Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sirefef Infection


  • This topic is locked This topic is locked
3 replies to this topic

#1 Onionman34

Onionman34

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:57 AM

Posted 29 July 2012 - 11:08 AM

Hello and thanks for looking at my thread.
I appear to have been infected with the sirefef trojan that has been going around. Microsoft security essentials says that it detects a trojan called Sirefef. The problem is that it is causing my pc to reboot. It gives me a error saying that my machine encountered a critical error and needs to reboot. I have looked into other threads on this board that have had similar issues. I would have simply followed the instructions from that thread but the notice that each script is written for each individual case, is deterring me from trying it.

I would like to get a little bit of assistance on how to proceed.

I am prepared to post any logs upon request. Any help would be greatly appreciated.


Edit: Here are my FRST results.

Scan result of Farbar Recovery Scan Tool Version: 25-07-2012 01
Ran by SYSTEM at 29-07-2012 11:38:30
Running from K:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7981088 2009-07-20] (Realtek Semiconductor)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE [x]
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-03-17] (Apple Inc.)
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [31072 2008-10-25] (Microsoft Corporation)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NACAgentUI] C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe [529848 2011-10-31] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [641664 2012-04-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml [10752 2012-02-20] ()
HKLM-x32\...\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe [x]
HKLM-x32\...\Run: [tsnp2uvc] C:\Program Files (x86)\Common Files\SNP2UVC\tsnp2uvc.exe [317952 2011-10-17] (Sonix Technology Co., Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [WheelMouse] C:\ADVANC~1\wh_exec.exe [147456 2010-10-04] ()
HKLM-x32\...\Run: [TkBellExe] "C:\Program Files (x86)\real\realplayer\update\realsched.exe" -osboot [296056 2012-06-26] (RealNetworks, Inc.)
HKU\Mcx1-RUSSELL-PC\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-13] (Microsoft Corporation)
HKU\Russell\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-10-29] (Google Inc.)
HKU\Russell\...\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe" [495616 2007-09-02] ()
HKU\Russell\...\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2144088 2009-01-26] (Safer Networking Limited)
HKU\Russell\...\Run: [] [x]
HKU\Russell\...\Run: [AdobeBridge] [x]
HKU\Russell\...\Run: [EPSON NX100 Series (Copy 1)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEDA.EXE /FU "C:\Windows\TEMP\E_SC67D.tmp" /EF "HKCU" [221696 2008-02-05] (SEIKO EPSON CORPORATION)
HKU\Russell\...\Run: [EPSON NX620 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGAA.EXE /FU "C:\Windows\TEMP\E_SB2F8.tmp" /EF "HKCU" [224768 2010-01-12] (SEIKO EPSON CORPORATION)
HKU\Russell\...\Run: [PlayNC Launcher] [x]
HKU\Russell\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17355912 2012-05-03] (Skype Technologies S.A.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75
Tcpip\..\Interfaces\{CC8AD820-C81E-44FD-9AC5-02FB8B698A4E}: [NameServer]8.8.8.8,8.8.4.4
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Rainmeter.lnk
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()
Startup: C:\Users\Russell\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)

==================== Services (Whitelisted) ======

2 AffinegyService; "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe" [569752 2010-07-28] (Affinegy, Inc.)
3 Futuremark SystemInfo Service; "C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe" [135584 2011-12-09] (Futuremark Corporation)
3 GameConsoleService; "C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe" [250616 2009-05-22] (WildTangent, Inc.)
2 Greg_Service; C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [1150496 2009-08-28] (Acer Incorporated)
3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe" [227232 2010-01-15] (McAfee, Inc.)
2 MotoConnect Service; C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [92928 2009-12-14] ()
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
2 NACAgent; "C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe" [1151928 2011-10-31] (Cisco Systems, Inc.)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
2 Pharos Systems ComTaskMaster; "C:\PROGRA~2\PHAROS~1\Core\CTskMstr.exe" [345600 2010-01-14] (Pharos Systems International)
2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
3 sdAuxService; C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe [359624 2009-10-30] (PC Tools)
3 sdCoreService; C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe [1141712 2009-11-06] (PC Tools)
2 SplashtopRemoteService; "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe" [529768 2011-12-21] (Splashtop Inc.)
2 SSUService; C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [370504 2012-03-14] (Splashtop Inc.)
2 TVersityMediaServer; "C:\Users\Russell\AppData\Local\TVersity\Media Server\MediaServer.exe" [856064 2010-02-25] ()
2 Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [240160 2009-07-03] (Acer)

========================== Drivers (Whitelisted) =============

3 L8042Kbd; C:\Windows\System32\Drivers\L8042Kbd.sys [35344 2008-09-26] (Logitech, Inc.)
3 L8042mou; C:\Windows\System32\Drivers\L8042mou.sys [113680 2008-09-26] (Logitech, Inc.)
3 LMouKE; C:\Windows\System32\Drivers\LMouKE.sys [112144 2008-09-26] (Logitech, Inc.)
1 msqezpkb; C:\Windows\System32\Drivers\msqezpkb.sys [50392 2012-07-29] (Microsoft Corporation)
3 nmwcdcx64; C:\Windows\System32\drivers\ccdcmbox64.sys [25088 2010-02-26] (Nokia)
3 nmwcdx64; C:\Windows\System32\drivers\ccdcmbx64.sys [19456 2010-02-26] (Nokia)
0 PCTCore; C:\Windows\System32\drivers\PCTCore64.sys [218056 2009-11-09] (PC Tools)
3 RTL8187B; C:\Windows\System32\Drivers\RTL8187B.sys [416768 2009-06-10] (Realtek Semiconductor Corporation )
0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-03-03] (Duplex Secure Ltd.)
3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [43152 2010-06-25] (Oracle Corporation)
3 whfltr2k; C:\Windows\System32\Drivers\whfltr2k.sys [10368 2009-09-16] ()
3 XBCD; C:\Windows\System32\Drivers\XBCD.sys [25728 2010-09-12] (XBCD Project)
3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [x]
3 dump_wmimmc; \??\C:\WeMade Entertainment\DigimonBattle\GameGuard\dump_wmimmc.sys [x]
3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]
4 nvlddmkm; C:\Windows\System32\DRIVERS\nvlddmkm.sys [x]
3 vserial; C:\Windows\System32\DRIVERS\vserial.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-29 07:13 - 2012-07-29 07:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7DA1445850424369
2012-07-29 07:13 - 2012-07-29 07:13 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\msqezpkb.sys
2012-07-29 07:10 - 2012-07-29 07:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.82C3DCE1266A9AC9
2012-07-29 07:06 - 2012-07-29 07:06 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.406F77D0EFA8E7C7
2012-07-27 14:27 - 2012-07-27 14:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8B47AE887375493B
2012-07-27 14:22 - 2012-07-27 14:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5F497183F8FEA5FC
2012-07-27 14:17 - 2012-07-27 14:17 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9F986A3EEE46DBE6
2012-07-27 14:00 - 2012-07-27 14:00 - 00001945 ____A C:\Windows\epplauncher.mif
2012-07-27 13:59 - 2012-07-27 13:59 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-07-27 13:59 - 2012-07-27 13:59 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-07-27 13:56 - 2012-07-27 13:58 - 12621696 ____A (Microsoft Corporation) C:\Users\Russell\Downloads\mseinstall.exe
2012-07-27 11:08 - 2012-07-27 17:52 - 00000000 __SHD C:\Users\Russell\AppData\Roaming\8bd9fc0
2012-07-27 11:08 - 2012-07-27 17:50 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-07-27 11:05 - 2012-07-27 14:00 - 00000342 ____A C:\Windows\Tasks\At43.job
2012-07-27 11:05 - 2012-07-27 14:00 - 00000340 ____A C:\Windows\Tasks\At19.job
2012-07-27 11:05 - 2012-07-27 12:03 - 00000340 ____A C:\Windows\Tasks\At17.job
2012-07-27 11:05 - 2012-07-27 12:00 - 00000342 ____A C:\Windows\Tasks\At41.job
2012-07-27 11:05 - 2012-07-27 11:15 - 00000342 ____A C:\Windows\Tasks\At48.job
2012-07-27 11:05 - 2012-07-27 11:15 - 00000342 ____A C:\Windows\Tasks\At47.job
2012-07-27 11:05 - 2012-07-27 11:15 - 00000342 ____A C:\Windows\Tasks\At46.job
2012-07-27 11:05 - 2012-07-27 11:15 - 00000342 ____A C:\Windows\Tasks\At45.job
2012-07-27 11:05 - 2012-07-27 11:15 - 00000342 ____A C:\Windows\Tasks\At44.job
2012-07-27 11:05 - 2012-07-27 11:15 - 00000342 ____A C:\Windows\Tasks\At42.job
2012-07-27 11:05 - 2012-07-27 11:15 - 00000342 ____A C:\Windows\Tasks\At40.job
2012-07-27 11:05 - 2012-07-27 11:15 - 00000342 ____A C:\Windows\Tasks\At39.job
2012-07-27 11:05 - 2012-07-27 11:15 - 00000342 ____A C:\Windows\Tasks\At38.job
2012-07-27 11:05 - 2012-07-27 11:15 - 00000342 ____A C:\Windows\Tasks\At37.job
2012-07-27 11:05 - 2012-07-27 11:15 - 00000342 ____A C:\Windows\Tasks\At36.job
2012-07-27 11:05 - 2012-07-27 11:15 - 00000342 ____A C:\Windows\Tasks\At35.job
2012-07-27 11:05 - 2012-07-27 11:15 - 00000342 ____A C:\Windows\Tasks\At34.job
2012-07-27 11:05 - 2012-07-27 11:15 - 00000342 ____A C:\Windows\Tasks\At33.job
2012-07-27 11:05 - 2012-07-27 11:15 - 00000342 ____A C:\Windows\Tasks\At32.job
2012-07-27 11:05 - 2012-07-27 11:15 - 00000342 ____A C:\Windows\Tasks\At31.job
2012-07-27 11:05 - 2012-07-27 11:15 - 00000342 ____A C:\Windows\Tasks\At30.job
2012-07-27 11:05 - 2012-07-27 11:15 - 00000342 ____A C:\Windows\Tasks\At29.job
2012-07-27 11:05 - 2012-07-27 11:15 - 00000342 ____A C:\Windows\Tasks\At28.job
2012-07-27 11:05 - 2012-07-27 11:15 - 00000342 ____A C:\Windows\Tasks\At27.job
2012-07-27 11:05 - 2012-07-27 11:15 - 00000342 ____A C:\Windows\Tasks\At26.job
2012-07-27 11:05 - 2012-07-27 11:15 - 00000342 ____A C:\Windows\Tasks\At25.job
2012-07-27 11:05 - 2012-07-27 11:15 - 00000340 ____A C:\Windows\Tasks\At9.job
2012-07-27 11:05 - 2012-07-27 11:15 - 00000340 ____A C:\Windows\Tasks\At8.job
2012-07-27 11:05 - 2012-07-27 11:15 - 00000340 ____A C:\Windows\Tasks\At7.job
2012-07-27 11:05 - 2012-07-27 11:15 - 00000340 ____A C:\Windows\Tasks\At6.job
2012-07-27 11:05 - 2012-07-27 11:15 - 00000340 ____A C:\Windows\Tasks\At5.job
2012-07-27 11:05 - 2012-07-27 11:15 - 00000340 ____A C:\Windows\Tasks\At4.job
2012-07-27 11:05 - 2012-07-27 11:15 - 00000340 ____A C:\Windows\Tasks\At3.job
2012-07-27 11:05 - 2012-07-27 11:15 - 00000340 ____A C:\Windows\Tasks\At24.job
2012-07-27 11:05 - 2012-07-27 11:15 - 00000340 ____A C:\Windows\Tasks\At23.job
2012-07-27 11:05 - 2012-07-27 11:15 - 00000340 ____A C:\Windows\Tasks\At22.job
2012-07-27 11:05 - 2012-07-27 11:15 - 00000340 ____A C:\Windows\Tasks\At21.job
2012-07-27 11:05 - 2012-07-27 11:15 - 00000340 ____A C:\Windows\Tasks\At20.job
2012-07-27 11:05 - 2012-07-27 11:15 - 00000340 ____A C:\Windows\Tasks\At2.job
2012-07-27 11:05 - 2012-07-27 11:15 - 00000340 ____A C:\Windows\Tasks\At18.job
2012-07-27 11:05 - 2012-07-27 11:15 - 00000340 ____A C:\Windows\Tasks\At16.job
2012-07-27 11:05 - 2012-07-27 11:15 - 00000340 ____A C:\Windows\Tasks\At15.job
2012-07-27 11:05 - 2012-07-27 11:15 - 00000340 ____A C:\Windows\Tasks\At14.job
2012-07-27 11:05 - 2012-07-27 11:15 - 00000340 ____A C:\Windows\Tasks\At13.job
2012-07-27 11:05 - 2012-07-27 11:15 - 00000340 ____A C:\Windows\Tasks\At12.job
2012-07-27 11:05 - 2012-07-27 11:15 - 00000340 ____A C:\Windows\Tasks\At11.job
2012-07-27 11:05 - 2012-07-27 11:15 - 00000340 ____A C:\Windows\Tasks\At10.job
2012-07-27 11:05 - 2012-07-27 11:15 - 00000340 ____A C:\Windows\Tasks\At1.job
2012-07-24 15:06 - 2012-07-24 15:08 - 126310400 ____A C:\Users\Russell\Downloads\Vista_Recovery_Disc.iso
2012-07-24 14:56 - 2012-07-24 14:56 - 00000082 ____A C:\Users\Russell\Documents\Acer Product Key.txt
2012-07-23 17:49 - 2012-07-23 17:49 - 00000000 ____D C:\Users\Russell\AppData\Local\Macromedia
2012-07-22 12:59 - 2012-07-22 12:59 - 00000000 ____D C:\Users\Russell\Documents\GTA San Andreas User Files
2012-07-22 12:57 - 2012-07-22 12:58 - 00000000 ____D C:\Users\Russell\Desktop\Crack No-CD (By Squall89)
2012-07-22 12:42 - 2012-07-22 12:42 - 00000000 ____D C:\Users\Russell\Downloads\[PC GAME MULTI] - Gran Theft Auto San Andreas + Crack NoCD - (Perfect DVD Version) - (Eng-Ita-Deu-Fra-Esp) - (By G-ADLVR_R7
2012-07-19 13:09 - 2012-07-19 13:17 - 00000072 ____A C:\Users\Russell\Downloads\mk.jsf
2012-07-19 13:01 - 2012-07-19 13:02 - 00000072 ____A C:\Users\Russell\Downloads\fightstick.jsf
2012-07-19 12:53 - 2012-07-19 12:55 - 10689971 ____A C:\Users\Russell\Downloads\Mortal Kombat Trilogy.zip
2012-07-19 12:51 - 2012-07-19 12:51 - 00000072 ____A C:\Users\Russell\Downloads\control2.jsf
2012-07-19 12:44 - 2012-07-19 12:44 - 00000072 ____A C:\Users\Russell\Documents\controller.jsf
2012-07-19 12:42 - 2012-07-19 12:43 - 10782861 ____A C:\Users\Russell\Downloads\GoldenEye 007.zip
2012-07-19 12:41 - 2012-07-27 17:52 - 00000000 ____D C:\Program Files (x86)\Project64 1.6
2012-07-19 12:40 - 2012-07-19 12:40 - 02080797 ____A (Project64 ) C:\Users\Russell\Downloads\setup Project64 1.6.exe
2012-07-15 18:19 - 2012-07-15 18:19 - 00363232 ____A C:\Users\Russell\Documents\p04_titles.wmv
2012-07-15 18:18 - 2012-07-15 18:56 - 00366499 ____A C:\Users\Russell\Documents\Exploring_p04_Grader_IR.pptx
2012-07-15 18:18 - 2012-07-15 18:18 - 00027226 ____A C:\Users\Russell\Documents\p04_beeps.wav
2012-07-15 16:13 - 2012-07-15 17:51 - 00467316 ____A C:\Users\Russell\Documents\Exploring_p03_Grader_IR.pptx
2012-07-15 14:07 - 2012-07-15 15:26 - 00341978 ____A C:\Users\Russell\Documents\Exploring_p02_Grader_IR.pptx
2012-07-15 14:07 - 2012-07-15 14:07 - 00128081 ____A C:\Users\Russell\Documents\p02_tips.pptx
2012-07-15 11:57 - 2012-07-15 13:50 - 00120805 ____A C:\Users\Russell\Documents\Exploring_p01_Grader_IR.pptx
2012-07-13 20:57 - 2012-07-17 11:34 - 00000000 ____D C:\Users\Russell\Downloads\Badministrator - League of Legends
2012-07-13 13:25 - 2012-07-13 14:05 - 191164721 ____A C:\Users\Russell\Downloads\Badministrator - League of Legends.zip
2012-07-11 15:38 - 2012-07-27 17:52 - 00000000 ___RD C:\Users\Russell\Desktop\New folder (2)
2012-07-08 19:00 - 2012-07-08 19:42 - 00724992 ____A C:\Users\Russell\Documents\Exploring_a04_Grader_IR.accdb
2012-07-08 14:53 - 2012-07-08 16:26 - 00540672 ____A C:\Users\Russell\Documents\Exploring_a03_Grader_IR.accdb
2012-07-08 11:22 - 2012-07-08 13:21 - 00552960 ____A C:\Users\Russell\Documents\Exploring_a02_Grader_IR.accdb
2012-07-08 11:22 - 2012-07-08 11:22 - 00009902 ____A C:\Users\Russell\Documents\Exploring_a02_Birthdays.xlsx
2012-07-08 09:07 - 2012-07-08 10:29 - 00610304 ____A C:\Users\Russell\Documents\Exploring_a01_Grader_IR.accdb
2012-07-07 08:58 - 2012-07-07 08:59 - 00001033 ____A C:\Users\Russell\Desktop\Dropbox.lnk
2012-07-05 13:23 - 2012-07-05 13:23 - 00000058 ____A C:\Users\Russell\Documents\ban that bleep.txt
2012-07-03 13:57 - 2012-07-03 13:57 - 00000000 ____D C:\Users\All Users\Stardock
2012-07-03 13:57 - 2012-07-03 13:57 - 00000000 ____D C:\Program Files (x86)\Stardock
2012-07-03 13:56 - 2012-07-03 13:56 - 07897952 ____A C:\Users\Russell\Downloads\LogonStudio_public.exe
2012-07-01 17:02 - 2012-07-01 17:44 - 00019308 ____A C:\Users\Russell\Documents\Exploring_e04_Grader_IR.xlsx
2012-07-01 14:58 - 2012-07-01 15:45 - 00018306 ____A C:\Users\Russell\Documents\Exploring_e03_Grader_IR.xlsx


============ 3 Months Modified Files ========================

2012-07-29 07:22 - 2010-01-19 10:26 - 01647269 ____A C:\Windows\WindowsUpdate.log
2012-07-29 07:20 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-29 07:20 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-29 07:19 - 2010-02-28 17:12 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-29 07:17 - 2009-07-13 21:13 - 00745700 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-29 07:13 - 2012-07-29 07:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7DA1445850424369
2012-07-29 07:13 - 2012-07-29 07:13 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\msqezpkb.sys
2012-07-29 07:12 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-29 07:12 - 2009-07-13 20:51 - 00126261 ____A C:\Windows\setupact.log
2012-07-29 07:10 - 2012-07-29 07:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.82C3DCE1266A9AC9
2012-07-29 07:08 - 2010-02-28 17:12 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-29 07:06 - 2012-07-29 07:06 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.406F77D0EFA8E7C7
2012-07-27 14:27 - 2012-07-27 14:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8B47AE887375493B
2012-07-27 14:22 - 2012-07-27 14:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5F497183F8FEA5FC
2012-07-27 14:17 - 2012-07-27 14:17 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9F986A3EEE46DBE6
2012-07-27 14:00 - 2012-07-27 14:00 - 00001945 ____A C:\Windows\epplauncher.mif
2012-07-27 14:00 - 2012-07-27 11:05 - 00000342 ____A C:\Windows\Tasks\At43.job
2012-07-27 14:00 - 2012-07-27 11:05 - 00000340 ____A C:\Windows\Tasks\At19.job
2012-07-27 13:59 - 2010-08-15 15:20 - 00759078 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-07-27 13:58 - 2012-07-27 13:56 - 12621696 ____A (Microsoft Corporation) C:\Users\Russell\Downloads\mseinstall.exe
2012-07-27 12:03 - 2012-07-27 11:05 - 00000340 ____A C:\Windows\Tasks\At17.job
2012-07-27 12:00 - 2012-07-27 11:05 - 00000342 ____A C:\Windows\Tasks\At41.job
2012-07-27 11:15 - 2012-07-27 11:05 - 00000342 ____A C:\Windows\Tasks\At48.job
2012-07-27 11:15 - 2012-07-27 11:05 - 00000342 ____A C:\Windows\Tasks\At47.job
2012-07-27 11:15 - 2012-07-27 11:05 - 00000342 ____A C:\Windows\Tasks\At46.job
2012-07-27 11:15 - 2012-07-27 11:05 - 00000342 ____A C:\Windows\Tasks\At45.job
2012-07-27 11:15 - 2012-07-27 11:05 - 00000342 ____A C:\Windows\Tasks\At44.job
2012-07-27 11:15 - 2012-07-27 11:05 - 00000342 ____A C:\Windows\Tasks\At42.job
2012-07-27 11:15 - 2012-07-27 11:05 - 00000342 ____A C:\Windows\Tasks\At40.job
2012-07-27 11:15 - 2012-07-27 11:05 - 00000342 ____A C:\Windows\Tasks\At39.job
2012-07-27 11:15 - 2012-07-27 11:05 - 00000342 ____A C:\Windows\Tasks\At38.job
2012-07-27 11:15 - 2012-07-27 11:05 - 00000342 ____A C:\Windows\Tasks\At37.job
2012-07-27 11:15 - 2012-07-27 11:05 - 00000342 ____A C:\Windows\Tasks\At36.job
2012-07-27 11:15 - 2012-07-27 11:05 - 00000342 ____A C:\Windows\Tasks\At35.job
2012-07-27 11:15 - 2012-07-27 11:05 - 00000342 ____A C:\Windows\Tasks\At34.job
2012-07-27 11:15 - 2012-07-27 11:05 - 00000342 ____A C:\Windows\Tasks\At33.job
2012-07-27 11:15 - 2012-07-27 11:05 - 00000342 ____A C:\Windows\Tasks\At32.job
2012-07-27 11:15 - 2012-07-27 11:05 - 00000342 ____A C:\Windows\Tasks\At31.job
2012-07-27 11:15 - 2012-07-27 11:05 - 00000342 ____A C:\Windows\Tasks\At30.job
2012-07-27 11:15 - 2012-07-27 11:05 - 00000342 ____A C:\Windows\Tasks\At29.job
2012-07-27 11:15 - 2012-07-27 11:05 - 00000342 ____A C:\Windows\Tasks\At28.job
2012-07-27 11:15 - 2012-07-27 11:05 - 00000342 ____A C:\Windows\Tasks\At27.job
2012-07-27 11:15 - 2012-07-27 11:05 - 00000342 ____A C:\Windows\Tasks\At26.job
2012-07-27 11:15 - 2012-07-27 11:05 - 00000342 ____A C:\Windows\Tasks\At25.job
2012-07-27 11:15 - 2012-07-27 11:05 - 00000340 ____A C:\Windows\Tasks\At9.job
2012-07-27 11:15 - 2012-07-27 11:05 - 00000340 ____A C:\Windows\Tasks\At8.job
2012-07-27 11:15 - 2012-07-27 11:05 - 00000340 ____A C:\Windows\Tasks\At7.job
2012-07-27 11:15 - 2012-07-27 11:05 - 00000340 ____A C:\Windows\Tasks\At6.job
2012-07-27 11:15 - 2012-07-27 11:05 - 00000340 ____A C:\Windows\Tasks\At5.job
2012-07-27 11:15 - 2012-07-27 11:05 - 00000340 ____A C:\Windows\Tasks\At4.job
2012-07-27 11:15 - 2012-07-27 11:05 - 00000340 ____A C:\Windows\Tasks\At3.job
2012-07-27 11:15 - 2012-07-27 11:05 - 00000340 ____A C:\Windows\Tasks\At24.job
2012-07-27 11:15 - 2012-07-27 11:05 - 00000340 ____A C:\Windows\Tasks\At23.job
2012-07-27 11:15 - 2012-07-27 11:05 - 00000340 ____A C:\Windows\Tasks\At22.job
2012-07-27 11:15 - 2012-07-27 11:05 - 00000340 ____A C:\Windows\Tasks\At21.job
2012-07-27 11:15 - 2012-07-27 11:05 - 00000340 ____A C:\Windows\Tasks\At20.job
2012-07-27 11:15 - 2012-07-27 11:05 - 00000340 ____A C:\Windows\Tasks\At2.job
2012-07-27 11:15 - 2012-07-27 11:05 - 00000340 ____A C:\Windows\Tasks\At18.job
2012-07-27 11:15 - 2012-07-27 11:05 - 00000340 ____A C:\Windows\Tasks\At16.job
2012-07-27 11:15 - 2012-07-27 11:05 - 00000340 ____A C:\Windows\Tasks\At15.job
2012-07-27 11:15 - 2012-07-27 11:05 - 00000340 ____A C:\Windows\Tasks\At14.job
2012-07-27 11:15 - 2012-07-27 11:05 - 00000340 ____A C:\Windows\Tasks\At13.job
2012-07-27 11:15 - 2012-07-27 11:05 - 00000340 ____A C:\Windows\Tasks\At12.job
2012-07-27 11:15 - 2012-07-27 11:05 - 00000340 ____A C:\Windows\Tasks\At11.job
2012-07-27 11:15 - 2012-07-27 11:05 - 00000340 ____A C:\Windows\Tasks\At10.job
2012-07-27 11:15 - 2012-07-27 11:05 - 00000340 ____A C:\Windows\Tasks\At1.job
2012-07-27 11:15 - 2010-03-13 18:44 - 00000258 _RASH C:\Users\All Users\ntuser.pol
2012-07-27 09:49 - 2010-04-13 03:30 - 00000880 ____A C:\Windows\Tasks\Google Software Updater.job
2012-07-24 15:08 - 2012-07-24 15:06 - 126310400 ____A C:\Users\Russell\Downloads\Vista_Recovery_Disc.iso
2012-07-24 14:56 - 2012-07-24 14:56 - 00000082 ____A C:\Users\Russell\Documents\Acer Product Key.txt
2012-07-23 17:49 - 2012-05-23 15:17 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-23 17:49 - 2011-12-05 20:18 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-19 13:17 - 2012-07-19 13:09 - 00000072 ____A C:\Users\Russell\Downloads\mk.jsf
2012-07-19 13:02 - 2012-07-19 13:01 - 00000072 ____A C:\Users\Russell\Downloads\fightstick.jsf
2012-07-19 12:55 - 2012-07-19 12:53 - 10689971 ____A C:\Users\Russell\Downloads\Mortal Kombat Trilogy.zip
2012-07-19 12:51 - 2012-07-19 12:51 - 00000072 ____A C:\Users\Russell\Downloads\control2.jsf
2012-07-19 12:44 - 2012-07-19 12:44 - 00000072 ____A C:\Users\Russell\Documents\controller.jsf
2012-07-19 12:43 - 2012-07-19 12:42 - 10782861 ____A C:\Users\Russell\Downloads\GoldenEye 007.zip
2012-07-19 12:40 - 2012-07-19 12:40 - 02080797 ____A (Project64 ) C:\Users\Russell\Downloads\setup Project64 1.6.exe
2012-07-15 18:57 - 2010-04-18 10:53 - 00007680 ____A C:\Users\Russell\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-07-15 18:56 - 2012-07-15 18:18 - 00366499 ____A C:\Users\Russell\Documents\Exploring_p04_Grader_IR.pptx
2012-07-15 18:56 - 2010-04-11 18:51 - 00571904 __ASH C:\Users\Russell\Documents\Thumbs.db
2012-07-15 18:19 - 2012-07-15 18:19 - 00363232 ____A C:\Users\Russell\Documents\p04_titles.wmv
2012-07-15 18:18 - 2012-07-15 18:18 - 00027226 ____A C:\Users\Russell\Documents\p04_beeps.wav
2012-07-15 17:51 - 2012-07-15 16:13 - 00467316 ____A C:\Users\Russell\Documents\Exploring_p03_Grader_IR.pptx
2012-07-15 15:26 - 2012-07-15 14:07 - 00341978 ____A C:\Users\Russell\Documents\Exploring_p02_Grader_IR.pptx
2012-07-15 14:07 - 2012-07-15 14:07 - 00128081 ____A C:\Users\Russell\Documents\p02_tips.pptx
2012-07-15 13:50 - 2012-07-15 11:57 - 00120805 ____A C:\Users\Russell\Documents\Exploring_p01_Grader_IR.pptx
2012-07-13 14:05 - 2012-07-13 13:25 - 191164721 ____A C:\Users\Russell\Downloads\Badministrator - League of Legends.zip
2012-07-08 19:42 - 2012-07-08 19:00 - 00724992 ____A C:\Users\Russell\Documents\Exploring_a04_Grader_IR.accdb
2012-07-08 16:26 - 2012-07-08 14:53 - 00540672 ____A C:\Users\Russell\Documents\Exploring_a03_Grader_IR.accdb
2012-07-08 13:21 - 2012-07-08 11:22 - 00552960 ____A C:\Users\Russell\Documents\Exploring_a02_Grader_IR.accdb
2012-07-08 11:22 - 2012-07-08 11:22 - 00009902 ____A C:\Users\Russell\Documents\Exploring_a02_Birthdays.xlsx
2012-07-08 10:29 - 2012-07-08 09:07 - 00610304 ____A C:\Users\Russell\Documents\Exploring_a01_Grader_IR.accdb
2012-07-07 08:59 - 2012-07-07 08:58 - 00001033 ____A C:\Users\Russell\Desktop\Dropbox.lnk
2012-07-05 13:23 - 2012-07-05 13:23 - 00000058 ____A C:\Users\Russell\Documents\ban that bleep.txt
2012-07-03 13:56 - 2012-07-03 13:56 - 07897952 ____A C:\Users\Russell\Downloads\LogonStudio_public.exe
2012-07-01 17:44 - 2012-07-01 17:02 - 00019308 ____A C:\Users\Russell\Documents\Exploring_e04_Grader_IR.xlsx
2012-07-01 15:45 - 2012-07-01 14:58 - 00018306 ____A C:\Users\Russell\Documents\Exploring_e03_Grader_IR.xlsx
2012-06-27 02:38 - 2009-10-29 04:49 - 00219638 ____A C:\Windows\PFRO.log
2012-06-26 10:23 - 2012-06-26 10:23 - 00001104 ____A C:\Users\Public\Desktop\GIMP 2.lnk
2012-06-26 10:22 - 2012-06-26 10:22 - 00001042 ____A C:\Users\Public\Desktop\RealPlayer.lnk
2012-06-26 10:21 - 2012-06-26 10:21 - 00272896 ____A (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
2012-06-26 10:21 - 2012-06-26 10:21 - 00198832 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
2012-06-26 10:21 - 2012-06-26 10:21 - 00006656 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll
2012-06-26 10:21 - 2012-06-26 10:21 - 00005632 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll
2012-06-26 10:21 - 2010-03-14 15:44 - 00499712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2012-06-26 10:21 - 2010-03-14 15:44 - 00348160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2012-06-26 10:19 - 2012-06-26 10:19 - 00326320 ____A C:\Users\Russell\Downloads\GimpSetup.exe
2012-06-24 19:31 - 2012-06-24 19:00 - 00016512 ____A C:\Users\Russell\Documents\Exploring_e02_Grader_IR.xlsx
2012-06-24 17:29 - 2012-06-24 17:10 - 00023358 ____A C:\Users\Russell\Documents\Exploring_e01_Grader_IR.xlsx
2012-06-21 14:40 - 2012-06-21 14:40 - 00266079 ____A C:\Users\Russell\Downloads\Translation Aggregator 0.4.9.r171.rar
2012-06-21 14:30 - 2012-06-21 14:30 - 00034136 ____A C:\Users\Russell\Downloads\ITH_UpdaterV3.rar
2012-06-21 14:07 - 2012-06-21 14:07 - 04333455 ____A C:\Users\Russell\Downloads\ChiiTrans.zip
2012-06-21 14:02 - 2012-06-21 13:59 - 00000918 ____A C:\Users\Russell\Desktop\PHANTASY STAR ONLINE 2 (2).lnk
2012-06-21 13:53 - 2012-06-21 13:53 - 00029360 ____A C:\Users\Russell\Downloads\agth.rar
2012-06-21 13:52 - 2012-06-21 13:51 - 02005827 ____A C:\Users\Russell\Downloads\2- TRANSLATOR AGGREGATOR GUIDE.rar
2012-06-19 16:57 - 2012-06-19 16:57 - 00003899 ____A C:\Users\Russell\Downloads\IPS Patch.rar
2012-06-19 08:53 - 2012-06-19 08:50 - 50300053 ____A C:\Users\Russell\Downloads\VPYTv00.7z
2012-06-19 08:21 - 2012-06-19 08:21 - 03699867 ____A C:\Users\Russell\Downloads\DSONE_SDHC_Evolution_V1.0_eng_sp6_20120521.zip
2012-06-19 08:19 - 2012-06-19 08:19 - 03696626 ____A C:\Users\Russell\Downloads\DSONE_Evolution_V1.0_eng_sp6_20120521.zip
2012-06-19 08:00 - 2012-06-19 07:49 - 56701864 ____A C:\Users\Russell\Downloads\6039 - Pokemon Conquest (U).rar
2012-06-17 17:30 - 2012-06-17 17:30 - 00016564 ____A C:\Users\Russell\Documents\w04_list.xlsx
2012-06-17 13:25 - 2012-06-17 13:25 - 00001153 ____A C:\Users\Russell\Documents\w03_sources.xml
2012-06-13 15:14 - 2012-06-13 15:14 - 04171406 ____A C:\Users\Russell\Downloads\XMouseButtonControlSetup.2.4.exe
2012-06-13 15:06 - 2012-06-13 15:05 - 00415121 ____A (Igor Pavlov) C:\Users\Russell\Downloads\peripheral_driver_mouse_m6800_2.0.exe
2012-06-12 16:47 - 2012-06-12 16:47 - 00176502 ____A C:\Users\Russell\Downloads\pso2_closedbeta_text.rar
2012-06-12 16:37 - 2012-06-12 16:37 - 00001343 ____A C:\Users\Russell\Desktop\PHANTASY STAR ONLINE 2.lnk
2012-06-11 21:38 - 2012-06-11 21:38 - 00237679 ____A C:\Users\Russell\Documents\refundform.xps
2012-06-11 18:15 - 2012-06-11 16:34 - 3511034048 ____A C:\Users\Russell\Downloads\PSO2_BETA.exe
2012-06-11 16:35 - 2012-06-11 14:07 - 1620317361 ____A C:\Users\Russell\Desktop\T10010001.TMP
2012-06-11 14:07 - 2012-06-11 14:07 - 00995712 ____A (SEGA ) C:\Users\Russell\Desktop\T10010000.TMP
2012-06-11 14:07 - 2012-06-11 14:07 - 00477136 ____A (SEGA Corporation) C:\Users\Russell\Downloads\downloader.exe
2012-06-10 10:57 - 2012-06-10 10:57 - 00091100 ____A C:\Users\Russell\Downloads\W_CH01_EXPV1_IRCD.zip
2012-06-10 09:09 - 2012-06-10 08:55 - 1519417223 ____A C:\Users\Russell\Downloads\LOLPBE.zip
2012-06-09 18:54 - 2011-10-16 10:14 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-06-09 18:54 - 2011-10-16 10:14 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-06-05 10:43 - 2012-06-05 10:43 - 00001198 ____A C:\Users\Public\Desktop\Diablo III.lnk
2012-06-05 10:41 - 2012-06-05 10:41 - 40048208 ____A (Blizzard Entertainment) C:\Users\Russell\Downloads\Diablo-III-Setup-enUS.exe
2012-06-03 18:59 - 2012-06-03 18:59 - 00030720 ____A C:\Users\Russell\Downloads\IglehartChap2-47.xls
2012-06-03 18:57 - 2012-06-03 10:55 - 00045568 ____A C:\Users\Russell\Downloads\TAccounts_wjc_cpa.xls
2012-06-03 17:56 - 2012-06-03 17:56 - 00026624 ____A C:\Users\Russell\Downloads\IglehartChap1PP.xls
2012-06-03 17:56 - 2012-06-03 14:37 - 00012151 ____A C:\Users\Russell\Documents\IglehartChap2.xlsx
2012-06-02 14:19 - 2012-06-21 14:33 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-21 14:33 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-21 14:33 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-21 14:33 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-21 14:33 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-21 14:33 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-21 14:33 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 11:19 - 2012-06-21 14:32 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 11:15 - 2012-06-21 14:32 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-05-31 08:25 - 2010-02-28 17:10 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-05-30 17:38 - 2012-05-30 17:26 - 829732526 ____A C:\Users\Russell\Downloads\2-Blade_and_Soul_Updated_Client.part3.rar.part
2012-05-28 12:14 - 2012-05-28 12:14 - 00010339 ____A C:\Users\Russell\Documents\IglehartChap1-Ex.xlsx
2012-05-28 12:08 - 2012-05-28 12:08 - 00014163 ____A C:\Users\Russell\Documents\IglehartChap1-pr.xlsx
2012-05-28 12:08 - 2012-05-28 12:01 - 00007419 ____A C:\Users\Russell\Documents\Problem47.xlsx
2012-05-28 12:07 - 2012-05-28 12:07 - 00014163 ____A C:\Users\Russell\Documents\IglehartChap1.xlsx
2012-05-28 11:38 - 2012-05-28 11:18 - 00010852 ____A C:\Users\Russell\Documents\prOBEL44.xlsx
2012-05-28 10:51 - 2012-05-28 10:51 - 00009876 ____A C:\Users\Russell\Documents\Chapter1-39.xlsx
2012-05-27 19:58 - 2012-05-27 19:58 - 24832136 ____A (Skype Technologies S.A.) C:\Users\Russell\Downloads\SkypeSetupFull.exe
2012-05-27 19:58 - 2012-05-27 19:58 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk
2012-05-27 19:19 - 2012-05-27 19:19 - 00000828 ____A C:\Users\Public\Desktop\AMCap.lnk
2012-05-27 19:19 - 2009-07-13 18:34 - 00000536 ____A C:\Windows\win.ini
2012-05-27 19:09 - 2012-05-27 19:08 - 17937259 ____A C:\Users\Russell\Downloads\WC1_Setup.zip
2012-05-26 07:21 - 2012-05-26 07:21 - 02959376 ____A (Microsoft Corporation) C:\Users\Russell\Downloads\dotnetfx35setup.exe
2012-05-26 06:42 - 2012-05-26 06:42 - 00001729 ____A C:\Users\Public\Desktop\Play League of Legends.lnk
2012-05-26 06:11 - 2012-05-26 06:11 - 08340523 ____A C:\Users\Russell\Downloads\SIU 3.330-Lite.zip
2012-05-24 13:55 - 2012-05-24 13:55 - 00003033 ____A C:\Users\Russell\Desktop\Launch MyITLab.lnk
2012-05-24 13:55 - 2012-05-23 15:17 - 00683801 ____A () C:\Windows\unins000.exe
2012-05-24 13:55 - 2012-05-23 15:17 - 00001690 ____A C:\Windows\unins000.dat
2012-05-23 15:06 - 2012-05-23 15:06 - 00220676 ____A C:\Users\Russell\Documents\Coupon.xps
2012-05-23 13:27 - 2012-05-23 13:27 - 00000349 ____A C:\Users\Russell\Downloads\Books Needed.txt
2012-05-21 16:58 - 2012-05-05 08:08 - 00000126 ____A C:\Users\Russell\Downloads\mcc.txt
2012-05-20 07:32 - 2010-01-19 10:33 - 00328934 ____A C:\Windows\DirectX.log
2012-05-19 22:02 - 2012-05-19 22:02 - 00002042 ____A C:\Users\Public\Desktop\Hi-Rez Diagnostics and Support.lnk
2012-05-19 22:02 - 2012-05-19 22:02 - 00002033 ____A C:\Users\Public\Desktop\Tribes Ascend.lnk
2012-05-19 22:01 - 2012-05-19 22:00 - 13235336 ____A (Hi-Rez Studios) C:\Users\Russell\Downloads\InstallHiRezGamesEnglish.exe
2012-05-15 05:49 - 2012-05-15 05:49 - 00000024 ____A C:\Users\Russell\Downloads\hgkhgj.txt
2012-05-15 02:03 - 2012-05-15 02:03 - 01374540 ____A C:\Users\Russell\Downloads\sf2t.zip
2012-05-15 01:46 - 2012-05-15 01:41 - 40222265 ____A C:\Users\Russell\Downloads\kof98.zip
2012-05-15 01:41 - 2012-05-15 01:41 - 00099992 ____A C:\Users\Russell\Downloads\xmen6p.zip
2012-05-15 01:39 - 2012-05-15 01:38 - 13166999 ____A C:\Users\Russell\Downloads\mslug.zip
2012-05-15 01:38 - 2012-05-15 01:38 - 05493447 ____A C:\Users\Russell\Downloads\mk.zip
2012-05-15 01:38 - 2012-05-15 01:38 - 02483913 ____A C:\Users\Russell\Downloads\simpsons.zip
2012-05-15 01:38 - 2012-05-15 01:38 - 01607365 ____A C:\Users\Russell\Downloads\ghouls.zip
2012-05-15 01:30 - 2012-05-15 01:30 - 01526440 ____A (Roman Scherzer) C:\Users\Russell\Downloads\cmp405_32.exe
2012-05-15 01:14 - 2012-05-15 01:14 - 04485441 ____A C:\Users\Russell\Downloads\TigerFBA_release_3.0.5.apk
2012-05-15 01:06 - 2012-05-15 01:06 - 05763309 ____A C:\Users\Russell\Downloads\Final Fantasy - Tactics Advanced(1).zip
2012-05-15 01:06 - 2012-05-15 01:06 - 05344029 ____A C:\Users\Russell\Downloads\Pokemon - Fire Red.zip
2012-05-15 00:22 - 2012-05-15 00:22 - 01740459 ____A C:\Users\Russell\Downloads\u6jc0-MM.apk
2012-05-15 00:10 - 2012-05-15 00:10 - 01435651 ____A C:\Users\Russell\Downloads\TigerGBA_Market_v2.7.4.apk
2012-05-14 22:51 - 2012-05-14 22:49 - 155275140 ____A C:\Users\Russell\Downloads\G_Harmony_ICSv1.3.zip
2012-05-14 22:33 - 2012-05-14 22:33 - 35600840 ____A C:\Users\Russell\Downloads\adb_fastboot_and_other_tools.zip
2012-05-14 22:11 - 2012-05-14 22:11 - 37456234 ____A (Google Inc.) C:\Users\Russell\Downloads\installer_r18-windows.exe
2012-05-14 22:09 - 2012-05-14 22:09 - 00285844 ____A C:\Users\Russell\Downloads\fastboot-win32.zip
2012-05-14 22:08 - 2012-05-14 22:06 - 86282728 ____A C:\Users\Russell\Downloads\3DGtaB-GAppZ-8.3.zip
2012-05-14 21:39 - 2012-05-14 21:39 - 00327905 ____A C:\Users\Russell\Downloads\nvflash_windows_5.118.zip
2012-05-14 21:28 - 2012-05-14 21:19 - 211392820 ____A C:\Users\Russell\Downloads\TeamDRH-ICS-Beta-1.2.zip
2012-05-14 21:23 - 2012-05-14 21:17 - 107186513 ____A C:\Users\Russell\Downloads\Full_Stock_NVFlash_CWM_5504_Touch.zip
2012-05-14 20:53 - 2012-05-14 20:53 - 04000309 ____A C:\Users\Russell\Downloads\GPlay_3.5.19.apk
2012-05-11 22:48 - 2012-05-11 22:48 - 00000175 ____A C:\Users\Public\Desktop\DragonNest.url
2012-05-11 19:20 - 2012-05-11 19:20 - 00000207 ____A C:\Users\Public\Desktop\Vindictus.url
2012-05-11 18:36 - 2012-05-11 18:36 - 01960400 ____A C:\Users\Russell\Downloads\VindictusDownloaderV152.exe
2012-05-11 13:40 - 2012-05-11 13:40 - 00001228 ____A C:\Users\Public\Desktop\3DMark Vantage.lnk
2012-05-11 13:38 - 2012-05-11 13:28 - 365678592 ____A (Futuremark Corporation) C:\Users\Russell\Downloads\3DMark_Vantage_v110_installer-Bjorn3D.exe
2012-05-11 12:56 - 2012-05-11 12:56 - 00792704 ____A (AMD) C:\Users\Russell\Downloads\amddriverdownloader.exe
2012-05-11 12:37 - 2012-05-11 12:37 - 00000041 ____A C:\Users\Russell\Downloads\ok.txt
2012-05-11 12:33 - 2012-05-11 12:33 - 00001809 ____A C:\Users\Public\Desktop\3DMark 11.lnk
2012-05-11 12:29 - 2012-05-11 12:24 - 294237056 ____A (Futuremark Corporation) C:\Users\Russell\Downloads\3DMark_11_v103_installer.exe
2012-05-07 20:26 - 2012-05-07 20:26 - 00002002 ____A C:\Users\Russell\Desktop\Aion.lnk
2012-05-07 20:14 - 2012-05-07 20:14 - 00002037 ____A C:\Users\Public\Desktop\NCsoft Launcher.lnk
2012-05-07 20:12 - 2012-05-07 20:11 - 06523640 ____A (Macrovision Corporation) C:\Users\Russell\Downloads\NCsoftLauncherSetup.exe
2012-05-05 09:25 - 2012-05-05 09:25 - 00001461 ____A C:\Users\Public\Desktop\Batman Arkham City.lnk
2012-05-05 08:18 - 2012-05-05 08:18 - 00002126 ____A C:\Users\Public\Desktop\Street Fighter X Tekken.lnk
2012-05-04 12:19 - 2012-05-04 12:19 - 00323377 ____A C:\Users\Russell\Documents\rebate.xps
2012-05-04 12:04 - 2012-05-04 11:43 - 2050742762 ____A C:\Users\Russell\Downloads\a175-win.exe
2012-05-03 21:20 - 2012-05-03 21:20 - 35989856 ____A (NVIDIA Corporation) C:\Users\Russell\Downloads\PhysX_9.09.1112_SystemSoftware.exe
2012-05-03 17:21 - 2012-05-03 15:37 - 127657364 ____A C:\Users\Russell\Downloads\891VSW764.zip
2012-05-03 16:51 - 2012-05-03 16:29 - 00000182 ____A C:\Users\Russell\Downloads\bench results.txt
2012-05-03 15:49 - 2012-05-03 15:49 - 00000000 ____A C:\Windows\ativpsrm.bin

ZeroAccess:
C:\Windows\Installer\{08cc644e-38bb-6c32-dc41-f68d6cce7543}
C:\Windows\Installer\{08cc644e-38bb-6c32-dc41-f68d6cce7543}\@
C:\Windows\Installer\{08cc644e-38bb-6c32-dc41-f68d6cce7543}\L
C:\Windows\Installer\{08cc644e-38bb-6c32-dc41-f68d6cce7543}\n
C:\Windows\Installer\{08cc644e-38bb-6c32-dc41-f68d6cce7543}\U
C:\Windows\Installer\{08cc644e-38bb-6c32-dc41-f68d6cce7543}\U\00000001.@

ZeroAccess:
C:\Users\Russell\AppData\Local\{08cc644e-38bb-6c32-dc41-f68d6cce7543}
C:\Users\Russell\AppData\Local\{08cc644e-38bb-6c32-dc41-f68d6cce7543}\@
C:\Users\Russell\AppData\Local\{08cc644e-38bb-6c32-dc41-f68d6cce7543}\L
C:\Users\Russell\AppData\Local\{08cc644e-38bb-6c32-dc41-f68d6cce7543}\U

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 18%
Total physical RAM: 4095.23 MB
Available physical RAM: 3353.07 MB
Total Pagefile: 4093.38 MB
Available Pagefile: 3348.36 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (eMachines) (Fixed) (Total:684.54 GB) (Free:255.33 GB) NTFS
2 Drive e: (PQSERVICE) (Fixed) (Total:14 GB) (Free:4.99 GB) NTFS
8 Drive k: (KINGSTON) (Removable) (Total:1.87 GB) (Free:1.87 GB) FAT
9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
10 Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 698 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B
Disk 6 Online 1919 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 14 GB 1024 KB
Partition 2 Primary 100 MB 14 GB
Partition 3 Primary 684 GB 14 GB

==================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E PQSERVICE NTFS Partition 14 GB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 Y SYSTEM RESE NTFS Partition 100 MB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C eMachines NTFS Partition 684 GB Healthy

==================================================================================

Partitions of Disk 6:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1915 MB 4032 KB

==================================================================================

Disk: 6
Partition 1
Type : 06
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 8 K KINGSTON FAT Removable 1915 MB Healthy

==================================================================================

testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!


==========================================================

Last Boot: 2012-07-24 22:33

======================= End Of Log ==========================

Edited by Onionman34, 29 July 2012 - 04:47 PM.


BC AdBot (Login to Remove)

 


#2 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:06:57 AM

Posted 01 August 2012 - 01:53 PM

Hello and welcome to Bleeping Computer!

I am D-FRED-BROWN and I will be helping you. :)


Please print or save this topic. It will make it easier for you to follow the instructions and complete all of the necessary steps.


----------Step 1----------------
I know you've already run TDSSKiller before, but please run it one more time so we have an up-to-date idea of what may be remaining on the computer.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Skip is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: Do not choose Cure or Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

----------Step 2----------------
Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.


----------Step 3----------------
Please download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

----------Step 4----------------
In your next reply, please include the following:
  • TDSSKiller's logfile
  • ComboFix's report (C:\ComboFix.txt)
  • Security Check checkup.txt
After that, please let me know: How is your computer running now? Do you have any questions or concerns you'd like me to address? Don't hesitate to ask. :)

Edited by D-FRED-BROWN, 01 August 2012 - 01:58 PM.

Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#3 Onionman34

Onionman34
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:57 AM

Posted 01 August 2012 - 04:22 PM

I apologize.
I post this on another board and they have already helped me with my problem.

Thank you though for taking the time too view my post and respond.
Even though you werent the one to help me i am thankful that people like you are helping out those in need.
Feel free to close this thread.

#4 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:06:57 AM

Posted 01 August 2012 - 08:28 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users