Inactive Stubborn infection

Actually, let's try this tool...as we can run FRST from it:

  • Download OTLPENet.exe to your desktop
  • Download Farbar Recovery Scan Tool and save it to a flash drive.
  • Ensure that you have a blank CD in the drive
  • Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
  • Reboot your system using the boot CD you just created.
Note : If you do not know how to set your computer to boot from CD follow the steps here
  • As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads
    smiley.gif
  • Your system should now display a Reatogo desktop.
Note : as you are running from CD it is not exactly speedy
  • Insert the flash drive with FRST on it
  • Locate the flash drive and run FSRT
  • The tool will start to run.
FRST2.gif

  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
 
Sorry for the delay, I've been working long hours and haven't had time to work on it.

While running REAToGo, I was able to run aswMBR which I was not able to previously. Here is the log for that.

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-01 11:03:14
-----------------------------
11:03:14.265 OS Version: Windows 5.1.2600
11:03:14.265 Number of processors: 1 586 0x402
11:03:14.265 ComputerName: REATOGO UserName: SYSTEM
11:03:15.671 Initialze error 0
11:03:30.453 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-8
11:03:30.453 Disk 0 Vendor: Hitachi_HDP725050GLA360 GM4OA5CA Size: 476938MB BusType: 3
11:03:30.453 Disk 0 MBR read successfully
11:03:30.468 Disk 0 MBR scan
11:03:30.468 Disk 0 Windows VISTA default MBR code
11:03:30.484 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 476936 MB offset 2048
11:03:30.515 Disk 0 Partition 2 80 (A) 17 Hidd HPFS/NTFS NTFS 1 MB offset 976766976
11:03:30.531 Disk 0 Partition 2 **SUSPICIOUS**
11:03:30.531 Disk 0 scanning sectors +976771039
11:03:30.562 Disk 0 scanning X:\i386\system32\drivers
11:03:30.562 Service scanning
11:03:31.828 Modules scanning
11:03:32.031 Disk 0 trace - called modules:
11:03:32.046 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys halaacpi.dll atapi.sys amdide1.SY_ PCIIDEX.SYS
11:03:33.812 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b2696a0]
11:03:33.890 3 CLASSPNP.SYS[f74e805b] -> nt!IofCallDriver -> \Device\0000004e[0x8b36b9e8]
11:03:33.968 5 acpi.sys[f73b3620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-8[0x8b2b3940]
11:03:34.046 Scan finished successfully
11:05:03.296 Disk 0 MBR has been saved successfully to "C:\Users\Administrator\Desktop\MBR.dat"
11:05:03.359 The log file has been saved successfully to "C:\Users\Administrator\Desktop\aswMBR.txt"
 
Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 25-07-2012 01
Ran by SYSTEM at 01-08-2012 13:42:23
Running from E:\
Windows Vista (TM) Home Premium (X86) OS Language: English(US)
The current controlset is ControlSet001

ATTENTION!:=====> THE OPERATING SYSTEM IS A X64 SYSTEM BUT THE BOOT DISK THAT IS USED TO BOOT TO RECOVERY ENVIRONMENT IS A X86 SYSTEM DISK.
========================== Registry (Whitelisted) =============

HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1584184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [6962208 2008-12-26] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2008-12-26] (Realtek Semiconductor Corp.)
HKU\Administrator\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1242448 2012-04-17] (Valve Corporation)
HKU\Administrator\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\Administrator\...\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe [x]
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Startup: C:\Users\Administrator\Start Menu\Programs\Startup\aasswwmMbBrR.exe (AVAST Software)
Startup: C:\Users\Administrator\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
Startup: C:\Users\Administrator\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

================================ Services (Whitelisted) ==================

2 AdobeARMservice; "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [63928 2012-01-03] (Adobe Systems Incorporated)
3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [250056 2012-07-26] (Adobe Systems Incorporated)
2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe /launchService [361984 2012-07-04] (Advanced Micro Devices, Inc.)
2 AntiVirSchedulerService; "C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe" [86224 2012-05-08] (Avira Operations GmbH & Co. KG)
2 AntiVirService; "C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe" [110032 2012-05-08] (Avira Operations GmbH & Co. KG)
4 clr_optimization_v2.0.50727_64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [89920 2009-03-30] (Microsoft Corporation)
2 clr_optimization_v4.0.30319_64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [138576 2010-03-18] (Microsoft Corporation)
2 DAZContentManagementService; "C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe" [22528 2011-05-05] ()
2 ES lite Service; "C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE" [68136 2008-12-24] ()
2 Eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [27648 2008-01-20] (Microsoft Corporation)
3 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [42840 2009-02-18] (Microsoft Corporation)
2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [136176 2012-05-25] (Google Inc.)
3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [136176 2012-05-25] (Google Inc.)
3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-11-06] (Hewlett-Packard Co.)
2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [139264 2007-11-06] (Hewlett-Packard Co.)
3 idsvc; "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe" [857432 2009-02-18] (Microsoft Corporation)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)
3 Microsoft Office Groove Audit Service; "C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe" [64856 2009-02-26] (Microsoft Corporation)
2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [223088 2011-04-26] ()
3 MozillaMaintenance; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [113120 2012-07-19] (Mozilla Foundation)
4 NetTcpPortSharing; "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe" [117592 2009-02-18] (Microsoft Corporation)
3 odserv; "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE" [440696 2011-07-20] (Microsoft Corporation)
3 ose; "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE" [145184 2006-10-26] (Microsoft Corporation)
3 PerfHost; C:\Windows\SysWow64\perfhost.exe [19968 2008-01-20] (Microsoft Corporation)
2 RalinkRegistryWriter; C:\Program Files (x86)\Rosewill\Common\RaRegistry.exe [185632 2009-10-20] (Ralink Technology, Corp.)
2 RalinkRegistryWriter64; C:\Program Files (x86)\Rosewill\Common\RaRegistry64.exe [212256 2009-10-20] (Ralink Technology, Corp.)
3 Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe /RunAsService [489256 2012-04-17] (Valve Corporation)
3 WPFFontCache_v0400; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [1020768 2010-03-18] (Microsoft Corporation)

========================== Drivers (Whitelisted) =============

0 amdide64; C:\Windows\System32\DRIVERS\amdide64.sys [10632 2007-10-11] (Advanced Micro Devices)
3 amdiox64; C:\Windows\System32\DRIVERS\amdiox64.sys [46136 2010-02-18] (Advanced Micro Devices)
2 AODDriver4.1; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98848 2012-05-08] (Avira GmbH)
1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132832 2012-05-08] (Avira GmbH)
1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [27760 2011-10-19] (Avira GmbH)
3 E1G60; C:\Windows\System32\DRIVERS\E1G6032E.sys [146176 2008-01-20] (Intel Corporation)
3 gcdbus; C:\Windows\System32\DRIVERS\gcdbus.sys [170496 2011-11-23] (Power Software Ltd)
3 gdrv; \??\C:\Windows\gdrv.sys [23080 2012-08-01] (Windows (R) Server 2003 DDK provider)
3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKVHD64.sys [1590048 2008-12-26] (Realtek Semiconductor Corp.)
1 ISODrive; \??\C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [105176 2007-04-13] (EZB Systems, Inc.)
0 JRAID; C:\Windows\System32\DRIVERS\jraid.sys [98144 2008-11-03] (JMicron Technology Corp.)
3 ksthunk; C:\Windows\system32\drivers\ksthunk.sys [20864 2008-01-20] (Microsoft Corporation)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)
3 netr28ux; C:\Windows\System32\DRIVERS\netr28ux.sys [1037664 2010-05-27] (Ralink Technology Corp.)
3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIVX.sys [190496 2008-12-25] (Realtek Semiconductor Corp.)
3 RTL8169; C:\Windows\System32\DRIVERS\Rtlh64.sys [184832 2008-11-10] (Realtek Corporation )
3 usb_rndisx; C:\Windows\System32\DRIVERS\usb8023x.sys [19456 2009-04-11] (Microsoft Corporation)
3 xnacc; C:\Windows\System32\DRIVERS\xnacc.sys [903168 2008-01-20] (Microsoft Corporation)
0 Cdr4vsd; [x]
1 Cdralwnt; [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-08-01 13:41 - 2012-08-01 13:41 - 00000000 ____D C:\FRST
2012-08-01 13:31 - 2012-08-01 13:31 - 00892822 ____A (Farbar) C:\Users\Administrator\Downloads\FRST.exe
2012-08-01 11:05 - 2012-08-01 11:05 - 00001724 ____A C:\Users\Administrator\Desktop\aswMBR.txt
2012-08-01 11:05 - 2012-08-01 11:05 - 00000512 ____A C:\Users\Administrator\Desktop\MBR.dat
2012-07-30 19:06 - 2012-07-30 19:10 - 127231689 ____A (Igor Pavlov) C:\Users\Administrator\Desktop\OTLPENet.exe
2012-07-29 18:57 - 2012-07-29 18:57 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_winusb_01009.Wdf
2012-07-29 18:54 - 2009-07-14 08:19 - 00020480 ____A (Microsoft Corporation) C:\Windows\System32\winusb.dll
2012-07-29 18:54 - 2009-07-14 08:12 - 00016896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\winusb.dll
2012-07-29 18:54 - 2009-07-13 20:06 - 00040448 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\winusb.sys
2012-07-29 18:51 - 2012-07-29 18:51 - 00000000 ___AH C:\Windows\System32\Drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2012-07-29 18:50 - 2009-07-14 14:18 - 00654928 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2012-07-29 18:50 - 2009-07-14 14:18 - 00042064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys
2012-07-29 18:50 - 2009-07-14 14:18 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
2012-07-29 18:39 - 2012-07-29 18:39 - 00000908 ____A C:\Users\Administrator\Desktop\Paper Jamz Pro.lnk
2012-07-29 18:36 - 2012-07-29 18:37 - 00000000 ____D C:\Program Files (x86)\QuickTime
2012-07-29 18:34 - 2012-07-29 18:34 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2012-07-29 18:33 - 2012-07-29 18:48 - 00000000 ____D C:\Users\Administrator\Documents\Paper Jamz
2012-07-29 18:32 - 2012-07-29 18:47 - 00000000 ____D C:\Program Files (x86)\Paper Jamz Pro
2012-07-29 18:26 - 2012-07-29 18:32 - 133924232 ____A C:\Users\Administrator\Downloads\PaperJamzPro.exe
2012-07-28 18:50 - 2012-07-28 18:51 - 00013285 ____A C:\Users\Administrator\Desktop\MBRCheck_07.28.12_17.50.12.txt
2012-07-28 10:50 - 2012-07-29 18:38 - 00013981 ____A C:\Users\Administrator\Documents\glyph_stockpiling.xlsx
2012-07-27 06:35 - 2012-07-27 06:42 - 00013356 ____A C:\Users\Administrator\Desktop\MBRCheck_07.27.12_05.35.03.txt
2012-07-26 20:00 - 2012-07-26 20:03 - 00001446 ____A C:\Users\Administrator\Desktop\RKreport[7].txt
2012-07-26 20:00 - 2012-04-30 12:20 - 00001027 ____A C:\Users\Public\Desktop\OpenOffice.org 3.3.lnk
2012-07-26 19:58 - 2012-07-26 19:58 - 00001928 ____A C:\Users\Administrator\Desktop\RKreport[6].txt
2012-07-26 19:57 - 2012-07-26 19:57 - 00000709 ____A C:\Users\Administrator\Desktop\RKreport[5].txt
2012-07-26 19:57 - 2012-07-26 19:57 - 00000672 ____A C:\Users\Administrator\Desktop\RKreport[4].txt
2012-07-26 19:56 - 2012-07-26 19:56 - 00000570 ____A C:\Users\Administrator\Desktop\RKreport[3].txt
2012-07-26 19:55 - 2012-07-26 19:55 - 00001358 ____A C:\Users\Administrator\Desktop\RKreport[2].txt
2012-07-26 19:54 - 2012-07-26 19:54 - 00001869 ____A C:\Users\Administrator\Desktop\RKreport[1].txt
2012-07-26 19:54 - 2012-07-26 19:54 - 00000000 ____D C:\Users\Administrator\Desktop\RK_Quarantine
2012-07-26 19:53 - 2012-07-26 19:53 - 01552384 ____A C:\Users\Administrator\Desktop\RogueKiller.exe
2012-07-25 19:16 - 2012-07-25 19:26 - 00013268 ____A C:\Users\Administrator\Desktop\MBRCheck_07.25.12_18.16.20.txt
2012-07-24 18:05 - 2012-07-24 18:10 - 00013895 ____A C:\Users\Administrator\Desktop\MBRCheck_07.24.12_17.05.19.txt
2012-07-24 17:56 - 2012-07-24 17:57 - 00013268 ____A C:\Users\Administrator\Desktop\MBRCheck_07.24.12_16.56.48.txt
2012-07-24 17:44 - 2012-07-24 17:44 - 00000512 ____A C:\Users\Administrator\Desktop\MBRCheck_MBR_Backup_07-24-12_16-44-18.bak
2012-07-24 17:43 - 2012-07-24 17:44 - 00014106 ____A C:\Users\Administrator\Desktop\MBRCheck_07.24.12_16.43.30.txt
2012-07-24 17:41 - 2012-07-24 17:42 - 00014058 ____A C:\Users\Administrator\Desktop\MBRCheck_07.24.12_16.41.13.txt
2012-07-24 10:43 - 2012-07-24 10:43 - 00000599 ____A C:\Users\Administrator\Desktop\dump.zip
2012-07-24 10:33 - 2012-07-24 10:38 - 00014016 ____A C:\Users\Administrator\Desktop\MBRCheck_07.24.12_09.33.20.txt
2012-07-24 10:25 - 2012-07-24 10:37 - 00000512 ____A C:\Users\Administrator\Desktop\dump.dat
2012-07-24 10:23 - 2012-07-24 10:26 - 00013966 ____A C:\Users\Administrator\Desktop\MBRCheck_07.24.12_09.23.24.txt
2012-07-23 15:33 - 2012-07-23 15:33 - 00010094 ____A C:\Users\Administrator\Desktop\Attach.txt
2012-07-23 15:31 - 2012-07-23 15:31 - 00025456 ____A C:\Users\Administrator\Desktop\DDS.txt
2012-07-23 14:23 - 2012-07-23 14:23 - 00607260 ____R (Swearware) C:\Users\Administrator\Desktop\dds.scr
2012-07-23 13:55 - 2012-07-23 13:55 - 00294216 ____A C:\Users\Administrator\Desktop\gmer.zip
2012-07-23 13:55 - 2011-07-16 23:21 - 00302592 ____A C:\Users\Administrator\Desktop\gmer.exe
2012-07-23 13:50 - 2012-07-23 13:55 - 00013288 ____A C:\Users\Administrator\Desktop\MBRCheck_07.23.12_12.50.50.txt
2012-07-23 13:50 - 2011-06-26 02:45 - 00256000 ____A C:\Windows\PEV.exe
2012-07-23 13:50 - 2010-11-07 13:20 - 00208896 ____A C:\Windows\MBR.exe
2012-07-23 13:50 - 2009-04-20 00:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-07-23 13:50 - 2000-08-30 20:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-07-23 13:50 - 2000-08-30 20:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-07-23 13:50 - 2000-08-30 20:00 - 00098816 ____A C:\Windows\sed.exe
2012-07-23 13:50 - 2000-08-30 20:00 - 00080412 ____A C:\Windows\grep.exe
2012-07-23 13:50 - 2000-08-30 20:00 - 00068096 ____A C:\Windows\zip.exe
2012-07-23 13:49 - 2012-07-23 13:51 - 00000000 ___SD C:\commy32243c
2012-07-23 13:46 - 2012-07-23 13:47 - 00000000 ___SD C:\commy
2012-07-23 13:45 - 2012-07-23 13:46 - 00000000 ____D C:\Qoobox
2012-07-23 13:44 - 2012-07-23 13:49 - 00000000 ___SD C:\32788R22FWJFW
2012-07-23 13:44 - 2012-07-23 13:44 - 00000000 ____D C:\Windows\erdnt
2012-07-23 13:42 - 2012-07-23 13:42 - 04582474 ____R (Swearware) C:\Users\Administrator\Desktop\commy.exe
2012-07-23 13:41 - 2012-07-24 10:32 - 00080384 ____A C:\Users\Administrator\Desktop\MBRCheck.exe
2012-07-23 13:41 - 2012-07-23 13:43 - 00013505 ____A C:\Users\Administrator\Desktop\MBRCheck_07.23.12_12.41.07.txt
2012-07-23 13:31 - 2012-07-23 13:31 - 04731392 ____A (AVAST Software) C:\Users\Administrator\Desktop\aswMBR.exe
2012-07-15 00:57 - 2012-07-15 01:31 - 261122008 ____A (Avira GmbH) C:\Users\Administrator\Downloads\rescue_system-common-en.exe
2012-07-14 23:48 - 2012-07-14 23:48 - 00270816 ____A C:\Windows\Minidump\Mini071412-03.dmp
2012-07-14 22:59 - 2012-07-14 22:59 - 00057344 ____A (Roxio) C:\Windows\uneng.exe
2012-07-14 22:59 - 2012-07-14 22:59 - 00049152 ____A (Roxio) C:\Windows\SysWOW64\cdrtc.dll
2012-07-14 22:59 - 2012-07-14 22:59 - 00045056 ____A (Roxio) C:\Windows\SysWOW64\cdral.dll
2012-07-14 22:59 - 2012-07-14 22:59 - 00000000 ____D C:\Users\Administrator\Downloads\RoxioEasyCD0410
2012-07-14 22:53 - 2012-07-14 22:58 - 94281863 ____A C:\Users\Administrator\Downloads\RoxioEasyCD0410.rar
2012-07-14 22:52 - 2012-07-14 22:52 - 00821248 ____A C:\Users\Administrator\Downloads\FreeISOBurner.exe
2012-07-14 22:44 - 2012-07-14 22:44 - 00000000 ____D C:\Program Files (x86)\Smart Projects
2012-07-14 22:43 - 2012-07-14 22:43 - 04266768 ____A (Smart Projects ) C:\Users\Administrator\Downloads\isobuster_all_lang.exe
2012-07-14 22:25 - 2012-07-14 22:26 - 00270816 ____A C:\Windows\Minidump\Mini071412-02.dmp
2012-07-14 22:20 - 2012-07-14 22:20 - 00270816 ____A C:\Windows\Minidump\Mini071412-01.dmp
2012-07-14 22:16 - 2012-07-14 22:16 - 259346432 ____A C:\rescue_system-common-en.iso
2012-07-14 18:17 - 2012-07-14 18:16 - 00955888 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2012-07-14 18:17 - 2012-07-14 18:16 - 00839152 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-07-14 18:12 - 2012-07-14 18:13 - 21869552 ____A (Oracle Corporation) C:\Users\Administrator\Downloads\jre-7u5-windows-x64.exe
2012-07-14 12:57 - 2012-07-14 12:57 - 00961371 ____A C:\Users\Administrator\Documents\Copy of Consortium_Shuffler v4.xlsx
2012-07-14 10:26 - 2012-07-14 10:26 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Administrator\Downloads\mbam-setup-1.62.0.1300.exe
2012-07-14 10:26 - 2012-07-14 10:26 - 00000948 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-14 10:26 - 2012-07-14 10:26 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-14 10:26 - 2012-07-03 14:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-14 09:08 - 2012-07-14 09:08 - 00009287 ____A C:\Users\Administrator\Documents\glyph bank.xlsx
2012-07-13 21:33 - 2012-07-13 21:33 - 00000000 ____D C:\Users\Administrator\AppData\Local\AMD
2012-07-13 21:32 - 2012-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\AMD APP
2012-07-13 21:30 - 2010-02-18 10:18 - 00046136 ____A (Advanced Micro Devices) C:\Windows\System32\Drivers\amdiox64.sys
2012-07-13 21:29 - 2012-07-13 21:29 - 00018325 ____A C:\Windows\SysWOW64\CCCInstall_201207132029492105.log
2012-07-13 21:24 - 2012-07-13 21:24 - 00000000 ____D C:\AMD
2012-07-13 21:20 - 2012-07-13 21:24 - 162514192 ____A (Advanced Micro Devices, Inc.) C:\Users\Administrator\Downloads\12-6-legacy_vista_win7_64_dd_ccc.exe
2012-07-11 19:06 - 2012-07-26 20:06 - 09821896 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-07-11 05:38 - 2012-07-11 05:38 - 00399264 ____A (Bleeping Computer, LLC) C:\Users\Administrator\Downloads\unhide.exe
2012-07-11 05:17 - 2012-07-12 16:36 - 00002025 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-07-11 05:17 - 2012-06-16 03:08 - 00001951 ____A C:\Users\Public\Desktop\DivX Plus Converter.lnk
2012-07-11 05:17 - 2012-06-16 03:08 - 00000947 ____A C:\Users\Public\Desktop\DivX Plus Player.lnk
2012-07-11 05:17 - 2012-05-24 23:36 - 00000930 ____A C:\Users\Public\Desktop\gBurner Virtual Drive.lnk
2012-07-11 05:17 - 2012-04-17 17:58 - 00001810 ____A C:\Users\Public\Desktop\GoldenEye Souce v4.1.lnk
2012-07-11 05:17 - 2012-04-17 09:48 - 00000828 ____A C:\Users\Public\Desktop\Steam.lnk
2012-07-11 05:17 - 2012-01-22 15:18 - 00001922 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2012-07-11 05:17 - 2012-01-22 14:57 - 00000961 ____A C:\Users\Public\Desktop\Foxit Reader 5.0.lnk
2012-07-11 05:17 - 2011-11-27 15:53 - 00000888 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-07-11 05:15 - 2012-07-11 05:06 - 01558016 ____A C:\RogueKiller.exe
2012-07-11 05:07 - 2012-07-11 05:07 - 00003694 ____A C:\Users\Michael\Desktop\RKreport[2].txt
2012-07-11 05:07 - 2012-07-11 05:07 - 00003539 ____A C:\Users\Michael\Desktop\RKreport[1].txt
2012-07-11 05:06 - 2012-07-14 12:10 - 00000000 ____D C:\Users\Michael\Desktop\RK_Quarantine
2012-07-11 05:06 - 2012-07-11 05:06 - 01558016 ____A C:\Users\Michael\Downloads\RogueKiller.exe
2012-07-11 04:45 - 2012-07-11 04:45 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Adobe
2012-07-11 04:13 - 2012-06-02 08:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-11 04:13 - 2012-06-02 08:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-11 04:13 - 2012-06-02 08:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-11 04:13 - 2012-06-02 08:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-11 04:13 - 2012-06-02 08:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-11 04:13 - 2012-06-02 08:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-11 04:13 - 2012-06-02 08:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-11 04:13 - 2012-06-02 08:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-11 04:13 - 2012-06-02 08:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-11 04:13 - 2012-06-02 08:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-11 04:13 - 2012-06-02 07:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-11 04:13 - 2012-06-02 07:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-11 04:13 - 2012-06-02 07:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-11 04:13 - 2012-06-02 07:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-11 04:13 - 2012-06-02 05:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-07-11 04:13 - 2012-06-02 04:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-07-11 04:13 - 2012-06-02 04:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-07-11 04:13 - 2012-06-02 04:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-07-11 04:13 - 2012-06-02 04:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-07-11 04:13 - 2012-06-02 04:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-07-11 04:13 - 2012-06-02 04:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-07-11 04:13 - 2012-06-02 04:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-07-11 04:13 - 2012-06-02 04:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-07-11 04:13 - 2012-06-02 04:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-07-11 04:13 - 2012-06-02 04:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-07-11 04:13 - 2012-06-02 04:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-07-11 04:13 - 2012-06-02 04:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-07-11 04:13 - 2012-06-02 04:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-07-11 04:11 - 2012-06-13 09:58 - 02769408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-11 03:49 - 2012-07-11 03:49 - 00000000 ____D C:\Users\Michael\AppData\Roaming\WinRAR
2012-07-11 03:43 - 2012-07-11 03:43 - 00106584 ____A C:\Users\Michael\AppData\Local\GDIPFONTCACHEV1.DAT
2012-07-11 03:43 - 2012-07-11 03:43 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Avira
2012-07-11 03:43 - 2012-07-11 03:43 - 00000000 ____D C:\Users\Michael\AppData\Roaming\ATI
2012-07-11 03:43 - 2012-07-11 03:43 - 00000000 ____D C:\Users\Michael\AppData\Local\ATI
2012-07-11 03:41 - 2012-07-11 03:42 - 00000000 ____D C:\users\Michael
2012-07-11 03:41 - 2012-07-11 03:41 - 00000020 ___SH C:\Users\Michael\ntuser.ini
2012-07-11 03:41 - 2012-07-11 03:41 - 00000000 ____D C:\Users\Michael\AppData\Local\VirtualStore
2012-07-11 03:41 - 2012-05-25 04:00 - 00000000 ____D C:\Users\Michael\AppData\Local\Microsoft Help
2012-07-11 03:41 - 2012-01-22 15:20 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Macromedia
2012-07-10 20:15 - 2012-07-10 20:15 - 00000752 ____A C:\Users\Administrator\Desktop\Ventrilo.lnk
2012-07-10 20:15 - 2012-07-10 20:15 - 00000262 ____A C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
2012-07-10 20:15 - 2012-07-10 20:15 - 00000000 ____D C:\Program Files\Ventrilo
2012-07-10 20:13 - 2012-07-10 20:13 - 04135696 ____A C:\Users\Administrator\Downloads\ventrilo-3.0.8-Windows-x64.exe
2012-07-10 20:08 - 2012-07-10 20:08 - 01132799 ____A C:\Users\Administrator\Downloads\TheUndermineJournal(4).zip
2012-07-10 15:18 - 2012-06-08 13:59 - 12899840 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-10 15:18 - 2012-06-08 13:47 - 11586048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-10 15:18 - 2012-06-05 12:47 - 01401856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-10 15:18 - 2012-06-05 12:47 - 01248768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-10 15:18 - 2012-06-05 12:22 - 01869824 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-10 15:18 - 2012-06-05 12:22 - 01797120 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-10 15:18 - 2012-06-04 11:29 - 00516480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-10 15:18 - 2012-06-01 20:22 - 00347136 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-10 15:18 - 2012-06-01 20:22 - 00254464 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-10 15:18 - 2012-06-01 20:05 - 00077312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-10 15:18 - 2012-06-01 20:04 - 00278528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-10 15:18 - 2012-06-01 20:03 - 00204288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-04 03:32 - 2012-07-04 03:32 - 00187392 ____A C:\Windows\System32\clinfo.exe
2012-07-04 03:32 - 2012-07-04 03:32 - 00075264 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OpenVideo64.dll
2012-07-04 03:32 - 2012-07-04 03:32 - 00065024 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll
2012-07-04 03:31 - 2012-07-04 03:31 - 16457216 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\amdocl64.dll
2012-07-04 03:31 - 2012-07-04 03:31 - 00063488 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OVDecode64.dll
2012-07-04 03:31 - 2012-07-04 03:31 - 00056320 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll
2012-07-04 03:30 - 2012-07-04 03:30 - 13008384 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2012-07-04 03:30 - 2012-07-04 03:30 - 00054784 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll
2012-07-04 03:30 - 2012-07-04 03:30 - 00050176 ____A (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2012-07-04 02:59 - 2012-07-04 02:59 - 11922944 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmdag.sys
2012-07-04 02:52 - 2012-07-04 02:52 - 26016256 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atio6axx.dll
2012-07-04 02:35 - 2012-07-04 02:35 - 19586048 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2012-07-04 02:28 - 2012-07-04 02:28 - 00246000 ____A C:\Windows\SysWOW64\atiapfxx.blb
2012-07-04 02:28 - 2012-07-04 02:28 - 00246000 ____A C:\Windows\System32\atiapfxx.blb
2012-07-04 02:27 - 2012-07-04 02:27 - 00159744 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiapfxx.exe
2012-07-04 02:21 - 2012-07-04 02:21 - 00514048 ____A (AMD) C:\Windows\System32\atieclxx.exe
2012-07-04 02:20 - 2012-07-04 02:20 - 00238080 ____A (AMD) C:\Windows\System32\atiesrxx.exe
2012-07-04 02:19 - 2012-07-04 02:19 - 00120320 ____A (AMD) C:\Windows\System32\atitmm64.dll
2012-07-04 02:19 - 2012-07-04 02:19 - 00059392 ____A (ATI Technologies, Inc.) C:\Windows\System32\atiedu64.dll
2012-07-04 02:19 - 2012-07-04 02:19 - 00043520 ____A (ATI Technologies, Inc.) C:\Windows\SysWOW64\ati2edxx.dll
2012-07-04 02:19 - 2012-07-04 02:19 - 00021504 ____A (AMD) C:\Windows\System32\atimuixx.dll
2012-07-04 01:57 - 2012-07-04 01:57 - 07510528 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atidxx64.dll
2012-07-04 01:36 - 2012-07-04 01:36 - 01960960 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdmv.dll
2012-07-04 01:36 - 2012-07-04 01:36 - 01053696 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd6v.dll
2012-07-04 01:36 - 2012-07-04 01:36 - 00069632 ____A (AMD) C:\Windows\System32\coinst_8.97.100.3.dll
2012-07-04 01:34 - 2012-07-04 01:34 - 02818784 ____A C:\Windows\System32\atiumd6a.cap
2012-07-04 01:27 - 2012-07-04 01:27 - 02852480 ____A C:\Windows\SysWOW64\atiumdva.cap
2012-07-04 01:11 - 2012-07-04 01:11 - 00364544 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2012-07-04 01:11 - 2012-07-04 01:11 - 00056832 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2012-07-04 01:11 - 2012-07-04 01:11 - 00056832 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2012-07-04 01:11 - 2012-07-04 01:11 - 00056320 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atimpc64.dll
2012-07-04 01:11 - 2012-07-04 01:11 - 00056320 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\amdpcom64.dll
2012-07-04 01:11 - 2012-07-04 01:11 - 00041984 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6txx.dll
2012-07-04 01:11 - 2012-07-04 01:11 - 00033280 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2012-07-04 01:11 - 2012-07-04 01:11 - 00017920 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6pxx.dll
2012-07-04 01:11 - 2012-07-04 01:11 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2012-07-04 01:11 - 2012-07-04 01:11 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiglpxx.dll
2012-07-04 01:10 - 2012-07-04 01:10 - 00359936 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmpag.sys
2012-07-04 01:10 - 2012-07-04 01:10 - 00055296 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiuxp64.dll
2012-07-04 01:09 - 2012-07-04 01:09 - 00053248 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\ati2erec.dll
2012-07-04 01:04 - 2012-07-04 01:04 - 15827456 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticaldd64.dll
2012-07-04 01:04 - 2012-07-04 01:04 - 00051200 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalrt64.dll
2012-07-04 01:04 - 2012-07-04 01:04 - 00046080 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2012-07-04 01:04 - 2012-07-04 01:04 - 00044544 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2012-07-04 01:04 - 2012-07-04 01:04 - 00044544 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalcl64.dll
2012-07-04 00:59 - 2012-07-04 00:59 - 13402112 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
 
============ 3 Months Modified Files ========================

2012-08-01 13:33 - 2009-06-05 17:46 - 00000207 ____A C:\service.log
2012-08-01 13:33 - 2008-01-20 21:53 - 01173132 ____A C:\Windows\WindowsUpdate.log
2012-08-01 13:33 - 2006-11-02 11:42 - 00032652 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-08-01 13:33 - 2006-11-02 11:42 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-01 13:33 - 2006-11-02 11:22 - 00003712 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-01 13:33 - 2006-11-02 11:22 - 00003712 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-01 13:31 - 2012-08-01 13:31 - 00892822 ____A (Farbar) C:\Users\Administrator\Downloads\FRST.exe
2012-08-01 13:26 - 2012-05-25 18:19 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-08-01 13:26 - 2011-11-27 17:08 - 00023080 ____A (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2012-08-01 11:05 - 2012-08-01 11:05 - 00001724 ____A C:\Users\Administrator\Desktop\aswMBR.txt
2012-08-01 11:05 - 2012-08-01 11:05 - 00000512 ____A C:\Users\Administrator\Desktop\MBR.dat
2012-08-01 10:34 - 2012-05-25 18:19 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-08-01 10:06 - 2012-04-07 21:50 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-01 09:24 - 2011-11-27 17:33 - 00000735 ____A C:\Users\Administrator\Desktop\World of Warcraft.lnk
2012-07-31 20:27 - 2006-11-02 08:46 - 00703388 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-30 19:10 - 2012-07-30 19:06 - 127231689 ____A (Igor Pavlov) C:\Users\Administrator\Desktop\OTLPENet.exe
2012-07-29 19:09 - 2006-11-02 11:27 - 00071261 ____A C:\Windows\setupact.log
2012-07-29 18:57 - 2012-07-29 18:57 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_winusb_01009.Wdf
2012-07-29 18:51 - 2012-07-29 18:51 - 00000000 ___AH C:\Windows\System32\Drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2012-07-29 18:39 - 2012-07-29 18:39 - 00000908 ____A C:\Users\Administrator\Desktop\Paper Jamz Pro.lnk
2012-07-29 18:38 - 2012-07-28 10:50 - 00013981 ____A C:\Users\Administrator\Documents\glyph_stockpiling.xlsx
2012-07-29 18:32 - 2012-07-29 18:26 - 133924232 ____A C:\Users\Administrator\Downloads\PaperJamzPro.exe
2012-07-28 18:51 - 2012-07-28 18:50 - 00013285 ____A C:\Users\Administrator\Desktop\MBRCheck_07.28.12_17.50.12.txt
2012-07-28 10:50 - 2012-05-17 22:05 - 00005643 ____A C:\Users\Administrator\Documents\glyph_stockpiling.xls_0.ods
2012-07-27 06:42 - 2012-07-27 06:35 - 00013356 ____A C:\Users\Administrator\Desktop\MBRCheck_07.27.12_05.35.03.txt
2012-07-26 20:06 - 2012-07-11 19:06 - 09821896 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-07-26 20:06 - 2012-04-07 21:50 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-26 20:06 - 2011-11-27 17:30 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-26 20:03 - 2012-07-26 20:00 - 00001446 ____A C:\Users\Administrator\Desktop\RKreport[7].txt
2012-07-26 19:58 - 2012-07-26 19:58 - 00001928 ____A C:\Users\Administrator\Desktop\RKreport[6].txt
2012-07-26 19:57 - 2012-07-26 19:57 - 00000709 ____A C:\Users\Administrator\Desktop\RKreport[5].txt
2012-07-26 19:57 - 2012-07-26 19:57 - 00000672 ____A C:\Users\Administrator\Desktop\RKreport[4].txt
2012-07-26 19:56 - 2012-07-26 19:56 - 00000570 ____A C:\Users\Administrator\Desktop\RKreport[3].txt
2012-07-26 19:55 - 2012-07-26 19:55 - 00001358 ____A C:\Users\Administrator\Desktop\RKreport[2].txt
2012-07-26 19:54 - 2012-07-26 19:54 - 00001869 ____A C:\Users\Administrator\Desktop\RKreport[1].txt
2012-07-26 19:53 - 2012-07-26 19:53 - 01552384 ____A C:\Users\Administrator\Desktop\RogueKiller.exe
2012-07-25 19:26 - 2012-07-25 19:16 - 00013268 ____A C:\Users\Administrator\Desktop\MBRCheck_07.25.12_18.16.20.txt
2012-07-24 18:10 - 2012-07-24 18:05 - 00013895 ____A C:\Users\Administrator\Desktop\MBRCheck_07.24.12_17.05.19.txt
2012-07-24 17:57 - 2012-07-24 17:56 - 00013268 ____A C:\Users\Administrator\Desktop\MBRCheck_07.24.12_16.56.48.txt
2012-07-24 17:44 - 2012-07-24 17:44 - 00000512 ____A C:\Users\Administrator\Desktop\MBRCheck_MBR_Backup_07-24-12_16-44-18.bak
2012-07-24 17:44 - 2012-07-24 17:43 - 00014106 ____A C:\Users\Administrator\Desktop\MBRCheck_07.24.12_16.43.30.txt
2012-07-24 17:42 - 2012-07-24 17:41 - 00014058 ____A C:\Users\Administrator\Desktop\MBRCheck_07.24.12_16.41.13.txt
2012-07-24 10:43 - 2012-07-24 10:43 - 00000599 ____A C:\Users\Administrator\Desktop\dump.zip
2012-07-24 10:38 - 2012-07-24 10:33 - 00014016 ____A C:\Users\Administrator\Desktop\MBRCheck_07.24.12_09.33.20.txt
2012-07-24 10:37 - 2012-07-24 10:25 - 00000512 ____A C:\Users\Administrator\Desktop\dump.dat
2012-07-24 10:32 - 2012-07-23 13:41 - 00080384 ____A C:\Users\Administrator\Desktop\MBRCheck.exe
2012-07-24 10:26 - 2012-07-24 10:23 - 00013966 ____A C:\Users\Administrator\Desktop\MBRCheck_07.24.12_09.23.24.txt
2012-07-23 18:51 - 2011-11-27 16:11 - 00000732 ____A C:\Users\Administrator\AppData\Local\d3d9caps64.dat
2012-07-23 15:33 - 2012-07-23 15:33 - 00010094 ____A C:\Users\Administrator\Desktop\Attach.txt
2012-07-23 15:31 - 2012-07-23 15:31 - 00025456 ____A C:\Users\Administrator\Desktop\DDS.txt
2012-07-23 14:23 - 2012-07-23 14:23 - 00607260 ____R (Swearware) C:\Users\Administrator\Desktop\dds.scr
2012-07-23 13:55 - 2012-07-23 13:55 - 00294216 ____A C:\Users\Administrator\Desktop\gmer.zip
2012-07-23 13:55 - 2012-07-23 13:50 - 00013288 ____A C:\Users\Administrator\Desktop\MBRCheck_07.23.12_12.50.50.txt
2012-07-23 13:43 - 2012-07-23 13:41 - 00013505 ____A C:\Users\Administrator\Desktop\MBRCheck_07.23.12_12.41.07.txt
2012-07-23 13:42 - 2012-07-23 13:42 - 04582474 ____R (Swearware) C:\Users\Administrator\Desktop\commy.exe
2012-07-23 13:31 - 2012-07-23 13:31 - 04731392 ____A (AVAST Software) C:\Users\Administrator\Desktop\aswMBR.exe
2012-07-15 20:35 - 2011-11-27 16:38 - 00001356 ____A C:\Users\Administrator\AppData\Local\d3d9caps.dat
2012-07-15 13:06 - 2006-11-02 11:21 - 00399736 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-15 01:31 - 2012-07-15 00:57 - 261122008 ____A (Avira GmbH) C:\Users\Administrator\Downloads\rescue_system-common-en.exe
2012-07-14 23:48 - 2012-07-14 23:48 - 00270816 ____A C:\Windows\Minidump\Mini071412-03.dmp
2012-07-14 23:48 - 2011-11-27 15:41 - 701416025 ____A C:\Windows\MEMORY.DMP
2012-07-14 22:59 - 2012-07-14 22:59 - 00057344 ____A (Roxio) C:\Windows\uneng.exe
2012-07-14 22:59 - 2012-07-14 22:59 - 00049152 ____A (Roxio) C:\Windows\SysWOW64\cdrtc.dll
2012-07-14 22:59 - 2012-07-14 22:59 - 00045056 ____A (Roxio) C:\Windows\SysWOW64\cdral.dll
2012-07-14 22:58 - 2012-07-14 22:53 - 94281863 ____A C:\Users\Administrator\Downloads\RoxioEasyCD0410.rar
2012-07-14 22:52 - 2012-07-14 22:52 - 00821248 ____A C:\Users\Administrator\Downloads\FreeISOBurner.exe
2012-07-14 22:43 - 2012-07-14 22:43 - 04266768 ____A (Smart Projects ) C:\Users\Administrator\Downloads\isobuster_all_lang.exe
2012-07-14 22:26 - 2012-07-14 22:25 - 00270816 ____A C:\Windows\Minidump\Mini071412-02.dmp
2012-07-14 22:20 - 2012-07-14 22:20 - 00270816 ____A C:\Windows\Minidump\Mini071412-01.dmp
2012-07-14 22:16 - 2012-07-14 22:16 - 259346432 ____A C:\rescue_system-common-en.iso
2012-07-14 18:16 - 2012-07-14 18:17 - 00955888 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2012-07-14 18:16 - 2012-07-14 18:17 - 00839152 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-07-14 18:13 - 2012-07-14 18:12 - 21869552 ____A (Oracle Corporation) C:\Users\Administrator\Downloads\jre-7u5-windows-x64.exe
2012-07-14 12:57 - 2012-07-14 12:57 - 00961371 ____A C:\Users\Administrator\Documents\Copy of Consortium_Shuffler v4.xlsx
2012-07-14 10:26 - 2012-07-14 10:26 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Administrator\Downloads\mbam-setup-1.62.0.1300.exe
2012-07-14 10:26 - 2012-07-14 10:26 - 00000948 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-14 09:12 - 2012-06-20 08:37 - 00875466 ____A C:\Users\Administrator\Documents\tuj datasheet.xlsx
2012-07-14 09:08 - 2012-07-14 09:08 - 00009287 ____A C:\Users\Administrator\Documents\glyph bank.xlsx
2012-07-13 21:29 - 2012-07-13 21:29 - 00018325 ____A C:\Windows\SysWOW64\CCCInstall_201207132029492105.log
2012-07-13 21:24 - 2012-07-13 21:20 - 162514192 ____A (Advanced Micro Devices, Inc.) C:\Users\Administrator\Downloads\12-6-legacy_vista_win7_64_dd_ccc.exe
2012-07-12 16:36 - 2012-07-11 05:17 - 00002025 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-07-11 05:38 - 2012-07-11 05:38 - 00399264 ____A (Bleeping Computer, LLC) C:\Users\Administrator\Downloads\unhide.exe
2012-07-11 05:07 - 2012-07-11 05:07 - 00003694 ____A C:\Users\Michael\Desktop\RKreport[2].txt
2012-07-11 05:07 - 2012-07-11 05:07 - 00003539 ____A C:\Users\Michael\Desktop\RKreport[1].txt
2012-07-11 05:06 - 2012-07-11 05:15 - 01558016 ____A C:\RogueKiller.exe
2012-07-11 05:06 - 2012-07-11 05:06 - 01558016 ____A C:\Users\Michael\Downloads\RogueKiller.exe
2012-07-11 04:26 - 2006-11-02 08:34 - 00000254 ____A C:\Windows\win.ini
2012-07-11 04:20 - 2006-11-02 08:35 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-07-11 03:43 - 2012-07-11 03:43 - 00106584 ____A C:\Users\Michael\AppData\Local\GDIPFONTCACHEV1.DAT
2012-07-11 03:41 - 2012-07-11 03:41 - 00000020 ___SH C:\Users\Michael\ntuser.ini
2012-07-11 03:35 - 2008-01-20 23:26 - 00114562 ____A C:\Windows\PFRO.log
2012-07-10 20:15 - 2012-07-10 20:15 - 00000752 ____A C:\Users\Administrator\Desktop\Ventrilo.lnk
2012-07-10 20:15 - 2012-07-10 20:15 - 00000262 ____A C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
2012-07-10 20:13 - 2012-07-10 20:13 - 04135696 ____A C:\Users\Administrator\Downloads\ventrilo-3.0.8-Windows-x64.exe
2012-07-10 20:08 - 2012-07-10 20:08 - 01132799 ____A C:\Users\Administrator\Downloads\TheUndermineJournal(4).zip
2012-07-05 03:36 - 2012-05-25 00:10 - 01078513 ____A C:\Users\Administrator\Documents\Copy of Consortium_Shuffler v4.52.xlsx
2012-07-04 03:32 - 2012-07-04 03:32 - 00187392 ____A C:\Windows\System32\clinfo.exe
2012-07-04 03:32 - 2012-07-04 03:32 - 00075264 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OpenVideo64.dll
2012-07-04 03:32 - 2012-07-04 03:32 - 00065024 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll
2012-07-04 03:31 - 2012-07-04 03:31 - 16457216 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\amdocl64.dll
2012-07-04 03:31 - 2012-07-04 03:31 - 00063488 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OVDecode64.dll
2012-07-04 03:31 - 2012-07-04 03:31 - 00056320 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll
2012-07-04 03:30 - 2012-07-04 03:30 - 13008384 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2012-07-04 03:30 - 2012-07-04 03:30 - 00054784 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll
2012-07-04 03:30 - 2012-07-04 03:30 - 00050176 ____A (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2012-07-04 02:59 - 2012-07-04 02:59 - 11922944 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmdag.sys
2012-07-04 02:52 - 2012-07-04 02:52 - 26016256 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atio6axx.dll
2012-07-04 02:35 - 2012-07-04 02:35 - 19586048 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2012-07-04 02:28 - 2012-07-04 02:28 - 00246000 ____A C:\Windows\SysWOW64\atiapfxx.blb
2012-07-04 02:28 - 2012-07-04 02:28 - 00246000 ____A C:\Windows\System32\atiapfxx.blb
2012-07-04 02:27 - 2012-07-04 02:27 - 00159744 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiapfxx.exe
2012-07-04 02:27 - 2011-04-20 03:09 - 00918528 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2012-07-04 02:25 - 2011-04-20 03:07 - 01081856 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\aticfx64.dll
2012-07-04 02:21 - 2012-07-04 02:21 - 00514048 ____A (AMD) C:\Windows\System32\atieclxx.exe
2012-07-04 02:21 - 2011-11-27 15:34 - 00442368 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\ATIDEMGX.dll
2012-07-04 02:20 - 2012-07-04 02:20 - 00238080 ____A (AMD) C:\Windows\System32\atiesrxx.exe
2012-07-04 02:19 - 2012-07-04 02:19 - 00120320 ____A (AMD) C:\Windows\System32\atitmm64.dll
2012-07-04 02:19 - 2012-07-04 02:19 - 00059392 ____A (ATI Technologies, Inc.) C:\Windows\System32\atiedu64.dll
2012-07-04 02:19 - 2012-07-04 02:19 - 00043520 ____A (ATI Technologies, Inc.) C:\Windows\SysWOW64\ati2edxx.dll
2012-07-04 02:19 - 2012-07-04 02:19 - 00021504 ____A (AMD) C:\Windows\System32\atimuixx.dll
2012-07-04 02:18 - 2011-04-20 02:59 - 06811648 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2012-07-04 01:57 - 2012-07-04 01:57 - 07510528 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atidxx64.dll
2012-07-04 01:36 - 2012-07-04 01:36 - 01960960 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdmv.dll
2012-07-04 01:36 - 2012-07-04 01:36 - 01053696 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd6v.dll
2012-07-04 01:36 - 2012-07-04 01:36 - 00069632 ____A (AMD) C:\Windows\System32\coinst_8.97.100.3.dll
2012-07-04 01:35 - 2011-04-20 02:38 - 06245888 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2012-07-04 01:35 - 2009-02-04 00:29 - 04261376 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd6a.dll
2012-07-04 01:34 - 2012-07-04 01:34 - 02818784 ____A C:\Windows\System32\atiumd6a.cap
2012-07-04 01:28 - 2011-04-20 02:30 - 04749312 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2012-07-04 01:27 - 2012-07-04 01:27 - 02852480 ____A C:\Windows\SysWOW64\atiumdva.cap
2012-07-04 01:24 - 2009-02-04 00:36 - 07477760 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd64.dll
2012-07-04 01:11 - 2012-07-04 01:11 - 00364544 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2012-07-04 01:11 - 2012-07-04 01:11 - 00056832 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2012-07-04 01:11 - 2012-07-04 01:11 - 00056832 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2012-07-04 01:11 - 2012-07-04 01:11 - 00056320 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atimpc64.dll
2012-07-04 01:11 - 2012-07-04 01:11 - 00056320 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\amdpcom64.dll
2012-07-04 01:11 - 2012-07-04 01:11 - 00041984 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6txx.dll
2012-07-04 01:11 - 2012-07-04 01:11 - 00033280 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2012-07-04 01:11 - 2012-07-04 01:11 - 00017920 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6pxx.dll
2012-07-04 01:11 - 2012-07-04 01:11 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2012-07-04 01:11 - 2012-07-04 01:11 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiglpxx.dll
2012-07-04 01:11 - 2009-02-04 00:07 - 00535552 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiadlxx.dll
2012-07-04 01:10 - 2012-07-04 01:10 - 00359936 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmpag.sys
2012-07-04 01:10 - 2012-07-04 01:10 - 00055296 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiuxp64.dll
2012-07-04 01:09 - 2012-07-04 01:09 - 00053248 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\ati2erec.dll
2012-07-04 01:09 - 2011-04-20 02:21 - 00045056 ____A C:\Windows\System32\atitmp64.dll
2012-07-04 01:09 - 2011-04-20 02:21 - 00045056 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiu9p64.dll
2012-07-04 01:09 - 2011-04-20 02:21 - 00042496 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2012-07-04 01:09 - 2011-04-20 02:21 - 00032768 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2012-07-04 01:04 - 2012-07-04 01:04 - 15827456 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticaldd64.dll
2012-07-04 01:04 - 2012-07-04 01:04 - 00051200 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalrt64.dll
2012-07-04 01:04 - 2012-07-04 01:04 - 00046080 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2012-07-04 01:04 - 2012-07-04 01:04 - 00044544 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2012-07-04 01:04 - 2012-07-04 01:04 - 00044544 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalcl64.dll
2012-07-04 00:59 - 2012-07-04 00:59 - 13402112 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2012-07-03 14:46 - 2012-07-14 10:26 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-01 19:16 - 2012-07-01 19:16 - 13085120 ____A (Microsoft Corporation) C:\Users\Administrator\Downloads\Silverlight_x64.exe
2012-06-23 06:48 - 2012-06-23 06:48 - 00245305 ____A C:\Users\Administrator\Downloads\TheUndermineJournal(3).zip
2012-06-22 04:10 - 2012-06-22 04:10 - 00698278 ____A C:\Users\Administrator\Downloads\easy_uninstaller.zip
2012-06-22 04:09 - 2012-06-22 04:08 - 00463080 ____A (CNET Download.com) C:\Users\Administrator\Downloads\cnet2_easy_uninstaller_zip.exe
2012-06-21 18:07 - 2012-06-21 18:07 - 00242459 ____A C:\Users\Administrator\Downloads\TheUndermineJournal(2).zip
2012-06-21 18:05 - 2012-06-21 18:05 - 00000318 ____A C:\Users\Administrator\Desktop\Curse Client - 1 .appref-ms
2012-06-16 03:08 - 2012-07-11 05:17 - 00001951 ____A C:\Users\Public\Desktop\DivX Plus Converter.lnk
2012-06-16 03:08 - 2012-07-11 05:17 - 00000947 ____A C:\Users\Public\Desktop\DivX Plus Player.lnk
2012-06-16 03:08 - 2012-06-16 03:08 - 00001426 ____A C:\Users\Administrator\Desktop\DivX Movies.lnk
2012-06-16 03:05 - 2012-06-16 03:05 - 00933256 ____A (DivX, LLC) C:\Users\Administrator\Downloads\DivXInstaller.exe
2012-06-13 09:58 - 2012-07-11 04:11 - 02769408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-08 13:59 - 2012-07-10 15:18 - 12899840 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 13:47 - 2012-07-10 15:18 - 11586048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-05 12:47 - 2012-07-10 15:18 - 01401856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 12:47 - 2012-07-10 15:18 - 01248768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-05 12:22 - 2012-07-10 15:18 - 01869824 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 12:22 - 2012-07-10 15:18 - 01797120 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-04 11:29 - 2012-07-10 15:18 - 00516480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-03 23:48 - 2012-06-03 23:48 - 00000165 ____A C:\Users\Administrator\Documents\~$glyph_stockpiling.xls_0.ods
2012-06-03 22:51 - 2012-06-03 22:51 - 00000165 ____A C:\Users\Administrator\Documents\~$Copy of Consortium_Shuffler v4.52.xlsx
2012-06-02 23:07 - 2012-06-02 23:07 - 00059768 ____A (MurGee.com) C:\Users\Administrator\Downloads\AutoMouseMover.exe
2012-06-02 18:19 - 2012-06-22 22:14 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 18:19 - 2012-06-22 22:14 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 18:19 - 2012-06-22 22:14 - 00577048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2012-06-02 18:19 - 2012-06-22 22:14 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 18:19 - 2012-06-22 22:14 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 18:19 - 2012-06-22 22:14 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 18:19 - 2012-06-22 22:14 - 00035864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2012-06-02 18:15 - 2012-06-22 22:14 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 18:15 - 2012-06-22 22:14 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 18:12 - 2012-06-22 22:14 - 00088576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2012-06-02 16:19 - 2012-06-22 22:13 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 16:19 - 2012-06-22 22:13 - 00171904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2012-06-02 16:15 - 2012-06-22 22:13 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 16:12 - 2012-06-22 22:13 - 00033792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2012-06-02 08:49 - 2012-07-11 04:13 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 08:17 - 2012-07-11 04:13 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 08:12 - 2012-07-11 04:13 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 08:05 - 2012-07-11 04:13 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 08:05 - 2012-07-11 04:13 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 08:04 - 2012-07-11 04:13 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 08:04 - 2012-07-11 04:13 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 08:03 - 2012-07-11 04:13 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 08:01 - 2012-07-11 04:13 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 08:00 - 2012-07-11 04:13 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 07:59 - 2012-07-11 04:13 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 07:57 - 2012-07-11 04:13 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 07:57 - 2012-07-11 04:13 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 07:54 - 2012-07-11 04:13 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 05:07 - 2012-07-11 04:13 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-02 04:43 - 2012-07-11 04:13 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-02 04:33 - 2012-07-11 04:13 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-02 04:26 - 2012-07-11 04:13 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-02 04:25 - 2012-07-11 04:13 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-02 04:25 - 2012-07-11 04:13 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-02 04:23 - 2012-07-11 04:13 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-02 04:21 - 2012-07-11 04:13 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-02 04:20 - 2012-07-11 04:13 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-02 04:19 - 2012-07-11 04:13 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-02 04:19 - 2012-07-11 04:13 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-02 04:17 - 2012-07-11 04:13 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-02 04:16 - 2012-07-11 04:13 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-02 04:14 - 2012-07-11 04:13 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-02 01:20 - 2012-05-01 21:17 - 00000321 ____A C:\Users\Administrator\Documents\A-Alexstrasza.iqy
2012-06-02 01:15 - 2012-06-02 01:15 - 00244140 ____A C:\Users\Administrator\Downloads\TheUndermineJournal(1).zip
2012-06-02 00:42 - 2011-11-27 16:13 - 00182272 ____A C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-06-01 20:22 - 2012-07-10 15:18 - 00347136 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 20:22 - 2012-07-10 15:18 - 00254464 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 20:05 - 2012-07-10 15:18 - 00077312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 20:04 - 2012-07-10 15:18 - 00278528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 20:03 - 2012-07-10 15:18 - 00204288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-05-31 13:25 - 2011-11-27 17:43 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-05-25 04:32 - 2011-11-27 16:12 - 00106584 ____A C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2012-05-25 04:13 - 2012-05-25 04:13 - 00467812 ____A C:\Windows\dd_vcredistMSI1AEC.txt
2012-05-25 04:13 - 2012-05-25 04:13 - 00017106 ____A C:\Windows\dd_vcredistUI1AEC.txt
2012-05-25 04:13 - 2012-05-25 04:12 - 00463468 ____A C:\Windows\dd_vcredistMSI1A46.txt
2012-05-25 04:13 - 2012-05-25 04:12 - 00017058 ____A C:\Windows\dd_vcredistUI1A46.txt
2012-05-25 03:32 - 2012-05-25 03:32 - 00017053 ____A C:\Users\Administrator\Downloads\Auc-Util-BigPicture-4.3.zip
2012-05-25 01:31 - 2012-05-25 01:31 - 00476960 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll
2012-05-25 01:31 - 2012-04-30 12:19 - 00472864 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2012-05-24 23:36 - 2012-07-11 05:17 - 00000930 ____A C:\Users\Public\Desktop\gBurner Virtual Drive.lnk
2012-05-24 23:08 - 2012-05-24 23:08 - 00000846 ____A C:\Users\Administrator\Desktop\UltraISO.lnk
2012-05-24 08:38 - 2012-05-10 09:05 - 00017408 ____A C:\Users\Administrator\Downloads\glyph_stockpiling.xls
2012-05-23 09:30 - 2012-05-24 08:38 - 00017331 ____A C:\Users\Administrator\Documents\glyph_stockpiling.xls_0_1.ods
2012-05-19 08:28 - 2012-07-26 20:00 - 00000782 ____A C:\Users\Public\Desktop\µTorrent.lnk
2012-05-10 15:13 - 2012-05-10 15:13 - 00000097 ____A C:\Users\Administrator\Documents\doctor appointments.txt
2012-05-09 11:40 - 2012-05-09 11:40 - 00010438 ____A C:\Users\Administrator\Downloads\food stamp note.odt
2012-05-08 21:46 - 2011-11-27 17:24 - 00132832 ____A (Avira GmbH) C:\Windows\System32\Drivers\avipbb.sys
2012-05-08 21:46 - 2011-11-27 17:24 - 00098848 ____A (Avira GmbH) C:\Windows\System32\Drivers\avgntflt.sys

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe
[2011-12-01 01:18] - [2009-04-11 03:10] - 3079168 ____A (Microsoft Corporation) 6B08E54A451B3F95E4109DBA7E594270

C:\Windows\System32\winlogon.exe
[2011-12-01 01:17] - [2009-04-11 03:11] - 0405504 ____A (Microsoft Corporation) 6D0773A3A65D28B663F334C90441D01A

C:\Windows\System32\wininit.exe
[2008-01-20 22:50] - [2008-01-20 22:50] - 0123904 ____A (Microsoft Corporation) 117EA87DF785CA1B9D821F6F213DCE07

C:\Windows\System32\svchost.exe
[2008-01-20 22:50] - [2008-01-20 22:50] - 0027648 ____A (Microsoft Corporation) CDA9F1373805AF88F6FA4F2064BBA24D

C:\Windows\System32\services.exe
[2011-12-01 01:17] - [2009-04-11 03:10] - 0384512 ____A (Microsoft Corporation) 934E0B7D77FF78C18D9F8891221B6DE3

C:\Windows\System32\User32.dll
[2011-12-01 01:18] - [2009-04-11 03:11] - 0820224 ____A (Microsoft Corporation) F3F5549E69AE8509342E67E4F972CA1C

C:\Windows\System32\userinit.exe
[2008-01-20 22:49] - [2008-01-20 22:49] - 0028160 ____A (Microsoft Corporation) A0AB2BB9A92293D9CE66E252719AB5FE

C:\Windows\System32\Drivers\volsnap.sys
[2011-12-01 01:17] - [2009-04-11 03:15] - 0269288 ____A (Microsoft Corporation) 5280AADA24AB36B01A84A6424C475C8D


==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points (XP) =====================


========================= Memory info ======================

Percentage of memory in use: 9%
Total physical RAM: 3326.42 MB
Available physical RAM: 2998.36 MB
Total Pagefile: 3149.59 MB
Available Pagefile: 3079.99 MB
Total Virtual: 2047.88 MB
Available Virtual: 2001.38 MB

======================= Partitions =========================

1 Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
2 Drive c: () (Fixed) (Total:465.76 GB) (Free:175.77 GB) NTFS
4 Drive e: () (Removable) (Total:7.45 GB) (Free:7.41 GB) FAT32
8 Drive I: (Rosewill) (CDROM) (Total:0.09 GB) (Free:0 GB) CDFS
9 Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 466 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 466 GB 1024 KB
Partition 2 Unknown 2032 KB 466 GB
==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 466 GB Healthy
==================================================================================

Disk: 0
Partition 2
Type : 17 (Suspicious Type)
Hidden: Yes
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 Partition 2048 KB Healthy
==================================================================================

==========================================================

Last Boot: 2012-08-01 08:38

======================= End Of Log ==========================
 
FRST Fixlist

Please run the following:

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
CMD: bootrec /fixmbr
end
Click to expand...

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 25-07-2012 01
Ran by SYSTEM at 2012-08-02 08:47:46 Run:1
Running from E:\

==============================================


========= bootrec /fixmbr =========

'bootrec' is not recognized as an internal or external command,
operable program or batch file.

========= End of CMD: =========


==== End of Fixlog ====
 
X:\Programs\MBRFix>mbrfix /drive 0 driveinfo
Drive 0
Cylinders = 60801
Tracks (heads) per cylinder = 255
Sectors per track = 63
Bytes per sector = 512
Disk size = 500105249280 (Bytes) = 465 (GB)

X:\Programs\MBRFix>mbrfix /drive 0 listpartitions
# Boot Size (MB) Type
1 476936 7 NTFS or HPFS
2 Yes 1 23 Hidden IFS (e.g., HPFS)
3 0 0 None
4 0 0 None
 
Ok, so I have a hidden partition that is being used as the boot partition.

Should I modify my partition 1 to boot or delete the second partition, or what are the next steps?

I did use MBRFix to save my current MBR to a file and did a rewrite of the current MBR to a default vista partition, but it didn't seem to change anything.
 
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 64-bit
Base Board Manufacturer: Gigabyte Technology Co., Ltd.
BIOS Manufacturer: Award Software International, Inc.
System Manufacturer: Gigabyte Technology Co., Ltd.
System Product Name: GA-MA790X-UD4P
Logical Drives Mask: 0x00000ffc

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit: n


Done!
Press ENTER to exit...
 
I bought the PC from CyberPower PC, so I didn't do the OS Installation. But since the partition is only 2 megabytes, is listed as the boot partition, and apparently is not a rescue partition since I was not offered the rescue partition options when booting up Advanced Boot Options, I would say it is suspicious. Is there a way to peek inside it or to do a scan of it?
 
========================= Memory info ======================

Percentage of memory in use: 29%
Total physical RAM: 8189.57 MB
Available physical RAM: 5804.47 MB
Total Pagefile: 16433.67 MB
Available Pagefile: 13820.96 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:465.76 GB) (Free:168.12 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive e: (Rosewill) (CDROM) (Total:0.09 GB) (Free:0 GB) CDFS
4 Drive f: () (Removable) (Total:7.45 GB) (Free:7.41 GB) FAT32

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 466 GB 0 B
Disk 1 Online 7634 MB 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 466 GB 1024 KB
Partition 2 Primary 2032 KB 466 GB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C NTFS Partition 466 GB Healthy System (partition with boot components)

======================================================================================================

Disk: 0
Partition 2
Type : 17 (Suspicious Type)
Hidden: Yes
Active: Yes

There is no volume associated with this partition.

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7633 MB 16 KB

======================================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F FAT32 Removable 7633 MB Healthy

======================================================================================================
The boot configuration data store could not be opened.
The system cannot find the file specified.


****** End Of Log ******
 
Please do the following, then re-run List parts

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it in the same directory ListParts is located as fix.txt
Disk=0 Partition=2 type=17
Click to expand...
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run ListParts.
  • Press Fix button.
  • When it is done close the notification pop up. Click Scan and copy and paste the log (Result.txt) it makes.
 
ListParts by Farbar Version: 25-07-2012
Ran by Administrator (administrator) on 05-08-2012 at 19:58:55
Windows Vista (X64)
Running From: C:\Users\Administrator\Desktop
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 37%
Total physical RAM: 8189.57 MB
Available physical RAM: 5127.09 MB
Total Pagefile: 16433.67 MB
Available Pagefile: 12772.88 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:465.76 GB) (Free:168.25 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive e: (Rosewill) (CDROM) (Total:0.09 GB) (Free:0 GB) CDFS
4 Drive f: () (Removable) (Total:7.45 GB) (Free:7.41 GB) FAT32

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 466 GB 0 B
Disk 1 Online 7634 MB 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 466 GB 1024 KB
Partition 2 Primary 2032 KB 466 GB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C NTFS Partition 466 GB Healthy System (partition with boot components)

======================================================================================================

Disk: 0
Partition 2
Type : 17 (Suspicious Type)
Hidden: Yes
Active: Yes

There is no volume associated with this partition.

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7633 MB 16 KB

======================================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F FAT32 Removable 7633 MB Healthy

======================================================================================================

****** End Of Log ******
 
Better, but not 100% yet. My google searches are still being hijacked, but my browsing no longer feels like it is being filtered. I still can't load aswMBR (I tried just to see if it was still being blocked).
 
Here is a log of MBAM

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.06.05

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Administrator :: MICHAEL-PC [administrator]

Protection: Enabled

8/6/2012 8:33:12 AM
mbam-log-2012-08-06 (08-33-12).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 221015
Time elapsed: 8 minute(s), 33 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
Avira Free Antivirus
Report file date: Monday, August 06, 2012 08:45

Scanning for 4061297 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available.

Licensee : Avira AntiVir Personal - Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows (TM) Vista Home Premium
Windows version : (Service Pack 2) [6.0.6002]
Boot mode : Normally booted
Username : Administrator
Computer name : MICHAEL-PC

Version information:
BUILD.DAT : 12.0.0.1125 41829 Bytes 5/2/2012 17:40:00
AVSCAN.EXE : 12.3.0.15 466896 Bytes 5/9/2012 01:46:56
AVSCAN.DLL : 12.3.0.15 54736 Bytes 5/9/2012 01:46:56
LUKE.DLL : 12.3.0.15 68304 Bytes 5/9/2012 01:46:57
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 5/9/2012 01:46:57
AVREG.DLL : 12.3.0.17 232200 Bytes 5/11/2012 01:46:02
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 04:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 19:07:39
VBASE002.VDF : 7.11.19.170 14374912 Bytes 12/20/2011 19:32:37
VBASE003.VDF : 7.11.21.238 4472832 Bytes 2/1/2012 14:23:27
VBASE004.VDF : 7.11.26.44 4329472 Bytes 3/28/2012 22:08:19
VBASE005.VDF : 7.11.34.116 4034048 Bytes 6/29/2012 11:10:28
VBASE006.VDF : 7.11.34.117 2048 Bytes 6/29/2012 11:10:29
VBASE007.VDF : 7.11.34.118 2048 Bytes 6/29/2012 11:10:29
VBASE008.VDF : 7.11.34.119 2048 Bytes 6/29/2012 11:10:29
VBASE009.VDF : 7.11.34.120 2048 Bytes 6/29/2012 11:10:30
VBASE010.VDF : 7.11.34.121 2048 Bytes 6/29/2012 11:10:30
VBASE011.VDF : 7.11.34.122 2048 Bytes 6/29/2012 11:10:31
VBASE012.VDF : 7.11.34.123 2048 Bytes 6/29/2012 11:10:32
VBASE013.VDF : 7.11.34.124 2048 Bytes 6/29/2012 11:10:32
VBASE014.VDF : 7.11.38.18 2554880 Bytes 7/30/2012 00:27:19
VBASE015.VDF : 7.11.38.70 556032 Bytes 7/31/2012 00:27:21
VBASE016.VDF : 7.11.38.143 171008 Bytes 8/2/2012 20:27:06
VBASE017.VDF : 7.11.38.144 2048 Bytes 8/2/2012 20:27:06
VBASE018.VDF : 7.11.38.145 2048 Bytes 8/2/2012 20:27:06
VBASE019.VDF : 7.11.38.146 2048 Bytes 8/2/2012 20:27:07
VBASE020.VDF : 7.11.38.147 2048 Bytes 8/2/2012 20:27:07
VBASE021.VDF : 7.11.38.148 2048 Bytes 8/2/2012 20:27:07
VBASE022.VDF : 7.11.38.149 2048 Bytes 8/2/2012 20:27:07
VBASE023.VDF : 7.11.38.150 2048 Bytes 8/2/2012 20:27:07
VBASE024.VDF : 7.11.38.151 2048 Bytes 8/2/2012 20:27:08
VBASE025.VDF : 7.11.38.152 2048 Bytes 8/2/2012 20:27:08
VBASE026.VDF : 7.11.38.153 2048 Bytes 8/2/2012 20:27:08
VBASE027.VDF : 7.11.38.154 2048 Bytes 8/2/2012 20:27:08
VBASE028.VDF : 7.11.38.155 2048 Bytes 8/2/2012 20:27:09
VBASE029.VDF : 7.11.38.156 2048 Bytes 8/2/2012 20:27:09
VBASE030.VDF : 7.11.38.157 2048 Bytes 8/2/2012 20:27:09
VBASE031.VDF : 7.11.38.210 148992 Bytes 8/5/2012 18:26:53
Engine version : 8.2.10.126
AEVDF.DLL : 8.1.2.10 102772 Bytes 7/10/2012 11:09:30
AESCRIPT.DLL : 8.1.4.38 455033 Bytes 8/3/2012 18:27:24
AESCN.DLL : 8.1.8.2 131444 Bytes 1/27/2012 14:22:27
AESBX.DLL : 8.2.5.12 606578 Bytes 6/15/2012 02:36:59
AERDL.DLL : 8.1.9.15 639348 Bytes 9/9/2011 07:16:06
AEPACK.DLL : 8.3.0.18 807287 Bytes 7/27/2012 13:53:12
AEOFFICE.DLL : 8.1.2.42 201083 Bytes 7/19/2012 13:51:16
AEHEUR.DLL : 8.1.4.84 5112182 Bytes 8/3/2012 18:27:21
AEHELP.DLL : 8.1.23.2 258422 Bytes 6/29/2012 11:09:48
AEGEN.DLL : 8.1.5.34 434548 Bytes 7/19/2012 13:51:12
AEEXP.DLL : 8.1.0.74 86387 Bytes 8/3/2012 18:27:24
AEEMU.DLL : 8.1.3.2 393587 Bytes 7/10/2012 11:09:26
AECORE.DLL : 8.1.27.2 201078 Bytes 7/10/2012 11:09:25
AEBB.DLL : 8.1.1.0 53618 Bytes 9/2/2011 07:46:01
AVWINLL.DLL : 12.3.0.15 27344 Bytes 5/9/2012 01:46:56
AVPREF.DLL : 12.3.0.15 51920 Bytes 5/9/2012 01:46:56
AVREP.DLL : 12.3.0.15 179208 Bytes 5/9/2012 01:46:57
AVARKT.DLL : 12.3.0.15 211408 Bytes 5/9/2012 01:46:56
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 5/9/2012 01:46:56
SQLITE3.DLL : 3.7.0.1 398288 Bytes 5/9/2012 01:46:57
AVSMTP.DLL : 12.3.0.15 63440 Bytes 5/9/2012 01:46:56
NETNT.DLL : 12.3.0.15 17104 Bytes 5/9/2012 01:46:57
RCIMAGE.DLL : 12.3.0.15 4450000 Bytes 5/9/2012 01:46:56
RCTEXT.DLL : 12.3.0.15 96720 Bytes 5/9/2012 01:46:56

Configuration settings for the scan:
Jobname.............................: Scan for Rootkits and active malware
Configuration file..................: C:\ProgramData\Avira\AntiVir Desktop\PROFILES\rootkit.avp
Logging.............................: default
Primary action......................: Interactive
Secondary action....................: Ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: Complete

Start of the scan: Monday, August 06, 2012 08:45

Starting search for hidden objects.
Hidden thread
[NOTE] A system thread is not visible.
Hidden driver
[NOTE] A memory modification has been detected, which could potentially be used to hide file access attempts.
Hidden driver
[NOTE] A memory modification has been detected, which could potentially be used to hide file access attempts.

The scan of running processes will be started
Scan process 'avscan.exe' - '73' Module(s) have been scanned
Scan process 'avcenter.exe' - '101' Module(s) have been scanned
Scan process 'AutoMouseMover.exe' - '30' Module(s) have been scanned
Scan process 'FlashPlayerPlugin_11_3_300_270.exe' - '62' Module(s) have been scanned
Scan process 'FlashPlayerPlugin_11_3_300_270.exe' - '43' Module(s) have been scanned
Scan process 'plugin-container.exe' - '69' Module(s) have been scanned
Scan process 'mbamservice.exe' - '43' Module(s) have been scanned
Scan process 'firefox.exe' - '160' Module(s) have been scanned
Scan process 'hpqbam08.exe' - '26' Module(s) have been scanned
Scan process 'hpqSTE08.exe' - '60' Module(s) have been scanned
Scan process 'mbamgui.exe' - '38' Module(s) have been scanned
Scan process 'DivXUpdate.exe' - '63' Module(s) have been scanned
Scan process 'hpwuschd2.exe' - '17' Module(s) have been scanned
Scan process 'avgnt.exe' - '68' Module(s) have been scanned
Scan process 'ONENOTEM.EXE' - '19' Module(s) have been scanned
Scan process 'RaUI.exe' - '59' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '59' Module(s) have been scanned
Scan process 'MotoHelperAgent.exe' - '29' Module(s) have been scanned
Scan process 'RaRegistry.exe' - '36' Module(s) have been scanned
Scan process 'Steam.exe' - '102' Module(s) have been scanned
Scan process 'MotoHelperService.exe' - '52' Module(s) have been scanned
Scan process 'svchost.exe' - '41' Module(s) have been scanned
Scan process 'ESSVR.EXE' - '23' Module(s) have been scanned
Scan process 'avguard.exe' - '66' Module(s) have been scanned
Scan process 'armsvc.exe' - '24' Module(s) have been scanned
Scan process 'sched.exe' - '49' Module(s) have been scanned

Starting to scan executable files (registry).
The registry was scanned ( '2977' files ).



End of the scan: Monday, August 06, 2012 09:29
Used time: 43:33 Minute(s)

The scan has been done completely.

0 Scanned directories
4389 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 Files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
4389 Files not concerned
13 Archives were scanned
0 Warnings
3 Notes
891484 Objects were scanned with rootkit scan
3 Hidden objects were found
 
Download Farbar Recovery Scan Tool and save it to a flash drive.

Please make sure to download the 64-bit version.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64 and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to the disclaimer.
  • Place a check next to List Drivers MD5 as well as the default check marks that are already there
  • Press Scan button.
  • type exit and reboot the computer normally
  • FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.
 
Argh. It seems like it's no different. I'll post the screen caps I got from my attempts at your instructions. I apologize for the poor quality of the images, I took them with my cell phone. I don't have the fix option available to me, even with the OEM Windows disk.

PtOuo.jpg


skqyE.jpg
 
You must log in or register to reply here.

Similar threads

A
Stealthy malware that opens a backdoor into Windows web servers discovered
Replies
5
Views
658
Impudicus
I
Cal Jeffrey
Valve insiders say a new Counter-Strike game is coming
Replies
18
Views
865
toooooot
T
N
Millions of Android phones come with pre-installed malware, and there's no easy fix
Replies
19
Views
1K
BobHome
B

Latest posts

Back