Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Sirefef


  • This topic is locked This topic is locked
4 replies to this topic

#1 nielthan

nielthan

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 13 July 2012 - 01:59 AM

My computer has also been infected with the Sirefef virus. 2 instances of it popped up in MSE and the computer is now stuck in the 1-minute reboot loop. I have tried running in safe mode with and without networking, but the computer reboots too quickly for me to run Malwarebytes. I am running Windows 7 64-bit. After looking at other topics, I have already run FRST64. The log is below


Scan result of Farbar Recovery Scan Tool Version: 11-07-2012
Ran by SYSTEM at 13-07-2012 01:48:46
Running from G:\
Windows 7 Professional (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11860072 2011-06-09] (Realtek Semiconductor)
HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [2114376 2008-03-17] (CANON INC.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421160 2011-06-07] (Apple Inc.)
HKLM-x32\...\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE [124512 2007-05-21] (CANON INC.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" [149280 2011-06-20] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml [10752 2012-02-20] ()
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [641704 2012-06-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [x]
HKU\Nathan\...\Run: [AirVideoServer] C:\Program Files (x86)\AirVideoServer\AirVideoServer.exe [4937544 2011-11-09] ()
HKU\Nathan\...\Run: [Rainlendar2] C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe [2346496 2011-02-04] ()
HKU\Nathan\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [1305408 2011-01-20] (DT Soft Ltd)
HKU\Nathan\...\Run: [Google Update] "C:\Users\Nathan\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-10-23] (Google Inc.)
HKU\Nathan\...\Run: [MusicManager] "C:\Users\Nathan\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [13806592 2012-06-01] (Google Inc.)
HKU\Nathan\...\Run: [Spotify Web Helper] "C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe" [1192664 2012-07-08] ()
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [462920 2012-07-03] (Malwarebytes Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{127B1F4E-DA2B-4B3E-A4F4-155F6DBA4D5A}: [NameServer]8.8.8.8,8.8.4.4
Startup: C:\Users\Nathan\Start Menu\Programs\Startup\Audio.ahk ()
Startup: C:\Users\Nathan\Start Menu\Programs\Startup\spotify.ahk ()

==================== Services (Whitelisted) ======

2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [80896 2011-03-31] ()
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2012-02-26] ()
2 YammmSvc; "C:\Program Files (x86)\Yammm\YammmSvc.exe" [14336 2010-08-03] (Mikinho)

========================== Drivers (Whitelisted) =============

3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [121280 2009-11-11] (SlySoft, Inc.)
3 AnyDVD; C:\Windows\SysWow64\Drivers\AnyDVD.sys [121280 2009-11-11] (SlySoft, Inc.)
2 AODDriver4.01; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
2 AODDriver4.1; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
3 BthAudioHF; C:\Windows\System32\Drivers\BthAudioHF.sys [52224 2009-12-21] (CSR, plc)
3 hamachi; C:\Windows\System32\Drivers\hamachi.sys [33856 2009-03-18] (LogMeIn, Inc.)
3 netr28ux; C:\Windows\System32\Drivers\netr28ux.sys [1061888 2009-09-15] (Ralink Technology Corp.)
0 sptd; C:\Windows\System32\Drivers\sptd.sys [513080 2011-06-30] (Duplex Secure Ltd.)
3 WsAudioDevice_383S(1); C:\Windows\System32\Drivers\WsAudioDevice_383S(1).sys [29288 2011-11-17] (Wondershare)
3 ALSysIO; \??\C:\Users\Nathan\AppData\Local\Temp\ALSysIO64.sys [x]
3 cpuz135; \??\C:\Users\Nathan\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [x]
3 VBoxNetFlt; C:\Windows\System32\DRIVERS\VBoxNetFlt.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-13 01:48 - 2012-07-13 01:48 - 00000000 ____D C:\FRST
2012-07-12 21:57 - 2012-07-12 21:57 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FBFA1F3E1306EE67
2012-07-12 21:53 - 2012-07-12 21:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.55847E91B14AE96B
2012-07-12 21:49 - 2012-07-12 21:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.46E7C496D51DDB5E
2012-07-12 21:46 - 2012-07-12 21:46 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6D0119D4623BC0A7
2012-07-12 21:32 - 2012-07-12 21:32 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C6B0B42FE0E44A8D
2012-07-12 21:29 - 2012-07-12 21:29 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-07-12 21:28 - 2012-07-12 21:28 - 12621696 ____A (Microsoft Corporation) C:\Users\Nathan\Desktop\mseinstall.exe
2012-07-12 21:07 - 2012-07-12 21:07 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-07-11 16:07 - 2012-07-11 16:46 - 00000000 ____D C:\Users\Nathan\Desktop\Eurotrip
2012-07-10 10:16 - 2012-06-11 19:02 - 03147264 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-10 10:05 - 2012-06-08 21:30 - 14165504 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-10 10:05 - 2012-06-08 20:46 - 12868608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-10 10:05 - 2012-06-05 21:50 - 02003968 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-10 10:05 - 2012-06-05 21:50 - 01880064 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-10 10:05 - 2012-06-05 21:09 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-10 10:05 - 2012-06-05 21:09 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-10 10:05 - 2012-06-01 21:38 - 00152432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-10 10:05 - 2012-06-01 21:38 - 00095088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-10 10:05 - 2012-06-01 21:37 - 00459216 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-10 10:05 - 2012-06-01 21:27 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-10 10:05 - 2012-06-01 21:27 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-10 10:05 - 2012-06-01 20:48 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-10 10:05 - 2012-06-01 20:48 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-10 10:05 - 2012-06-01 20:47 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-10 10:05 - 2012-06-01 20:42 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-07-06 19:04 - 2012-07-06 19:04 - 00000000 ____D C:\Users\Nathan\AppData\Local\{92BCE7D9-D640-462F-AFD5-4AE23333D7B8}
2012-07-06 19:03 - 2012-07-06 19:04 - 00000000 ____D C:\Users\Nathan\AppData\Local\{5BFB8308-A517-4194-91E4-BCA50F5F6318}
2012-07-06 19:03 - 2012-07-06 19:03 - 00000000 ____D C:\Windows\en
2012-07-06 18:57 - 2012-07-06 18:57 - 00000000 ____D C:\Users\Nathan\AppData\Local\{3E873C47-5436-4F4D-81D6-B430E2639EDD}
2012-07-06 18:57 - 2012-07-06 18:57 - 00000000 ____D C:\Users\Nathan\AppData\Local\{118A7AA1-3816-48B0-A507-27578318B689}
2012-07-06 18:56 - 2012-07-06 18:56 - 00000000 ____D C:\Users\Nathan\AppData\Local\{BEB124CF-7CBD-486B-8CF8-177DDB656328}
2012-07-06 18:56 - 2012-07-06 18:56 - 00000000 ____D C:\Users\Nathan\AppData\Local\{6A7A8FA5-FC7B-4812-AF79-E3D99189B76E}
2012-07-05 21:32 - 2012-07-06 22:03 - 00000000 ____D C:\Users\Nathan\Documents\dvd
2012-07-05 20:49 - 2012-07-11 17:12 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\DVD Flick
2012-07-05 20:49 - 2012-07-05 20:49 - 00000000 ____D C:\Program Files (x86)\DVD Flick
2012-07-05 20:49 - 2008-08-31 10:27 - 00028672 ____A (-) C:\Windows\SysWOW64\mousewheel.ocx
2012-07-05 20:49 - 2007-08-31 15:36 - 00036864 ____A (Robdogg Inc.) C:\Windows\SysWOW64\trayicon_handler.ocx
2012-07-05 20:49 - 2004-03-08 21:00 - 00212240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\richtx32.ocx
2012-07-05 20:49 - 2003-01-26 10:41 - 00040960 ____A (vbAccelerator) C:\Windows\SysWOW64\ssubtmr6.dll
2012-07-05 20:49 - 1998-06-23 21:00 - 00164144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\comct232.ocx
2012-07-05 19:37 - 2012-07-06 21:06 - 00052124 ____A C:\Users\Nathan\Documents\Mom.wlmp
2012-07-05 17:06 - 2012-07-05 17:06 - 00000000 ____D C:\Users\Nathan\AppData\Local\{633C3D3C-C74D-48A9-9710-7E3D0DB07912}
2012-07-05 17:06 - 2012-07-05 17:06 - 00000000 ____D C:\Users\Nathan\AppData\Local\{24F75877-4EDC-435F-B4B2-BC78A521E470}
2012-07-05 16:51 - 2012-07-05 17:02 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\Wondershare
2012-07-05 16:51 - 2012-07-05 16:51 - 00000000 ____D C:\Users\Nathan\AppData\Local\Wondershare
2012-07-05 16:51 - 2011-11-17 13:08 - 00029288 ____A (Wondershare) C:\Windows\System32\Drivers\WsAudioDevice_383S(1).sys
2012-07-05 16:50 - 2012-07-05 17:02 - 00000000 ____D C:\Program Files (x86)\Wondershare
2012-07-03 20:15 - 2012-07-03 20:15 - 01036066 ____A C:\Users\Nathan\Desktop\Toons UPC 2.0.rar
2012-07-03 19:02 - 2012-07-03 19:44 - 1145927434 ____A C:\Users\Nathan\Desktop\Toons_Battle_AI_Version_36.rar
2012-07-02 07:12 - 2012-07-02 07:12 - 00287066 ____A C:\Windows\msxml4-KB954430-enu.LOG
2012-07-02 07:12 - 2012-07-02 07:12 - 00281816 ____A C:\Windows\msxml4-KB973688-enu.LOG
2012-07-02 07:12 - 2012-07-02 07:12 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2012-06-30 14:21 - 2012-06-30 14:21 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_ZuneDriver_01_09_00.Wdf
2012-06-30 14:20 - 2012-06-30 14:20 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2012-06-30 10:56 - 2012-07-12 19:54 - 00000000 ____D C:\Users\Nathan\Documents\Quicken
2012-06-30 09:26 - 2012-06-30 09:26 - 00001810 ____A C:\Users\Public\Desktop\Quicken Deluxe 2012.lnk
2012-06-30 09:26 - 2011-08-30 23:34 - 04200024 ____A (Amyuni Technologies
2012-06-30 09:25 - 2012-06-30 09:46 - 00000000 ____D C:\Program Files (x86)\Quicken
2012-06-30 09:25 - 2012-06-30 09:26 - 00000126 ____A C:\Windows\QUICKEN.INI
2012-06-29 20:43 - 2012-07-04 13:38 - 00000000 ____D C:\Users\Nathan\Documents\FIFA 12
2012-06-29 20:42 - 2012-06-29 20:42 - 00000711 ____A C:\Users\Public\Desktop\UEFA EURO 2012.lnk
2012-06-29 17:20 - 2012-06-29 17:20 - 00000000 ____D C:\Users\All Users\ATI
2012-06-29 17:20 - 2012-06-29 17:20 - 00000000 ____D C:\Program Files (x86)\AMD APP
2012-06-26 20:56 - 2012-06-26 20:56 - 00568152 ____A C:\Windows\Minidump\062612-43539-01.dmp
2012-06-26 15:23 - 2012-06-26 15:23 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\Mozilla
2012-06-26 13:08 - 2012-06-26 13:08 - 00000000 ____D C:\Users\All Users\Mozilla
2012-06-24 20:22 - 2012-06-24 20:22 - 00305864 ____A C:\Windows\Minidump\062412-36317-01.dmp
2012-06-24 14:09 - 2012-06-24 14:11 - 00000000 ____D C:\Users\Nathan\Documents\AwesomeMod Updater
2012-06-24 14:08 - 2010-12-26 12:14 - 00000338 ____A C:\Windows\locale.aweupd
2012-06-24 14:08 - 2009-07-10 16:20 - 00167936 ____A C:\Windows\unzip.exe
2012-06-24 14:08 - 2009-07-10 13:05 - 00332800 ____A C:\Windows\wget.exe
2012-06-24 13:49 - 2012-06-24 13:49 - 00000000 ____D C:\Program Files (x86)\Electronic Arts
2012-06-24 13:27 - 2012-06-24 13:27 - 00000000 ____D C:\Program Files (x86)\Microsoft WSE
2012-06-24 13:22 - 2012-06-24 13:22 - 00001085 ____A C:\Users\Nathan\Desktop\Sims3Launcher - Shortcut.lnk
2012-06-24 06:32 - 2012-06-30 09:36 - 00000000 ____D C:\Program Files (x86)\Puppy Luv
2012-06-21 11:02 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-21 11:02 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-21 11:02 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-21 11:02 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-21 11:02 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-21 11:02 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-21 11:02 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-21 11:02 - 2012-06-02 12:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-21 11:02 - 2012-06-02 12:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-20 13:17 - 2012-06-20 13:17 - 00000000 ____D C:\Users\Nathan\Documents\Games for Windows - LIVE Demos
2012-06-20 13:12 - 2012-06-20 13:12 - 00000000 __SHD C:\Users\All Users\DSS
2012-06-20 13:12 - 2012-06-20 13:12 - 00000000 ____D C:\Users\All Users\Codemasters
2012-06-20 13:03 - 2012-06-20 13:03 - 00466456 ____A (Creative Labs) C:\Windows\System32\wrap_oal.dll
2012-06-20 13:03 - 2012-06-20 13:03 - 00444952 ____A (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2012-06-20 13:03 - 2012-06-20 13:03 - 00122904 ____A (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\System32\OpenAL32.dll
2012-06-20 13:03 - 2012-06-20 13:03 - 00109080 ____A (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2012-06-20 13:03 - 2012-06-20 13:03 - 00000000 ____D C:\Program Files (x86)\OpenAL
2012-06-20 13:03 - 2012-06-20 13:03 - 00000000 ____D C:\Program Files (x86)\BRS
2012-06-20 13:03 - 2011-03-19 12:16 - 01417216 ____A (Blue Ripple Sound Limited) C:\Windows\SysWOW64\rapture3d_oal.dll
2012-06-20 13:03 - 2010-09-22 10:12 - 19087360 ____A (Intel Corporation / Blue Ripple Sound Limited) C:\Windows\SysWOW64\mkl_blueripple.dll
2012-06-20 11:59 - 2012-06-20 11:59 - 00000000 ____D C:\Users\Nathan\AppData\Local\Origin
2012-06-20 11:59 - 2012-06-20 11:59 - 00000000 ____D C:\Users\All Users\Origin
2012-06-20 11:59 - 2012-06-20 11:59 - 00000000 ____D C:\Program Files (x86)\Origin Games
2012-06-20 11:56 - 2012-06-20 11:59 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\Origin
2012-06-20 11:56 - 2012-06-20 11:58 - 00000000 ____D C:\Program Files (x86)\Origin
2012-06-20 11:56 - 2012-06-20 11:56 - 00000527 ____A C:\Windows\KB893803v2.log
2012-06-20 11:56 - 2012-06-20 11:56 - 00000000 ____D C:\Users\All Users\Electronic Arts
2012-06-20 11:35 - 2012-06-20 11:35 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2012-06-20 11:35 - 2012-06-20 11:35 - 00000000 ____D C:\Program Files (x86)\AMD AVT
2012-06-20 11:33 - 2012-06-29 17:19 - 00000000 ____D C:\Program Files\ATI Technologies
2012-06-20 11:33 - 2012-06-20 11:33 - 00000000 ____D C:\Program Files\ATI
2012-06-20 11:33 - 2012-06-20 11:33 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2012-06-19 18:41 - 2012-06-19 18:41 - 01111224 ____A C:\Windows\Minidump\061912-41340-01.dmp
2012-06-18 14:08 - 2012-06-18 14:08 - 00980568 ____A C:\Windows\Minidump\061812-27034-01.dmp
2012-06-18 14:07 - 2012-06-26 20:55 - 371587922 ____A C:\Windows\MEMORY.DMP
2012-06-14 11:29 - 2012-06-14 11:29 - 00000028 ____A C:\Windows\pdf995.ini
2012-06-14 11:29 - 2012-06-14 11:29 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\pdf995
2012-06-14 11:28 - 2012-07-05 20:24 - 00000059 ____A C:\Windows\wpd99.drv
2012-06-14 11:28 - 2012-07-05 20:24 - 00000000 ____D C:\Users\All Users\pdf995
2012-06-14 11:28 - 2012-07-05 20:21 - 00040448 ____A C:\Windows\SysWOW64\pdf995mon64.dll
2012-06-14 11:28 - 2012-06-07 07:29 - 02266624 ____A (TODO: <Company name>) C:\Windows\System32\pdfmona64.dll
2012-06-14 11:28 - 2012-04-26 12:51 - 00040448 ____A C:\Windows\System32\pdf995mon64.dll
2012-06-14 11:28 - 2005-06-30 12:29 - 00011264 ____A C:\Windows\System32\pdf995mon64ui.dll
2012-06-14 11:27 - 2012-07-05 20:30 - 00000000 ____D C:\Program Files (x86)\pdf995


============ 3 Months Modified Files ========================

2012-07-12 21:59 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-12 21:59 - 2009-07-13 20:51 - 00008405 ____A C:\Windows\setupact.log
2012-07-12 21:57 - 2012-07-12 21:57 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FBFA1F3E1306EE67
2012-07-12 21:53 - 2012-07-12 21:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.55847E91B14AE96B
2012-07-12 21:49 - 2012-07-12 21:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.46E7C496D51DDB5E
2012-07-12 21:46 - 2012-07-12 21:46 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6D0119D4623BC0A7
2012-07-12 21:45 - 2011-06-23 10:25 - 07336960 __ASH C:\Users\Nathan\Desktop\Thumbs.db
2012-07-12 21:38 - 2009-07-13 15:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
2012-07-12 21:32 - 2012-07-12 21:32 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C6B0B42FE0E44A8D
2012-07-12 21:32 - 2009-07-13 21:13 - 00796844 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-12 21:30 - 2011-06-20 22:49 - 01895132 ____A C:\Windows\WindowsUpdate.log
2012-07-12 21:30 - 2011-06-20 21:10 - 00001945 ____A C:\Windows\epplauncher.mif
2012-07-12 21:29 - 2011-06-20 21:10 - 00810502 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-07-12 21:28 - 2012-07-12 21:28 - 12621696 ____A (Microsoft Corporation) C:\Users\Nathan\Desktop\mseinstall.exe
2012-07-12 21:27 - 2012-04-11 07:17 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-12 21:27 - 2011-06-28 07:50 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-12 20:25 - 2011-10-23 06:18 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1786871243-3485990770-1228978627-1000UA.job
2012-07-12 07:25 - 2011-10-23 06:18 - 00000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1786871243-3485990770-1228978627-1000Core.job
2012-07-10 10:38 - 2009-07-13 20:45 - 00013248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-10 10:38 - 2009-07-13 20:45 - 00013248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-10 10:31 - 2009-07-13 20:45 - 02283520 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-10 10:14 - 2011-06-21 08:06 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-07 07:11 - 2011-06-21 16:20 - 00018908 ____A C:\Windows\PFRO.log
2012-07-06 22:10 - 2012-02-29 16:15 - 00001908 ____A C:\Windows\diagwrn.xml
2012-07-06 22:10 - 2012-02-29 16:15 - 00001908 ____A C:\Windows\diagerr.xml
2012-07-06 22:09 - 2009-07-13 20:51 - 00000000 ____A C:\Windows\setuperr.log
2012-07-06 21:06 - 2012-07-05 19:37 - 00052124 ____A C:\Users\Nathan\Documents\Mom.wlmp
2012-07-06 19:01 - 2011-06-21 09:13 - 00595822 ____A C:\Windows\DirectX.log
2012-07-05 20:24 - 2012-06-14 11:28 - 00000059 ____A C:\Windows\wpd99.drv
2012-07-05 20:21 - 2012-06-14 11:28 - 00040448 ____A C:\Windows\SysWOW64\pdf995mon64.dll
2012-07-03 20:15 - 2012-07-03 20:15 - 01036066 ____A C:\Users\Nathan\Desktop\Toons UPC 2.0.rar
2012-07-03 19:44 - 2012-07-03 19:02 - 1145927434 ____A C:\Users\Nathan\Desktop\Toons_Battle_AI_Version_36.rar
2012-07-03 10:46 - 2011-06-23 16:58 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-02 07:12 - 2012-07-02 07:12 - 00287066 ____A C:\Windows\msxml4-KB954430-enu.LOG
2012-07-02 07:12 - 2012-07-02 07:12 - 00281816 ____A C:\Windows\msxml4-KB973688-enu.LOG
2012-06-30 14:21 - 2012-06-30 14:21 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_ZuneDriver_01_09_00.Wdf
2012-06-30 14:20 - 2012-06-30 14:20 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2012-06-30 09:26 - 2012-06-30 09:26 - 00001810 ____A C:\Users\Public\Desktop\Quicken Deluxe 2012.lnk
2012-06-30 09:26 - 2012-06-30 09:25 - 00000126 ____A C:\Windows\QUICKEN.INI
2012-06-29 20:42 - 2012-06-29 20:42 - 00000711 ____A C:\Users\Public\Desktop\UEFA EURO 2012.lnk
2012-06-26 20:56 - 2012-06-26 20:56 - 00568152 ____A C:\Windows\Minidump\062612-43539-01.dmp
2012-06-26 20:55 - 2012-06-18 14:07 - 371587922 ____A C:\Windows\MEMORY.DMP
2012-06-24 20:22 - 2012-06-24 20:22 - 00305864 ____A C:\Windows\Minidump\062412-36317-01.dmp
2012-06-24 13:22 - 2012-06-24 13:22 - 00001085 ____A C:\Users\Nathan\Desktop\Sims3Launcher - Shortcut.lnk
2012-06-20 13:03 - 2012-06-20 13:03 - 00466456 ____A (Creative Labs) C:\Windows\System32\wrap_oal.dll
2012-06-20 13:03 - 2012-06-20 13:03 - 00444952 ____A (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2012-06-20 13:03 - 2012-06-20 13:03 - 00122904 ____A (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\System32\OpenAL32.dll
2012-06-20 13:03 - 2012-06-20 13:03 - 00109080 ____A (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2012-06-20 11:56 - 2012-06-20 11:56 - 00000527 ____A C:\Windows\KB893803v2.log
2012-06-19 18:41 - 2012-06-19 18:41 - 01111224 ____A C:\Windows\Minidump\061912-41340-01.dmp
2012-06-18 21:17 - 2012-06-08 09:26 - 00000776 ____A C:\Users\Public\Desktop\Diablo III.lnk
2012-06-18 14:08 - 2012-06-18 14:08 - 00980568 ____A C:\Windows\Minidump\061812-27034-01.dmp
2012-06-14 11:29 - 2012-06-14 11:29 - 00000028 ____A C:\Windows\pdf995.ini
2012-06-11 19:02 - 2012-07-10 10:16 - 03147264 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-11 10:59 - 2012-06-11 10:59 - 10248192 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmdag.sys
2012-06-11 10:50 - 2012-06-11 10:50 - 16457728 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\amdocl64.dll
2012-06-11 10:50 - 2012-06-11 10:50 - 00187392 ____A C:\Windows\System32\clinfo.exe
2012-06-11 10:50 - 2012-06-11 10:50 - 00075264 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OpenVideo64.dll
2012-06-11 10:50 - 2012-06-11 10:50 - 00065024 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll
2012-06-11 10:50 - 2012-06-11 10:50 - 00063488 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OVDecode64.dll
2012-06-11 10:50 - 2012-06-11 10:50 - 00056320 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll
2012-06-11 10:49 - 2012-06-11 10:49 - 13008896 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2012-06-11 10:35 - 2012-06-11 10:35 - 00070144 ____A (AMD) C:\Windows\System32\coinst_8.98.dll
2012-06-11 10:29 - 2012-06-11 10:29 - 24826368 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atio6axx.dll
2012-06-11 10:00 - 2012-06-11 10:00 - 20467712 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2012-06-11 09:26 - 2012-06-11 09:26 - 00263840 ____A C:\Windows\SysWOW64\atiapfxx.blb
2012-06-11 09:26 - 2012-06-11 09:26 - 00263840 ____A C:\Windows\System32\atiapfxx.blb
2012-06-11 09:25 - 2012-06-11 09:25 - 00163840 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiapfxx.exe
2012-06-11 09:24 - 2012-04-05 18:21 - 00924160 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2012-06-11 09:23 - 2011-12-05 19:16 - 01090560 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\aticfx64.dll
2012-06-11 09:20 - 2012-04-05 18:16 - 00442368 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\ATIDEMGX.dll
2012-06-11 09:19 - 2012-06-11 09:19 - 00532992 ____A (AMD) C:\Windows\System32\atieclxx.exe
2012-06-11 09:19 - 2012-06-11 09:19 - 00239616 ____A (AMD) C:\Windows\System32\atiesrxx.exe
2012-06-11 09:17 - 2012-06-11 09:17 - 00120320 ____A (AMD) C:\Windows\System32\atitmm64.dll
2012-06-11 09:17 - 2012-06-11 09:17 - 00059392 ____A (ATI Technologies, Inc.) C:\Windows\System32\atiedu64.dll
2012-06-11 09:17 - 2012-06-11 09:17 - 00043520 ____A (ATI Technologies, Inc.) C:\Windows\SysWOW64\ati2edxx.dll
2012-06-11 09:17 - 2012-06-11 09:17 - 00021504 ____A (AMD) C:\Windows\System32\atimuixx.dll
2012-06-11 09:16 - 2012-06-11 09:16 - 06301696 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2012-06-11 09:01 - 2011-12-05 18:51 - 06914560 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atidxx64.dll
2012-06-11 08:51 - 2012-04-05 17:34 - 04246528 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd6a.dll
2012-06-11 08:50 - 2012-06-11 08:50 - 02936864 ____A C:\Windows\System32\atiumd6a.cap
2012-06-11 08:45 - 2012-06-11 08:45 - 15703040 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticaldd64.dll
2012-06-11 08:45 - 2012-06-11 08:45 - 00051200 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalrt64.dll
2012-06-11 08:45 - 2012-06-11 08:45 - 00046080 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2012-06-11 08:45 - 2012-06-11 08:45 - 00044544 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalcl64.dll
2012-06-11 08:45 - 2012-06-11 08:45 - 00044032 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2012-06-11 08:45 - 2012-04-05 17:34 - 05480448 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2012-06-11 08:43 - 2012-04-05 17:22 - 04729344 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2012-06-11 08:41 - 2012-06-11 08:41 - 02971136 ____A C:\Windows\SysWOW64\atiumdva.cap
2012-06-11 08:40 - 2012-06-11 08:40 - 13277696 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2012-06-11 08:36 - 2012-04-05 17:23 - 06605824 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd64.dll
2012-06-11 08:27 - 2012-04-05 17:11 - 00539136 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiadlxx.dll
2012-06-11 08:26 - 2012-06-11 08:26 - 00368640 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2012-06-11 08:26 - 2012-06-11 08:26 - 00367616 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmpag.sys
2012-06-11 08:26 - 2012-06-11 08:26 - 00041984 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6txx.dll
2012-06-11 08:26 - 2012-06-11 08:26 - 00033280 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2012-06-11 08:26 - 2012-06-11 08:26 - 00017920 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6pxx.dll
2012-06-11 08:26 - 2012-06-11 08:26 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2012-06-11 08:26 - 2012-06-11 08:26 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiglpxx.dll
2012-06-11 08:25 - 2012-06-11 08:25 - 00042496 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2012-06-11 08:25 - 2012-04-05 17:09 - 00045056 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiu9p64.dll
2012-06-11 08:25 - 2011-12-05 18:11 - 00054784 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiuxp64.dll
2012-06-11 08:24 - 2012-06-11 08:24 - 00053248 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\ati2erec.dll
2012-06-11 08:24 - 2012-04-05 17:09 - 00032768 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2012-06-11 08:23 - 2012-06-11 08:23 - 00056832 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2012-06-11 08:23 - 2012-06-11 08:23 - 00056832 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2012-06-11 08:23 - 2012-06-11 08:23 - 00056320 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atimpc64.dll
2012-06-11 08:23 - 2012-06-11 08:23 - 00056320 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\amdpcom64.dll
2012-06-08 21:30 - 2012-07-10 10:05 - 14165504 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:46 - 2012-07-10 10:05 - 12868608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-07 07:29 - 2012-06-14 11:28 - 02266624 ____A (TODO: <Company name>) C:\Windows\System32\pdfmona64.dll
2012-06-05 21:50 - 2012-07-10 10:05 - 02003968 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 21:50 - 2012-07-10 10:05 - 01880064 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 21:09 - 2012-07-10 10:05 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:09 - 2012-07-10 10:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-02 14:19 - 2012-06-21 11:02 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-21 11:02 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-21 11:02 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-21 11:02 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-21 11:02 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-21 11:02 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-21 11:02 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 12:19 - 2012-06-21 11:02 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 12:15 - 2012-06-21 11:02 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-01 21:38 - 2012-07-10 10:05 - 00152432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 21:38 - 2012-07-10 10:05 - 00095088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 21:37 - 2012-07-10 10:05 - 00459216 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 21:27 - 2012-07-10 10:05 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 21:27 - 2012-07-10 10:05 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 20:48 - 2012-07-10 10:05 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 20:48 - 2012-07-10 10:05 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 20:47 - 2012-07-10 10:05 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 20:42 - 2012-07-10 10:05 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-05-27 20:11 - 2012-05-27 20:11 - 00062901 ____A C:\Users\Nathan\Documents\Computer Assignment 3.xlsx
2012-05-26 23:35 - 2012-05-18 13:30 - 00013924 ____A C:\Users\Nathan\Documents\Common Size.xlsx
2012-05-26 23:35 - 2012-05-09 11:05 - 00010574 ____A C:\Users\Nathan\Documents\ratios.xlsx
2012-05-26 21:51 - 2012-05-26 21:51 - 00010475 ____A C:\Users\Nathan\Documents\Cash Budget.xlsx
2012-05-20 12:21 - 2012-05-20 12:21 - 00000165 ___AH C:\Users\Nathan\Documents\~$Common Size.xlsx
2012-05-16 08:41 - 2011-06-20 22:09 - 00000349 ____A C:\Users\Public\Documents\PCLECHAL.INI
2012-05-14 19:56 - 2012-06-12 09:33 - 01197568 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-14 19:52 - 2012-06-12 09:33 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-14 19:08 - 2012-06-12 09:33 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-14 19:06 - 2012-06-12 09:33 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-06 19:19 - 2009-07-13 21:08 - 00032574 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-05-04 22:53 - 2012-04-11 09:53 - 08744608 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-05-04 02:52 - 2012-06-12 09:33 - 05505392 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 02:08 - 2012-06-12 09:33 - 03958128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:08 - 2012-06-12 09:33 - 03902320 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-03 22:04 - 2011-11-28 22:14 - 00131020 ___AH C:\Windows\SysWOW64\mlfcache.dat
2012-05-01 21:32 - 2012-06-12 09:33 - 00208896 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-27 19:50 - 2012-06-12 09:33 - 00204800 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-27 12:47 - 2011-11-20 16:16 - 00056592 ____A C:\Windows\DPINST.LOG
2012-04-26 12:51 - 2012-06-14 11:28 - 00040448 ____A C:\Windows\System32\pdf995mon64.dll
2012-04-25 21:34 - 2012-06-12 09:33 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 21:34 - 2012-06-12 09:33 - 00076288 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 21:28 - 2012-06-12 09:33 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-23 21:59 - 2012-06-12 09:33 - 01460224 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 21:59 - 2012-06-12 09:33 - 00182272 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 21:59 - 2012-06-12 09:33 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-23 20:47 - 2012-06-12 09:33 - 01156608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-23 20:47 - 2012-06-12 09:33 - 00139264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-23 20:47 - 2012-06-12 09:33 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-04-19 22:25 - 2012-06-12 09:33 - 01501184 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-04-19 22:25 - 2012-06-12 09:33 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-04-19 22:23 - 2012-06-12 09:33 - 01026560 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
2012-04-19 22:22 - 2012-06-12 09:34 - 09373696 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-04-19 22:22 - 2012-06-12 09:34 - 00736256 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-04-19 22:22 - 2012-06-12 09:33 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-04-19 22:22 - 2012-06-12 09:33 - 00082944 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-04-19 22:22 - 2012-06-12 09:33 - 00057856 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-04-19 22:21 - 2012-06-12 09:34 - 12405760 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-04-19 22:21 - 2012-06-12 09:33 - 02458624 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-04-19 22:21 - 2012-06-12 09:33 - 00445952 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-04-19 22:21 - 2012-06-12 09:33 - 00256000 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-04-19 22:21 - 2012-06-12 09:33 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-04-19 22:18 - 2012-06-12 09:33 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-04-19 21:07 - 2012-06-12 09:33 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-04-19 21:07 - 2012-06-12 09:33 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-04-19 21:06 - 2012-06-12 09:34 - 06028288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-04-19 21:06 - 2012-06-12 09:34 - 00627200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-04-19 21:06 - 2012-06-12 09:33 - 00606208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstime.dll
2012-04-19 21:06 - 2012-06-12 09:33 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-04-19 21:06 - 2012-06-12 09:33 - 00064512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-04-19 21:05 - 2012-06-12 09:34 - 11019776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-04-19 21:05 - 2012-06-12 09:33 - 02072576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-04-19 21:05 - 2012-06-12 09:33 - 00381440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-04-19 21:05 - 2012-06-12 09:33 - 00185856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-04-19 21:05 - 2012-06-12 09:33 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-04-19 21:05 - 2012-06-12 09:33 - 00044544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-04-19 21:03 - 2012-06-12 09:33 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-04-19 21:00 - 2012-06-12 09:33 - 00482816 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-04-19 20:15 - 2012-06-12 09:33 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-04-19 19:58 - 2012-06-12 09:33 - 00386048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-04-19 19:24 - 2012-06-12 09:33 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-04-16 21:38 - 2012-06-12 09:33 - 00851968 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-04-16 20:45 - 2012-06-12 09:33 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

ZeroAccess:
C:\Windows\Installer\{5fac18ff-93b1-aacc-e3e9-9c593d0101ec}
C:\Windows\Installer\{5fac18ff-93b1-aacc-e3e9-9c593d0101ec}\@
C:\Windows\Installer\{5fac18ff-93b1-aacc-e3e9-9c593d0101ec}\L
C:\Windows\Installer\{5fac18ff-93b1-aacc-e3e9-9c593d0101ec}\n
C:\Windows\Installer\{5fac18ff-93b1-aacc-e3e9-9c593d0101ec}\U
C:\Windows\Installer\{5fac18ff-93b1-aacc-e3e9-9c593d0101ec}\U\00000001.@
C:\Windows\Installer\{5fac18ff-93b1-aacc-e3e9-9c593d0101ec}\U\800000cb.@

ZeroAccess:
C:\Users\Nathan\AppData\Local\{5fac18ff-93b1-aacc-e3e9-9c593d0101ec}
C:\Users\Nathan\AppData\Local\{5fac18ff-93b1-aacc-e3e9-9c593d0101ec}\@
C:\Users\Nathan\AppData\Local\{5fac18ff-93b1-aacc-e3e9-9c593d0101ec}\L
C:\Users\Nathan\AppData\Local\{5fac18ff-93b1-aacc-e3e9-9c593d0101ec}\U
C:\Users\Nathan\AppData\Local\{5fac18ff-93b1-aacc-e3e9-9c593d0101ec}\U\00000001.@
C:\Users\Nathan\AppData\Local\{5fac18ff-93b1-aacc-e3e9-9c593d0101ec}\U\800000cb.@

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 15%
Total physical RAM: 4095.24 MB
Available physical RAM: 3460.1 MB
Total Pagefile: 4093.39 MB
Available Pagefile: 3447.27 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:232.88 GB) (Free:151.38 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: () (Fixed) (Total:1863.01 GB) (Free:339.3 GB) NTFS
4 Drive g: () (Removable) (Total:0.99 GB) (Free:0.31 GB) FAT
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: () (Fixed) (Total:931.51 GB) (Free:713.42 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 Online 1863 GB 0 B
Disk 2 Online 232 GB 0 B
Disk 3 Online 1015 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 931 GB 1024 KB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y NTFS Partition 931 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1863 GB 1024 KB

==================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D NTFS Partition 1863 GB Healthy

==================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 232 GB 32 KB

==================================================================================

Disk: 2
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C NTFS Partition 232 GB Healthy

==================================================================================

Partitions of Disk 3:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
* Partition 1 Primary 1015 MB 0 B

==================================================================================

Disk: 3
There is no partition selected.

There is no partition selected.
Please select a partition and try again.

==================================================================================

==========================================================

Last Boot: 2012-07-08 19:30

======================= End Of Log ==========================

BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:03 PM

Posted 13 July 2012 - 05:28 PM

Hi

Please do the following:


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
SubSystems: [Windows] ==> ZeroAccess
C:\Windows\Installer\{5fac18ff-93b1-aacc-e3e9-9c593d0101ec}
C:\Users\Nathan\AppData\Local\{5fac18ff-93b1-aacc-e3e9-9c593d0101ec}
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

  • While you are still booted into System Recovery Options run FRST.

    Type the following in the edit box after "Search:" so it looks like this:

    Search: services.exe

    Click Search button and post the log it makes to your reply.

reboot normally and post both logs in your next reply

thanks

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 nielthan

nielthan
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 13 July 2012 - 05:46 PM

Thanks for the reply CatByte. Luckily, I was able to stop the reboots with the Avira recovery system and then proceeded to back up my documents. I then formatted my C drive and reinstalled Windows to be safe. I know reinstalling Windows might have been unnecessary, but I think my computer was due a fresh copy of Windows anyways. If a mod can lock up this thread, it would be appreciated.

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:03 PM

Posted 13 July 2012 - 05:48 PM

ok, thanks for letting me know

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:03 PM

Posted 13 July 2012 - 05:48 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users