Jump to content


 

Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

No boot after Combo fix

Started by Stomis , Apr 09 2012 08:35 PM

  • This topic is locked This topic is locked
5 replies to this topic

#1 Stomis

Stomis

    New Member

  • Members
  • Pip
  • 3 posts

Posted 09 April 2012 - 08:35 PM

Found combo fix off another site before finding this site with the guideline not to run it unless instructed to... As always startup fix doesnt work. I ran farbars scan tool. Heres the log.



Scan result of Farbar Recovery Scan Tool Version: 15-03-2012
Ran by SYSTEM at 09-04-2012 21:21:31
Running from K:\
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [12681320 2011-08-26] (Realtek Semiconductor)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE [x]
HKLM\...\Run: [combofix] C:\ComboFix\CF29716.3XE /c C:\ComboFix\Combobatch.bat [x]
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [636032 2012-03-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ISTray] "C:\Program Files (x86)\PC Tools\PC Tools Security\pctsGui.exe" /hideGUI [2659768 2012-02-24] (PC Tools)
HKU\Admin\...\Run: [Actual Multiple Monitors] "C:\Program Files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsCenter.exe" [1495880 2012-11-12] (Actual Tools)
HKU\Admin\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1242448 2012-03-19] (Valve Corporation)
HKU\Admin\...\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
SubSystems: [Windows] ==> ZeroAccess

==================== Services (Whitelisted) ======

3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [253600 2012-04-07] (Adobe Systems Incorporated)
2 AODService; C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [136616 2011-10-13] ()
2 Browser Defender Update Service; "C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe" [550864 2012-02-17] (Threat Expert Ltd.)
3 IDriverT; "C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" [69632 2005-04-03] (Macrovision Corporation)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)
2 mpe; C:\Windows\System32\VRFIL.dll [6656 2009-07-13] (Oak Technology Inc.)
2 sdAuxService; C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [402336 2012-02-24] (PC Tools)
2 sdCoreService; C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe [1117624 2012-02-24] (PC Tools)
3 ThreatFire; C:\Program Files (x86)\PC Tools\PC Tools Security\TFEngine\TFService.exe service [71008 2012-02-24] (PC Tools)
2 WinDefend; %ProgramFiles(x86)%\Windows Defender\mpsvc.dll [x]

========================== Drivers (Whitelisted) =============

3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [10857984 2012-03-08] (Advanced Micro Devices, Inc.)
3 AODDriver; \??\C:\Program Files (x86)\GIGABYTE\ET6\amd64\AODDriver.sys [52280 2010-03-12] (Advanced Micro Devices)
2 AODDriver4.01; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [55936 2012-01-03] (Advanced Micro Devices)
2 AODDriver4.1; \??\C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [55936 2011-10-13] (Advanced Micro Devices)
3 BridgeMP; C:\Windows\System32\DRIVERS\bridge.sys [95232 2009-07-13] (Microsoft Corporation)
2 cpuz135; \??\C:\Windows\system32\drivers\cpuz135_x64.sys [21992 2011-09-21] (CPUID)
3 dmvsc; C:\Windows\System32\Drivers\dmvsc.sys [71168 2010-11-20] (Microsoft Corporation)
3 etdrv; \??\C:\Windows\etdrv.sys [25640 2012-01-02] (Windows ® Server 2003 DDK provider)
3 gdrv; \??\C:\Windows\gdrv.sys [25640 2012-01-02] (Windows ® Server 2003 DDK provider)
3 GVTDrv64; \??\C:\Windows\GVTDrv64.sys [30528 2012-01-02] ()
3 LHidFilt; C:\Windows\System32\Drivers\LHidFilt.sys [55312 2009-06-17] (Logitech, Inc.)
3 LMouFilt; C:\Windows\System32\Drivers\LMouFilt.sys [57872 2009-06-17] (Logitech, Inc.)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-04-04] (Malwarebytes Corporation)
3 PCTBD; C:\Windows\System32\Drivers\PCTBD64.sys [70760 2011-09-28] (PC Tools)
0 PCTCore; C:\Windows\System32\drivers\PCTCore64.sys [367912 2011-11-14] (PC Tools)
0 pctDS; C:\Windows\System32\drivers\pctDS64.sys [453896 2011-12-01] (PC Tools)
0 pctEFA; C:\Windows\System32\drivers\pctEFA64.sys [1096688 2011-12-01] (PC Tools)
3 PCTFW-PacketFilter; \??\C:\Windows\system32\drivers\pctNdis-PacketFilter64.sys [122784 2012-04-09] (PC Tools)
1 pctgntdi; \??\C:\Windows\System32\drivers\pctgntdi64.sys [339608 2012-02-24] (PC Tools)
1 pctNdisLW64; C:\Windows\System32\Drivers\pctNdisLW64.sys [77976 2012-04-09] (PC Tools)
3 pctplfw; \??\C:\Windows\System32\drivers\pctplfw64.sys [181512 2012-04-09] (PC Tools)
3 pctplsg; \??\C:\Windows\System32\drivers\pctplsg64.sys [92896 2012-02-24] (PC Tools)
1 PCTSD; C:\Windows\System32\Drivers\PCTSD64.sys [230952 2012-02-24] (PC Tools)
3 Synth3dVsc; C:\Windows\System32\Drivers\Synth3dVsc.sys [88960 2010-11-20] (Microsoft Corporation)
3 terminpt; C:\Windows\System32\Drivers\terminpt.sys [34816 2010-11-20] (Microsoft Corporation)
0 TfFsMon; C:\Windows\System32\Drivers\TfFsMon.sys [65664 2012-02-24] (PC Tools)
3 TfNetMon; C:\Windows\System32\Drivers\TfNetMon.sys [41968 2012-02-24] (PC Tools)
0 TFSysMon; C:\Windows\System32\Drivers\TFSysMon.sys [706776 2012-02-24] (PC Tools)
3 TsUsbGD; C:\Windows\System32\Drivers\TsUsbGD.sys [31232 2010-11-20] (Microsoft Corporation)
3 tsusbhub; C:\Windows\System32\Drivers\tsusbhub.sys [117248 2010-11-20] (Microsoft Corporation)
3 atillk64; \??\C:\Program Files (x86)\AMD\System Monitor\atillk64.sys [x]
3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 GPU-Z; \??\C:\Users\Admin\AppData\Local\Temp\GPU-Z.sys [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

========================== NetSvcs (Whitelisted) ===========
NETSVC: mpe

============ One Month Created Files and Folders ==============

2012-04-09 16:26 - 2012-04-09 16:26 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG2
2012-04-09 16:26 - 2012-04-09 16:26 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG1
2012-04-09 16:26 - 2012-04-09 16:26 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG2
2012-04-09 16:26 - 2012-04-09 16:26 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG1
2012-04-09 16:26 - 2012-04-09 16:26 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG2
2012-04-09 16:26 - 2012-04-09 16:26 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG1
2012-04-09 16:26 - 2012-04-09 16:26 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG2
2012-04-09 16:26 - 2012-04-09 16:26 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG1
2012-04-09 16:26 - 2012-04-09 16:26 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG2
2012-04-09 16:26 - 2012-04-09 16:26 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG1
2012-04-09 16:25 - 2012-04-09 16:27 - 0000027 ____A C:\Windows\System32\Drivers\etc\hosts
2012-04-09 16:19 - 2012-04-09 16:31 - 0000000 ___AD C:\Qoobox
2012-04-09 16:19 - 2012-04-09 16:31 - 0000000 ____D C:\Windows\ERDNT
2012-04-09 16:19 - 2012-04-09 16:31 - 0000000 ____D C:\ComboFix
2012-04-09 16:19 - 2011-06-25 22:45 - 0256000 ____A C:\Windows\PEV.exe
2012-04-09 16:19 - 2010-11-07 09:20 - 0208896 ____A C:\Windows\MBR.exe
2012-04-09 16:19 - 2009-04-19 20:56 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-04-09 16:19 - 2000-08-30 16:00 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-04-09 16:19 - 2000-08-30 16:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-04-09 16:19 - 2000-08-30 16:00 - 0098816 ____A C:\Windows\sed.exe
2012-04-09 16:19 - 2000-08-30 16:00 - 0080412 ____A C:\Windows\grep.exe
2012-04-09 16:19 - 2000-08-30 16:00 - 0068096 ____A C:\Windows\zip.exe
2012-04-09 16:11 - 2012-04-09 16:11 - 0000000 ____D C:\Users\Admin\AppData\Roaming\PCTools
2012-04-09 16:07 - 2012-04-09 16:07 - 0181512 ____A (PC Tools) C:\Windows\System32\Drivers\pctplfw64.sys
2012-04-09 16:07 - 2012-04-09 16:07 - 0077976 ____A (PC Tools) C:\Windows\System32\Drivers\pctNdisLW64.sys
2012-04-09 16:07 - 2012-04-09 16:07 - 0000000 ____D C:\Users\Admin\AppData\Roaming\Spam Monitor
2012-04-09 16:07 - 2012-04-09 16:07 - 0000000 ____D C:\Users\Admin\AppData\Roaming\PC Tools
2012-04-09 16:06 - 2012-04-09 16:06 - 0122784 ____A (PC Tools) C:\Windows\System32\Drivers\pctNdis-PacketFilter64.sys
2012-04-09 15:35 - 2012-04-09 15:35 - 0002247 ____A C:\Users\Public\Desktop\PC Tools Internet Security.lnk
2012-04-09 15:35 - 2012-02-24 05:16 - 0706776 ____S (PC Tools) C:\Windows\System32\Drivers\TfSysMon.sys
2012-04-09 15:35 - 2012-02-24 05:16 - 0065664 ____S (PC Tools) C:\Windows\System32\Drivers\TfFsMon.sys
2012-04-09 15:35 - 2012-02-24 05:16 - 0041968 ____S (PC Tools) C:\Windows\System32\Drivers\TfNetMon.sys
2012-04-09 15:33 - 2012-04-09 15:33 - 0000705 ____A C:\Users\Admin\Desktop\issetup.exe.lnk
2012-04-09 15:26 - 2012-02-24 06:37 - 0092896 ____A (PC Tools) C:\Windows\System32\Drivers\pctplsg64.sys
2012-04-09 15:26 - 2012-02-24 06:35 - 0014776 ____A (PC Tools) C:\Windows\System32\Drivers\pctBTFix64.sys
2012-04-09 15:26 - 2012-02-24 06:31 - 0339608 ____A (PC Tools) C:\Windows\System32\Drivers\pctgntdi64.sys
2012-04-09 15:26 - 2012-02-24 06:31 - 0145432 ____A (PC Tools) C:\Windows\System32\Drivers\pctwfpfilter64.sys
2012-04-09 15:26 - 2012-02-17 11:08 - 2250704 ____A (Threat Expert Ltd.) C:\Windows\PCTBDCore.dll
2012-04-09 15:26 - 2012-02-17 11:08 - 1681360 ____A (Threat Expert Ltd.) C:\Windows\PCTBDRes.dll
2012-04-09 15:26 - 2012-02-17 11:08 - 0767952 ____A C:\Windows\BDTSupport.dll
2012-04-09 15:26 - 2012-02-17 11:08 - 0149456 ____A (PC Tools) C:\Windows\SGDetectionTool.dll
2012-04-09 15:26 - 2011-09-28 09:14 - 0070760 ____A (PC Tools) C:\Windows\System32\Drivers\PCTBD64.sys
2012-04-09 15:26 - 2011-05-17 11:47 - 0003488 ____A C:\Windows\UDB.zip
2012-04-09 15:26 - 2010-08-20 06:50 - 0000882 ____A C:\Windows\RegSDImport.xml
2012-04-09 15:26 - 2010-01-22 05:44 - 0000879 ____A C:\Windows\RegISSImport.xml
2012-04-09 15:26 - 2008-11-26 08:08 - 0000131 ____A C:\Windows\IDB.zip
2012-04-09 15:25 - 2012-04-09 15:25 - 0000000 ____D C:\Program Files (x86)\PC Tools
2012-04-09 15:24 - 2012-04-09 16:27 - 8852771 ____A C:\Windows\System32\Drivers\Cat.DB
2012-04-09 15:24 - 2012-04-09 15:35 - 0000000 ____D C:\Users\All Users\PC Tools
2012-04-09 15:24 - 2012-04-09 15:35 - 0000000 ____D C:\ProgramData\PC Tools
2012-04-09 15:24 - 2012-04-09 15:24 - 0000802 ____A C:\Users\Admin\Desktop\SDAV_Online_aff_GenericRevenueWire_207.exe.lnk
2012-04-09 15:24 - 2012-04-09 15:24 - 0000000 ____D C:\Users\Admin\AppData\Roaming\TestApp
2012-04-09 15:24 - 2012-02-24 06:36 - 0230952 ____A (PC Tools) C:\Windows\System32\Drivers\PCTSD64.sys
2012-04-09 15:24 - 2011-12-01 12:07 - 1096688 ____A (PC Tools) C:\Windows\System32\Drivers\pctEFA64.sys
2012-04-09 15:24 - 2011-12-01 12:07 - 0453896 ____A (PC Tools) C:\Windows\System32\Drivers\pctDS64.sys
2012-04-09 15:24 - 2011-11-14 11:12 - 0367912 ____A (PC Tools) C:\Windows\System32\Drivers\PCTCore64.sys
2012-04-09 15:23 - 2012-04-09 15:23 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-04-09 15:22 - 2012-04-09 15:23 - 0123900 ____A C:\TDSSKiller.2.7.27.0_09.04.2012_19.22.55_log.txt
2012-04-09 14:26 - 2012-04-09 16:05 - 0000357 ____A C:\rkill.log
2012-04-09 14:02 - 2012-04-09 14:02 - 0000000 ____D C:\Users\Admin\Downloads\Rancid
2012-04-09 13:52 - 2012-04-09 13:52 - 0306768 ____A C:\Windows\Minidump\040912-23275-01.dmp
2012-04-07 21:42 - 2012-04-07 21:42 - 0306992 ____A C:\Windows\Minidump\040812-23478-01.dmp
2012-04-07 19:51 - 2012-04-09 14:34 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-07 19:51 - 2012-04-07 19:51 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-04-07 19:51 - 2012-04-07 19:51 - 0000000 ____D C:\Users\Admin\AppData\Roaming\Malwarebytes
2012-04-07 19:51 - 2012-04-07 19:51 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-04-07 19:51 - 2012-04-04 11:56 - 0024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-07 10:50 - 2012-04-07 10:50 - 0000000 ____D C:\Users\Admin\Downloads\Ozzy Osbourne
2012-04-07 10:43 - 2012-04-07 10:43 - 0000000 ____D C:\Users\Admin\Downloads\Black Sabbath
2012-04-07 10:34 - 2012-04-07 10:43 - 0000000 ____D C:\Users\Admin\Downloads\...And Justice for All
2012-04-07 10:32 - 2012-04-07 10:34 - 0000000 ____D C:\Users\Admin\Downloads\Metallica
2012-04-07 10:22 - 2012-04-07 10:22 - 0000000 ____D C:\Program Files (x86)\MGTEK
2012-04-07 08:34 - 2012-04-07 08:34 - 0000000 ____D C:\Users\All Users\MGTEK
2012-04-07 08:34 - 2012-04-07 08:34 - 0000000 ____D C:\ProgramData\MGTEK
2012-04-07 08:30 - 2012-04-07 08:30 - 0000000 ____D C:\Users\Admin\Downloads\MGTEK Dopisp 2.1.0924
2012-04-06 17:00 - 2012-04-06 17:01 - 0306424 ____A C:\Windows\Minidump\040612-17331-01.dmp
2012-04-06 07:12 - 2012-04-06 07:12 - 0306696 ____A C:\Windows\Minidump\040612-16910-01.dmp
2012-04-05 17:25 - 2012-04-05 17:25 - 0306976 ____A C:\Windows\Minidump\040512-18080-01.dmp
2012-04-05 07:11 - 2012-04-05 07:11 - 0306952 ____A C:\Windows\Minidump\040512-16863-01.dmp
2012-04-04 17:20 - 2012-04-04 17:21 - 0000000 ____D C:\Users\Admin\Downloads\Mission Impossible 4 Ghost Protocol (2011) DVDRip XviD-MAXSPEED
2012-04-04 07:03 - 2012-04-04 07:03 - 0306776 ____A C:\Windows\Minidump\040412-16458-01.dmp
2012-04-03 20:33 - 2012-04-03 20:33 - 0306736 ____A C:\Windows\Minidump\040412-17066-01.dmp
2012-04-03 04:16 - 2012-04-03 04:16 - 0307024 ____A C:\Windows\Minidump\040312-21122-01.dmp
2012-04-02 07:57 - 2012-04-02 07:57 - 0306776 ____A C:\Windows\Minidump\040212-20826-01.dmp
2012-04-01 16:11 - 2012-04-01 16:11 - 0262144 ____A C:\Windows\Minidump\040112-18501-01.dmp
2012-04-01 10:11 - 2012-04-01 10:21 - 0000000 ____D C:\Users\Admin\Downloads\Super 8 (2011)HD.720p_(V)_
2012-04-01 10:09 - 2012-04-01 10:11 - 0000000 ____D C:\Users\Admin\Downloads\The Girl With The Dragon Tattoo 2011 720p BRRip Srkfan Silver RG
2012-04-01 10:05 - 2012-04-01 12:04 - 0000000 ____D C:\Users\Admin\Downloads\Dirty Rotten Imbeciles
2012-04-01 10:05 - 2012-04-01 12:03 - 0000000 ____D C:\Users\Admin\Downloads\Cro Mags Discography
2012-03-31 20:47 - 2012-04-09 15:54 - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-03-31 20:47 - 2012-04-07 10:10 - 0418464 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-03-31 20:39 - 2012-03-31 20:39 - 0000000 ____D C:\Users\All Users\ATI
2012-03-31 20:39 - 2012-03-31 20:39 - 0000000 ____D C:\ProgramData\ATI
2012-03-31 20:39 - 2012-03-31 20:39 - 0000000 ____D C:\Program Files (x86)\AMD AVT
2012-03-31 20:39 - 2012-03-31 20:39 - 0000000 ____D C:\Program Files (x86)\AMD APP
2012-03-31 20:36 - 2012-03-31 20:36 - 0000000 ____D C:\AMD
2012-03-19 14:22 - 2012-04-09 16:28 - 0000000 ____D C:\Program Files (x86)\Steam
2012-03-18 07:55 - 2012-03-18 07:57 - 0000000 ____D C:\Users\Admin\Downloads\The Raconteurs Discography
2012-03-18 07:54 - 2012-03-18 07:59 - 0000000 ____D C:\Users\Admin\Downloads\The White Stripes
2012-03-17 12:30 - 2012-03-17 14:12 - 0000000 ____D C:\Users\Admin\Downloads\Boondock Saints the 1-2 Duology 1999-2009 BluRay 720p x264 ac3 jbr
2012-03-13 17:50 - 2011-11-19 07:20 - 5559152 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-13 17:50 - 2011-11-19 06:50 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-13 17:50 - 2011-11-19 06:50 - 3913584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-13 17:45 - 2012-03-13 17:45 - 0000000 ____D C:\Users\Admin\AppData\Local\ElevatedDiagnostics
2012-03-13 17:35 - 2012-02-16 22:38 - 1112064 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2012-03-13 17:35 - 2012-02-16 22:38 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-03-13 17:35 - 2012-02-16 21:34 - 0826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-03-13 17:35 - 2012-02-16 20:58 - 0210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-03-13 17:35 - 2012-02-16 20:57 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-03-13 17:35 - 2012-02-09 22:36 - 1544192 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-03-13 17:35 - 2012-02-09 21:38 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-03-13 17:35 - 2012-02-02 20:34 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-13 17:35 - 2012-01-24 22:38 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-03-13 17:35 - 2012-01-24 22:38 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-03-13 17:35 - 2012-01-24 22:33 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-03-11 12:57 - 2012-03-11 13:00 - 0000000 ____D C:\Users\Admin\Downloads\Snatch {2000} 720p BRRip x264 - Mr. KickASS
2012-03-11 12:54 - 2012-03-11 13:08 - 0000000 ____D C:\Users\Admin\Downloads\Sling Blade (1996)


============ 3 Months Modified Files and Folders =============

2012-04-09 21:21 - 2012-04-09 21:21 - 0000000 ____D C:\FRST
2012-04-09 17:06 - 2010-01-01 00:18 - 2145509376 __ASH C:\hiberfil.sys
2012-04-09 16:35 - 2011-12-31 23:03 - 1125847 ____A C:\Windows\WindowsUpdate.log
2012-04-09 16:35 - 2009-07-13 20:45 - 0023904 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-04-09 16:35 - 2009-07-13 20:45 - 0023904 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-04-09 16:32 - 2011-12-31 23:47 - 0737712 ____A C:\Windows\System32\perfh010.dat
2012-04-09 16:32 - 2011-12-31 23:47 - 0145590 ____A C:\Windows\System32\perfc010.dat
2012-04-09 16:32 - 2011-12-31 23:44 - 0688084 ____A C:\Windows\System32\perfh00C.dat
2012-04-09 16:32 - 2011-12-31 23:44 - 0476938 ____A C:\Windows\System32\perfh001.dat
2012-04-09 16:32 - 2011-12-31 23:44 - 0128746 ____A C:\Windows\System32\perfc00C.dat
2012-04-09 16:32 - 2011-12-31 23:44 - 0093592 ____A C:\Windows\System32\perfc001.dat
2012-04-09 16:32 - 2011-12-31 23:37 - 0694460 ____A C:\Windows\System32\perfh007.dat
2012-04-09 16:32 - 2011-12-31 23:37 - 0147584 ____A C:\Windows\System32\perfc007.dat
2012-04-09 16:32 - 2009-07-13 21:13 - 3854628 ____A C:\Windows\System32\PerfStringBackup.INI
2012-04-09 16:31 - 2012-04-09 16:19 - 0000000 ___AD C:\Qoobox
2012-04-09 16:31 - 2012-04-09 16:19 - 0000000 ____D C:\Windows\ERDNT
2012-04-09 16:31 - 2012-04-09 16:19 - 0000000 ____D C:\ComboFix
2012-04-09 16:28 - 2012-03-19 14:22 - 0000000 ____D C:\Program Files (x86)\Steam
2012-04-09 16:28 - 2009-07-13 18:34 - 0000215 ____A C:\Windows\system.ini
2012-04-09 16:27 - 2012-04-09 16:25 - 0000027 ____A C:\Windows\System32\Drivers\etc\hosts
2012-04-09 16:27 - 2012-04-09 15:24 - 8852771 ____A C:\Windows\System32\Drivers\Cat.DB
2012-04-09 16:27 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-04-09 16:27 - 2009-07-13 20:51 - 0060394 ____A C:\Windows\setupact.log
2012-04-09 16:27 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\config\TxR
2012-04-09 16:26 - 2012-04-09 16:26 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG2
2012-04-09 16:26 - 2012-04-09 16:26 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG1
2012-04-09 16:26 - 2012-04-09 16:26 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG2
2012-04-09 16:26 - 2012-04-09 16:26 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG1
2012-04-09 16:26 - 2012-04-09 16:26 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG2
2012-04-09 16:26 - 2012-04-09 16:26 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG1
2012-04-09 16:26 - 2012-04-09 16:26 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG2
2012-04-09 16:26 - 2012-04-09 16:26 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG1
2012-04-09 16:26 - 2012-04-09 16:26 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG2
2012-04-09 16:26 - 2012-04-09 16:26 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG1
2012-04-09 16:26 - 2010-11-20 19:47 - 0006966 ____A C:\Windows\PFRO.log
2012-04-09 16:26 - 2009-07-13 18:34 - 61341696 ____A C:\Windows\System32\config\SOFTWARE.bak
2012-04-09 16:26 - 2009-07-13 18:34 - 20447232 ____A C:\Windows\System32\config\SYSTEM.bak
2012-04-09 16:26 - 2009-07-13 18:34 - 0262144 ____A C:\Windows\System32\config\SECURITY.bak
2012-04-09 16:26 - 2009-07-13 18:34 - 0262144 ____A C:\Windows\System32\config\SAM.bak
2012-04-09 16:26 - 2009-07-13 18:34 - 0262144 ____A C:\Windows\System32\config\DEFAULT.bak
2012-04-09 16:11 - 2012-04-09 16:11 - 0000000 ____D C:\Users\Admin\AppData\Roaming\PCTools
2012-04-09 16:07 - 2012-04-09 16:07 - 0181512 ____A (PC Tools) C:\Windows\System32\Drivers\pctplfw64.sys
2012-04-09 16:07 - 2012-04-09 16:07 - 0077976 ____A (PC Tools) C:\Windows\System32\Drivers\pctNdisLW64.sys
2012-04-09 16:07 - 2012-04-09 16:07 - 0000000 ____D C:\Users\Admin\AppData\Roaming\Spam Monitor
2012-04-09 16:07 - 2012-04-09 16:07 - 0000000 ____D C:\Users\Admin\AppData\Roaming\PC Tools
2012-04-09 16:06 - 2012-04-09 16:06 - 0122784 ____A (PC Tools) C:\Windows\System32\Drivers\pctNdis-PacketFilter64.sys
2012-04-09 16:05 - 2012-04-09 14:26 - 0000357 ____A C:\rkill.log
2012-04-09 15:54 - 2012-03-31 20:47 - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-04-09 15:35 - 2012-04-09 15:35 - 0002247 ____A C:\Users\Public\Desktop\PC Tools Internet Security.lnk
2012-04-09 15:35 - 2012-04-09 15:24 - 0000000 ____D C:\Users\All Users\PC Tools
2012-04-09 15:35 - 2012-04-09 15:24 - 0000000 ____D C:\ProgramData\PC Tools
2012-04-09 15:33 - 2012-04-09 15:33 - 0000705 ____A C:\Users\Admin\Desktop\issetup.exe.lnk
2012-04-09 15:25 - 2012-04-09 15:25 - 0000000 ____D C:\Program Files (x86)\PC Tools
2012-04-09 15:24 - 2012-04-09 15:24 - 0000802 ____A C:\Users\Admin\Desktop\SDAV_Online_aff_GenericRevenueWire_207.exe.lnk
2012-04-09 15:24 - 2012-04-09 15:24 - 0000000 ____D C:\Users\Admin\AppData\Roaming\TestApp
2012-04-09 15:23 - 2012-04-09 15:23 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-04-09 15:23 - 2012-04-09 15:22 - 0123900 ____A C:\TDSSKiller.2.7.27.0_09.04.2012_19.22.55_log.txt
2012-04-09 15:14 - 2009-07-13 18:35 - 0003386 ____A C:\Windows\System32\Drivers\etc\lmhosts22.sam
2012-04-09 14:34 - 2012-04-07 19:51 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-09 14:31 - 2012-01-02 16:38 - 0000000 ____D C:\Users\Admin\AppData\Roaming\BitTorrent
2012-04-09 14:02 - 2012-04-09 14:02 - 0000000 ____D C:\Users\Admin\Downloads\Rancid
2012-04-09 13:52 - 2012-04-09 13:52 - 0306768 ____A C:\Windows\Minidump\040912-23275-01.dmp
2012-04-09 13:52 - 2012-01-02 17:49 - 637771339 ____A C:\Windows\MEMORY.DMP
2012-04-09 13:52 - 2012-01-02 17:49 - 0000000 ____D C:\Windows\Minidump
2012-04-07 21:42 - 2012-04-07 21:42 - 0306992 ____A C:\Windows\Minidump\040812-23478-01.dmp
2012-04-07 19:51 - 2012-04-07 19:51 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-04-07 19:51 - 2012-04-07 19:51 - 0000000 ____D C:\Users\Admin\AppData\Roaming\Malwarebytes
2012-04-07 19:51 - 2012-04-07 19:51 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-04-07 10:50 - 2012-04-07 10:50 - 0000000 ____D C:\Users\Admin\Downloads\Ozzy Osbourne
2012-04-07 10:43 - 2012-04-07 10:43 - 0000000 ____D C:\Users\Admin\Downloads\Black Sabbath
2012-04-07 10:43 - 2012-04-07 10:34 - 0000000 ____D C:\Users\Admin\Downloads\...And Justice for All
2012-04-07 10:34 - 2012-04-07 10:32 - 0000000 ____D C:\Users\Admin\Downloads\Metallica
2012-04-07 10:22 - 2012-04-07 10:22 - 0000000 ____D C:\Program Files (x86)\MGTEK
2012-04-07 10:10 - 2012-03-31 20:47 - 0418464 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-04-07 10:10 - 2012-01-01 12:11 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-04-07 08:34 - 2012-04-07 08:34 - 0000000 ____D C:\Users\All Users\MGTEK
2012-04-07 08:34 - 2012-04-07 08:34 - 0000000 ____D C:\ProgramData\MGTEK
2012-04-07 08:30 - 2012-04-07 08:30 - 0000000 ____D C:\Users\Admin\Downloads\MGTEK Dopisp 2.1.0924
2012-04-06 17:01 - 2012-04-06 17:00 - 0306424 ____A C:\Windows\Minidump\040612-17331-01.dmp
2012-04-06 07:12 - 2012-04-06 07:12 - 0306696 ____A C:\Windows\Minidump\040612-16910-01.dmp
2012-04-05 17:25 - 2012-04-05 17:25 - 0306976 ____A C:\Windows\Minidump\040512-18080-01.dmp
2012-04-05 07:11 - 2012-04-05 07:11 - 0306952 ____A C:\Windows\Minidump\040512-16863-01.dmp
2012-04-04 17:21 - 2012-04-04 17:20 - 0000000 ____D C:\Users\Admin\Downloads\Mission Impossible 4 Ghost Protocol (2011) DVDRip XviD-MAXSPEED
2012-04-04 15:18 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2012-04-04 11:56 - 2012-04-07 19:51 - 0024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-04 07:03 - 2012-04-04 07:03 - 0306776 ____A C:\Windows\Minidump\040412-16458-01.dmp
2012-04-03 20:33 - 2012-04-03 20:33 - 0306736 ____A C:\Windows\Minidump\040412-17066-01.dmp
2012-04-03 04:16 - 2012-04-03 04:16 - 0307024 ____A C:\Windows\Minidump\040312-21122-01.dmp
2012-04-02 19:58 - 2012-01-01 11:50 - 0000000 ____D C:\Users\Admin\AppData\Roaming\Mumble
2012-04-02 07:57 - 2012-04-02 07:57 - 0306776 ____A C:\Windows\Minidump\040212-20826-01.dmp
2012-04-01 16:11 - 2012-04-01 16:11 - 0262144 ____A C:\Windows\Minidump\040112-18501-01.dmp
2012-04-01 12:04 - 2012-04-01 10:05 - 0000000 ____D C:\Users\Admin\Downloads\Dirty Rotten Imbeciles
2012-04-01 12:03 - 2012-04-01 10:05 - 0000000 ____D C:\Users\Admin\Downloads\Cro Mags Discography
2012-04-01 10:21 - 2012-04-01 10:11 - 0000000 ____D C:\Users\Admin\Downloads\Super 8 (2011)HD.720p_(V)_
2012-04-01 10:11 - 2012-04-01 10:09 - 0000000 ____D C:\Users\Admin\Downloads\The Girl With The Dragon Tattoo 2011 720p BRRip Srkfan Silver RG
2012-03-31 20:39 - 2012-03-31 20:39 - 0000000 ____D C:\Users\All Users\ATI
2012-03-31 20:39 - 2012-03-31 20:39 - 0000000 ____D C:\ProgramData\ATI
2012-03-31 20:39 - 2012-03-31 20:39 - 0000000 ____D C:\Program Files (x86)\AMD AVT
2012-03-31 20:39 - 2012-03-31 20:39 - 0000000 ____D C:\Program Files (x86)\AMD APP
2012-03-31 20:39 - 2012-01-01 10:56 - 0000000 ____D C:\Users\All Users\AMD
2012-03-31 20:39 - 2012-01-01 10:56 - 0000000 ____D C:\ProgramData\AMD
2012-03-31 20:38 - 2012-01-01 10:55 - 0000000 ____D C:\Program Files\ATI Technologies
2012-03-31 20:36 - 2012-03-31 20:36 - 0000000 ____D C:\AMD
2012-03-18 14:09 - 2012-01-01 11:08 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-03-18 07:59 - 2012-03-18 07:54 - 0000000 ____D C:\Users\Admin\Downloads\The White Stripes
2012-03-18 07:57 - 2012-03-18 07:55 - 0000000 ____D C:\Users\Admin\Downloads\The Raconteurs Discography
2012-03-17 14:12 - 2012-03-17 12:30 - 0000000 ____D C:\Users\Admin\Downloads\Boondock Saints the 1-2 Duology 1999-2009 BluRay 720p x264 ac3 jbr
2012-03-13 17:55 - 2009-07-13 20:45 - 0276216 ____A C:\Windows\System32\FNTCACHE.DAT
2012-03-13 17:53 - 2012-01-02 16:39 - 0000000 ____D C:\Program Files (x86)\BitTorrent
2012-03-13 17:49 - 2012-01-01 06:18 - 56297240 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-03-13 17:45 - 2012-03-13 17:45 - 0000000 ____D C:\Users\Admin\AppData\Local\ElevatedDiagnostics
2012-03-12 23:04 - 2012-01-01 11:16 - 3811684 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-03-11 13:08 - 2012-03-11 12:54 - 0000000 ____D C:\Users\Admin\Downloads\Sling Blade (1996)
2012-03-11 13:00 - 2012-03-11 12:57 - 0000000 ____D C:\Users\Admin\Downloads\Snatch {2000} 720p BRRip x264 - Mr. KickASS
2012-03-08 22:28 - 2012-03-08 22:28 - 10857984 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmdag.sys
2012-03-08 21:26 - 2012-03-08 21:26 - 16507392 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\amdocl64.dll
2012-03-08 21:26 - 2012-03-08 21:26 - 0074752 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OpenVideo64.dll
2012-03-08 21:26 - 2012-03-08 21:26 - 0064512 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll
2012-03-08 21:26 - 2012-03-08 21:26 - 0061952 ____A C:\Windows\System32\OVDecode64.dll
2012-03-08 21:26 - 2012-03-08 21:26 - 0054784 ____A C:\Windows\SysWOW64\OVDecode.dll
2012-03-08 21:25 - 2012-03-08 21:25 - 13238272 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2012-03-08 21:24 - 2012-03-08 21:24 - 0054272 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll
2012-03-08 21:24 - 2012-03-08 21:24 - 0048128 ____A (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2012-03-08 21:17 - 2012-03-08 21:17 - 0235184 ____A C:\Windows\SysWOW64\atiapfxx.blb
2012-03-08 21:17 - 2012-03-08 21:17 - 0235184 ____A C:\Windows\System32\atiapfxx.blb
2012-03-08 21:16 - 2012-03-08 21:16 - 0159744 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiapfxx.exe
2012-03-08 21:16 - 2011-11-09 19:16 - 0791552 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2012-03-08 21:14 - 2011-11-09 19:15 - 0958464 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\aticfx64.dll
2012-03-08 21:11 - 2012-03-08 21:11 - 0496128 ____A (AMD) C:\Windows\System32\atieclxx.exe
2012-03-08 21:11 - 2011-11-09 19:12 - 0442368 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\ATIDEMGX.dll
2012-03-08 21:10 - 2012-03-08 21:10 - 0235520 ____A (AMD) C:\Windows\System32\atiesrxx.exe
2012-03-08 21:08 - 2012-03-08 21:08 - 0120320 ____A (AMD) C:\Windows\System32\atitmm64.dll
2012-03-08 21:08 - 2012-03-08 21:08 - 0021504 ____A (AMD) C:\Windows\System32\atimuixx.dll
2012-03-08 21:07 - 2012-03-08 21:07 - 0059392 ____A (ATI Technologies, Inc.) C:\Windows\System32\atiedu64.dll
2012-03-08 21:07 - 2012-03-08 21:07 - 0043520 ____A (ATI Technologies, Inc.) C:\Windows\SysWOW64\ati2edxx.dll
2012-03-08 21:04 - 2011-11-09 19:06 - 6200320 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2012-03-08 21:03 - 2012-03-08 21:03 - 26166784 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atio6axx.dll
2012-03-08 20:45 - 2011-11-09 18:51 - 7646208 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atidxx64.dll
2012-03-08 20:39 - 2012-03-08 20:39 - 19739136 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2012-03-08 20:36 - 2012-03-08 20:36 - 1828864 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdmv.dll
2012-03-08 20:36 - 2012-03-08 20:36 - 1113088 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd6v.dll
2012-03-08 20:35 - 2011-11-09 18:40 - 4958208 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd6a.dll
2012-03-08 20:31 - 2012-03-08 20:31 - 2425664 ____A C:\Windows\System32\atiumd6a.cap
2012-03-08 20:31 - 2012-03-08 20:31 - 0204952 ____A C:\Windows\SysWOW64\ativvsvl.dat
2012-03-08 20:31 - 2012-03-08 20:31 - 0204952 ____A C:\Windows\System32\ativvsvl.dat
2012-03-08 20:31 - 2012-03-08 20:31 - 0157144 ____A C:\Windows\SysWOW64\ativvsva.dat
2012-03-08 20:31 - 2012-03-08 20:31 - 0157144 ____A C:\Windows\System32\ativvsva.dat
2012-03-08 20:23 - 2012-03-08 20:23 - 5954048 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2012-03-08 20:23 - 2012-03-08 20:23 - 5062656 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2012-03-08 20:22 - 2012-03-08 20:22 - 2427392 ____A C:\Windows\SysWOW64\atiumdva.cap
2012-03-08 20:18 - 2012-03-08 20:18 - 0051200 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalrt64.dll
2012-03-08 20:18 - 2012-03-08 20:18 - 0046080 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2012-03-08 20:18 - 2012-03-08 20:18 - 0044544 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalcl64.dll
2012-03-08 20:18 - 2012-03-08 20:18 - 0044032 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2012-03-08 20:17 - 2012-03-08 20:17 - 16069632 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticaldd64.dll
2012-03-08 20:12 - 2012-03-08 20:12 - 13715968 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2012-03-08 20:11 - 2011-11-09 18:24 - 7552000 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd64.dll
2012-03-08 20:05 - 2012-03-08 20:05 - 0054784 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atimpc64.dll
2012-03-08 20:05 - 2012-03-08 20:05 - 0054784 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\amdpcom64.dll
2012-03-08 20:05 - 2012-03-08 20:05 - 0053760 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2012-03-08 20:05 - 2012-03-08 20:05 - 0053760 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2012-03-08 19:58 - 2012-03-08 19:58 - 0356352 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2012-03-08 19:58 - 2012-03-08 19:58 - 0328704 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmpag.sys
2012-03-08 19:58 - 2012-03-08 19:58 - 0039936 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6txx.dll
2012-03-08 19:58 - 2012-03-08 19:58 - 0033280 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2012-03-08 19:58 - 2012-03-08 19:58 - 0017408 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6pxx.dll
2012-03-08 19:58 - 2012-03-08 19:58 - 0014336 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2012-03-08 19:58 - 2012-03-08 19:58 - 0014336 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiglpxx.dll
2012-03-08 19:58 - 2011-11-09 18:13 - 0512000 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiadlxx.dll
2012-03-08 19:57 - 2011-04-19 22:21 - 0043008 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiuxp64.dll
2012-03-08 19:56 - 2011-11-09 18:11 - 0039936 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiu9p64.dll
2012-03-08 19:56 - 2011-11-09 18:11 - 0033280 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2012-03-08 19:56 - 2011-11-09 18:11 - 0030208 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2012-03-08 19:55 - 2012-03-08 19:55 - 0053248 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\ati2erec.dll
2012-03-08 19:47 - 2011-04-19 22:27 - 0058880 ____A (AMD) C:\Windows\System32\coinst.dll
2012-03-02 20:56 - 2012-03-02 20:51 - 0000000 ____D C:\Users\Admin\Downloads\distillers
2012-03-02 18:44 - 2012-03-02 18:42 - 0000000 ____D C:\Users\Admin\Downloads\Awake.S01E01.Pilot.480p.WEB-DL.x264-mSD [MKV 235MB]
2012-03-01 20:09 - 2012-02-18 19:22 - 0069596 ____A C:\Users\Admin\Desktop\Untitled.png
2012-03-01 06:07 - 2012-03-01 05:38 - 0000000 ____D C:\Users\Admin\Downloads\American.Graffiti.1973.720p.BRRip.XviD.AC3-PsychoLogic
2012-03-01 05:37 - 2012-03-01 05:37 - 0000000 ____D C:\Users\Admin\Downloads\American Graffiti
2012-02-25 14:10 - 2012-02-25 14:04 - 0000000 ____D C:\Users\Admin\Downloads\IN_TIME
2012-02-24 06:37 - 2012-04-09 15:26 - 0092896 ____A (PC Tools) C:\Windows\System32\Drivers\pctplsg64.sys
2012-02-24 06:36 - 2012-04-09 15:24 - 0230952 ____A (PC Tools) C:\Windows\System32\Drivers\PCTSD64.sys
2012-02-24 06:35 - 2012-04-09 15:26 - 0014776 ____A (PC Tools) C:\Windows\System32\Drivers\pctBTFix64.sys
2012-02-24 06:31 - 2012-04-09 15:26 - 0339608 ____A (PC Tools) C:\Windows\System32\Drivers\pctgntdi64.sys
2012-02-24 06:31 - 2012-04-09 15:26 - 0145432 ____A (PC Tools) C:\Windows\System32\Drivers\pctwfpfilter64.sys
2012-02-24 05:16 - 2012-04-09 15:35 - 0706776 ____S (PC Tools) C:\Windows\System32\Drivers\TfSysMon.sys
2012-02-24 05:16 - 2012-04-09 15:35 - 0065664 ____S (PC Tools) C:\Windows\System32\Drivers\TfFsMon.sys
2012-02-24 05:16 - 2012-04-09 15:35 - 0041968 ____S (PC Tools) C:\Windows\System32\Drivers\TfNetMon.sys
2012-02-23 05:18 - 2010-11-20 19:27 - 0279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-02-20 15:37 - 2012-02-20 14:04 - 0000000 ____D C:\Users\Admin\Downloads\INSANITY
2012-02-20 13:03 - 2012-02-20 13:03 - 0000000 ____D C:\Users\Admin\AppData\Roaming\Foxit Software
2012-02-18 18:54 - 2012-02-18 17:56 - 0000000 ____D C:\Users\Admin\Downloads\Straw Dogs 2011 BRRip 720p x264 AAC - KiNGDOM
2012-02-18 18:16 - 2012-02-18 17:55 - 0000000 ____D C:\Users\Admin\Downloads\The.Rum.Diary.2011,DVDRiP.AC3-5.1.XviD-SiC
2012-02-18 17:57 - 2012-02-18 17:57 - 0000000 ____D C:\Users\Admin\Downloads\The.Twilight.Saga.Breaking.Dawn.Part.1.2011.720p.BluRay.x264-SPARKS
2012-02-18 16:19 - 2012-02-18 16:19 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_LMouFilt_01005.Wdf
2012-02-18 16:19 - 2012-02-18 16:19 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_LHidFilt_01005.Wdf
2012-02-18 16:18 - 2012-02-18 16:18 - 0000000 ____D C:\Users\Admin\AppData\Roaming\Leadertech
2012-02-18 16:18 - 2012-02-18 16:18 - 0000000 ____D C:\Users\Admin\AppData\Local\LogiShrd
2012-02-18 16:18 - 2012-02-18 16:17 - 1132792 ____A C:\Windows\SetPointII_000.log
2012-02-18 16:18 - 2012-02-18 16:17 - 0002775 ____A C:\Windows\LDPINST.LOG
2012-02-18 16:17 - 2012-02-18 16:17 - 0000848 ____A C:\Users\All Users\Start Menu\Programs\Startup\SetPointII.lnk
2012-02-18 16:17 - 2012-02-18 16:17 - 0000000 ____D C:\Users\Public\Documents\LogiShrd
2012-02-18 16:17 - 2012-02-18 16:17 - 0000000 ____D C:\Users\All Users\LogiShrd
2012-02-18 16:17 - 2012-02-18 16:17 - 0000000 ____D C:\ProgramData\LogiShrd
2012-02-18 16:17 - 2012-02-18 16:17 - 0000000 ____D C:\Program Files\Logitech
2012-02-18 16:17 - 2012-02-18 16:17 - 0000000 ____D C:\Program Files\Common Files\Logishrd
2012-02-18 16:17 - 2012-01-01 11:13 - 0000000 ____D C:\Users\Admin\AppData\Local\Downloaded Installations
2012-02-17 11:08 - 2012-04-09 15:26 - 2250704 ____A (Threat Expert Ltd.) C:\Windows\PCTBDCore.dll
2012-02-17 11:08 - 2012-04-09 15:26 - 1681360 ____A (Threat Expert Ltd.) C:\Windows\PCTBDRes.dll
2012-02-17 11:08 - 2012-04-09 15:26 - 0767952 ____A C:\Windows\BDTSupport.dll
2012-02-17 11:08 - 2012-04-09 15:26 - 0149456 ____A (PC Tools) C:\Windows\SGDetectionTool.dll
2012-02-17 07:45 - 2012-02-17 07:45 - 0037533 ____A C:\Windows\atiogl.xml
2012-02-17 00:00 - 2012-02-05 15:22 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-02-16 22:38 - 2012-03-13 17:35 - 1112064 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2012-02-16 22:38 - 2012-03-13 17:35 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-02-16 21:34 - 2012-03-13 17:35 - 0826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-02-16 20:58 - 2012-03-13 17:35 - 0210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-02-16 20:57 - 2012-03-13 17:35 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-02-16 00:22 - 2011-12-31 23:06 - 0000174 ___SH C:\Users\Admin\Start Menu\Programs\Startup\desktop.ini
2012-02-16 00:22 - 2011-12-31 23:06 - 0000174 ___SH C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-13 05:26 - 2012-02-13 05:26 - 0000943 ____A C:\Users\Admin\Desktop\CDisplay.lnk
2012-02-13 05:26 - 2012-02-13 05:26 - 0000000 ____D C:\Program Files (x86)\CDisplay
2012-02-13 05:25 - 2012-02-13 05:24 - 0000000 ____D C:\Users\Admin\AppData\Roaming\WinRAR
2012-02-13 05:24 - 2012-02-13 05:24 - 0000000 ____D C:\Program Files\WinRAR
2012-02-12 21:46 - 2012-02-12 20:11 - 0000000 ____D C:\Users\Admin\Downloads\Star Wars Comics Collection
2012-02-12 20:27 - 2012-02-12 20:10 - 0000000 ____D C:\Users\Admin\Downloads\Paranormal Activity 3 (2011) UNRATED 575mb 720p BRRip Z3RO
2012-02-09 22:36 - 2012-03-13 17:35 - 1544192 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-02-09 21:38 - 2012-03-13 17:35 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-02-04 15:30 - 2012-02-04 15:30 - 0262144 ____A C:\Windows\Minidump\020412-16224-01.dmp
2012-02-04 12:10 - 2012-02-04 12:10 - 0000000 ____D C:\Users\Admin\Downloads\Wuthering Heights 2011 DVDSCR XviD AC3-REFiLL
2012-02-02 20:34 - 2012-03-13 17:35 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-01-31 03:02 - 2012-01-31 03:02 - 0021504 ____A C:\Windows\System32\kdbsdk64.dll
2012-01-31 03:00 - 2012-01-31 03:00 - 0016896 ____A C:\Windows\SysWOW64\kdbsdk32.dll
2012-01-29 15:13 - 2012-01-29 15:02 - 0000000 ____D C:\Users\Admin\Downloads\Drive (2011) 1080p - Kickassddl
2012-01-29 15:05 - 2012-01-29 15:02 - 0000000 ____D C:\Users\Admin\Downloads\50 50 2011 720p BRRip x264 vice
2012-01-28 16:06 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\LiveKernelReports
2012-01-26 11:35 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\rescache
2012-01-26 10:54 - 2010-11-20 23:16 - 0000000 ____D C:\Program Files\Windows Journal
2012-01-26 10:54 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\it-IT
2012-01-26 10:54 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\fr-FR
2012-01-26 10:54 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\de-DE
2012-01-26 10:54 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\ar-SA
2012-01-26 10:54 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sl-SI
2012-01-26 10:54 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sk-SK
2012-01-26 10:54 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\it-IT
2012-01-26 10:54 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\fr-FR
2012-01-26 10:54 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\de-DE
2012-01-26 10:54 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\ar-SA
2012-01-26 10:54 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\PolicyDefinitions
2012-01-26 10:31 - 2012-01-26 10:31 - 0000000 ____D C:\Users\All Users\IObit
2012-01-26 10:31 - 2012-01-26 10:31 - 0000000 ____D C:\ProgramData\IObit
2012-01-26 10:31 - 2012-01-26 10:31 - 0000000 ____D C:\Program Files (x86)\IObit
2012-01-24 22:38 - 2012-03-13 17:35 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-01-24 22:38 - 2012-03-13 17:35 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-01-24 22:33 - 2012-03-13 17:35 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-01-20 15:28 - 2012-01-20 15:28 - 0276304 ____A C:\Windows\Minidump\012012-14508-01.dmp
2012-01-17 17:59 - 2012-01-17 17:53 - 0000000 ____D C:\Users\Admin\Downloads\The Ides Of March 2011 720p BRRip x264 vice
2012-01-17 17:58 - 2012-01-17 17:58 - 0000000 ____D C:\Users\Admin\Downloads\Killer Elite 2011 720p BRRip 5.1AAC x264-ILPruny
2012-01-17 17:57 - 2012-01-17 17:55 - 0000000 ____D C:\Users\Admin\Downloads\Warrior.2011.BRRIP.720P.H264-ZEKTORM
2012-01-15 08:35 - 2012-01-15 08:35 - 0276304 ____A C:\Windows\Minidump\011512-17409-01.dmp
2012-01-14 17:08 - 2012-01-14 17:08 - 0000000 ____D C:\Users\Admin\AppData\Roaming\vlc
2012-01-14 17:07 - 2012-01-14 17:07 - 0000000 ____D C:\Program Files (x86)\VideoLAN
2012-01-14 10:48 - 2012-01-14 10:48 - 0000000 ____D C:\Program Files (x86)\Foxit Software

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 10%
Total physical RAM: 8189.49 MB
Available physical RAM: 7341.74 MB
Total Pagefile: 8187.69 MB
Available Pagefile: 7325.61 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:200 GB) (Free:73.22 GB) NTFS ==>[Drive with boot components (obtanied from BCD)]
2 Drive d: (Media Drive) (Fixed) (Total:265.75 GB) (Free:144.9 GB) NTFS
5 Drive g: (UDF Volume) (CDROM) (Total:3.12 GB) (Free:0 GB) UDF
9 Drive k: (SANDISK4GB) (Removable) (Total:3.76 GB) (Free:3.76 GB) FAT32
10 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 7168 KB
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 Online 3859 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 GB 31 KB
Partition 0 Extended 265 GB 199 GB
Partition 2 Logical 265 GB 199 GB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 199 GB Healthy

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D Media Drive NTFS Partition 265 GB Healthy

======================================================================================================

Partitions of Disk 5:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3859 MB 31 KB

======================================================================================================

Disk: 5
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 8 K SANDISK4GB FAT32 Removable 3859 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-04-08 20:45

======================= End Of Log ==========================

 

  • BC Ads
  • BleepingComputer.com

#2 Stomis

Stomis

    New Member

  • Members
  • Pip
  • 3 posts

Posted 09 April 2012 - 08:41 PM

Combofix log


ComboFix 12-04-09.05 - Admin 04/09/2012 20:20:45.1.6 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8189.6003 [GMT -4:00]
Running from: D:\My Downloads\My Mozilla\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Users\Admin\AppData\Local\Temp\ammemb.dll
C:\Users\Admin\AppData\Local\Temp\ammemb64.dll
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
C:\Windows\assembly\temp\@
C:\Windows\assembly\temp\cfg.ini
C:\Windows\system32\consrv.dll
C:\Windows\system32\dds_trash_log.cmd
C:\Windows\System64
D:\install.exe


((((((((((((((((((((((((( Files Created from 2012-03-10 to 2012-04-10 )))))))))))))))))))))))))))))))


2012-04-10 00:11:39 . 2012-04-10 00:11:39 -------- d-----w- C:\Users\Admin\AppData\Roaming\PCTools
2012-04-10 00:07:49 . 2012-04-10 00:07:49 -------- d-----w- C:\Users\Admin\AppData\Roaming\Spam Monitor
2012-04-10 00:07:49 . 2012-04-10 00:07:49 -------- d-----w- C:\Users\Admin\AppData\Roaming\PC Tools
2012-04-10 00:07:03 . 2012-04-10 00:07:03 181512 ----a-w- C:\Windows\system32\drivers\pctplfw64.sys
2012-04-10 00:07:00 . 2012-04-10 00:07:00 77976 ----a-w- C:\Windows\system32\drivers\pctNdisLW64.sys
2012-04-10 00:06:58 . 2012-04-10 00:06:58 122784 ----a-w- C:\Windows\system32\drivers\pctNdis-PacketFilter64.sys
2012-04-09 23:35:00 . 2012-02-24 13:16:10 706776 --s---w- C:\Windows\system32\drivers\TfSysMon.sys
2012-04-09 23:35:00 . 2012-02-24 13:16:10 65664 --s---w- C:\Windows\system32\drivers\TfFsMon.sys
2012-04-09 23:35:00 . 2012-02-24 13:16:10 41968 --s---w- C:\Windows\system32\drivers\TfNetMon.sys
2012-04-09 23:26:21 . 2011-09-28 17:14:02 70760 ----a-w- C:\Windows\system32\drivers\PCTBD64.sys
2012-04-09 23:26:20 . 2012-02-17 19:08:40 149456 ----a-w- C:\Windows\SGDetectionTool.dll
2012-04-09 23:26:20 . 2012-02-17 19:08:38 2250704 ----a-w- C:\Windows\PCTBDCore.dll
2012-04-09 23:26:20 . 2012-02-17 19:08:38 1681360 ----a-w- C:\Windows\PCTBDRes.dll
2012-04-09 23:26:20 . 2012-02-17 19:08:10 767952 ----a-w- C:\Windows\BDTSupport.dll
2012-04-09 23:26:05 . 2012-02-24 14:31:28 145432 ----a-w- C:\Windows\system32\drivers\pctwfpfilter64.sys
2012-04-09 23:26:05 . 2012-02-24 14:31:22 339608 ----a-w- C:\Windows\system32\drivers\pctgntdi64.sys
2012-04-09 23:26:04 . 2012-02-24 14:35:50 14776 ----a-w- C:\Windows\system32\drivers\pctBTFix64.sys
2012-04-09 23:26:02 . 2012-02-24 14:37:14 92896 ----a-w- C:\Windows\system32\drivers\pctplsg64.sys
2012-04-09 23:25:58 . 2012-04-09 23:25:58 -------- d-----w- C:\Program Files (x86)\PC Tools
2012-04-09 23:24:17 . 2011-12-01 20:07:10 1096688 ----a-w- C:\Windows\system32\drivers\pctEFA64.sys
2012-04-09 23:24:16 . 2011-12-01 20:07:08 453896 ----a-w- C:\Windows\system32\drivers\pctDS64.sys
2012-04-09 23:24:16 . 2011-11-14 19:12:28 367912 ----a-w- C:\Windows\system32\drivers\PCTCore64.sys
2012-04-09 23:24:15 . 2012-04-10 00:06:44 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2012-04-09 23:24:15 . 2012-02-24 14:36:50 230952 ----a-w- C:\Windows\system32\drivers\PCTSD64.sys
2012-04-09 23:24:08 . 2012-04-09 23:35:00 -------- d-----w- C:\ProgramData\PC Tools
2012-04-09 23:24:08 . 2012-04-09 23:24:08 -------- d-----w- C:\Users\Admin\AppData\Roaming\TestApp
2012-04-09 23:23:19 . 2012-04-09 23:23:19 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-08 03:51:19 . 2012-04-08 03:51:19 -------- d-----w- C:\Users\Admin\AppData\Roaming\Malwarebytes
2012-04-08 03:51:16 . 2012-04-09 22:34:24 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-08 03:51:16 . 2012-04-08 03:51:16 -------- d-----w- C:\ProgramData\Malwarebytes
2012-04-08 03:51:16 . 2012-04-04 19:56:40 24904 ----a-w- C:\Windows\system32\drivers\mbam.sys
2012-04-07 18:22:05 . 2012-04-07 18:22:05 -------- d-----w- C:\Program Files (x86)\MGTEK
2012-04-07 18:22:05 . 2012-04-07 18:22:05 -------- d-----w- C:\Program Files (x86)\Common Files\MGTEK
2012-04-07 16:34:36 . 2012-04-07 16:34:36 -------- d-----w- C:\ProgramData\MGTEK
2012-04-06 12:32:41 . 2012-03-14 03:27:40 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9C332E2C-4507-4A3C-8353-E42248DD7C61}\mpengine.dll
2012-04-01 04:47:25 . 2012-04-07 18:10:52 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-01 04:39:21 . 2012-04-01 04:39:21 -------- d-----w- C:\ProgramData\ATI
2012-04-01 04:39:17 . 2012-04-01 04:39:17 -------- d-----w- C:\Program Files (x86)\AMD AVT
2012-04-01 04:39:15 . 2012-04-01 04:39:15 -------- d-----w- C:\Program Files (x86)\AMD APP
2012-04-01 04:36:14 . 2012-04-01 04:36:14 -------- d-----w- C:\AMD
2012-03-19 22:22:05 . 2012-03-19 22:22:05 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2012-03-19 22:22:02 . 2012-04-10 00:28:04 -------- d-----w- C:\Program Files (x86)\Steam
2012-03-18 22:09:12 . 2012-03-18 22:09:12 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-18 22:09:12 . 2012-03-18 22:09:12 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-03-14 01:50:41 . 2011-11-19 15:20:37 5559152 ----a-w- C:\Windows\system32\ntoskrnl.exe
2012-03-14 01:50:41 . 2011-11-19 14:50:02 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-14 01:50:41 . 2011-11-19 14:50:02 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-14 01:45:42 . 2012-03-14 01:45:42 -------- d-----w- C:\Users\Admin\AppData\Local\ElevatedDiagnostics
2012-03-14 01:35:57 . 2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\system32\DWrite.dll
2012-03-14 01:35:57 . 2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-14 01:35:57 . 2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\system32\win32k.sys
2012-03-14 01:35:44 . 2012-01-25 06:38:39 77312 ----a-w- C:\Windows\system32\rdpwsx.dll
2012-03-14 01:35:44 . 2012-01-25 06:38:38 149504 ----a-w- C:\Windows\system32\rdpcorekmts.dll
2012-03-14 01:35:44 . 2012-01-25 06:33:30 9216 ----a-w- C:\Windows\system32\rdrmemptylst.exe
2012-03-14 01:35:37 . 2012-02-17 06:38:27 1112064 ----a-w- C:\Windows\system32\rdpcorets.dll
2012-03-14 01:35:37 . 2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\system32\rdpcore.dll
2012-03-14 01:35:37 . 2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-14 01:35:37 . 2012-02-17 04:58:24 210944 ----a-w- C:\Windows\system32\drivers\rdpwd.sys
2012-03-14 01:35:37 . 2012-02-17 04:57:32 23552 ----a-w- C:\Windows\system32\drivers\tdtcp.sys
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-04-07 18:10:52 . 2012-01-01 20:11:24 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-09 06:28:08 . 2012-03-09 06:28:08 10857984 ----a-w- C:\Windows\system32\drivers\atikmdag.sys
2012-03-09 05:26:42 . 2012-03-09 05:26:42 74752 ----a-w- C:\Windows\system32\OpenVideo64.dll
2012-03-09 05:26:32 . 2012-03-09 05:26:32 64512 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2012-03-09 05:26:24 . 2012-03-09 05:26:24 61952 ----a-w- C:\Windows\system32\OVDecode64.dll
2012-03-09 05:26:20 . 2012-03-09 05:26:20 54784 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2012-03-09 05:26:10 . 2012-03-09 05:26:10 16507392 ----a-w- C:\Windows\system32\amdocl64.dll
2012-03-09 05:25:16 . 2012-03-09 05:25:16 13238272 ----a-w- C:\Windows\SysWow64\amdocl.dll
2012-03-09 05:24:22 . 2012-03-09 05:24:22 54272 ----a-w- C:\Windows\system32\OpenCL.dll
2012-03-09 05:24:14 . 2012-03-09 05:24:14 48128 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2012-03-09 05:16:44 . 2012-03-09 05:16:44 159744 ----a-w- C:\Windows\system32\atiapfxx.exe
2012-03-09 05:16:28 . 2011-11-10 03:16:56 791552 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2012-03-09 05:14:42 . 2011-11-10 03:15:20 958464 ----a-w- C:\Windows\system32\aticfx64.dll
2012-03-09 05:11:24 . 2011-11-10 03:12:24 442368 ----a-w- C:\Windows\system32\ATIDEMGX.dll
2012-03-09 05:11:16 . 2012-03-09 05:11:16 496128 ----a-w- C:\Windows\system32\atieclxx.exe
2012-03-09 05:10:20 . 2012-03-09 05:10:20 235520 ----a-w- C:\Windows\system32\atiesrxx.exe
2012-03-09 05:08:50 . 2012-03-09 05:08:50 120320 ----a-w- C:\Windows\system32\atitmm64.dll
2012-03-09 05:08:02 . 2012-03-09 05:08:02 21504 ----a-w- C:\Windows\system32\atimuixx.dll
2012-03-09 05:07:56 . 2012-03-09 05:07:56 59392 ----a-w- C:\Windows\system32\atiedu64.dll
2012-03-09 05:07:50 . 2012-03-09 05:07:50 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2012-03-09 05:04:18 . 2011-11-10 03:06:20 6200320 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2012-03-09 05:03:40 . 2012-03-09 05:03:40 26166784 ----a-w- C:\Windows\system32\atio6axx.dll
2012-03-09 04:45:00 . 2011-11-10 02:51:18 7646208 ----a-w- C:\Windows\system32\atidxx64.dll
2012-03-09 04:39:20 . 2012-03-09 04:39:20 19739136 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2012-03-09 04:36:40 . 2012-03-09 04:36:40 1113088 ----a-w- C:\Windows\system32\atiumd6v.dll
2012-03-09 04:36:10 . 2012-03-09 04:36:10 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2012-03-09 04:35:54 . 2011-11-10 02:40:04 4958208 ----a-w- C:\Windows\system32\atiumd6a.dll
2012-03-09 04:23:44 . 2012-03-09 04:23:44 5062656 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2012-03-09 04:23:16 . 2012-03-09 04:23:16 5954048 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2012-03-09 04:18:30 . 2012-03-09 04:18:30 51200 ----a-w- C:\Windows\system32\aticalrt64.dll
2012-03-09 04:18:26 . 2012-03-09 04:18:26 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2012-03-09 04:18:14 . 2012-03-09 04:18:14 44544 ----a-w- C:\Windows\system32\aticalcl64.dll
2012-03-09 04:18:12 . 2012-03-09 04:18:12 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2012-03-09 04:17:54 . 2012-03-09 04:17:54 16069632 ----a-w- C:\Windows\system32\aticaldd64.dll
2012-03-09 04:12:38 . 2012-03-09 04:12:38 13715968 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2012-03-09 04:11:52 . 2011-11-10 02:24:26 7552000 ----a-w- C:\Windows\system32\atiumd64.dll
2012-03-09 04:05:20 . 2012-03-09 04:05:20 54784 ----a-w- C:\Windows\system32\atimpc64.dll
2012-03-09 04:05:20 . 2012-03-09 04:05:20 54784 ----a-w- C:\Windows\system32\amdpcom64.dll
2012-03-09 04:05:12 . 2012-03-09 04:05:12 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2012-03-09 04:05:12 . 2012-03-09 04:05:12 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2012-03-09 03:58:54 . 2011-11-10 02:13:32 512000 ----a-w- C:\Windows\system32\atiadlxx.dll
2012-03-09 03:58:44 . 2012-03-09 03:58:44 356352 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2012-03-09 03:58:30 . 2012-03-09 03:58:30 17408 ----a-w- C:\Windows\system32\atig6pxx.dll
2012-03-09 03:58:26 . 2012-03-09 03:58:26 14336 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2012-03-09 03:58:26 . 2012-03-09 03:58:26 14336 ----a-w- C:\Windows\system32\atiglpxx.dll
2012-03-09 03:58:20 . 2012-03-09 03:58:20 39936 ----a-w- C:\Windows\system32\atig6txx.dll
2012-03-09 03:58:10 . 2012-03-09 03:58:10 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2012-03-09 03:58:02 . 2012-03-09 03:58:02 328704 ----a-w- C:\Windows\system32\drivers\atikmpag.sys
2012-03-09 03:57:04 . 2011-04-20 06:21:46 43008 ----a-w- C:\Windows\system32\atiuxp64.dll
2012-03-09 03:56:56 . 2011-11-10 02:11:46 33280 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2012-03-09 03:56:48 . 2011-11-10 02:11:40 39936 ----a-w- C:\Windows\system32\atiu9p64.dll
2012-03-09 03:56:38 . 2011-11-10 02:11:32 30208 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2012-03-09 03:55:58 . 2012-03-09 03:55:58 53248 ----a-w- C:\Windows\system32\drivers\ati2erec.dll
2012-03-09 03:47:22 . 2011-04-20 06:27:00 58880 ----a-w- C:\Windows\system32\coinst.dll
2012-02-29 23:53:02 . 2012-02-29 23:53:02 162664 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
2012-02-23 13:18:36 . 2010-11-21 03:27:21 279656 ------w- C:\Windows\system32\MpSigStub.exe
2012-01-31 11:02:26 . 2012-01-31 11:02:26 21504 ----a-w- C:\Windows\system32\kdbsdk64.dll
2012-01-31 11:00:24 . 2012-01-31 11:00:24 16896 ----a-w- C:\Windows\SysWow64\kdbsdk32.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Actual Multiple Monitors"="C:\Program Files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsCenter.exe" [2012-11-12 17:12:14 1495880]
"Steam"="C:\Program Files (x86)\Steam\Steam.exe" [2012-03-19 22:23:53 1242448]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2010-11-21 03:24:51 1475584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-03-09 06:30:12 636032]
"ISTray"="C:\Program Files (x86)\PC Tools\PC Tools Security\pctsGui.exe" [2012-02-24 14:36:06 2659768]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
SetPointII.lnk - C:\Program Files\Logitech\SetPoint II\SetPointII.exe [2009-7-21 815104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

3;2 AODService;AODService;C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [x]
R2 AODDriver4.1;AODDriver4.1;C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [2011-10-14 04:50:52 55936]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 18:16:28 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 19:27:14 138576]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 19:56:40 654408]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 18:10:52 253600]
R3 AODDriver;AODDriver;C:\Program Files (x86)\GIGABYTE\ET6\amd64\AODDriver.sys [2010-03-12 10:40:48 52280]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys [x]
R3 atillk64;atillk64;C:\Program Files (x86)\AMD\System Monitor\atillk64.sys [x]
R3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys [x]
R3 etdrv;etdrv;C:\Windows\etdrv.sys [2012-01-03 02:57:55 25640]
R3 GPU-Z;GPU-Z;C:\Users\Admin\AppData\Local\Temp\GPU-Z.sys [x]
R3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2012-01-03 02:51:10 30528]
R3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys [x]
R3 PCTBD;PC Tools Browser Defender Driver;C:\Windows\system32\Drivers\PCTBD64.sys [x]
R3 pctplsg;pctplsg;C:\Windows\System32\drivers\pctplsg64.sys [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;C:\Windows\system32\DRIVERS\point64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys [x]
R3 TfNetMon;TfNetMon;C:\Windows\system32\drivers\TfNetMon.sys [x]
R3 ThreatFire;ThreatFire;C:\Program Files (x86)\PC Tools\PC Tools Security\TFEngine\TFService.exe service [x]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;C:\Windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe [x]
S0 PCTCore;PCTools KDS;C:\Windows\system32\drivers\PCTCore64.sys [x]
S0 pctDS;PC Tools Data Store;C:\Windows\system32\drivers\pctDS64.sys [x]
S0 pctEFA;PC Tools Extended File Attributes;C:\Windows\system32\drivers\pctEFA64.sys [x]
S0 TfFsMon;TfFsMon;C:\Windows\system32\drivers\TfFsMon.sys [x]
S0 TFSysMon;TFSysMon;C:\Windows\system32\drivers\TfSysMon.sys [x]
S1 pctgntdi;pctgntdi;C:\Windows\System32\drivers\pctgntdi64.sys [x]
S1 pctNdisLW64;PC Tools NDIS 6 LightWeight filter;C:\Windows\system32\DRIVERS\pctNdisLW64.sys [x]
S1 PCTSD;PC Tools Spyware Doctor Driver;C:\Windows\system32\Drivers\PCTSD64.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-03-09 05:10:06 361984]
S2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-01-04 03:22:54 55936]
S2 Browser Defender Update Service;Browser Defender Update Service;C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2012-02-17 19:08:16 550864]
S2 cpuz135;cpuz135;C:\Windows\system32\drivers\cpuz135_x64.sys [x]
S2 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [2012-02-24 13:16:12 402336]
S3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys [x]
S3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;C:\Windows\system32\drivers\pctNdis-PacketFilter64.sys [x]
S3 pctplfw;pctplfw;C:\Windows\System32\drivers\pctplfw64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys [x]


Contents of the 'Scheduled Tasks' folder

2012-04-09 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 04:47:25 . 2012-04-07 18:10:52]


--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 20:59:06 2417032]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-26 10:18:00 12681320]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 14:53:28 130576]
"combofix"="C:\ComboFix\CF29716.3XE" [2010-11-21 03:23:55 345088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
mpe

------- Supplementary Scan -------

uLocal Page = C:\Windows\system32\blank.htm
mLocal Page = C:\Windows\SysWOW64\blank.htm
LSP: C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
LSP: mswsock.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a4huyefy.default\
FF - prefs.js: browser.startup.homepage - www.yahoomail.com

- - - - ORPHANS REMOVED - - - -

Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - C:\Windows\System32\StikyNot.exe
SafeBoot-31022013.sys

#3 CatByte

CatByte

    bleepin' tiger

  • Malware Response Team
  • PipPipPipPipPipPip
  • 13,483 posts
  • Gender:Not Telling
  • Location:Canada

Posted 09 April 2012 - 09:02 PM

Hi

Please do the following:


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt 

start
script removed
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.

Edited by CatByte, 03 July 2012 - 09:34 PM.

The help you receive here is free. If you wish to show your appreciation, then you may Posted Image
Microsoft MVP - 2010, 2011, 2012

#4 Stomis

Stomis

    New Member

  • Members
  • Pip
  • 3 posts

Posted 10 April 2012 - 10:43 PM

Wound up restoring computer back last night. Ran combo fix again today to get it to the same state to run your script and lo and behold it didnt wipe anything from boot this time around and the virus is gone. Thanks for the help.

#5 CatByte

CatByte

    bleepin' tiger

  • Malware Response Team
  • PipPipPipPipPipPip
  • 13,483 posts
  • Gender:Not Telling
  • Location:Canada

Posted 10 April 2012 - 11:41 PM

please post the ComboFix log, just to make sure there are no remnants of the infection

thanks
The help you receive here is free. If you wish to show your appreciation, then you may Posted Image
Microsoft MVP - 2010, 2011, 2012

#6 CatByte

CatByte

    bleepin' tiger

  • Malware Response Team
  • PipPipPipPipPipPip
  • 13,483 posts
  • Gender:Not Telling
  • Location:Canada

Posted 21 April 2012 - 08:49 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
The help you receive here is free. If you wish to show your appreciation, then you may Posted Image
Microsoft MVP - 2010, 2011, 2012
Back to Virus, Trojan, Spyware, and Malware Removal Logs


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Logs
  4. Privacy Policy
  5. Rules ·