users\Administrator\Desktop\RKreport[3].txt
2012-07-26 19:55 - 2012-07-26 19:55 - 00001358 ____A C:\Users\Administrator\Desktop\RKreport[2].txt
2012-07-26 19:54 - 2012-07-26 19:54 - 00001869 ____A C:\Users\Administrator\Desktop\RKreport[1].txt
2012-07-26 19:54 - 2012-07-26 19:54 - 00000000 ____D C:\Users\Administrator\Desktop\RK_Quarantine
2012-07-26 19:53 - 2012-07-26 19:53 - 01552384 ____A C:\Users\Administrator\Desktop\RogueKiller.exe
2012-07-25 19:16 - 2012-07-25 19:26 - 00013268 ____A C:\Users\Administrator\Desktop\MBRCheck_07.25.12_18.16.20.txt
2012-07-24 18:05 - 2012-07-24 18:10 - 00013895 ____A C:\Users\Administrator\Desktop\MBRCheck_07.24.12_17.05.19.txt
2012-07-24 17:56 - 2012-07-24 17:57 - 00013268 ____A C:\Users\Administrator\Desktop\MBRCheck_07.24.12_16.56.48.txt
2012-07-24 17:44 - 2012-07-24 17:44 - 00000512 ____A C:\Users\Administrator\Desktop\MBRCheck_MBR_Backup_07-24-12_16-44-18.bak
2012-07-24 17:43 - 2012-07-24 17:44 - 00014106 ____A C:\Users\Administrator\Desktop\MBRCheck_07.24.12_16.43.30.txt
2012-07-24 17:41 - 2012-07-24 17:42 - 00014058 ____A C:\Users\Administrator\Desktop\MBRCheck_07.24.12_16.41.13.txt
2012-07-24 10:43 - 2012-07-24 10:43 - 00000599 ____A C:\Users\Administrator\Desktop\dump.zip
2012-07-24 10:33 - 2012-07-24 10:38 - 00014016 ____A C:\Users\Administrator\Desktop\MBRCheck_07.24.12_09.33.20.txt
2012-07-24 10:25 - 2012-07-24 10:37 - 00000512 ____A C:\Users\Administrator\Desktop\dump.dat
2012-07-24 10:23 - 2012-07-24 10:26 - 00013966 ____A C:\Users\Administrator\Desktop\MBRCheck_07.24.12_09.23.24.txt
2012-07-23 15:33 - 2012-07-23 15:33 - 00010094 ____A C:\Users\Administrator\Desktop\Attach.txt
2012-07-23 15:31 - 2012-07-23 15:31 - 00025456 ____A C:\Users\Administrator\Desktop\DDS.txt
2012-07-23 14:23 - 2012-07-23 14:23 - 00607260 ____R (Swearware) C:\Users\Administrator\Desktop\dds.scr
2012-07-23 13:55 - 2012-07-23 13:55 - 00294216 ____A C:\Users\Administrator\Desktop\gmer.zip
2012-07-23 13:55 - 2011-07-16 23:21 - 00302592 ____A C:\Users\Administrator\Desktop\gmer.exe
2012-07-23 13:50 - 2012-07-23 13:55 - 00013288 ____A C:\Users\Administrator\Desktop\MBRCheck_07.23.12_12.50.50.txt
2012-07-23 13:50 - 2011-06-26 02:45 - 00256000 ____A C:\Windows\PEV.exe
2012-07-23 13:50 - 2010-11-07 13:20 - 00208896 ____A C:\Windows\MBR.exe
2012-07-23 13:50 - 2009-04-20 00:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-07-23 13:50 - 2000-08-30 20:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-07-23 13:50 - 2000-08-30 20:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-07-23 13:50 - 2000-08-30 20:00 - 00098816 ____A C:\Windows\sed.exe
2012-07-23 13:50 - 2000-08-30 20:00 - 00080412 ____A C:\Windows\grep.exe
2012-07-23 13:50 - 2000-08-30 20:00 - 00068096 ____A C:\Windows\zip.exe
2012-07-23 13:49 - 2012-07-23 13:51 - 00000000 ___SD C:\commy32243c
2012-07-23 13:46 - 2012-07-23 13:47 - 00000000 ___SD C:\commy
2012-07-23 13:45 - 2012-07-23 13:46 - 00000000 ____D C:\Qoobox
2012-07-23 13:44 - 2012-07-23 13:49 - 00000000 ___SD C:\32788R22FWJFW
2012-07-23 13:44 - 2012-07-23 13:44 - 00000000 ____D C:\Windows\erdnt
2012-07-23 13:42 - 2012-07-23 13:42 - 04582474 ____R (Swearware) C:\Users\Administrator\Desktop\commy.exe
2012-07-23 13:41 - 2012-07-24 10:32 - 00080384 ____A C:\Users\Administrator\Desktop\MBRCheck.exe
2012-07-23 13:41 - 2012-07-23 13:43 - 00013505 ____A C:\Users\Administrator\Desktop\MBRCheck_07.23.12_12.41.07.txt
2012-07-23 13:31 - 2012-07-23 13:31 - 04731392 ____A (AVAST Software) C:\Users\Administrator\Desktop\aswMBR.exe
2012-07-15 00:57 - 2012-07-15 01:31 - 261122008 ____A (Avira GmbH) C:\Users\Administrator\Downloads\rescue_system-common-en.exe
2012-07-14 23:48 - 2012-07-14 23:48 - 00270816 ____A C:\Windows\Minidump\Mini071412-03.dmp
2012-07-14 22:59 - 2012-07-14 22:59 - 00057344 ____A (Roxio) C:\Windows\uneng.exe
2012-07-14 22:59 - 2012-07-14 22:59 - 00049152 ____A (Roxio) C:\Windows\SysWOW64\cdrtc.dll
2012-07-14 22:59 - 2012-07-14 22:59 - 00045056 ____A (Roxio) C:\Windows\SysWOW64\cdral.dll
2012-07-14 22:59 - 2012-07-14 22:59 - 00000000 ____D C:\Users\Administrator\Downloads\RoxioEasyCD0410
2012-07-14 22:53 - 2012-07-14 22:58 - 94281863 ____A C:\Users\Administrator\Downloads\RoxioEasyCD0410.rar
2012-07-14 22:52 - 2012-07-14 22:52 - 00821248 ____A C:\Users\Administrator\Downloads\FreeISOBurner.exe
2012-07-14 22:44 - 2012-07-14 22:44 - 00000000 ____D C:\Program Files (x86)\Smart Projects
2012-07-14 22:43 - 2012-07-14 22:43 - 04266768 ____A (Smart Projects ) C:\Users\Administrator\Downloads\isobuster_all_lang.exe
2012-07-14 22:25 - 2012-07-14 22:26 - 00270816 ____A C:\Windows\Minidump\Mini071412-02.dmp
2012-07-14 22:20 - 2012-07-14 22:20 - 00270816 ____A C:\Windows\Minidump\Mini071412-01.dmp
2012-07-14 22:16 - 2012-07-14 22:16 - 259346432 ____A C:\rescue_system-common-en.iso
2012-07-14 18:17 - 2012-07-14 18:16 - 00955888 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2012-07-14 18:17 - 2012-07-14 18:16 - 00839152 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-07-14 18:12 - 2012-07-14 18:13 - 21869552 ____A (Oracle Corporation) C:\Users\Administrator\Downloads\jre-7u5-windows-x64.exe
2012-07-14 12:57 - 2012-07-14 12:57 - 00961371 ____A C:\Users\Administrator\Documents\Copy of Consortium_Shuffler v4.xlsx
2012-07-14 10:26 - 2012-07-14 10:26 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Administrator\Downloads\mbam-setup-1.62.0.1300.exe
2012-07-14 10:26 - 2012-07-14 10:26 - 00000948 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-14 10:26 - 2012-07-14 10:26 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-14 10:26 - 2012-07-03 14:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-14 09:08 - 2012-07-14 09:08 - 00009287 ____A C:\Users\Administrator\Documents\glyph bank.xlsx
2012-07-13 21:33 - 2012-07-13 21:33 - 00000000 ____D C:\Users\Administrator\AppData\Local\AMD
2012-07-13 21:32 - 2012-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\AMD APP
2012-07-13 21:30 - 2010-02-18 10:18 - 00046136 ____A (Advanced Micro Devices) C:\Windows\System32\Drivers\amdiox64.sys
2012-07-13 21:29 - 2012-07-13 21:29 - 00018325 ____A C:\Windows\SysWOW64\CCCInstall_201207132029492105.log
2012-07-13 21:24 - 2012-07-13 21:24 - 00000000 ____D C:\AMD
2012-07-13 21:20 - 2012-07-13 21:24 - 162514192 ____A (Advanced Micro Devices, Inc.) C:\Users\Administrator\Downloads\12-6-legacy_vista_win7_64_dd_ccc.exe
2012-07-11 19:06 - 2012-07-26 20:06 - 09821896 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-07-11 05:38 - 2012-07-11 05:38 - 00399264 ____A (Bleeping Computer, LLC) C:\Users\Administrator\Downloads\unhide.exe
2012-07-11 05:17 - 2012-07-12 16:36 - 00002025 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-07-11 05:17 - 2012-06-16 03:08 - 00001951 ____A C:\Users\Public\Desktop\DivX Plus Converter.lnk
2012-07-11 05:17 - 2012-06-16 03:08 - 00000947 ____A C:\Users\Public\Desktop\DivX Plus Player.lnk
2012-07-11 05:17 - 2012-05-24 23:36 - 00000930 ____A C:\Users\Public\Desktop\gBurner Virtual Drive.lnk
2012-07-11 05:17 - 2012-04-17 17:58 - 00001810 ____A C:\Users\Public\Desktop\GoldenEye Souce v4.1.lnk
2012-07-11 05:17 - 2012-04-17 09:48 - 00000828 ____A C:\Users\Public\Desktop\Steam.lnk
2012-07-11 05:17 - 2012-01-22 15:18 - 00001922 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2012-07-11 05:17 - 2012-01-22 14:57 - 00000961 ____A C:\Users\Public\Desktop\Foxit Reader 5.0.lnk
2012-07-11 05:17 - 2011-11-27 15:53 - 00000888 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-07-11 05:15 - 2012-07-11 05:06 - 01558016 ____A C:\RogueKiller.exe
2012-07-11 05:07 - 2012-07-11 05:07 - 00003694 ____A C:\Users\Michael\Desktop\RKreport[2].txt
2012-07-11 05:07 - 2012-07-11 05:07 - 00003539 ____A C:\Users\Michael\Desktop\RKreport[1].txt
2012-07-11 05:06 - 2012-07-14 12:10 - 00000000 ____D C:\Users\Michael\Desktop\RK_Quarantine
2012-07-11 05:06 - 2012-07-11 05:06 - 01558016 ____A C:\Users\Michael\Downloads\RogueKiller.exe
2012-07-11 04:45 - 2012-07-11 04:45 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Adobe
2012-07-11 04:13 - 2012-06-02 08:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-11 04:13 - 2012-06-02 08:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-11 04:13 - 2012-06-02 08:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-11 04:13 - 2012-06-02 08:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-11 04:13 - 2012-06-02 08:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-11 04:13 - 2012-06-02 08:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-11 04:13 - 2012-06-02 08:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-11 04:13 - 2012-06-02 08:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-11 04:13 - 2012-06-02 08:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-11 04:13 - 2012-06-02 08:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-11 04:13 - 2012-06-02 07:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-11 04:13 - 2012-06-02 07:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-11 04:13 - 2012-06-02 07:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-11 04:13 - 2012-06-02 07:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-11 04:13 - 2012-06-02 05:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-07-11 04:13 - 2012-06-02 04:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-07-11 04:13 - 2012-06-02 04:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-07-11 04:13 - 2012-06-02 04:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-07-11 04:13 - 2012-06-02 04:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-07-11 04:13 - 2012-06-02 04:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-07-11 04:13 - 2012-06-02 04:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-07-11 04:13 - 2012-06-02 04:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-07-11 04:13 - 2012-06-02 04:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-07-11 04:13 - 2012-06-02 04:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-07-11 04:13 - 2012-06-02 04:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-07-11 04:13 - 2012-06-02 04:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-07-11 04:13 - 2012-06-02 04:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-07-11 04:13 - 2012-06-02 04:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-07-11 04:11 - 2012-06-13 09:58 - 02769408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-11 03:49 - 2012-07-11 03:49 - 00000000 ____D C:\Users\Michael\AppData\Roaming\WinRAR
2012-07-11 03:43 - 2012-07-11 03:43 - 00106584 ____A C:\Users\Michael\AppData\Local\GDIPFONTCACHEV1.DAT
2012-07-11 03:43 - 2012-07-11 03:43 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Avira
2012-07-11 03:43 - 2012-07-11 03:43 - 00000000 ____D C:\Users\Michael\AppData\Roaming\ATI
2012-07-11 03:43 - 2012-07-11 03:43 - 00000000 ____D C:\Users\Michael\AppData\Local\ATI
2012-07-11 03:41 - 2012-07-11 03:42 - 00000000 ____D C:\users\Michael
2012-07-11 03:41 - 2012-07-11 03:41 - 00000020 ___SH C:\Users\Michael\ntuser.ini
2012-07-11 03:41 - 2012-07-11 03:41 - 00000000 ____D C:\Users\Michael\AppData\Local\VirtualStore
2012-07-11 03:41 - 2012-05-25 04:00 - 00000000 ____D C:\Users\Michael\AppData\Local\Microsoft Help
2012-07-11 03:41 - 2012-01-22 15:20 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Macromedia
2012-07-10 20:15 - 2012-07-10 20:15 - 00000752 ____A C:\Users\Administrator\Desktop\Ventrilo.lnk
2012-07-10 20:15 - 2012-07-10 20:15 - 00000262 ____A C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
2012-07-10 20:15 - 2012-07-10 20:15 - 00000000 ____D C:\Program Files\Ventrilo
2012-07-10 20:13 - 2012-07-10 20:13 - 04135696 ____A C:\Users\Administrator\Downloads\ventrilo-3.0.8-Windows-x64.exe
2012-07-10 20:08 - 2012-07-10 20:08 - 01132799 ____A C:\Users\Administrator\Downloads\TheUndermineJournal(4).zip
2012-07-10 15:18 - 2012-06-08 13:59 - 12899840 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-10 15:18 - 2012-06-08 13:47 - 11586048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-10 15:18 - 2012-06-05 12:47 - 01401856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-10 15:18 - 2012-06-05 12:47 - 01248768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-10 15:18 - 2012-06-05 12:22 - 01869824 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-10 15:18 - 2012-06-05 12:22 - 01797120 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-10 15:18 - 2012-06-04 11:29 - 00516480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-10 15:18 - 2012-06-01 20:22 - 00347136 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-10 15:18 - 2012-06-01 20:22 - 00254464 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-10 15:18 - 2012-06-01 20:05 - 00077312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-10 15:18 - 2012-06-01 20:04 - 00278528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-10 15:18 - 2012-06-01 20:03 - 00204288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-04 03:32 - 2012-07-04 03:32 - 00187392 ____A C:\Windows\System32\clinfo.exe
2012-07-04 03:32 - 2012-07-04 03:32 - 00075264 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OpenVideo64.dll
2012-07-04 03:32 - 2012-07-04 03:32 - 00065024 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll
2012-07-04 03:31 - 2012-07-04 03:31 - 16457216 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\amdocl64.dll
2012-07-04 03:31 - 2012-07-04 03:31 - 00063488 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OVDecode64.dll
2012-07-04 03:31 - 2012-07-04 03:31 - 00056320 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll
2012-07-04 03:30 - 2012-07-04 03:30 - 13008384 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2012-07-04 03:30 - 2012-07-04 03:30 - 00054784 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll
2012-07-04 03:30 - 2012-07-04 03:30 - 00050176 ____A (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2012-07-04 02:59 - 2012-07-04 02:59 - 11922944 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmdag.sys
2012-07-04 02:52 - 2012-07-04 02:52 - 26016256 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atio6axx.dll
2012-07-04 02:35 - 2012-07-04 02:35 - 19586048 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2012-07-04 02:28 - 2012-07-04 02:28 - 00246000 ____A C:\Windows\SysWOW64\atiapfxx.blb
2012-07-04 02:28 - 2012-07-04 02:28 - 00246000 ____A C:\Windows\System32\atiapfxx.blb
2012-07-04 02:27 - 2012-07-04 02:27 - 00159744 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiapfxx.exe
2012-07-04 02:21 - 2012-07-04 02:21 - 00514048 ____A (AMD) C:\Windows\System32\atieclxx.exe
2012-07-04 02:20 - 2012-07-04 02:20 - 00238080 ____A (AMD) C:\Windows\System32\atiesrxx.exe
2012-07-04 02:19 - 2012-07-04 02:19 - 00120320 ____A (AMD) C:\Windows\System32\atitmm64.dll
2012-07-04 02:19 - 2012-07-04 02:19 - 00059392 ____A (ATI Technologies, Inc.) C:\Windows\System32\atiedu64.dll
2012-07-04 02:19 - 2012-07-04 02:19 - 00043520 ____A (ATI Technologies, Inc.) C:\Windows\SysWOW64\ati2edxx.dll
2012-07-04 02:19 - 2012-07-04 02:19 - 00021504 ____A (AMD) C:\Windows\System32\atimuixx.dll
2012-07-04 01:57 - 2012-07-04 01:57 - 07510528 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atidxx64.dll
2012-07-04 01:36 - 2012-07-04 01:36 - 01960960 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdmv.dll
2012-07-04 01:36 - 2012-07-04 01:36 - 01053696 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd6v.dll
2012-07-04 01:36 - 2012-07-04 01:36 - 00069632 ____A (AMD) C:\Windows\System32\coinst_8.97.100.3.dll
2012-07-04 01:34 - 2012-07-04 01:34 - 02818784 ____A C:\Windows\System32\atiumd6a.cap
2012-07-04 01:27 - 2012-07-04 01:27 - 02852480 ____A C:\Windows\SysWOW64\atiumdva.cap
2012-07-04 01:11 - 2012-07-04 01:11 - 00364544 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2012-07-04 01:11 - 2012-07-04 01:11 - 00056832 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2012-07-04 01:11 - 2012-07-04 01:11 - 00056832 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2012-07-04 01:11 - 2012-07-04 01:11 - 00056320 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atimpc64.dll
2012-07-04 01:11 - 2012-07-04 01:11 - 00056320 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\amdpcom64.dll
2012-07-04 01:11 - 2012-07-04 01:11 - 00041984 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6txx.dll
2012-07-04 01:11 - 2012-07-04 01:11 - 00033280 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2012-07-04 01:11 - 2012-07-04 01:11 - 00017920 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6pxx.dll
2012-07-04 01:11 - 2012-07-04 01:11 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2012-07-04 01:11 - 2012-07-04 01:11 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiglpxx.dll
2012-07-04 01:10 - 2012-07-04 01:10 - 00359936 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmpag.sys
2012-07-04 01:10 - 2012-07-04 01:10 - 00055296 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiuxp64.dll
2012-07-04 01:09 - 2012-07-04 01:09 - 00053248 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\ati2erec.dll
2012-07-04 01:04 - 2012-07-04 01:04 - 15827456 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticaldd64.dll
2012-07-04 01:04 - 2012-07-04 01:04 - 00051200 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalrt64.dll
2012-07-04 01:04 - 2012-07-04 01:04 - 00046080 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2012-07-04 01:04 - 2012-07-04 01:04 - 00044544 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2012-07-04 01:04 - 2012-07-04 01:04 - 00044544 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalcl64.dll
2012-07-04 00:59 - 2012-07-04 00:59 - 13402112 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll

Michael King, Aug 1, 2012

#28
Michael King Newcomer, in training Posts: 48

============ 3 Months Modified Files ========================

2012-08-01 13:33 - 2009-06-05 17:46 - 00000207 ____A C:\service.log
2012-08-01 13:33 - 2008-01-20 21:53 - 01173132 ____A C:\Windows\WindowsUpdate.log
2012-08-01 13:33 - 2006-11-02 11:42 - 00032652 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-08-01 13:33 - 2006-11-02 11:42 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-01 13:33 - 2006-11-02 11:22 - 00003712 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-01 13:33 - 2006-11-02 11:22 - 00003712 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-01 13:31 - 2012-08-01 13:31 - 00892822 ____A (Farbar) C:\Users\Administrator\Downloads\FRST.exe
2012-08-01 13:26 - 2012-05-25 18:19 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-08-01 13:26 - 2011-11-27 17:08 - 00023080 ____A (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2012-08-01 11:05 - 2012-08-01 11:05 - 00001724 ____A C:\Users\Administrator\Desktop\aswMBR.txt
2012-08-01 11:05 - 2012-08-01 11:05 - 00000512 ____A C:\Users\Administrator\Desktop\MBR.dat
2012-08-01 10:34 - 2012-05-25 18:19 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-08-01 10:06 - 2012-04-07 21:50 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-01 09:24 - 2011-11-27 17:33 - 00000735 ____A C:\Users\Administrator\Desktop\World of Warcraft.lnk
2012-07-31 20:27 - 2006-11-02 08:46 - 00703388 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-30 19:10 - 2012-07-30 19:06 - 127231689 ____A (Igor Pavlov) C:\Users\Administrator\Desktop\OTLPENet.exe
2012-07-29 19:09 - 2006-11-02 11:27 - 00071261 ____A C:\Windows\setupact.log
2012-07-29 18:57 - 2012-07-29 18:57 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_winusb_01009.Wdf
2012-07-29 18:51 - 2012-07-29 18:51 - 00000000 ___AH C:\Windows\System32\Drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2012-07-29 18:39 - 2012-07-29 18:39 - 00000908 ____A C:\Users\Administrator\Desktop\Paper Jamz Pro.lnk
2012-07-29 18:38 - 2012-07-28 10:50 - 00013981 ____A C:\Users\Administrator\Documents\glyph_stockpiling.xlsx
2012-07-29 18:32 - 2012-07-29 18:26 - 133924232 ____A C:\Users\Administrator\Downloads\PaperJamzPro.exe
2012-07-28 18:51 - 2012-07-28 18:50 - 00013285 ____A C:\Users\Administrator\Desktop\MBRCheck_07.28.12_17.50.12.txt
2012-07-28 10:50 - 2012-05-17 22:05 - 00005643 ____A C:\Users\Administrator\Documents\glyph_stockpiling.xls_0.ods
2012-07-27 06:42 - 2012-07-27 06:35 - 00013356 ____A C:\Users\Administrator\Desktop\MBRCheck_07.27.12_05.35.03.txt
2012-07-26 20:06 - 2012-07-11 19:06 - 09821896 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-07-26 20:06 - 2012-04-07 21:50 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-26 20:06 - 2011-11-27 17:30 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-26 20:03 - 2012-07-26 20:00 - 00001446 ____A C:\Users\Administrator\Desktop\RKreport[7].txt
2012-07-26 19:58 - 2012-07-26 19:58 - 00001928 ____A C:\Users\Administrator\Desktop\RKreport[6].txt
2012-07-26 19:57 - 2012-07-26 19:57 - 00000709 ____A C:\Users\Administrator\Desktop\RKreport[5].txt
2012-07-26 19:57 - 2012-07-26 19:57 - 00000672 ____A C:\Users\Administrator\Desktop\RKreport[4].txt
2012-07-26 19:56 - 2012-07-26 19:56 - 00000570 ____A C:\Users\Administrator\Desktop\RKreport[3].txt
2012-07-26 19:55 - 2012-07-26 19:55 - 00001358 ____A C:\Users\Administrator\Desktop\RKreport[2].txt
2012-07-26 19:54 - 2012-07-26 19:54 - 00001869 ____A C:\Users\Administrator\Desktop\RKreport[1].txt
2012-07-26 19:53 - 2012-07-26 19:53 - 01552384 ____A C:\Users\Administrator\Desktop\RogueKiller.exe
2012-07-25 19:26 - 2012-07-25 19:16 - 00013268 ____A C:\Users\Administrator\Desktop\MBRCheck_07.25.12_18.16.20.txt
2012-07-24 18:10 - 2012-07-24 18:05 - 00013895 ____A C:\Users\Administrator\Desktop\MBRCheck_07.24.12_17.05.19.txt
2012-07-24 17:57 - 2012-07-24 17:56 - 00013268 ____A C:\Users\Administrator\Desktop\MBRCheck_07.24.12_16.56.48.txt
2012-07-24 17:44 - 2012-07-24 17:44 - 00000512 ____A C:\Users\Administrator\Desktop\MBRCheck_MBR_Backup_07-24-12_16-44-18.bak
2012-07-24 17:44 - 2012-07-24 17:43 - 00014106 ____A C:\Users\Administrator\Desktop\MBRCheck_07.24.12_16.43.30.txt
2012-07-24 17:42 - 2012-07-24 17:41 - 00014058 ____A C:\Users\Administrator\Desktop\MBRCheck_07.24.12_16.41.13.txt
2012-07-24 10:43 - 2012-07-24 10:43 - 00000599 ____A C:\Users\Administrator\Desktop\dump.zip
2012-07-24 10:38 - 2012-07-24 10:33 - 00014016 ____A C:\Users\Administrator\Desktop\MBRCheck_07.24.12_09.33.20.txt
2012-07-24 10:37 - 2012-07-24 10:25 - 00000512 ____A C:\Users\Administrator\Desktop\dump.dat
2012-07-24 10:32 - 2012-07-23 13:41 - 00080384 ____A C:\Users\Administrator\Desktop\MBRCheck.exe
2012-07-24 10:26 - 2012-07-24 10:23 - 00013966 ____A C:\Users\Administrator\Desktop\MBRCheck_07.24.12_09.23.24.txt
2012-07-23 18:51 - 2011-11-27 16:11 - 00000732 ____A C:\Users\Administrator\AppData\Local\d3d9caps64.dat
2012-07-23 15:33 - 2012-07-23 15:33 - 00010094 ____A C:\Users\Administrator\Desktop\Attach.txt
2012-07-23 15:31 - 2012-07-23 15:31 - 00025456 ____A C:\Users\Administrator\Desktop\DDS.txt
2012-07-23 14:23 - 2012-07-23 14:23 - 00607260 ____R (Swearware) C:\Users\Administrator\Desktop\dds.scr
2012-07-23 13:55 - 2012-07-23 13:55 - 00294216 ____A C:\Users\Administrator\Desktop\gmer.zip
2012-07-23 13:55 - 2012-07-23 13:50 - 00013288 ____A C:\Users\Administrator\Desktop\MBRCheck_07.23.12_12.50.50.txt
2012-07-23 13:43 - 2012-07-23 13:41 - 00013505 ____A C:\Users\Administrator\Desktop\MBRCheck_07.23.12_12.41.07.txt
2012-07-23 13:42 - 2012-07-23 13:42 - 04582474 ____R (Swearware) C:\Users\Administrator\Desktop\commy.exe
2012-07-23 13:31 - 2012-07-23 13:31 - 04731392 ____A (AVAST Software) C:\Users\Administrator\Desktop\aswMBR.exe
2012-07-15 20:35 - 2011-11-27 16:38 - 00001356 ____A C:\Users\Administrator\AppData\Local\d3d9caps.dat
2012-07-15 13:06 - 2006-11-02 11:21 - 00399736 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-15 01:31 - 2012-07-15 00:57 - 261122008 ____A (Avira GmbH) C:\Users\Administrator\Downloads\rescue_system-common-en.exe
2012-07-14 23:48 - 2012-07-14 23:48 - 00270816 ____A C:\Windows\Minidump\Mini071412-03.dmp
2012-07-14 23:48 - 2011-11-27 15:41 - 701416025 ____A C:\Windows\MEMORY.DMP
2012-07-14 22:59 - 2012-07-14 22:59 - 00057344 ____A (Roxio) C:\Windows\uneng.exe
2012-07-14 22:59 - 2012-07-14 22:59 - 00049152 ____A (Roxio) C:\Windows\SysWOW64\cdrtc.dll
2012-07-14 22:59 - 2012-07-14 22:59 - 00045056 ____A (Roxio) C:\Windows\SysWOW64\cdral.dll
2012-07-14 22:58 - 2012-07-14 22:53 - 94281863 ____A C:\Users\Administrator\Downloads\RoxioEasyCD0410.rar
2012-07-14 22:52 - 2012-07-14 22:52 - 00821248 ____A C:\Users\Administrator\Downloads\FreeISOBurner.exe
2012-07-14 22:43 - 2012-07-14 22:43 - 04266768 ____A (Smart Projects ) C:\Users\Administrator\Downloads\isobuster_all_lang.exe
2012-07-14 22:26 - 2012-07-14 22:25 - 00270816 ____A C:\Windows\Minidump\Mini071412-02.dmp
2012-07-14 22:20 - 2012-07-14 22:20 - 00270816 ____A C:\Windows\Minidump\Mini071412-01.dmp
2012-07-14 22:16 - 2012-07-14 22:16 - 259346432 ____A C:\rescue_system-common-en.iso
2012-07-14 18:16 - 2012-07-14 18:17 - 00955888 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2012-07-14 18:16 - 2012-07-14 18:17 - 00839152 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-07-14 18:13 - 2012-07-14 18:12 - 21869552 ____A (Oracle Corporation) C:\Users\Administrator\Downloads\jre-7u5-windows-x64.exe
2012-07-14 12:57 - 2012-07-14 12:57 - 00961371 ____A C:\Users\Administrator\Documents\Copy of Consortium_Shuffler v4.xlsx
2012-07-14 10:26 - 2012-07-14 10:26 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Administrator\Downloads\mbam-setup-1.62.0.1300.exe
2012-07-14 10:26 - 2012-07-14 10:26 - 00000948 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-14 09:12 - 2012-06-20 08:37 - 00875466 ____A C:\Users\Administrator\Documents\tuj datasheet.xlsx
2012-07-14 09:08 - 2012-07-14 09:08 - 00009287 ____A C:\Users\Administrator\Documents\glyph bank.xlsx
2012-07-13 21:29 - 2012-07-13 21:29 - 00018325 ____A C:\Windows\SysWOW64\CCCInstall_201207132029492105.log
2012-07-13 21:24 - 2012-07-13 21:20 - 162514192 ____A (Advanced Micro Devices, Inc.) C:\Users\Administrator\Downloads\12-6-legacy_vista_win7_64_dd_ccc.exe
2012-07-12 16:36 - 2012-07-11 05:17 - 00002025 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-07-11 05:38 - 2012-07-11 05:38 - 00399264 ____A (Bleeping Computer, LLC) C:\Users\Administrator\Downloads\unhide.exe
2012-07-11 05:07 - 2012-07-11 05:07 - 00003694 ____A C:\Users\Michael\Desktop\RKreport[2].txt
2012-07-11 05:07 - 2012-07-11 05:07 - 00003539 ____A C:\Users\Michael\Desktop\RKreport[1].txt
2012-07-11 05:06 - 2012-07-11 05:15 - 01558016 ____A C:\RogueKiller.exe
2012-07-11 05:06 - 2012-07-11 05:06 - 01558016 ____A C:\Users\Michael\Downloads\RogueKiller.exe
2012-07-11 04:26 - 2006-11-02 08:34 - 00000254 ____A C:\Windows\win.ini
2012-07-11 04:20 - 2006-11-02 08:35 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-07-11 03:43 - 2012-07-11 03:43 - 00106584 ____A C:\Users\Michael\AppData\Local\GDIPFONTCACHEV1.DAT
2012-07-11 03:41 - 2012-07-11 03:41 - 00000020 ___SH C:\Users\Michael\ntuser.ini
2012-07-11 03:35 - 2008-01-20 23:26 - 00114562 ____A C:\Windows\PFRO.log
2012-07-10 20:15 - 2012-07-10 20:15 - 00000752 ____A C:\Users\Administrator\Desktop\Ventrilo.lnk
2012-07-10 20:15 - 2012-07-10 20:15 - 00000262 ____A C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
2012-07-10 20:13 - 2012-07-10 20:13 - 04135696 ____A C:\Users\Administrator\Downloads\ventrilo-3.0.8-Windows-x64.exe
2012-07-10 20:08 - 2012-07-10 20:08 - 01132799 ____A C:\Users\Administrator\Downloads\TheUndermineJournal(4).zip
2012-07-05 03:36 - 2012-05-25 00:10 - 01078513 ____A C:\Users\Administrator\Documents\Copy of Consortium_Shuffler v4.52.xlsx
2012-07-04 03:32 - 2012-07-04 03:32 - 00187392 ____A C:\Windows\System32\clinfo.exe
2012-07-04 03:32 - 2012-07-04 03:32 - 00075264 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OpenVideo64.dll
2012-07-04 03:32 - 2012-07-04 03:32 - 00065024 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll
2012-07-04 03:31 - 2012-07-04 03:31 - 16457216 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\amdocl64.dll
2012-07-04 03:31 - 2012-07-04 03:31 - 00063488 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OVDecode64.dll
2012-07-04 03:31 - 2012-07-04 03:31 - 00056320 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll
2012-07-04 03:30 - 2012-07-04 03:30 - 13008384 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2012-07-04 03:30 - 2012-07-04 03:30 - 00054784 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll
2012-07-04 03:30 - 2012-07-04 03:30 - 00050176 ____A (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2012-07-04 02:59 - 2012-07-04 02:59 - 11922944 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmdag.sys
2012-07-04 02:52 - 2012-07-04 02:52 - 26016256 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atio6axx.dll
2012-07-04 02:35 - 2012-07-04 02:35 - 19586048 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2012-07-04 02:28 - 2012-07-04 02:28 - 00246000 ____A C:\Windows\SysWOW64\atiapfxx.blb
2012-07-04 02:28 - 2012-07-04 02:28 - 00246000 ____A C:\Windows\System32\atiapfxx.blb
2012-07-04 02:27 - 2012-07-04 02:27 - 00159744 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiapfxx.exe
2012-07-04 02:27 - 2011-04-20 03:09 - 00918528 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2012-07-04 02:25 - 2011-04-20 03:07 - 01081856 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\aticfx64.dll
2012-07-04 02:21 - 2012-07-04 02:21 - 00514048 ____A (AMD) C:\Windows\System32\atieclxx.exe
2012-07-04 02:21 - 2011-11-27 15:34 - 00442368 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\ATIDEMGX.dll
2012-07-04 02:20 - 2012-07-04 02:20 - 00238080 ____A (AMD) C:\Windows\System32\atiesrxx.exe
2012-07-04 02:19 - 2012-07-04 02:19 - 00120320 ____A (AMD) C:\Windows\System32\atitmm64.dll
2012-07-04 02:19 - 2012-07-04 02:19 - 00059392 ____A (ATI Technologies, Inc.) C:\Windows\System32\atiedu64.dll
2012-07-04 02:19 - 2012-07-04 02:19 - 00043520 ____A (ATI Technologies, Inc.) C:\Windows\SysWOW64\ati2edxx.dll
2012-07-04 02:19 - 2012-07-04 02:19 - 00021504 ____A (AMD) C:\Windows\System32\atimuixx.dll
2012-07-04 02:18 - 2011-04-20 02:59 - 06811648 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2012-07-04 01:57 - 2012-07-04 01:57 - 07510528 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atidxx64.dll
2012-07-04 01:36 - 2012-07-04 01:36 - 01960960 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdmv.dll
2012-07-04 01:36 - 2012-07-04 01:36 - 01053696 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd6v.dll
2012-07-04 01:36 - 2012-07-04 01:36 - 00069632 ____A (AMD) C:\Windows\System32\coinst_8.97.100.3.dll
2012-07-04 01:35 - 2011-04-20 02:38 - 06245888 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2012-07-04 01:35 - 2009-02-04 00:29 - 04261376 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd6a.dll
2012-07-04 01:34 - 2012-07-04 01:34 - 02818784 ____A C:\Windows\System32\atiumd6a.cap
2012-07-04 01:28 - 2011-04-20 02:30 - 04749312 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2012-07-04 01:27 - 2012-07-04 01:27 - 02852480 ____A C:\Windows\SysWOW64\atiumdva.cap
2012-07-04 01:24 - 2009-02-04 00:36 - 07477760 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd64.dll
2012-07-04 01:11 - 2012-07-04 01:11 - 00364544 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2012-07-04 01:11 - 2012-07-04 01:11 - 00056832 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2012-07-04 01:11 - 2012-07-04 01:11 - 00056832 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2012-07-04 01:11 - 2012-07-04 01:11 - 00056320 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atimpc64.dll
2012-07-04 01:11 - 2012-07-04 01:11 - 00056320 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\amdpcom64.dll
2012-07-04 01:11 - 2012-07-04 01:11 - 00041984 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6txx.dll
2012-07-04 01:11 - 2012-07-04 01:11 - 00033280 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2012-07-04 01:11 - 2012-07-04 01:11 - 00017920 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6pxx.dll
2012-07-04 01:11 - 2012-07-04 01:11 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2012-07-04 01:11 - 2012-07-04 01:11 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiglpxx.dll
2012-07-04 01:11 - 2009-02-04 00:07 - 00535552 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiadlxx.dll
2012-07-04 01:10 - 2012-07-04 01:10 - 00359936 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmpag.sys
2012-07-04 01:10 - 2012-07-04 01:10 - 00055296 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiuxp64.dll
2012-07-04 01:09 - 2012-07-04 01:09 - 00053248 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\ati2erec.dll
2012-07-04 01:09 - 2011-04-20 02:21 - 00045056 ____A C:\Windows\System32\atitmp64.dll
2012-07-04 01:09 - 2011-04-20 02:21 - 00045056 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiu9p64.dll
2012-07-04 01:09 - 2011-04-20 02:21 - 00042496 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2012-07-04 01:09 - 2011-04-20 02:21 - 00032768 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2012-07-04 01:04 - 2012-07-04 01:04 - 15827456 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticaldd64.dll
2012-07-04 01:04 - 2012-07-04 01:04 - 00051200 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalrt64.dll
2012-07-04 01:04 - 2012-07-04 01:04 - 00046080 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2012-07-04 01:04 - 2012-07-04 01:04 - 00044544 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2012-07-04 01:04 - 2012-07-04 01:04 - 00044544 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalcl64.dll
2012-07-04 00:59 - 2012-07-04 00:59 - 13402112 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2012-07-03 14:46 - 2012-07-14 10:26 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-01 19:16 - 2012-07-01 19:16 - 13085120 ____A (Microsoft Corporation) C:\Users\Administrator\Downloads\Silverlight_x64.exe
2012-06-23 06:48 - 2012-06-23 06:48 - 00245305 ____A C:\Users\Administrator\Downloads\TheUndermineJournal(3).zip
2012-06-22 04:10 - 2012-06-22 04:10 - 00698278 ____A C:\Users\Administrator\Downloads\easy_uninstaller.zip
2012-06-22 04:09 - 2012-06-22 04:08 - 00463080 ____A (CNET Download.com) C:\Users\Administrator\Downloads\cnet2_easy_uninstaller_zip.exe
2012-06-21 18:07 - 2012-06-21 18:07 - 00242459 ____A C:\Users\Administrator\Downloads\TheUndermineJournal(2).zip
2012-06-21 18:05 - 2012-06-21 18:05 - 00000318 ____A C:\Users\Administrator\Desktop\Curse Client - 1 .appref-ms
2012-06-16 03:08 - 2012-07-11 05:17 - 00001951 ____A C:\Users\Public\Desktop\DivX Plus Converter.lnk
2012-06-16 03:08 - 2012-07-11 05:17 - 00000947 ____A C:\Users\Public\Desktop\DivX Plus Player.lnk
2012-06-16 03:08 - 2012-06-16 03:08 - 00001426 ____A C:\Users\Administrator\Desktop\DivX Movies.lnk
2012-06-16 03:05 - 2012-06-16 03:05 - 00933256 ____A (DivX, LLC) C:\Users\Administrator\Downloads\DivXInstaller.exe
2012-06-13 09:58 - 2012-07-11 04:11 - 02769408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-08 13:59 - 2012-07-10 15:18 - 12899840 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 13:47 - 2012-07-10 15:18 - 11586048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-05 12:47 - 2012-07-10 15:18 - 01401856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 12:47 - 2012-07-10 15:18 - 01248768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-05 12:22 - 2012-07-10 15:18 - 01869824 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 12:22 - 2012-07-10 15:18 - 01797120 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-04 11:29 - 2012-07-10 15:18 - 00516480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-03 23:48 - 2012-06-03 23:48 - 00000165 ____A C:\Users\Administrator\Documents\~$glyph_stockpiling.xls_0.ods
2012-06-03 22:51 - 2012-06-03 22:51 - 00000165 ____A C:\Users\Administrator\Documents\~$Copy of Consortium_Shuffler v4.52.xlsx
2012-06-02 23:07 - 2012-06-02 23:07 - 00059768 ____A (MurGee.com) C:\Users\Administrator\Downloads\AutoMouseMover.exe
2012-06-02 18:19 - 2012-06-22 22:14 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 18:19 - 2012-06-22 22:14 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 18:19 - 2012-06-22 22:14 - 00577048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2012-06-02 18:19 - 2012-06-22 22:14 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 18:19 - 2012-06-22 22:14 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 18:19 - 2012-06-22 22:14 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 18:19 - 2012-06-22 22:14 - 00035864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2012-06-02 18:15 - 2012-06-22 22:14 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 18:15 - 2012-06-22 22:14 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 18:12 - 2012-06-22 22:14 - 00088576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2012-06-02 16:19 - 2012-06-22 22:13 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 16:19 - 2012-06-22 22:13 - 00171904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2012-06-02 16:15 - 2012-06-22 22:13 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 16:12 - 2012-06-22 22:13 - 00033792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2012-06-02 08:49 - 2012-07-11 04:13 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 08:17 - 2012-07-11 04:13 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 08:12 - 2012-07-11 04:13 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 08:05 - 2012-07-11 04:13 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 08:05 - 2012-07-11 04:13 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 08:04 - 2012-07-11 04:13 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 08:04 - 2012-07-11 04:13 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 08:03 - 2012-07-11 04:13 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 08:01 - 2012-07-11 04:13 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 08:00 - 2012-07-11 04:13 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 07:59 - 2012-07-11 04:13 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 07:57 - 2012-07-11 04:13 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 07:57 - 2012-07-11 04:13 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 07:54 - 2012-07-11 04:13 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 05:07 - 2012-07-11 04:13 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-02 04:43 - 2012-07-11 04:13 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-02 04:33 - 2012-07-11 04:13 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-02 04:26 - 2012-07-11 04:13 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-02 04:25 - 2012-07-11 04:13 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-02 04:25 - 2012-07-11 04:13 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-02 04:23 - 2012-07-11 04:13 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-02 04:21 - 2012-07-11 04:13 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-02 04:20 - 2012-07-11 04:13 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-02 04:19 - 2012-07-11 04:13 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-02 04:19 - 2012-07-11 04:13 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-02 04:17 - 2012-07-11 04:13 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-02 04:16 - 2012-07-11 04:13 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-02 04:14 - 2012-07-11 04:13 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-02 01:20 - 2012-05-01 21:17 - 00000321 ____A C:\Users\Administrator\Documents\A-Alexstrasza.iqy
2012-06-02 01:15 - 2012-06-02 01:15 - 00244140 ____A C:\Users\Administrator\Downloads\TheUndermineJournal(1).zip
2012-06-02 00:42 - 2011-11-27 16:13 - 00182272 ____A C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-06-01 20:22 - 2012-07-10 15:18 - 00347136 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 20:22 - 2012-07-10 15:18 - 00254464 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 20:05 - 2012-07-10 15:18 - 00077312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 20:04 - 2012-07-10 15:18 - 00278528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 20:03 - 2012-07-10 15:18 - 00204288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-05-31 13:25 - 2011-11-27 17:43 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-05-25 04:32 - 2011-11-27 16:12 - 00106584 ____A C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2012-05-25 04:13 - 2012-05-25 04:13 - 00467812 ____A C:\Windows\dd_vcredistMSI1AEC.txt
2012-05-25 04:13 - 2012-05-25 04:13 - 00017106 ____A C:\Windows\dd_vcredistUI1AEC.txt
2012-05-25 04:13 - 2012-05-25 04:12 - 00463468 ____A C:\Windows\dd_vcredistMSI1A46.txt
2012-05-25 04:13 - 2012-05-25 04:12 - 00017058 ____A C:\Windows\dd_vcredistUI1A46.txt
2012-05-25 03:32 - 2012-05-25 03:32 - 00017053 ____A C:\Users\Administrator\Downloads\Auc-Util-BigPicture-4.3.zip
2012-05-25 01:31 - 2012-05-25 01:31 - 00476960 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll
2012-05-25 01:31 - 2012-04-30 12:19 - 00472864 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2012-05-24 23:36 - 2012-07-11 05:17 - 00000930 ____A C:\Users\Public\Desktop\gBurner Virtual Drive.lnk
2012-05-24 23:08 - 2012-05-24 23:08 - 00000846 ____A C:\Users\Administrator\Desktop\UltraISO.lnk
2012-05-24 08:38 - 2012-05-10 09:05 - 00017408 ____A C:\Users\Administrator\Downloads\glyph_stockpiling.xls
2012-05-23 09:30 - 2012-05-24 08:38 - 00017331 ____A C:\Users\Administrator\Documents\glyph_stockpiling.xls_0_1.ods
2012-05-19 08:28 - 2012-07-26 20:00 - 00000782 ____A C:\Users\Public\Desktop\µTorrent.lnk
2012-05-10 15:13 - 2012-05-10 15:13 - 00000097 ____A C:\Users\Administrator\Documents\doctor appointments.txt
2012-05-09 11:40 - 2012-05-09 11:40 - 00010438 ____A C:\Users\Administrator\Downloads\food stamp note.odt
2012-05-08 21:46 - 2011-11-27 17:24 - 00132832 ____A (Avira GmbH) C:\Windows\System32\Drivers\avipbb.sys
2012-05-08 21:46 - 2011-11-27 17:24 - 00098848 ____A (Avira GmbH) C:\Windows\System32\Drivers\avgntflt.sys

========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe
[2011-12-01 01:18] - [2009-04-11 03:10] - 3079168 ____A (Microsoft Corporation) 6B08E54A451B3F95E4109DBA7E594270

C:\Windows\System32\winlogon.exe
[2011-12-01 01:17] - [2009-04-11 03:11] - 0405504 ____A (Microsoft Corporation) 6D0773A3A65D28B663F334C90441D01A

C:\Windows\System32\wininit.exe
[2008-01-20 22:50] - [2008-01-20 22:50] - 0123904 ____A (Microsoft Corporation) 117EA87DF785CA1B9D821F6F213DCE07

C:\Windows\System32\svchost.exe
[2008-01-20 22:50] - [2008-01-20 22:50] - 0027648 ____A (Microsoft Corporation) CDA9F1373805AF88F6FA4F2064BBA24D

C:\Windows\System32\services.exe
[2011-12-01 01:17] - [2009-04-11 03:10] - 0384512 ____A (Microsoft Corporation) 934E0B7D77FF78C18D9F8891221B6DE3

C:\Windows\System32\User32.dll
[2011-12-01 01:18] - [2009-04-11 03:11] - 0820224 ____A (Microsoft Corporation) F3F5549E69AE8509342E67E4F972CA1C

C:\Windows\System32\userinit.exe
[2008-01-20 22:49] - [2008-01-20 22:49] - 0028160 ____A (Microsoft Corporation) A0AB2BB9A92293D9CE66E252719AB5FE

C:\Windows\System32\Drivers\volsnap.sys
[2011-12-01 01:17] - [2009-04-11 03:15] - 0269288 ____A (Microsoft Corporation) 5280AADA24AB36B01A84A6424C475C8D

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points (XP) =====================

========================= Memory info ======================

Percentage of memory in use: 9%
Total physical RAM: 3326.42 MB
Available physical RAM: 2998.36 MB
Total Pagefile: 3149.59 MB
Available Pagefile: 3079.99 MB
Total Virtual: 2047.88 MB
Available Virtual: 2001.38 MB

======================= Partitions =========================

1 Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
2 Drive c: () (Fixed) (Total:465.76 GB) (Free:175.77 GB) NTFS
4 Drive e: () (Removable) (Total:7.45 GB) (Free:7.41 GB) FAT32
8 Drive I: (Rosewill) (CDROM) (Total:0.09 GB) (Free:0 GB) CDFS
9 Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 466 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 466 GB 1024 KB
Partition 2 Unknown 2032 KB 466 GB
==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 466 GB Healthy
==================================================================================

Disk: 0
Partition 2
Type : 17 (Suspicious Type)
Hidden: Yes
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 Partition 2048 KB Healthy
==================================================================================

==========================================================

Last Boot: 2012-08-01 08:38

======================= End Of Log ==========================

Michael King, Aug 1, 2012

#29
Michael King Newcomer, in training Posts: 48

Is there some other program I could/should run from that shell which may facilitate cleaning my drive?

Michael King, Aug 1, 2012

#30
Jay Pfoutz Malware Helper Posts: 4,286 +49

FRST Fixlist

Please run the following:

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
CMD: bootrec /fixmbr
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.

Jay Pfoutz, Aug 2, 2012

#31
Michael King Newcomer, in training Posts: 48

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 25-07-2012 01
Ran by SYSTEM at 2012-08-02 08:47:46 Run:1
Running from E:\

==============================================

========= bootrec /fixmbr =========

'bootrec' is not recognized as an internal or external command,
operable program or batch file.

========= End of CMD: =========

==== End of Fixlog ====

Michael King, Aug 2, 2012

#32
Michael King Newcomer, in training Posts: 48

There is a "fixMBR.exe" that comes with REAToGo, should I try that?

Michael King, Aug 2, 2012

#33
Jay Pfoutz Malware Helper Posts: 4,286 +49

Yes, please.

Jay Pfoutz, Aug 2, 2012

#34
Michael King Newcomer, in training Posts: 48

X:\Programs\MBRFix>mbrfix /drive 0 driveinfo
Drive 0
Cylinders = 60801
Tracks (heads) per cylinder = 255
Sectors per track = 63
Bytes per sector = 512
Disk size = 500105249280 (Bytes) = 465 (GB)

X:\Programs\MBRFix>mbrfix /drive 0 listpartitions
# Boot Size (MB) Type
1 476936 7 NTFS or HPFS
2 Yes 1 23 Hidden IFS (e.g., HPFS)
3 0 0 None
4 0 0 None

Michael King, Aug 2, 2012

#35
Michael King Newcomer, in training Posts: 48

Ok, so I have a hidden partition that is being used as the boot partition.

Should I modify my partition 1 to boot or delete the second partition, or what are the next steps?

I did use MBRFix to save my current MBR to a file and did a rewrite of the current MBR to a default vista partition, but it didn't seem to change anything.

Michael King, Aug 2, 2012

#36
Michael King Newcomer, in training Posts: 48

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 64-bit
Base Board Manufacturer: Gigabyte Technology Co., Ltd.
BIOS Manufacturer: Award Software International, Inc.
System Manufacturer: Gigabyte Technology Co., Ltd.
System Product Name: GA-MA790X-UD4P
Logical Drives Mask: 0x00000ffc

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit: n

Done!
Press ENTER to exit...

Michael King, Aug 3, 2012

#37
Jay Pfoutz Malware Helper Posts: 4,286 +49

You mean you don't recognize the hidden partition?

Jay Pfoutz, Aug 3, 2012

#38
Michael King Newcomer, in training Posts: 48

I bought the PC from CyberPower PC, so I didn't do the OS Installation. But since the partition is only 2 megabytes, is listed as the boot partition, and apparently is not a rescue partition since I was not offered the rescue partition options when booting up Advanced Boot Options, I would say it is suspicious. Is there a way to peek inside it or to do a scan of it?

Michael King, Aug 3, 2012

#39
Jay Pfoutz Malware Helper Posts: 4,286 +49

Sure, let's check it out...

Please download Listparts64
Run the tool,
check the "list BCD" box
click "Scan" and post the log (Result.txt) it makes.

Jay Pfoutz, Aug 4, 2012

#40

Page 2 of 4

Add New Comment

	Social Login & Guest Posting			TechSpot Members Login here or sign up for free, it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.