Stubborn infection

Inactive
By Michael King
Jul 23, 2012
  1. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Yes you could.
  2. Michael King

    Michael King Newcomer, in training Topic Starter Posts: 48

    Ok, I may have jumped the gun here, but I used fixmbr from the REAToGo boot disk to change to active partition from 2 (the one the virus/malware created) to the first (my normal one). When I booted up, aswMBR booted up (I had placed it in my startup folder hoping it would be able to load before the virus did). Anyway, it would seem that I should be able to run whatever programs I need to now on my native environment.
  3. Michael King

    Michael King Newcomer, in training Topic Starter Posts: 48

    Also, the browser hijacking is gone and web browsing is now normal speed.
  4. Michael King

    Michael King Newcomer, in training Topic Starter Posts: 48

    Scan result of Farbar Recovery Scan Tool Version: 25-07-2012 01
    Ran by Administrator at 07-08-2012 17:34:39
    Running from F:\
    Service Pack 2 (X64) OS Language: English(US)
    Attention: Could not load system hive.ERROR: The process cannot access the file because it is being used by another process.

    ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.


    ============ One Month Created Files and Folders ==============

    2012-08-06 06:03 - 2012-08-06 06:35 - 00013283 ____A C:\Users\Administrator\Desktop\MBRCheck_08.06.12_06.03.17.txt
    2012-08-06 05:18 - 2012-08-06 05:18 - 00002003 ____A C:\Users\Administrator\Desktop\RKreport[8].txt
    2012-08-05 19:58 - 2012-08-05 19:58 - 00000026 ____A C:\Users\Administrator\Desktop\fix.txt
    2012-08-04 18:38 - 2012-08-05 19:59 - 00003050 ____A C:\Users\Administrator\Desktop\Result.txt
    2012-08-04 18:38 - 2012-08-04 18:38 - 00814903 ____A (Farbar) C:\Users\Administrator\Desktop\ListParts64.exe
    2012-08-03 03:30 - 2012-08-03 03:30 - 00013432 ____A C:\Users\Administrator\Desktop\MBRCheck_08.03.12_03.30.18.txt
    2012-08-02 17:41 - 2012-08-02 17:42 - 00012589 ____A C:\Users\Administrator\Desktop\MBRCheck_08.02.12_17.41.07.txt
    2012-08-01 14:56 - 2012-08-01 14:56 - 00000318 ____A C:\Users\Administrator\Desktop\Curse Client.appref-ms
    2012-08-01 12:41 - 2012-08-07 17:34 - 00000000 ____D C:\FRST
    2012-08-01 12:31 - 2012-08-01 12:31 - 00892822 ____A (Farbar) C:\Users\Administrator\Downloads\FRST.exe
    2012-08-01 10:05 - 2012-08-01 10:05 - 00001724 ____A C:\Users\Administrator\Desktop\aswMBR.txt
    2012-08-01 10:05 - 2012-08-01 10:05 - 00000512 ____A C:\Users\Administrator\Desktop\MBR.dat
    2012-07-30 18:06 - 2012-07-30 18:10 - 127231689 ____A (Igor Pavlov) C:\Users\Administrator\Desktop\OTLPENet.exe
    2012-07-29 17:57 - 2012-07-29 17:57 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_winusb_01009.Wdf
    2012-07-29 17:54 - 2009-07-14 07:19 - 00020480 ____A (Microsoft Corporation) C:\Windows\System32\winusb.dll
    2012-07-29 17:54 - 2009-07-14 07:12 - 00016896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\winusb.dll
    2012-07-29 17:54 - 2009-07-13 19:06 - 00040448 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\winusb.sys
    2012-07-29 17:51 - 2012-07-29 17:51 - 00000000 ___AH C:\Windows\System32\Drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
    2012-07-29 17:50 - 2009-07-14 13:18 - 00654928 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
    2012-07-29 17:50 - 2009-07-14 13:18 - 00042064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys
    2012-07-29 17:50 - 2009-07-14 13:18 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
    2012-07-29 17:39 - 2012-07-29 17:39 - 00000908 ____A C:\Users\Administrator\Desktop\Paper Jamz Pro.lnk
    2012-07-29 17:36 - 2012-07-29 17:37 - 00000000 ____D C:\Program Files (x86)\QuickTime
    2012-07-29 17:36 - 2012-07-29 17:36 - 00000000 ____D C:\Users\All Users\Apple Computer
    2012-07-29 17:34 - 2012-07-29 17:34 - 00000000 ____D C:\Users\All Users\Apple
    2012-07-29 17:34 - 2012-07-29 17:34 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
    2012-07-29 17:33 - 2012-07-29 17:48 - 00000000 ____D C:\Users\Administrator\Documents\Paper Jamz
    2012-07-29 17:32 - 2012-07-29 17:47 - 00000000 ____D C:\Program Files (x86)\Paper Jamz Pro
    2012-07-29 17:26 - 2012-07-29 17:32 - 133924232 ____A C:\Users\Administrator\Downloads\PaperJamzPro.exe
    2012-07-28 17:50 - 2012-07-28 17:51 - 00013285 ____A C:\Users\Administrator\Desktop\MBRCheck_07.28.12_17.50.12.txt
    2012-07-28 16:56 - 2012-07-28 16:56 - 00000000 ____D C:\Users\Administrator\AppData\Local\MigWiz
    2012-07-28 09:50 - 2012-07-29 17:38 - 00013981 ____A C:\Users\Administrator\Documents\glyph_stockpiling.xlsx
    2012-07-27 05:35 - 2012-07-27 05:42 - 00013356 ____A C:\Users\Administrator\Desktop\MBRCheck_07.27.12_05.35.03.txt
    2012-07-26 19:00 - 2012-07-26 19:03 - 00001446 ____A C:\Users\Administrator\Desktop\RKreport[7].txt
    2012-07-26 18:58 - 2012-07-26 18:58 - 00001928 ____A C:\Users\Administrator\Desktop\RKreport[6].txt
    2012-07-26 18:57 - 2012-07-26 18:57 - 00000709 ____A C:\Users\Administrator\Desktop\RKreport[5].txt
    2012-07-26 18:57 - 2012-07-26 18:57 - 00000672 ____A C:\Users\Administrator\Desktop\RKreport[4].txt
    2012-07-26 18:56 - 2012-07-26 18:56 - 00000570 ____A C:\Users\Administrator\Desktop\RKreport[3].txt
    2012-07-26 18:55 - 2012-07-26 18:55 - 00001358 ____A C:\Users\Administrator\Desktop\RKreport[2].txt
    2012-07-26 18:54 - 2012-08-06 05:18 - 00000000 ____D C:\Users\Administrator\Desktop\RK_Quarantine
    2012-07-26 18:54 - 2012-07-26 18:54 - 00001869 ____A C:\Users\Administrator\Desktop\RKreport[1].txt
    2012-07-26 18:53 - 2012-08-06 05:11 - 01552896 ____A C:\Users\Administrator\Desktop\RogueKiller.exe
    2012-07-25 18:16 - 2012-07-25 18:26 - 00013268 ____A C:\Users\Administrator\Desktop\MBRCheck_07.25.12_18.16.20.txt
    2012-07-24 17:05 - 2012-07-24 17:10 - 00013895 ____A C:\Users\Administrator\Desktop\MBRCheck_07.24.12_17.05.19.txt
    2012-07-24 16:56 - 2012-07-24 16:57 - 00013268 ____A C:\Users\Administrator\Desktop\MBRCheck_07.24.12_16.56.48.txt
    2012-07-24 16:44 - 2012-07-24 16:44 - 00000512 ____A C:\Users\Administrator\Desktop\MBRCheck_MBR_Backup_07-24-12_16-44-18.bak
    2012-07-24 16:43 - 2012-07-24 16:44 - 00014106 ____A C:\Users\Administrator\Desktop\MBRCheck_07.24.12_16.43.30.txt
    2012-07-24 16:41 - 2012-07-24 16:42 - 00014058 ____A C:\Users\Administrator\Desktop\MBRCheck_07.24.12_16.41.13.txt
    2012-07-24 09:43 - 2012-07-24 09:43 - 00000599 ____A C:\Users\Administrator\Desktop\dump.zip
    2012-07-24 09:33 - 2012-07-24 09:38 - 00014016 ____A C:\Users\Administrator\Desktop\MBRCheck_07.24.12_09.33.20.txt
    2012-07-24 09:25 - 2012-07-24 09:37 - 00000512 ____A C:\Users\Administrator\Desktop\dump.dat
    2012-07-24 09:23 - 2012-07-24 09:26 - 00013966 ____A C:\Users\Administrator\Desktop\MBRCheck_07.24.12_09.23.24.txt
    2012-07-23 14:33 - 2012-07-23 14:33 - 00010094 ____A C:\Users\Administrator\Desktop\Attach.txt
    2012-07-23 14:31 - 2012-07-23 14:31 - 00025456 ____A C:\Users\Administrator\Desktop\DDS.txt
    2012-07-23 13:23 - 2012-07-23 13:23 - 00607260 ____R (Swearware) C:\Users\Administrator\Desktop\dds.scr
    2012-07-23 12:55 - 2012-07-23 12:55 - 00294216 ____A C:\Users\Administrator\Desktop\gmer.zip
    2012-07-23 12:55 - 2011-07-16 22:21 - 00302592 ____A C:\Users\Administrator\Desktop\gmer.exe
    2012-07-23 12:50 - 2012-07-23 12:55 - 00013288 ____A C:\Users\Administrator\Desktop\MBRCheck_07.23.12_12.50.50.txt
    2012-07-23 12:50 - 2011-06-26 01:45 - 00256000 ____A C:\Windows\PEV.exe
    2012-07-23 12:50 - 2010-11-07 12:20 - 00208896 ____A C:\Windows\MBR.exe
    2012-07-23 12:50 - 2009-04-19 23:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
    2012-07-23 12:50 - 2000-08-30 19:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
    2012-07-23 12:50 - 2000-08-30 19:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
    2012-07-23 12:50 - 2000-08-30 19:00 - 00098816 ____A C:\Windows\sed.exe
    2012-07-23 12:50 - 2000-08-30 19:00 - 00080412 ____A C:\Windows\grep.exe
    2012-07-23 12:50 - 2000-08-30 19:00 - 00068096 ____A C:\Windows\zip.exe
    2012-07-23 12:49 - 2012-07-23 12:51 - 00000000 ___SD C:\commy32243c
    2012-07-23 12:46 - 2012-07-23 12:47 - 00000000 ___SD C:\commy
    2012-07-23 12:45 - 2012-07-23 12:46 - 00000000 ____D C:\Qoobox
    2012-07-23 12:44 - 2012-07-23 12:49 - 00000000 ___SD C:\32788R22FWJFW
    2012-07-23 12:44 - 2012-07-23 12:44 - 00000000 ____D C:\Windows\erdnt
    2012-07-23 12:42 - 2012-07-23 12:42 - 04582474 ____R (Swearware) C:\Users\Administrator\Desktop\commy.exe
    2012-07-23 12:41 - 2012-07-24 09:32 - 00080384 ____A C:\Users\Administrator\Desktop\MBRCheck.exe
    2012-07-23 12:41 - 2012-07-23 12:43 - 00013505 ____A C:\Users\Administrator\Desktop\MBRCheck_07.23.12_12.41.07.txt
    2012-07-23 12:31 - 2012-07-23 12:31 - 04731392 ____A (AVAST Software) C:\Users\Administrator\Desktop\aswMBR.exe
    2012-07-14 23:57 - 2012-07-15 00:31 - 261122008 ____A (Avira GmbH) C:\Users\Administrator\Downloads\rescue_system-common-en.exe
    2012-07-14 22:48 - 2012-07-14 22:48 - 00270816 ____A C:\Windows\Minidump\Mini071412-03.dmp
    2012-07-14 21:59 - 2012-07-14 21:59 - 00066000 ____A (Roxio) C:\Windows\SysWOW64\Drivers\Cdr4vsd.sys
    2012-07-14 21:59 - 2012-07-14 21:59 - 00057344 ____A (Roxio) C:\Windows\uneng.exe
    2012-07-14 21:59 - 2012-07-14 21:59 - 00049152 ____A (Roxio) C:\Windows\SysWOW64\cdrtc.dll
    2012-07-14 21:59 - 2012-07-14 21:59 - 00045056 ____A (Roxio) C:\Windows\SysWOW64\cdral.dll
    2012-07-14 21:59 - 2012-07-14 21:59 - 00027388 ____A (Roxio) C:\Windows\SysWOW64\Drivers\cdralwnt.sys
    2012-07-14 21:59 - 2012-07-14 21:59 - 00000000 ____D C:\Users\Administrator\Downloads\RoxioEasyCD0410
    2012-07-14 21:53 - 2012-07-14 21:58 - 94281863 ____A C:\Users\Administrator\Downloads\RoxioEasyCD0410.rar
    2012-07-14 21:52 - 2012-07-14 21:52 - 00821248 ____A C:\Users\Administrator\Downloads\FreeISOBurner.exe
    2012-07-14 21:44 - 2012-07-14 21:44 - 00000000 ____D C:\Program Files (x86)\Smart Projects
    2012-07-14 21:43 - 2012-07-14 21:43 - 04266768 ____A (Smart Projects ) C:\Users\Administrator\Downloads\isobuster_all_lang.exe
    2012-07-14 21:25 - 2012-07-14 21:26 - 00270816 ____A C:\Windows\Minidump\Mini071412-02.dmp
    2012-07-14 21:20 - 2012-07-14 21:20 - 00270816 ____A C:\Windows\Minidump\Mini071412-01.dmp
    2012-07-14 21:16 - 2012-07-14 21:16 - 259346432 ____A C:\rescue_system-common-en.iso
    2012-07-14 17:17 - 2012-07-14 17:16 - 00955888 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
    2012-07-14 17:17 - 2012-07-14 17:16 - 00839152 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
    2012-07-14 17:12 - 2012-07-14 17:13 - 21869552 ____A (Oracle Corporation) C:\Users\Administrator\Downloads\jre-7u5-windows-x64.exe
    2012-07-14 11:57 - 2012-07-14 11:57 - 00961371 ____A C:\Users\Administrator\Documents\Copy of Consortium_Shuffler v4.xlsx
    2012-07-14 09:26 - 2012-07-14 09:26 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Administrator\Downloads\mbam-setup-1.62.0.1300.exe
    2012-07-14 09:26 - 2012-07-14 09:26 - 00000948 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-07-14 09:26 - 2012-07-14 09:26 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-07-14 09:26 - 2012-07-14 09:26 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-07-14 09:26 - 2012-07-03 13:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-07-14 08:08 - 2012-07-14 08:08 - 00009287 ____A C:\Users\Administrator\Documents\glyph bank.xlsx
    2012-07-13 20:33 - 2012-07-13 20:33 - 00000000 ____D C:\Users\Administrator\AppData\Local\AMD
    2012-07-13 20:32 - 2012-07-13 20:32 - 00000000 ____D C:\Users\All Users\ATI
    2012-07-13 20:32 - 2012-07-13 20:32 - 00000000 ____D C:\Program Files (x86)\AMD APP
    2012-07-13 20:31 - 2012-07-13 20:31 - 00000000 ____D C:\Users\All Users\AMD
    2012-07-13 20:30 - 2010-02-18 09:18 - 00046136 ____A (Advanced Micro Devices) C:\Windows\System32\Drivers\amdiox64.sys
    2012-07-13 20:29 - 2012-07-13 20:29 - 00018325 ____A C:\Windows\SysWOW64\CCCInstall_201207132029492105.log
    2012-07-13 20:24 - 2012-07-13 20:24 - 00000000 ____D C:\AMD
    2012-07-13 20:20 - 2012-07-13 20:24 - 162514192 ____A (Advanced Micro Devices, Inc.) C:\Users\Administrator\Downloads\12-6-legacy_vista_win7_64_dd_ccc.exe
    2012-07-11 18:06 - 2012-08-03 04:06 - 09827016 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
    2012-07-11 04:38 - 2012-07-11 04:38 - 00399264 ____A (Bleeping Computer, LLC) C:\Users\Administrator\Downloads\unhide.exe
    2012-07-11 04:17 - 2012-08-01 16:38 - 00002025 ____A C:\Users\Public\Desktop\Google Chrome.lnk
    2012-07-11 04:17 - 2012-06-16 02:08 - 00001951 ____A C:\Users\Public\Desktop\DivX Plus Converter.lnk
    2012-07-11 04:17 - 2012-06-16 02:08 - 00000947 ____A C:\Users\Public\Desktop\DivX Plus Player.lnk
    2012-07-11 04:17 - 2012-05-24 22:36 - 00000930 ____A C:\Users\Public\Desktop\gBurner Virtual Drive.lnk
    2012-07-11 04:17 - 2012-04-17 16:58 - 00001810 ____A C:\Users\Public\Desktop\GoldenEye Souce v4.1.lnk
    2012-07-11 04:17 - 2012-04-17 08:48 - 00000828 ____A C:\Users\Public\Desktop\Steam.lnk
    2012-07-11 04:17 - 2012-01-22 14:18 - 00001922 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
    2012-07-11 04:17 - 2012-01-22 13:57 - 00000961 ____A C:\Users\Public\Desktop\Foxit Reader 5.0.lnk
    2012-07-11 04:17 - 2011-11-27 14:53 - 00000888 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2012-07-11 04:15 - 2012-07-11 04:06 - 01558016 ____A C:\RogueKiller.exe
    2012-07-11 04:07 - 2012-07-11 04:07 - 00003694 ____A C:\Users\Michael\Desktop\RKreport[2].txt
    2012-07-11 04:07 - 2012-07-11 04:07 - 00003539 ____A C:\Users\Michael\Desktop\RKreport[1].txt
    2012-07-11 04:06 - 2012-07-14 11:10 - 00000000 ____D C:\Users\Michael\Desktop\RK_Quarantine
    2012-07-11 04:06 - 2012-07-11 04:06 - 01558016 ____A C:\Users\Michael\Downloads\RogueKiller.exe
    2012-07-11 03:45 - 2012-07-11 03:45 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Adobe
    2012-07-11 03:13 - 2012-06-02 07:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-07-11 03:13 - 2012-06-02 07:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-07-11 03:13 - 2012-06-02 07:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-07-11 03:13 - 2012-06-02 07:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-07-11 03:13 - 2012-06-02 07:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-07-11 03:13 - 2012-06-02 07:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-07-11 03:13 - 2012-06-02 07:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-07-11 03:13 - 2012-06-02 07:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-07-11 03:13 - 2012-06-02 07:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-07-11 03:13 - 2012-06-02 07:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-07-11 03:13 - 2012-06-02 06:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-07-11 03:13 - 2012-06-02 06:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-07-11 03:13 - 2012-06-02 06:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-07-11 03:13 - 2012-06-02 06:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-07-11 03:13 - 2012-06-02 04:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-07-11 03:13 - 2012-06-02 03:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-07-11 03:13 - 2012-06-02 03:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-07-11 03:13 - 2012-06-02 03:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-07-11 03:13 - 2012-06-02 03:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-07-11 03:13 - 2012-06-02 03:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-07-11 03:13 - 2012-06-02 03:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-07-11 03:13 - 2012-06-02 03:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-07-11 03:13 - 2012-06-02 03:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-07-11 03:13 - 2012-06-02 03:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-07-11 03:13 - 2012-06-02 03:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-07-11 03:13 - 2012-06-02 03:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-07-11 03:13 - 2012-06-02 03:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-07-11 03:13 - 2012-06-02 03:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-07-11 03:11 - 2012-06-13 08:58 - 02769408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-07-11 02:54 - 2012-07-11 02:54 - 00000256 ____A C:\Users\All Users\Olxt5CtJcbv8Hx
    2012-07-11 02:54 - 2012-07-11 02:54 - 00000144 ____A C:\Users\All Users\-Olxt5CtJcbv8Hxr
    2012-07-11 02:54 - 2012-07-11 02:54 - 00000000 ____A C:\Users\All Users\-Olxt5CtJcbv8Hx
    2012-07-11 02:49 - 2012-07-11 02:49 - 00000000 ____D C:\Users\Michael\AppData\Roaming\WinRAR
    2012-07-11 02:43 - 2012-07-11 02:43 - 00106584 ____A C:\Users\Michael\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-07-11 02:43 - 2012-07-11 02:43 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Avira
    2012-07-11 02:43 - 2012-07-11 02:43 - 00000000 ____D C:\Users\Michael\AppData\Roaming\ATI
    2012-07-11 02:43 - 2012-07-11 02:43 - 00000000 ____D C:\Users\Michael\AppData\Local\ATI
    2012-07-11 02:41 - 2012-08-01 12:42 - 00000000 ____D C:\users\Michael
    2012-07-11 02:41 - 2012-07-11 02:41 - 00000020 ___SH C:\Users\Michael\ntuser.ini
    2012-07-11 02:41 - 2012-07-11 02:41 - 00000000 ____D C:\Users\Michael\AppData\Local\VirtualStore
    2012-07-11 02:41 - 2012-05-25 03:00 - 00000000 ____D C:\Users\Michael\AppData\Local\Microsoft Help
    2012-07-11 02:41 - 2012-01-22 14:20 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Macromedia
    2012-07-10 19:15 - 2012-07-10 19:15 - 00000752 ____A C:\Users\Administrator\Desktop\Ventrilo.lnk
    2012-07-10 19:15 - 2012-07-10 19:15 - 00000262 ____A C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
    2012-07-10 19:15 - 2012-07-10 19:15 - 00000000 ____D C:\Program Files\Ventrilo
    2012-07-10 19:13 - 2012-07-10 19:13 - 04135696 ____A C:\Users\Administrator\Downloads\ventrilo-3.0.8-Windows-x64.exe
    2012-07-10 19:08 - 2012-07-10 19:08 - 01132799 ____A C:\Users\Administrator\Downloads\TheUndermineJournal(4).zip
    2012-07-10 14:18 - 2012-06-08 12:59 - 12899840 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2012-07-10 14:18 - 2012-06-08 12:47 - 11586048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2012-07-10 14:18 - 2012-06-05 11:47 - 01401856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2012-07-10 14:18 - 2012-06-05 11:47 - 01248768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2012-07-10 14:18 - 2012-06-05 11:22 - 01869824 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
    2012-07-10 14:18 - 2012-06-05 11:22 - 01797120 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
    2012-07-10 14:18 - 2012-06-04 10:29 - 00516480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
    2012-07-10 14:18 - 2012-06-01 19:22 - 00347136 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
    2012-07-10 14:18 - 2012-06-01 19:22 - 00254464 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
    2012-07-10 14:18 - 2012-06-01 19:05 - 00077312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2012-07-10 14:18 - 2012-06-01 19:04 - 00278528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2012-07-10 14:18 - 2012-06-01 19:03 - 00204288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

    ============ 3 Months Modified Files ========================

    2012-08-07 17:34 - 2012-05-25 17:19 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-08-07 17:23 - 2008-01-20 20:53 - 01328311 ____A C:\Windows\WindowsUpdate.log
    2012-08-07 17:19 - 2009-06-05 16:46 - 00000124 ____A C:\service.log
    2012-08-07 17:17 - 2012-05-25 17:19 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-08-07 17:17 - 2011-11-27 16:08 - 00023080 ____A (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
    2012-08-07 17:17 - 2006-11-02 10:42 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-08-07 17:17 - 2006-11-02 10:22 - 00003712 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2012-08-07 17:17 - 2006-11-02 10:22 - 00003712 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2012-08-07 14:06 - 2012-04-07 20:50 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-08-07 13:46 - 2011-11-27 15:13 - 00183296 ____A C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2012-08-07 11:59 - 2011-11-27 16:33 - 00000735 ____A C:\Users\Administrator\Desktop\World of Warcraft.lnk
    2012-08-06 18:27 - 2006-11-02 10:42 - 00032652 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-08-06 06:35 - 2012-08-06 06:03 - 00013283 ____A C:\Users\Administrator\Desktop\MBRCheck_08.06.12_06.03.17.txt
    2012-08-06 05:18 - 2012-08-06 05:18 - 00002003 ____A C:\Users\Administrator\Desktop\RKreport[8].txt
    2012-08-06 05:11 - 2012-07-26 18:53 - 01552896 ____A C:\Users\Administrator\Desktop\RogueKiller.exe
    2012-08-05 19:59 - 2012-08-04 18:38 - 00003050 ____A C:\Users\Administrator\Desktop\Result.txt
    2012-08-05 19:58 - 2012-08-05 19:58 - 00000026 ____A C:\Users\Administrator\Desktop\fix.txt
    2012-08-04 18:38 - 2012-08-04 18:38 - 00814903 ____A (Farbar) C:\Users\Administrator\Desktop\ListParts64.exe
    2012-08-03 04:06 - 2012-07-11 18:06 - 09827016 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
    2012-08-03 04:06 - 2012-04-07 20:50 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-08-03 04:06 - 2011-11-27 16:30 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-08-03 03:30 - 2012-08-03 03:30 - 00013432 ____A C:\Users\Administrator\Desktop\MBRCheck_08.03.12_03.30.18.txt
    2012-08-02 17:42 - 2012-08-02 17:41 - 00012589 ____A C:\Users\Administrator\Desktop\MBRCheck_08.02.12_17.41.07.txt
    2012-08-01 16:38 - 2012-07-11 04:17 - 00002025 ____A C:\Users\Public\Desktop\Google Chrome.lnk
    2012-08-01 14:56 - 2012-08-01 14:56 - 00000318 ____A C:\Users\Administrator\Desktop\Curse Client.appref-ms
    2012-08-01 14:56 - 2012-06-21 17:05 - 00000318 ____A C:\Users\Administrator\Desktop\Curse Client - 1 .appref-ms
    2012-08-01 12:31 - 2012-08-01 12:31 - 00892822 ____A (Farbar) C:\Users\Administrator\Downloads\FRST.exe
    2012-08-01 10:05 - 2012-08-01 10:05 - 00001724 ____A C:\Users\Administrator\Desktop\aswMBR.txt
    2012-08-01 10:05 - 2012-08-01 10:05 - 00000512 ____A C:\Users\Administrator\Desktop\MBR.dat
    2012-07-31 19:27 - 2006-11-02 07:46 - 00703388 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-07-30 18:10 - 2012-07-30 18:06 - 127231689 ____A (Igor Pavlov) C:\Users\Administrator\Desktop\OTLPENet.exe
    2012-07-29 18:09 - 2006-11-02 10:27 - 00071261 ____A C:\Windows\setupact.log
    2012-07-29 17:57 - 2012-07-29 17:57 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_winusb_01009.Wdf
    2012-07-29 17:51 - 2012-07-29 17:51 - 00000000 ___AH C:\Windows\System32\Drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
    2012-07-29 17:39 - 2012-07-29 17:39 - 00000908 ____A C:\Users\Administrator\Desktop\Paper Jamz Pro.lnk
    2012-07-29 17:38 - 2012-07-28 09:50 - 00013981 ____A C:\Users\Administrator\Documents\glyph_stockpiling.xlsx
    2012-07-29 17:32 - 2012-07-29 17:26 - 133924232 ____A C:\Users\Administrator\Downloads\PaperJamzPro.exe
    2012-07-28 17:51 - 2012-07-28 17:50 - 00013285 ____A C:\Users\Administrator\Desktop\MBRCheck_07.28.12_17.50.12.txt
    2012-07-28 09:50 - 2012-05-17 21:05 - 00005643 ____A C:\Users\Administrator\Documents\glyph_stockpiling.xls_0.ods
    2012-07-27 05:42 - 2012-07-27 05:35 - 00013356 ____A C:\Users\Administrator\Desktop\MBRCheck_07.27.12_05.35.03.txt
    2012-07-26 19:03 - 2012-07-26 19:00 - 00001446 ____A C:\Users\Administrator\Desktop\RKreport[7].txt
    2012-07-26 18:58 - 2012-07-26 18:58 - 00001928 ____A C:\Users\Administrator\Desktop\RKreport[6].txt
    2012-07-26 18:57 - 2012-07-26 18:57 - 00000709 ____A C:\Users\Administrator\Desktop\RKreport[5].txt
    2012-07-26 18:57 - 2012-07-26 18:57 - 00000672 ____A C:\Users\Administrator\Desktop\RKreport[4].txt
    2012-07-26 18:56 - 2012-07-26 18:56 - 00000570 ____A C:\Users\Administrator\Desktop\RKreport[3].txt
    2012-07-26 18:55 - 2012-07-26 18:55 - 00001358 ____A C:\Users\Administrator\Desktop\RKreport[2].txt
    2012-07-26 18:54 - 2012-07-26 18:54 - 00001869 ____A C:\Users\Administrator\Desktop\RKreport[1].txt
    2012-07-25 18:26 - 2012-07-25 18:16 - 00013268 ____A C:\Users\Administrator\Desktop\MBRCheck_07.25.12_18.16.20.txt
    2012-07-24 17:10 - 2012-07-24 17:05 - 00013895 ____A C:\Users\Administrator\Desktop\MBRCheck_07.24.12_17.05.19.txt
    2012-07-24 16:57 - 2012-07-24 16:56 - 00013268 ____A C:\Users\Administrator\Desktop\MBRCheck_07.24.12_16.56.48.txt
    2012-07-24 16:44 - 2012-07-24 16:44 - 00000512 ____A C:\Users\Administrator\Desktop\MBRCheck_MBR_Backup_07-24-12_16-44-18.bak
    2012-07-24 16:44 - 2012-07-24 16:43 - 00014106 ____A C:\Users\Administrator\Desktop\MBRCheck_07.24.12_16.43.30.txt
    2012-07-24 16:42 - 2012-07-24 16:41 - 00014058 ____A C:\Users\Administrator\Desktop\MBRCheck_07.24.12_16.41.13.txt
    2012-07-24 09:43 - 2012-07-24 09:43 - 00000599 ____A C:\Users\Administrator\Desktop\dump.zip
    2012-07-24 09:38 - 2012-07-24 09:33 - 00014016 ____A C:\Users\Administrator\Desktop\MBRCheck_07.24.12_09.33.20.txt
    2012-07-24 09:37 - 2012-07-24 09:25 - 00000512 ____A C:\Users\Administrator\Desktop\dump.dat
    2012-07-24 09:32 - 2012-07-23 12:41 - 00080384 ____A C:\Users\Administrator\Desktop\MBRCheck.exe
    2012-07-24 09:26 - 2012-07-24 09:23 - 00013966 ____A C:\Users\Administrator\Desktop\MBRCheck_07.24.12_09.23.24.txt
    2012-07-23 17:51 - 2011-11-27 15:11 - 00000732 ____A C:\Users\Administrator\AppData\Local\d3d9caps64.dat
    2012-07-23 14:33 - 2012-07-23 14:33 - 00010094 ____A C:\Users\Administrator\Desktop\Attach.txt
    2012-07-23 14:31 - 2012-07-23 14:31 - 00025456 ____A C:\Users\Administrator\Desktop\DDS.txt
    2012-07-23 13:23 - 2012-07-23 13:23 - 00607260 ____R (Swearware) C:\Users\Administrator\Desktop\dds.scr
    2012-07-23 12:55 - 2012-07-23 12:55 - 00294216 ____A C:\Users\Administrator\Desktop\gmer.zip
    2012-07-23 12:55 - 2012-07-23 12:50 - 00013288 ____A C:\Users\Administrator\Desktop\MBRCheck_07.23.12_12.50.50.txt
    2012-07-23 12:43 - 2012-07-23 12:41 - 00013505 ____A C:\Users\Administrator\Desktop\MBRCheck_07.23.12_12.41.07.txt
    2012-07-23 12:42 - 2012-07-23 12:42 - 04582474 ____R (Swearware) C:\Users\Administrator\Desktop\commy.exe
    2012-07-23 12:31 - 2012-07-23 12:31 - 04731392 ____A (AVAST Software) C:\Users\Administrator\Desktop\aswMBR.exe
    2012-07-15 19:35 - 2011-11-27 15:38 - 00001356 ____A C:\Users\Administrator\AppData\Local\d3d9caps.dat
    2012-07-15 12:06 - 2006-11-02 10:21 - 00399736 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-07-15 00:31 - 2012-07-14 23:57 - 261122008 ____A (Avira GmbH) C:\Users\Administrator\Downloads\rescue_system-common-en.exe
    2012-07-14 22:48 - 2012-07-14 22:48 - 00270816 ____A C:\Windows\Minidump\Mini071412-03.dmp
    2012-07-14 22:48 - 2011-11-27 14:41 - 701416025 ____A C:\Windows\MEMORY.DMP
    2012-07-14 21:59 - 2012-07-14 21:59 - 00066000 ____A (Roxio) C:\Windows\SysWOW64\Drivers\Cdr4vsd.sys
    2012-07-14 21:59 - 2012-07-14 21:59 - 00057344 ____A (Roxio) C:\Windows\uneng.exe
    2012-07-14 21:59 - 2012-07-14 21:59 - 00049152 ____A (Roxio) C:\Windows\SysWOW64\cdrtc.dll
    2012-07-14 21:59 - 2012-07-14 21:59 - 00045056 ____A (Roxio) C:\Windows\SysWOW64\cdral.dll
    2012-07-14 21:59 - 2012-07-14 21:59 - 00027388 ____A (Roxio) C:\Windows\SysWOW64\Drivers\cdralwnt.sys
    2012-07-14 21:58 - 2012-07-14 21:53 - 94281863 ____A C:\Users\Administrator\Downloads\RoxioEasyCD0410.rar
    2012-07-14 21:52 - 2012-07-14 21:52 - 00821248 ____A C:\Users\Administrator\Downloads\FreeISOBurner.exe
    2012-07-14 21:43 - 2012-07-14 21:43 - 04266768 ____A (Smart Projects ) C:\Users\Administrator\Downloads\isobuster_all_lang.exe
    2012-07-14 21:26 - 2012-07-14 21:25 - 00270816 ____A C:\Windows\Minidump\Mini071412-02.dmp
    2012-07-14 21:20 - 2012-07-14 21:20 - 00270816 ____A C:\Windows\Minidump\Mini071412-01.dmp
    2012-07-14 21:16 - 2012-07-14 21:16 - 259346432 ____A C:\rescue_system-common-en.iso
    2012-07-14 17:16 - 2012-07-14 17:17 - 00955888 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
    2012-07-14 17:16 - 2012-07-14 17:17 - 00839152 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
    2012-07-14 17:13 - 2012-07-14 17:12 - 21869552 ____A (Oracle Corporation) C:\Users\Administrator\Downloads\jre-7u5-windows-x64.exe
    2012-07-14 11:57 - 2012-07-14 11:57 - 00961371 ____A C:\Users\Administrator\Documents\Copy of Consortium_Shuffler v4.xlsx
    2012-07-14 09:26 - 2012-07-14 09:26 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Administrator\Downloads\mbam-setup-1.62.0.1300.exe
    2012-07-14 09:26 - 2012-07-14 09:26 - 00000948 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-07-14 08:12 - 2012-06-20 07:37 - 00875466 ____A C:\Users\Administrator\Documents\tuj datasheet.xlsx
    2012-07-14 08:08 - 2012-07-14 08:08 - 00009287 ____A C:\Users\Administrator\Documents\glyph bank.xlsx
    2012-07-13 20:29 - 2012-07-13 20:29 - 00018325 ____A C:\Windows\SysWOW64\CCCInstall_201207132029492105.log
    2012-07-13 20:24 - 2012-07-13 20:20 - 162514192 ____A (Advanced Micro Devices, Inc.) C:\Users\Administrator\Downloads\12-6-legacy_vista_win7_64_dd_ccc.exe
    2012-07-11 04:38 - 2012-07-11 04:38 - 00399264 ____A (Bleeping Computer, LLC) C:\Users\Administrator\Downloads\unhide.exe
    2012-07-11 04:07 - 2012-07-11 04:07 - 00003694 ____A C:\Users\Michael\Desktop\RKreport[2].txt
    2012-07-11 04:07 - 2012-07-11 04:07 - 00003539 ____A C:\Users\Michael\Desktop\RKreport[1].txt
    2012-07-11 04:06 - 2012-07-11 04:15 - 01558016 ____A C:\RogueKiller.exe
    2012-07-11 04:06 - 2012-07-11 04:06 - 01558016 ____A C:\Users\Michael\Downloads\RogueKiller.exe
    2012-07-11 03:26 - 2006-11-02 07:34 - 00000254 ____A C:\Windows\win.ini
    2012-07-11 03:20 - 2006-11-02 07:35 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
    2012-07-11 02:54 - 2012-07-11 02:54 - 00000256 ____A C:\Users\All Users\Olxt5CtJcbv8Hx
    2012-07-11 02:54 - 2012-07-11 02:54 - 00000144 ____A C:\Users\All Users\-Olxt5CtJcbv8Hxr
    2012-07-11 02:54 - 2012-07-11 02:54 - 00000000 ____A C:\Users\All Users\-Olxt5CtJcbv8Hx
    2012-07-11 02:43 - 2012-07-11 02:43 - 00106584 ____A C:\Users\Michael\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-07-11 02:41 - 2012-07-11 02:41 - 00000020 ___SH C:\Users\Michael\ntuser.ini
    2012-07-11 02:35 - 2008-01-20 22:26 - 00114562 ____A C:\Windows\PFRO.log
    2012-07-10 19:15 - 2012-07-10 19:15 - 00000752 ____A C:\Users\Administrator\Desktop\Ventrilo.lnk
    2012-07-10 19:15 - 2012-07-10 19:15 - 00000262 ____A C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
    2012-07-10 19:13 - 2012-07-10 19:13 - 04135696 ____A C:\Users\Administrator\Downloads\ventrilo-3.0.8-Windows-x64.exe
    2012-07-10 19:08 - 2012-07-10 19:08 - 01132799 ____A C:\Users\Administrator\Downloads\TheUndermineJournal(4).zip
    2012-07-05 02:36 - 2012-05-24 23:10 - 01078513 ____A C:\Users\Administrator\Documents\Copy of Consortium_Shuffler v4.52.xlsx
    2012-07-04 02:32 - 2012-07-04 02:32 - 00187392 ____A C:\Windows\System32\clinfo.exe
    2012-07-04 02:32 - 2012-07-04 02:32 - 00075264 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OpenVideo64.dll
    2012-07-04 02:32 - 2012-07-04 02:32 - 00065024 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll
    2012-07-04 02:31 - 2012-07-04 02:31 - 16457216 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\amdocl64.dll
    2012-07-04 02:31 - 2012-07-04 02:31 - 00063488 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OVDecode64.dll
    2012-07-04 02:31 - 2012-07-04 02:31 - 00056320 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll
    2012-07-04 02:30 - 2012-07-04 02:30 - 13008384 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
    2012-07-04 02:30 - 2012-07-04 02:30 - 00054784 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll
    2012-07-04 02:30 - 2012-07-04 02:30 - 00050176 ____A (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
    2012-07-04 01:59 - 2012-07-04 01:59 - 11922944 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmdag.sys
    2012-07-04 01:52 - 2012-07-04 01:52 - 26016256 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atio6axx.dll
    2012-07-04 01:35 - 2012-07-04 01:35 - 19586048 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
    2012-07-04 01:28 - 2012-07-04 01:28 - 00246000 ____A C:\Windows\SysWOW64\atiapfxx.blb
    2012-07-04 01:28 - 2012-07-04 01:28 - 00246000 ____A C:\Windows\System32\atiapfxx.blb
    2012-07-04 01:27 - 2012-07-04 01:27 - 00159744 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiapfxx.exe
    2012-07-04 01:27 - 2011-04-20 02:09 - 00918528 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
    2012-07-04 01:25 - 2011-04-20 02:07 - 01081856 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\aticfx64.dll
    2012-07-04 01:21 - 2012-07-04 01:21 - 00514048 ____A (AMD) C:\Windows\System32\atieclxx.exe
    2012-07-04 01:21 - 2011-11-27 14:34 - 00442368 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\ATIDEMGX.dll
    2012-07-04 01:20 - 2012-07-04 01:20 - 00238080 ____A (AMD) C:\Windows\System32\atiesrxx.exe
    2012-07-04 01:19 - 2012-07-04 01:19 - 00120320 ____A (AMD) C:\Windows\System32\atitmm64.dll
    2012-07-04 01:19 - 2012-07-04 01:19 - 00059392 ____A (ATI Technologies, Inc.) C:\Windows\System32\atiedu64.dll
    2012-07-04 01:19 - 2012-07-04 01:19 - 00043520 ____A (ATI Technologies, Inc.) C:\Windows\SysWOW64\ati2edxx.dll
    2012-07-04 01:19 - 2012-07-04 01:19 - 00021504 ____A (AMD) C:\Windows\System32\atimuixx.dll
    2012-07-04 01:18 - 2011-04-20 01:59 - 06811648 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
    2012-07-04 00:57 - 2012-07-04 00:57 - 07510528 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atidxx64.dll
    2012-07-04 00:36 - 2012-07-04 00:36 - 01960960 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdmv.dll
    2012-07-04 00:36 - 2012-07-04 00:36 - 01053696 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd6v.dll
    2012-07-04 00:36 - 2012-07-04 00:36 - 00069632 ____A (AMD) C:\Windows\System32\coinst_8.97.100.3.dll
    2012-07-04 00:35 - 2011-04-20 01:38 - 06245888 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
    2012-07-04 00:35 - 2009-02-03 23:29 - 04261376 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd6a.dll
    2012-07-04 00:34 - 2012-07-04 00:34 - 02818784 ____A C:\Windows\System32\atiumd6a.cap
    2012-07-04 00:28 - 2011-04-20 01:30 - 04749312 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
    2012-07-04 00:27 - 2012-07-04 00:27 - 02852480 ____A C:\Windows\SysWOW64\atiumdva.cap
    2012-07-04 00:24 - 2009-02-03 23:36 - 07477760 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd64.dll
    2012-07-04 00:11 - 2012-07-04 00:11 - 00364544 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
    2012-07-04 00:11 - 2012-07-04 00:11 - 00056832 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
    2012-07-04 00:11 - 2012-07-04 00:11 - 00056832 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
    2012-07-04 00:11 - 2012-07-04 00:11 - 00056320 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atimpc64.dll
    2012-07-04 00:11 - 2012-07-04 00:11 - 00056320 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\amdpcom64.dll
    2012-07-04 00:11 - 2012-07-04 00:11 - 00041984 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6txx.dll
    2012-07-04 00:11 - 2012-07-04 00:11 - 00033280 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
    2012-07-04 00:11 - 2012-07-04 00:11 - 00017920 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6pxx.dll
    2012-07-04 00:11 - 2012-07-04 00:11 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
    2012-07-04 00:11 - 2012-07-04 00:11 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiglpxx.dll
    2012-07-04 00:11 - 2009-02-03 23:07 - 00535552 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiadlxx.dll
    2012-07-04 00:10 - 2012-07-04 00:10 - 00359936 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmpag.sys
    2012-07-04 00:10 - 2012-07-04 00:10 - 00055296 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiuxp64.dll
    2012-07-04 00:09 - 2012-07-04 00:09 - 00053248 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\ati2erec.dll
    2012-07-04 00:09 - 2011-04-20 01:21 - 00045056 ____A C:\Windows\System32\atitmp64.dll
    2012-07-04 00:09 - 2011-04-20 01:21 - 00045056 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiu9p64.dll
    2012-07-04 00:09 - 2011-04-20 01:21 - 00042496 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
    2012-07-04 00:09 - 2011-04-20 01:21 - 00032768 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
    2012-07-04 00:04 - 2012-07-04 00:04 - 15827456 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticaldd64.dll
    2012-07-04 00:04 - 2012-07-04 00:04 - 00051200 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalrt64.dll
    2012-07-04 00:04 - 2012-07-04 00:04 - 00046080 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
    2012-07-04 00:04 - 2012-07-04 00:04 - 00044544 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
    2012-07-04 00:04 - 2012-07-04 00:04 - 00044544 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalcl64.dll
    2012-07-03 23:59 - 2012-07-03 23:59 - 13402112 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
    2012-07-03 13:46 - 2012-07-14 09:26 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-07-01 18:16 - 2012-07-01 18:16 - 13085120 ____A (Microsoft Corporation) C:\Users\Administrator\Downloads\Silverlight_x64.exe
    2012-06-23 05:48 - 2012-06-23 05:48 - 00245305 ____A C:\Users\Administrator\Downloads\TheUndermineJournal(3).zip
    2012-06-22 03:10 - 2012-06-22 03:10 - 00698278 ____A C:\Users\Administrator\Downloads\easy_uninstaller.zip
    2012-06-22 03:09 - 2012-06-22 03:08 - 00463080 ____A (CNET Download.com) C:\Users\Administrator\Downloads\cnet2_easy_uninstaller_zip.exe
    2012-06-21 17:07 - 2012-06-21 17:07 - 00242459 ____A C:\Users\Administrator\Downloads\TheUndermineJournal(2).zip
    2012-06-16 02:08 - 2012-07-11 04:17 - 00001951 ____A C:\Users\Public\Desktop\DivX Plus Converter.lnk
    2012-06-16 02:08 - 2012-07-11 04:17 - 00000947 ____A C:\Users\Public\Desktop\DivX Plus Player.lnk
    2012-06-16 02:08 - 2012-06-16 02:08 - 00001426 ____A C:\Users\Administrator\Desktop\DivX Movies.lnk
    2012-06-16 02:05 - 2012-06-16 02:05 - 00933256 ____A (DivX, LLC) C:\Users\Administrator\Downloads\DivXInstaller.exe
    2012-06-13 08:58 - 2012-07-11 03:11 - 02769408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-06-08 12:59 - 2012-07-10 14:18 - 12899840 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2012-06-08 12:47 - 2012-07-10 14:18 - 11586048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2012-06-05 11:47 - 2012-07-10 14:18 - 01401856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2012-06-05 11:47 - 2012-07-10 14:18 - 01248768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2012-06-05 11:22 - 2012-07-10 14:18 - 01869824 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
    2012-06-05 11:22 - 2012-07-10 14:18 - 01797120 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
    2012-06-04 10:29 - 2012-07-10 14:18 - 00516480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
    2012-06-03 22:48 - 2012-06-03 22:48 - 00000165 ____A C:\Users\Administrator\Documents\~$glyph_stockpiling.xls_0.ods
    2012-06-03 21:51 - 2012-06-03 21:51 - 00000165 ____A C:\Users\Administrator\Documents\~$Copy of Consortium_Shuffler v4.52.xlsx
    2012-06-02 22:07 - 2012-06-02 22:07 - 00059768 ____A (MurGee.com) C:\Users\Administrator\Downloads\AutoMouseMover.exe
    2012-06-02 17:19 - 2012-06-22 21:14 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-02 17:19 - 2012-06-22 21:14 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-02 17:19 - 2012-06-22 21:14 - 00577048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
    2012-06-02 17:19 - 2012-06-22 21:14 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-02 17:19 - 2012-06-22 21:14 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-02 17:19 - 2012-06-22 21:14 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-02 17:19 - 2012-06-22 21:14 - 00035864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
    2012-06-02 17:15 - 2012-06-22 21:14 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-02 17:15 - 2012-06-22 21:14 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-02 17:12 - 2012-06-22 21:14 - 00088576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
    2012-06-02 15:19 - 2012-06-22 21:13 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-02 15:19 - 2012-06-22 21:13 - 00171904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
    2012-06-02 15:15 - 2012-06-22 21:13 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-02 15:12 - 2012-06-22 21:13 - 00033792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
    2012-06-02 07:49 - 2012-07-11 03:13 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-06-02 07:17 - 2012-07-11 03:13 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-06-02 07:12 - 2012-07-11 03:13 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-06-02 07:05 - 2012-07-11 03:13 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-06-02 07:05 - 2012-07-11 03:13 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-06-02 07:04 - 2012-07-11 03:13 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-06-02 07:04 - 2012-07-11 03:13 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-06-02 07:03 - 2012-07-11 03:13 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-06-02 07:01 - 2012-07-11 03:13 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-06-02 07:00 - 2012-07-11 03:13 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-06-02 06:59 - 2012-07-11 03:13 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-06-02 06:57 - 2012-07-11 03:13 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-06-02 06:57 - 2012-07-11 03:13 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-06-02 06:54 - 2012-07-11 03:13 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-06-02 04:07 - 2012-07-11 03:13 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-06-02 03:43 - 2012-07-11 03:13 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-06-02 03:33 - 2012-07-11 03:13 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-06-02 03:26 - 2012-07-11 03:13 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-06-02 03:25 - 2012-07-11 03:13 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-06-02 03:25 - 2012-07-11 03:13 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-06-02 03:23 - 2012-07-11 03:13 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-06-02 03:21 - 2012-07-11 03:13 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-06-02 03:20 - 2012-07-11 03:13 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-06-02 03:19 - 2012-07-11 03:13 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-06-02 03:19 - 2012-07-11 03:13 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-06-02 03:17 - 2012-07-11 03:13 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-06-02 03:16 - 2012-07-11 03:13 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-06-02 03:14 - 2012-07-11 03:13 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-06-02 00:20 - 2012-05-01 20:17 - 00000321 ____A C:\Users\Administrator\Documents\A-Alexstrasza.iqy
    2012-06-02 00:15 - 2012-06-02 00:15 - 00244140 ____A C:\Users\Administrator\Downloads\TheUndermineJournal(1).zip
    2012-06-01 19:22 - 2012-07-10 14:18 - 00347136 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
    2012-06-01 19:22 - 2012-07-10 14:18 - 00254464 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
    2012-06-01 19:05 - 2012-07-10 14:18 - 00077312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2012-06-01 19:04 - 2012-07-10 14:18 - 00278528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2012-06-01 19:03 - 2012-07-10 14:18 - 00204288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2012-05-31 12:25 - 2011-11-27 16:43 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
    2012-05-25 03:32 - 2011-11-27 15:12 - 00106584 ____A C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-05-25 03:13 - 2012-05-25 03:13 - 00467812 ____A C:\Windows\dd_vcredistMSI1AEC.txt
    2012-05-25 03:13 - 2012-05-25 03:13 - 00017106 ____A C:\Windows\dd_vcredistUI1AEC.txt
    2012-05-25 03:13 - 2012-05-25 03:12 - 00463468 ____A C:\Windows\dd_vcredistMSI1A46.txt
    2012-05-25 03:13 - 2012-05-25 03:12 - 00017058 ____A C:\Windows\dd_vcredistUI1A46.txt
    2012-05-25 02:32 - 2012-05-25 02:32 - 00017053 ____A C:\Users\Administrator\Downloads\Auc-Util-BigPicture-4.3.zip
    2012-05-25 00:31 - 2012-05-25 00:31 - 00476960 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll
    2012-05-25 00:31 - 2012-04-30 11:19 - 00472864 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
    2012-05-24 22:36 - 2012-07-11 04:17 - 00000930 ____A C:\Users\Public\Desktop\gBurner Virtual Drive.lnk
    2012-05-24 22:08 - 2012-05-24 22:08 - 00000846 ____A C:\Users\Administrator\Desktop\UltraISO.lnk
    2012-05-24 07:38 - 2012-05-10 08:05 - 00017408 ____A C:\Users\Administrator\Downloads\glyph_stockpiling.xls
    2012-05-23 08:30 - 2012-05-24 07:38 - 00017331 ____A C:\Users\Administrator\Documents\glyph_stockpiling.xls_0_1.ods
    2012-05-10 14:13 - 2012-05-10 14:13 - 00000097 ____A C:\Users\Administrator\Documents\doctor appointments.txt

    ========================= Bamital & volsnap Check ============

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
  5. Michael King

    Michael King Newcomer, in training Topic Starter Posts: 48

    ========================= Memory info ======================

    Percentage of memory in use: 27%
    Total physical RAM: 8189.57 MB
    Available physical RAM: 5925.91 MB
    Total Pagefile: 16433.66 MB
    Available Pagefile: 13932.73 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.89 MB

    ======================= Partitions =========================

    1 Drive c: () (Fixed) (Total:465.76 GB) (Free:176.02 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    3 Drive e: (Rosewill) (CDROM) (Total:0.09 GB) (Free:0 GB) CDFS
    4 Drive f: () (Removable) (Total:7.45 GB) (Free:7.41 GB) FAT32

    Disk ### Status Size Free Dyn Gpt
    -------- ---------- ------- ------- --- ---
    Disk 0 Online 466 GB 0 B
    Disk 1 Online 7634 MB 0 B
    Disk 2 No Media 0 B 0 B
    Disk 3 No Media 0 B 0 B
    Disk 4 No Media 0 B 0 B
    Disk 5 No Media 0 B 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 466 GB 1024 KB
    Partition 2 Primary 2032 KB 466 GB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 C NTFS Partition 466 GB Healthy System (partition with boot components)

    ==================================================================================

    Disk: 0
    Partition 2
    Type : 17 (Suspicious Type)
    Hidden: Yes
    Active: No

    There is no volume associated with this partition.

    ==================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 7633 MB 16 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 0B
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 F FAT32 Removable 7633 MB Healthy

    ==================================================================================

    ==========================================================

    Last Boot: 2012-08-07 17:27

    ======================= End Of Log ==========================
  6. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    What I want to do now is a complete virus scan for the system in Safe Mode. This way, we can make sure your computer is fully recovered...

    Save these instructions so you can have access to them while in Safe Mode.

    Please click here to download AVP Tool by Kaspersky.
    • Save it to your desktop.
    • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
    • Double click the setup file to run it.
    • Click Next to continue.
    • Accept the License agreement and click on next.
    • It will, by default, install it to your desktop folder. Click Next.
    • It will then open a box There will be a tab that says Automatic scan.
    • Under Automatic scan make sure these are checked.
    • [*]Hidden Startup Objects [*]System Memory [*]Disk Boot Sectors. [*]My Computer. [*]Also any other drives (Removable that you may have)
    Leave the rest of the settings as they appear as default.
    • Then click on Scan at the to right hand Corner.
    • It will automatically Neutralize any objects found.
    • If some objects are left un-neutralized then click the button that says Neutralize all
    • If it says it cannot be neutralized then choose the delete option when prompted.
    • After that is done click on the reports button at the bottom and save it to file name it Kas.
    • Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

      Note: This tool will self uninstall when you close it so please save the log before closing it.
  7. Michael King

    Michael King Newcomer, in training Topic Starter Posts: 48

    There was nothing detected (hence, no log).

    Should I perhaps convert that 2nd partition to NTFS so that it can be mounted and perhaps be visible to these scans?
  8. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Do you suspect something on that?
  9. Michael King

    Michael King Newcomer, in training Topic Starter Posts: 48

    Yes. After I changed from having that 2nd partition from being my boot partition, all of my problems went away (I think). However, I do not like it lurking there. Not to mention there may be nefarious things going on behind-the-scenes that I don't see.
  10. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Please re-run ListParts and post a new log.
  11. Michael King

    Michael King Newcomer, in training Topic Starter Posts: 48

    ListParts by Farbar Version: 25-07-2012
    Ran by Administrator (administrator) on 14-08-2012 at 19:04:10
    Windows Vista (X64)
    Running From: C:\Users\Administrator\Desktop
    Language: 0409
    ************************************************************

    ========================= Memory info ======================

    Percentage of memory in use: 37%
    Total physical RAM: 8189.57 MB
    Available physical RAM: 5123.43 MB
    Total Pagefile: 16433.66 MB
    Available Pagefile: 12956.78 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ======================= Partitions =========================

    1 Drive c: () (Fixed) (Total:465.76 GB) (Free:162.28 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    3 Drive e: (Rosewill) (CDROM) (Total:0.09 GB) (Free:0 GB) CDFS
    4 Drive f: () (Removable) (Total:7.45 GB) (Free:7.41 GB) FAT32

    Disk ### Status Size Free Dyn Gpt
    -------- ---------- ------- ------- --- ---
    Disk 0 Online 466 GB 0 B
    Disk 1 Online 7634 MB 0 B
    Disk 2 No Media 0 B 0 B
    Disk 3 No Media 0 B 0 B
    Disk 4 No Media 0 B 0 B
    Disk 5 No Media 0 B 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 466 GB 1024 KB
    Partition 2 Primary 2032 KB 466 GB

    ======================================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 C NTFS Partition 466 GB Healthy System (partition with boot components)

    ======================================================================================================

    Disk: 0
    Partition 2
    Type : 17 (Suspicious Type)
    Hidden: Yes
    Active: No

    There is no volume associated with this partition.

    ======================================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 7633 MB 16 KB

    ======================================================================================================

    Disk: 1
    Partition 1
    Type : 0B
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 F FAT32 Removable 7633 MB Healthy

    ======================================================================================================

    ****** End Of Log ******
     
  12. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Download Kernel Detective: http://www.kernelmode.info/ARKs/Kernel_Detective_v1.3.1.zip

    Extract the file to your Desktop.

    Enter the folder and double-click on Kernel Detective.exe to get started.

    We need four different logs, to be uploaded.

    Click on Kernel Modifications tab, then click on File > Save Current List, and give it a name. The name should be in *.txt format.

    Save the log to your Desktop.

    Do the same for the Drivers tab, System Service Descriptor Table, and the System Service Descriptor Table Shadow.

    Attach all the logs to your next reply.
  13. Michael King

    Michael King Newcomer, in training Topic Starter Posts: 48

    Errors with "Cannot load the Kernal Driver !"

    Also, Windows Defender is also not loading on bootup, but my Avira loads fine.
  14. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    I want to check something out, real quick then...

    To use driver verifier:
    - First make sure you can access Safe Mode (with Networking preferably), by tapping [F8] during startup. If verifier detects a problem, you may not be able to start in normal mode, so it is very important that you can access Safe Mode to disable it.
    - Go to Start and in the run/search bar type in verifier and press [Enter].
    - At the start of wizard, click Next.
    - Click Automatically select all drivers installed on this computer followed by Finish, and then restart the PC.

    If you receive any BSOD's during the course of using verifier, please upload the logs, as they will contain the results of any driver problems.

    To turn off driver verifier, simply go back to the verifier wizard again in Safe Mode, and select Delete existing settings.


    Tutorial: http://www.sevenforums.com/crash-lo...-driver-verifier-identify-issues-drivers.html
  15. Michael King

    Michael King Newcomer, in training Topic Starter Posts: 48

    Ok, I'm actively running the verifier. Other than being a bit slower than normal, everything seems to be running fine.
  16. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Cool. Looking forward to results, good or bad. :)
  17. Michael King

    Michael King Newcomer, in training Topic Starter Posts: 48

    Is there a log or something I should post? :)
  18. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Not at all. If no bluescreen, no big deal.

    How's the computer running? Everything seems fine from my end, but it's supremely your end that matters...
  19. Michael King

    Michael King Newcomer, in training Topic Starter Posts: 48

    Well, to be honest, I'm still concerned about the 2nd partition. Do you think it would be safe to delete it, or should I convert it to NTFS first and look inside?
  20. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Yes, you can delete it. (The suspicious one that is, although I thought the ListParts tool would work to delete it).

    It says there is no volume with it, which means no data is available (and the fact that it's not active, which means data can't be saved):

    Disk: 0
    Partition 2
    Type : 17 (Suspicious Type)
    Hidden: Yes
    Active: No

    There is no volume associated with this partition.
  21. Michael King

    Michael King Newcomer, in training Topic Starter Posts: 48

    Also, Windows Defender gives an error upon startup, and cannot be started manually.
  22. Michael King

    Michael King Newcomer, in training Topic Starter Posts: 48

    To be more explicit, I'm getting this error message:

    [​IMG]


    Also, I did delete the suspicious partition.
  23. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49



Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.