Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"Windows has encountered critical problem" reboot loop


  • This topic is locked This topic is locked
3 replies to this topic

#1 Fashdisc

Fashdisc

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:51 PM

Posted 31 July 2012 - 04:31 PM

Dear Bleeping Computer

New user here - and you might be my only hope...

Had a feeling encountered malware today. Quickly closed down IE and ran MalwarebytesAM with its Chameleon which picked up a couple of threats and seemed to remove them. Then ran TDSSKIller as well just to be on safe side. I'm running Win7 64.

However then Windows Firewall turned itself off for some reason. Tried uninstalling then reinstalling Microsoft Security Essentials only for it to get locked in an infinite restart loop with the error "Windows has encountered a critical problem and will restart in one minute" This happens in both normal and safe modes.

Found my way here where others seem to be having similar issues and d/l and used FRST tool to produce a log below. However despite going into advanced boot options, couldn't find the 'Repair My Computer' option,and putting Windows 7 disk in again - there was no repair/upgrade option to get me into System Recovery and give me the Command Prompt. Log file then just taken by clicking on the FTST64.exe in the flash drive.


Anyway log provided below: Any expert help gratefully received!



Scan result of Farbar Recovery Scan Tool Version: 25-07-2012 01
Ran by User at 31-07-2012 22:14:12
Running from F:\
Service Pack 1 (X64) OS Language: English(US)
Attention: Could not load system hive.ERROR: The process cannot access the file because it is being used by another process.

ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.


============ One Month Created Files and Folders ==============

2012-07-31 22:13 - 2012-07-31 22:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9863A25398A284F7
2012-07-31 22:13 - 2012-07-31 22:13 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ffbthmks.sys
2012-07-31 22:11 - 2012-07-31 22:11 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C658072D84AF21AB
2012-07-31 20:44 - 2012-07-31 20:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F0513596D066B527
2012-07-31 20:42 - 2012-07-31 20:42 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7EF79848DB2BA76A
2012-07-31 20:40 - 2012-07-31 20:40 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.79DF44A1E55AFFB9
2012-07-31 20:38 - 2012-07-31 20:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.444DFB083F1B40DA
2012-07-31 20:36 - 2012-07-31 20:36 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F9EF526BCCEA5E12
2012-07-31 20:34 - 2012-07-31 20:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D3E540EE4296494B
2012-07-31 20:32 - 2012-07-31 20:32 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C24F9AAF35BED835
2012-07-31 20:16 - 2012-07-31 20:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.05B8246A95AFF22B
2012-07-31 19:55 - 2012-07-31 19:55 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4B1BB02A90688A87
2012-07-31 19:53 - 2012-07-31 19:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.03162F64A31D68F1
2012-07-31 19:51 - 2012-07-31 19:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1523689E443D3020
2012-07-31 19:51 - 2012-07-31 19:51 - 00116016 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\24878461.sys
2012-07-31 19:49 - 2012-07-31 19:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.85CF1A2425B4385D
2012-07-31 19:49 - 2012-07-31 19:49 - 00001266 ____A C:\Users\User\Desktop\shutdown.exe.lnk
2012-07-31 19:47 - 2012-07-31 19:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.12DAC5342ED193F6
2012-07-31 19:45 - 2012-07-31 19:45 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E416A7260CC7B5D4
2012-07-31 19:40 - 2012-07-31 19:40 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.73B13A75D09881C8
2012-07-31 19:38 - 2012-07-31 19:38 - 00000000 ____D C:\$WINDOWS.~BT
2012-07-31 19:37 - 2012-07-31 19:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3430E85C1B22F702
2012-07-31 19:29 - 2012-07-31 19:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AA62F578CBA126F6
2012-07-31 19:27 - 2012-07-31 19:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B8EF0533CE153B09
2012-07-31 19:22 - 2012-07-31 19:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6B3F1872868AE20A
2012-07-31 19:18 - 2012-07-31 19:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B83AD3E274B58191
2012-07-31 19:16 - 2012-07-31 19:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AF7127CA5E6E1C04
2012-07-31 19:12 - 2012-07-31 19:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A49B56B67E74589A
2012-07-31 19:09 - 2012-07-31 19:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F846DE37E5EDFEBB
2012-07-31 19:07 - 2012-07-31 19:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.713FBE1AE927D49A
2012-07-31 19:05 - 2012-07-31 19:05 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BCCB87E809456620
2012-07-31 19:03 - 2012-07-31 19:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CDCF952B78A93386
2012-07-31 18:58 - 2012-07-31 18:59 - 00005893 ____A C:\Windows\WindowsUpdate.log
2012-07-31 18:58 - 2012-07-31 18:58 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-07-31 18:58 - 2012-07-31 18:58 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-07-31 18:54 - 2012-07-31 22:13 - 00238213 ____A C:\Windows\setupact.log
2012-07-31 18:54 - 2012-07-31 20:16 - 00001776 ____A C:\Windows\PFRO.log
2012-07-31 18:54 - 2012-07-31 19:39 - 00000000 ____A C:\Windows\setuperr.log
2012-07-31 18:52 - 2012-07-31 18:52 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-31 18:52 - 2012-07-31 18:52 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-07-31 18:52 - 2012-07-31 18:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-31 18:52 - 2012-07-03 13:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-31 18:51 - 2012-07-31 18:51 - 00033096 ____A C:\Windows\System32\Drivers\mbamchameleon.sys
2012-07-31 18:41 - 2012-07-31 18:41 - 00056320 ___AH (FRISK Software International) C:\Windows\SysWOW64\PATHDate.dll
2012-07-30 18:17 - 2012-07-30 18:42 - 00000000 ____D C:\Users\User\Desktop\HSFX 6
2012-07-29 19:43 - 2012-07-29 19:44 - 46935512 ____A C:\Users\User\Desktop\spitfire on my tail-part1(1.07).rar
2012-07-28 17:06 - 2012-07-28 17:06 - 00342601 ____A C:\Users\User\Desktop\DCS A-10C Operator Checklists 8b.zip
2012-07-24 11:17 - 2012-07-24 11:18 - 00066558 ____A C:\Users\User\Desktop\Winners + Entrants (test + duplicates removed) RAeS 2012 FarnAirshow.xlsx
2012-07-24 09:35 - 2012-07-24 09:35 - 00066057 ____A C:\Users\User\Desktop\Entrants (test + duplicates removed) RAeS 2012 Farnborough Airshow works - Copy.xlsx
2012-07-18 17:09 - 2012-07-18 17:09 - 00000000 ____D C:\Users\User\AppData\Local\Unity
2012-07-15 16:01 - 2012-07-13 11:55 - 00608678 ____A C:\Users\User\Desktop\Cdr Gabby Wise.amr
2012-07-11 19:12 - 2012-07-11 19:12 - 00000000 ____H C:\Users\User\Desktop\~WRL0109.tmp
2012-07-11 01:54 - 2012-06-12 04:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-11 01:52 - 2012-06-02 13:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-11 01:52 - 2012-06-02 13:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-11 01:52 - 2012-06-02 13:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-11 01:52 - 2012-06-02 13:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-11 01:52 - 2012-06-02 13:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-11 01:52 - 2012-06-02 13:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-11 01:52 - 2012-06-02 13:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-11 01:52 - 2012-06-02 13:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-11 01:52 - 2012-06-02 13:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-11 01:52 - 2012-06-02 13:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-11 01:52 - 2012-06-02 12:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-11 01:52 - 2012-06-02 12:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-11 01:52 - 2012-06-02 12:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-11 01:52 - 2012-06-02 12:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-11 01:52 - 2012-06-02 10:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-07-11 01:52 - 2012-06-02 09:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-07-11 01:52 - 2012-06-02 09:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-07-11 01:52 - 2012-06-02 09:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-07-11 01:52 - 2012-06-02 09:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-07-11 01:52 - 2012-06-02 09:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-07-11 01:52 - 2012-06-02 09:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-07-11 01:52 - 2012-06-02 09:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-07-11 01:52 - 2012-06-02 09:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-07-11 01:52 - 2012-06-02 09:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-07-11 01:52 - 2012-06-02 09:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-07-11 01:52 - 2012-06-02 09:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-07-11 01:52 - 2012-06-02 09:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-07-11 01:52 - 2012-06-02 09:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-07-10 21:05 - 2012-07-10 21:05 - 03906749 ____A C:\Users\User\Desktop\WeTransfer-w7FRKk2y.zip
2012-07-10 20:16 - 2012-06-09 06:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-10 20:16 - 2012-06-09 05:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-10 20:16 - 2012-06-06 07:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-10 20:16 - 2012-06-06 07:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-10 20:16 - 2012-06-06 07:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-07-10 20:16 - 2012-06-06 06:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-10 20:16 - 2012-06-06 06:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-10 20:16 - 2012-06-06 06:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-07-10 20:16 - 2012-06-02 06:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-10 20:16 - 2012-06-02 06:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-10 20:16 - 2012-06-02 06:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-10 20:16 - 2012-06-02 06:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-10 20:16 - 2012-06-02 06:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-10 20:16 - 2012-06-02 05:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-10 20:16 - 2012-06-02 05:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-10 20:16 - 2012-06-02 05:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-10 20:16 - 2012-06-02 05:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-07-10 20:16 - 2010-06-26 04:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-07-10 20:16 - 2010-06-26 04:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2012-07-09 05:42 - 2012-07-09 05:42 - 00001750 ____A C:\Users\Public\Desktop\Browser Choice.lnk
2012-07-08 17:34 - 2010-02-23 09:16 - 00294912 ____A (Microsoft Corporation) C:\Windows\System32\browserchoice.exe
2012-07-07 18:53 - 2012-07-07 18:53 - 00000000 ____D C:\Users\User\AppData\Roaming\Sony Corporation
2012-07-07 18:51 - 2012-07-07 18:51 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2012-07-07 18:47 - 2012-07-07 18:47 - 00000000 ____D C:\Users\All Users\Sony Corporation
2012-07-02 18:25 - 2012-07-02 18:25 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf


============ 3 Months Modified Files ========================

2012-07-31 22:13 - 2012-07-31 22:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9863A25398A284F7
2012-07-31 22:13 - 2012-07-31 22:13 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ffbthmks.sys
2012-07-31 22:13 - 2012-07-31 18:54 - 00238213 ____A C:\Windows\setupact.log
2012-07-31 22:13 - 2011-10-12 19:12 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-31 22:13 - 2009-07-14 06:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-31 22:11 - 2012-07-31 22:11 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C658072D84AF21AB
2012-07-31 20:45 - 2011-10-12 19:12 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-31 20:44 - 2012-07-31 20:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F0513596D066B527
2012-07-31 20:42 - 2012-07-31 20:42 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7EF79848DB2BA76A
2012-07-31 20:40 - 2012-07-31 20:40 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.79DF44A1E55AFFB9
2012-07-31 20:38 - 2012-07-31 20:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.444DFB083F1B40DA
2012-07-31 20:36 - 2012-07-31 20:36 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F9EF526BCCEA5E12
2012-07-31 20:34 - 2012-07-31 20:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D3E540EE4296494B
2012-07-31 20:32 - 2012-07-31 20:32 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C24F9AAF35BED835
2012-07-31 20:16 - 2012-07-31 20:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.05B8246A95AFF22B
2012-07-31 20:16 - 2012-07-31 18:54 - 00001776 ____A C:\Windows\PFRO.log
2012-07-31 19:55 - 2012-07-31 19:55 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4B1BB02A90688A87
2012-07-31 19:53 - 2012-07-31 19:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.03162F64A31D68F1
2012-07-31 19:51 - 2012-07-31 19:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1523689E443D3020
2012-07-31 19:51 - 2012-07-31 19:51 - 00116016 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\24878461.sys
2012-07-31 19:49 - 2012-07-31 19:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.85CF1A2425B4385D
2012-07-31 19:49 - 2012-07-31 19:49 - 00001266 ____A C:\Users\User\Desktop\shutdown.exe.lnk
2012-07-31 19:47 - 2012-07-31 19:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.12DAC5342ED193F6
2012-07-31 19:45 - 2012-07-31 19:45 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E416A7260CC7B5D4
2012-07-31 19:40 - 2012-07-31 19:40 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.73B13A75D09881C8
2012-07-31 19:40 - 2012-05-25 20:43 - 00001908 ____A C:\Windows\diagwrn.xml
2012-07-31 19:40 - 2012-05-25 20:43 - 00001908 ____A C:\Windows\diagerr.xml
2012-07-31 19:39 - 2012-07-31 18:54 - 00000000 ____A C:\Windows\setuperr.log
2012-07-31 19:37 - 2012-07-31 19:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3430E85C1B22F702
2012-07-31 19:29 - 2012-07-31 19:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AA62F578CBA126F6
2012-07-31 19:27 - 2012-07-31 19:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B8EF0533CE153B09
2012-07-31 19:22 - 2012-07-31 19:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6B3F1872868AE20A
2012-07-31 19:18 - 2012-07-31 19:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B83AD3E274B58191
2012-07-31 19:18 - 2009-07-14 06:08 - 00032636 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-31 19:16 - 2012-07-31 19:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AF7127CA5E6E1C04
2012-07-31 19:12 - 2012-07-31 19:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A49B56B67E74589A
2012-07-31 19:09 - 2012-07-31 19:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F846DE37E5EDFEBB
2012-07-31 19:07 - 2012-07-31 19:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.713FBE1AE927D49A
2012-07-31 19:05 - 2012-07-31 19:05 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BCCB87E809456620
2012-07-31 19:03 - 2012-07-31 19:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CDCF952B78A93386
2012-07-31 19:01 - 2009-07-14 05:45 - 00024960 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-31 19:01 - 2009-07-14 05:45 - 00024960 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-31 18:59 - 2012-07-31 18:58 - 00005893 ____A C:\Windows\WindowsUpdate.log
2012-07-31 18:59 - 2011-04-22 09:04 - 00001945 ____A C:\Windows\epplauncher.mif
2012-07-31 18:58 - 2012-05-26 12:36 - 00786470 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-07-31 18:58 - 2009-07-14 06:13 - 00781348 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-31 18:52 - 2012-07-31 18:52 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-31 18:51 - 2012-07-31 18:51 - 00033096 ____A C:\Windows\System32\Drivers\mbamchameleon.sys
2012-07-31 18:41 - 2012-07-31 18:41 - 00056320 ___AH (FRISK Software International) C:\Windows\SysWOW64\PATHDate.dll
2012-07-29 19:44 - 2012-07-29 19:43 - 46935512 ____A C:\Users\User\Desktop\spitfire on my tail-part1(1.07).rar
2012-07-29 18:08 - 2011-09-09 20:27 - 00282696 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
2012-07-29 18:08 - 2011-09-05 18:14 - 00282696 ____A C:\Windows\SysWOW64\PnkBstrB.exe
2012-07-28 17:06 - 2012-07-28 17:06 - 00342601 ____A C:\Users\User\Desktop\DCS A-10C Operator Checklists 8b.zip
2012-07-25 13:43 - 2011-11-28 13:55 - 00002038 ___AH C:\Users\User\Documents\Default.rdp
2012-07-24 11:18 - 2012-07-24 11:17 - 00066558 ____A C:\Users\User\Desktop\Winners + Entrants (test + duplicates removed) RAeS 2012 FarnAirshow.xlsx
2012-07-24 09:35 - 2012-07-24 09:35 - 00066057 ____A C:\Users\User\Desktop\Entrants (test + duplicates removed) RAeS 2012 Farnborough Airshow works - Copy.xlsx
2012-07-22 18:05 - 2011-09-05 18:14 - 00282696 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
2012-07-20 09:19 - 2012-04-20 20:04 - 00000391 ____A C:\Users\User\Desktop\FF sharon.txt
2012-07-13 11:55 - 2012-07-15 16:01 - 00608678 ____A C:\Users\User\Desktop\Cdr Gabby Wise.amr
2012-07-11 19:12 - 2012-07-11 19:12 - 00000000 ____H C:\Users\User\Desktop\~WRL0109.tmp
2012-07-11 05:27 - 2009-07-14 05:45 - 07813744 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-10 21:05 - 2012-07-10 21:05 - 03906749 ____A C:\Users\User\Desktop\WeTransfer-w7FRKk2y.zip
2012-07-09 05:42 - 2012-07-09 05:42 - 00001750 ____A C:\Users\Public\Desktop\Browser Choice.lnk
2012-07-03 13:46 - 2012-07-31 18:52 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-02 18:25 - 2012-07-02 18:25 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2012-06-28 20:16 - 2011-09-05 18:14 - 00076888 ____A C:\Windows\SysWOW64\PnkBstrA.exe
2012-06-28 19:10 - 2012-06-28 20:16 - 03166792 ____N C:\Windows\SysWOW64\pbsvc.exe
2012-06-26 19:07 - 2012-06-26 18:30 - 00000189 ____A C:\Users\User\Desktop\Koeran air.txt
2012-06-25 16:04 - 2012-06-25 16:04 - 01394248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml4.dll
2012-06-22 07:21 - 2012-06-25 09:46 - 25723166 ____A C:\Users\User\Desktop\insituOregon 077.AVI
2012-06-15 18:38 - 2011-07-03 16:45 - 00001616 ____A C:\Users\User\Desktop\Video text jane garnham.txt
2012-06-12 04:08 - 2012-07-11 01:54 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-09 06:43 - 2012-07-10 20:16 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-09 05:41 - 2012-07-10 20:16 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-06 07:06 - 2012-07-10 20:16 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-06 07:06 - 2012-07-10 20:16 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-06 07:02 - 2012-07-10 20:16 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-06 06:05 - 2012-07-10 20:16 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-06 06:05 - 2012-07-10 20:16 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-06 06:03 - 2012-07-10 20:16 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-02 23:19 - 2012-06-25 18:46 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 23:19 - 2012-06-25 18:46 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 23:19 - 2012-06-25 18:46 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 23:19 - 2012-06-25 18:46 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 23:19 - 2012-06-25 18:46 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 23:15 - 2012-06-25 18:46 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 23:15 - 2012-06-25 18:46 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 15:19 - 2012-06-25 18:46 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 15:15 - 2012-06-25 18:46 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 13:49 - 2012-07-11 01:52 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 13:17 - 2012-07-11 01:52 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 13:12 - 2012-07-11 01:52 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 13:05 - 2012-07-11 01:52 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 13:05 - 2012-07-11 01:52 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 13:04 - 2012-07-11 01:52 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 13:04 - 2012-07-11 01:52 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 13:03 - 2012-07-11 01:52 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 13:01 - 2012-07-11 01:52 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 13:00 - 2012-07-11 01:52 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 12:59 - 2012-07-11 01:52 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 12:57 - 2012-07-11 01:52 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 12:57 - 2012-07-11 01:52 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 12:54 - 2012-07-11 01:52 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 10:07 - 2012-07-11 01:52 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-02 09:43 - 2012-07-11 01:52 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-02 09:33 - 2012-07-11 01:52 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-02 09:26 - 2012-07-11 01:52 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-02 09:25 - 2012-07-11 01:52 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-02 09:25 - 2012-07-11 01:52 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-02 09:23 - 2012-07-11 01:52 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-02 09:21 - 2012-07-11 01:52 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-02 09:20 - 2012-07-11 01:52 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-02 09:19 - 2012-07-11 01:52 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-02 09:19 - 2012-07-11 01:52 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-02 09:17 - 2012-07-11 01:52 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-02 09:16 - 2012-07-11 01:52 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-02 09:14 - 2012-07-11 01:52 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-02 06:50 - 2012-07-10 20:16 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-02 06:48 - 2012-07-10 20:16 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-02 06:48 - 2012-07-10 20:16 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-02 06:45 - 2012-07-10 20:16 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-02 06:44 - 2012-07-10 20:16 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-02 05:40 - 2012-07-10 20:16 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-02 05:40 - 2012-07-10 20:16 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-02 05:39 - 2012-07-10 20:16 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-02 05:34 - 2012-07-10 20:16 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 03695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-05-27 14:25 - 2012-05-27 14:25 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-05-27 14:25 - 2012-05-27 14:25 - 00697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-05-27 14:25 - 2012-05-27 14:25 - 00434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-05-27 14:25 - 2012-05-27 14:25 - 00353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-05-27 14:25 - 2012-05-27 14:25 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-05-27 14:25 - 2012-05-27 14:25 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2012-05-27 14:25 - 2012-05-27 14:25 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2012-05-27 14:25 - 2012-05-27 14:25 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-05-27 14:25 - 2012-05-27 14:25 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-05-27 14:25 - 2012-05-27 14:25 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-05-27 14:25 - 2012-05-27 14:25 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-05-27 14:25 - 2012-05-27 14:25 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-05-27 14:25 - 2012-05-27 14:25 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2012-05-27 14:25 - 2012-05-27 14:25 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-05-27 14:25 - 2012-05-27 14:25 - 00066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-05-27 14:25 - 2012-05-27 14:25 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-05-27 14:25 - 2012-05-27 14:25 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-05-27 14:25 - 2012-05-27 14:25 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-05-27 14:25 - 2012-05-27 14:25 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-05-26 20:49 - 2009-07-14 06:38 - 00025600 __ASH C:\Windows\System32\config\BCD-Template.LOG
2012-05-26 20:49 - 2009-07-14 06:32 - 00028672 ____A C:\Windows\System32\config\BCD-Template
2012-05-26 20:48 - 2012-05-26 20:48 - 00262144 ____A C:\Windows\System32\config\userdiff
2012-05-26 13:29 - 2012-05-26 13:29 - 00000716 ____A C:\Users\Public\Desktop\TrackIR v5.lnk
2012-05-26 12:52 - 2012-05-26 12:52 - 00000029 ____A C:\Users\User\Desktop\Windows product key.txt
2012-05-26 12:49 - 2012-05-26 12:49 - 00000000 ____A C:\Users\User\Desktop\New Text Document (3).txt
2012-05-26 12:25 - 2012-05-26 12:25 - 00139640 ____A C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2012-05-26 12:24 - 2012-05-26 12:24 - 00000020 ___SH C:\Users\User\ntuser.ini
2012-05-26 12:24 - 2012-05-26 12:24 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2012-05-26 12:02 - 2012-05-26 12:02 - 00022744 ____A C:\Windows\System32\emptyregdb.dat
2012-05-26 11:29 - 2012-05-26 11:11 - 00004404 ____A C:\Users\User\Desktop\Windows Compatibility Report.htm
2012-05-25 20:21 - 2012-05-25 20:21 - 00000198 ____A C:\Users\User\Desktop\repair.bat
2012-05-25 20:03 - 2012-05-25 20:03 - 01700352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gdiplus.dll
2012-05-25 20:01 - 2012-05-25 20:01 - 85869224 ____A (COMODO) C:\Users\User\Desktop\cfw_installer.exe
2012-05-25 19:46 - 2012-05-25 19:46 - 00116016 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\77648603.sys
2012-05-25 19:31 - 2012-05-25 19:31 - 00116016 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\72382705.sys
2012-05-25 19:05 - 2012-05-25 19:31 - 02126936 ____A (Kaspersky Lab ZAO) C:\Users\User\Desktop\tdsskiller.exe
2012-05-25 17:52 - 2012-05-25 17:52 - 12621696 ____A (Microsoft Corporation) C:\Users\User\Downloads\mseinstall.exe
2012-05-25 17:46 - 2012-05-25 17:43 - 00000361 ____A C:\rkill.log
2012-05-25 09:47 - 2012-05-25 09:45 - 00004096 ____A C:\Users\Public\Documents\000031A7.LCS
2012-05-25 09:45 - 2012-05-25 09:45 - 00000829 ____A C:\Users\Public\Desktop\Launch Iron Front.lnk
2012-05-25 08:47 - 2012-04-10 18:14 - 00000155 ____A C:\Users\User\Desktop\New Text Document (2).txt
2012-05-13 20:38 - 2012-05-13 11:32 - 00001831 ____A C:\Users\User\Desktop\Questions for FLt Lt Bond.txt
2012-05-12 18:41 - 2012-05-12 18:41 - 00000324 ____A C:\Users\User\Desktop\Ghost Recon Online.appref-ms
2012-05-04 12:06 - 2012-06-14 05:14 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 11:03 - 2012-06-14 05:14 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 11:03 - 2012-06-14 05:14 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

ZeroAccess:
C:\Windows\Installer\{42af9215-5df0-c946-7946-dcb955ea01b4}
C:\Windows\Installer\{42af9215-5df0-c946-7946-dcb955ea01b4}\@
C:\Windows\Installer\{42af9215-5df0-c946-7946-dcb955ea01b4}\L
C:\Windows\Installer\{42af9215-5df0-c946-7946-dcb955ea01b4}\U
C:\Windows\Installer\{42af9215-5df0-c946-7946-dcb955ea01b4}\L\00000004.@
C:\Windows\Installer\{42af9215-5df0-c946-7946-dcb955ea01b4}\L\201d3dde
C:\Windows\Installer\{42af9215-5df0-c946-7946-dcb955ea01b4}\U\00000008.@

ZeroAccess:
C:\Users\User\AppData\Local\{42af9215-5df0-c946-7946-dcb955ea01b4}
C:\Users\User\AppData\Local\{42af9215-5df0-c946-7946-dcb955ea01b4}\@
C:\Users\User\AppData\Local\{42af9215-5df0-c946-7946-dcb955ea01b4}\L
C:\Users\User\AppData\Local\{42af9215-5df0-c946-7946-dcb955ea01b4}\U

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2009-07-14 00:19] - [2009-07-14 02:39] - 0328704 ____A () D41D8CD98F00B204E9800998ECF8427E

C:\Windows\System32\services.exe IS INFECTED. <===== ATTENTION!

C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
Scan result of Farbar Recovery Scan Tool Version: 25-07-2012 01
Ran by User at 31-07-2012 22:15:28
Running from F:\
Service Pack 1 (X64) OS Language: English(US)
Attention: Could not load system hive.ERROR: The process cannot access the file because it is being used by another process.

ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.


============ One Month Created Files and Folders ==============

2012-07-31 22:15 - 2012-07-31 22:15 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\wdtbiexv.sys
2012-07-31 22:13 - 2012-07-31 22:15 - 00000000 ____D C:\FRST
2012-07-31 22:13 - 2012-07-31 22:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9863A25398A284F7
2012-07-31 22:11 - 2012-07-31 22:11 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C658072D84AF21AB
2012-07-31 20:44 - 2012-07-31 20:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F0513596D066B527
2012-07-31 20:42 - 2012-07-31 20:42 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7EF79848DB2BA76A
2012-07-31 20:40 - 2012-07-31 20:40 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.79DF44A1E55AFFB9
2012-07-31 20:38 - 2012-07-31 20:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.444DFB083F1B40DA
2012-07-31 20:36 - 2012-07-31 20:36 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F9EF526BCCEA5E12
2012-07-31 20:34 - 2012-07-31 20:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D3E540EE4296494B
2012-07-31 20:32 - 2012-07-31 20:32 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C24F9AAF35BED835
2012-07-31 20:16 - 2012-07-31 20:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.05B8246A95AFF22B
2012-07-31 19:55 - 2012-07-31 19:55 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4B1BB02A90688A87
2012-07-31 19:53 - 2012-07-31 19:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.03162F64A31D68F1
2012-07-31 19:51 - 2012-07-31 19:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1523689E443D3020
2012-07-31 19:51 - 2012-07-31 19:51 - 00116016 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\24878461.sys
2012-07-31 19:49 - 2012-07-31 19:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.85CF1A2425B4385D
2012-07-31 19:49 - 2012-07-31 19:49 - 00001266 ____A C:\Users\User\Desktop\shutdown.exe.lnk
2012-07-31 19:47 - 2012-07-31 19:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.12DAC5342ED193F6
2012-07-31 19:45 - 2012-07-31 19:45 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E416A7260CC7B5D4
2012-07-31 19:40 - 2012-07-31 19:40 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.73B13A75D09881C8
2012-07-31 19:38 - 2012-07-31 19:38 - 00000000 ____D C:\$WINDOWS.~BT
2012-07-31 19:37 - 2012-07-31 19:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3430E85C1B22F702
2012-07-31 19:29 - 2012-07-31 19:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AA62F578CBA126F6
2012-07-31 19:27 - 2012-07-31 19:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B8EF0533CE153B09
2012-07-31 19:22 - 2012-07-31 19:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6B3F1872868AE20A
2012-07-31 19:18 - 2012-07-31 19:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B83AD3E274B58191
2012-07-31 19:16 - 2012-07-31 19:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AF7127CA5E6E1C04
2012-07-31 19:12 - 2012-07-31 19:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A49B56B67E74589A
2012-07-31 19:09 - 2012-07-31 19:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F846DE37E5EDFEBB
2012-07-31 19:07 - 2012-07-31 19:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.713FBE1AE927D49A
2012-07-31 19:05 - 2012-07-31 19:05 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BCCB87E809456620
2012-07-31 19:03 - 2012-07-31 19:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CDCF952B78A93386
2012-07-31 18:58 - 2012-07-31 18:59 - 00005893 ____A C:\Windows\WindowsUpdate.log
2012-07-31 18:58 - 2012-07-31 18:58 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-07-31 18:58 - 2012-07-31 18:58 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-07-31 18:54 - 2012-07-31 22:15 - 00251369 ____A C:\Windows\setupact.log
2012-07-31 18:54 - 2012-07-31 20:16 - 00001776 ____A C:\Windows\PFRO.log
2012-07-31 18:54 - 2012-07-31 19:39 - 00000000 ____A C:\Windows\setuperr.log
2012-07-31 18:52 - 2012-07-31 18:52 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-31 18:52 - 2012-07-31 18:52 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-07-31 18:52 - 2012-07-31 18:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-31 18:52 - 2012-07-03 13:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-31 18:51 - 2012-07-31 18:51 - 00033096 ____A C:\Windows\System32\Drivers\mbamchameleon.sys
2012-07-31 18:41 - 2012-07-31 18:41 - 00056320 ___AH (FRISK Software International) C:\Windows\SysWOW64\PATHDate.dll
2012-07-30 18:17 - 2012-07-30 18:42 - 00000000 ____D C:\Users\User\Desktop\HSFX 6
2012-07-29 19:43 - 2012-07-29 19:44 - 46935512 ____A C:\Users\User\Desktop\spitfire on my tail-part1(1.07).rar
2012-07-28 17:06 - 2012-07-28 17:06 - 00342601 ____A C:\Users\User\Desktop\DCS A-10C Operator Checklists 8b.zip
2012-07-24 11:17 - 2012-07-24 11:18 - 00066558 ____A C:\Users\User\Desktop\Winners + Entrants (test + duplicates removed) RAeS 2012 FarnAirshow.xlsx
2012-07-24 09:35 - 2012-07-24 09:35 - 00066057 ____A C:\Users\User\Desktop\Entrants (test + duplicates removed) RAeS 2012 Farnborough Airshow works - Copy.xlsx
2012-07-18 17:09 - 2012-07-18 17:09 - 00000000 ____D C:\Users\User\AppData\Local\Unity
2012-07-15 16:01 - 2012-07-13 11:55 - 00608678 ____A C:\Users\User\Desktop\Cdr Gabby Wise.amr
2012-07-11 19:12 - 2012-07-11 19:12 - 00000000 ____H C:\Users\User\Desktop\~WRL0109.tmp
2012-07-11 01:54 - 2012-06-12 04:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-11 01:52 - 2012-06-02 13:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-11 01:52 - 2012-06-02 13:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-11 01:52 - 2012-06-02 13:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-11 01:52 - 2012-06-02 13:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-11 01:52 - 2012-06-02 13:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-11 01:52 - 2012-06-02 13:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-11 01:52 - 2012-06-02 13:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-11 01:52 - 2012-06-02 13:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-11 01:52 - 2012-06-02 13:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-11 01:52 - 2012-06-02 13:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-11 01:52 - 2012-06-02 12:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-11 01:52 - 2012-06-02 12:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-11 01:52 - 2012-06-02 12:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-11 01:52 - 2012-06-02 12:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-11 01:52 - 2012-06-02 10:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-07-11 01:52 - 2012-06-02 09:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-07-11 01:52 - 2012-06-02 09:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-07-11 01:52 - 2012-06-02 09:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-07-11 01:52 - 2012-06-02 09:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-07-11 01:52 - 2012-06-02 09:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-07-11 01:52 - 2012-06-02 09:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-07-11 01:52 - 2012-06-02 09:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-07-11 01:52 - 2012-06-02 09:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-07-11 01:52 - 2012-06-02 09:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-07-11 01:52 - 2012-06-02 09:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-07-11 01:52 - 2012-06-02 09:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-07-11 01:52 - 2012-06-02 09:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-07-11 01:52 - 2012-06-02 09:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-07-10 21:05 - 2012-07-10 21:05 - 03906749 ____A C:\Users\User\Desktop\WeTransfer-w7FRKk2y.zip
2012-07-10 20:16 - 2012-06-09 06:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-10 20:16 - 2012-06-09 05:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-10 20:16 - 2012-06-06 07:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-10 20:16 - 2012-06-06 07:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-10 20:16 - 2012-06-06 07:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-07-10 20:16 - 2012-06-06 06:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-10 20:16 - 2012-06-06 06:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-10 20:16 - 2012-06-06 06:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-07-10 20:16 - 2012-06-02 06:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-10 20:16 - 2012-06-02 06:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-10 20:16 - 2012-06-02 06:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-10 20:16 - 2012-06-02 06:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-10 20:16 - 2012-06-02 06:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-10 20:16 - 2012-06-02 05:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-10 20:16 - 2012-06-02 05:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-10 20:16 - 2012-06-02 05:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-10 20:16 - 2012-06-02 05:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-07-10 20:16 - 2010-06-26 04:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-07-10 20:16 - 2010-06-26 04:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2012-07-09 05:42 - 2012-07-09 05:42 - 00001750 ____A C:\Users\Public\Desktop\Browser Choice.lnk
2012-07-08 17:34 - 2010-02-23 09:16 - 00294912 ____A (Microsoft Corporation) C:\Windows\System32\browserchoice.exe
2012-07-07 18:53 - 2012-07-07 18:53 - 00000000 ____D C:\Users\User\AppData\Roaming\Sony Corporation
2012-07-07 18:51 - 2012-07-07 18:51 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2012-07-07 18:47 - 2012-07-07 18:47 - 00000000 ____D C:\Users\All Users\Sony Corporation
2012-07-02 18:25 - 2012-07-02 18:25 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf


============ 3 Months Modified Files ========================

2012-07-31 22:15 - 2012-07-31 22:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AE31FA5363A8D532
2012-07-31 22:15 - 2012-07-31 22:15 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\wdtbiexv.sys
2012-07-31 22:15 - 2012-07-31 18:54 - 00251369 ____A C:\Windows\setupact.log
2012-07-31 22:15 - 2011-10-12 19:12 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-31 22:15 - 2009-07-14 06:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-31 22:13 - 2012-07-31 22:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9863A25398A284F7
2012-07-31 22:11 - 2012-07-31 22:11 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C658072D84AF21AB
2012-07-31 20:45 - 2011-10-12 19:12 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-31 20:44 - 2012-07-31 20:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F0513596D066B527
2012-07-31 20:42 - 2012-07-31 20:42 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7EF79848DB2BA76A
2012-07-31 20:40 - 2012-07-31 20:40 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.79DF44A1E55AFFB9
2012-07-31 20:38 - 2012-07-31 20:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.444DFB083F1B40DA
2012-07-31 20:36 - 2012-07-31 20:36 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F9EF526BCCEA5E12
2012-07-31 20:34 - 2012-07-31 20:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D3E540EE4296494B
2012-07-31 20:32 - 2012-07-31 20:32 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C24F9AAF35BED835
2012-07-31 20:16 - 2012-07-31 20:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.05B8246A95AFF22B
2012-07-31 20:16 - 2012-07-31 18:54 - 00001776 ____A C:\Windows\PFRO.log
2012-07-31 19:55 - 2012-07-31 19:55 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4B1BB02A90688A87
2012-07-31 19:53 - 2012-07-31 19:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.03162F64A31D68F1
2012-07-31 19:51 - 2012-07-31 19:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1523689E443D3020
2012-07-31 19:51 - 2012-07-31 19:51 - 00116016 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\24878461.sys
2012-07-31 19:49 - 2012-07-31 19:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.85CF1A2425B4385D
2012-07-31 19:49 - 2012-07-31 19:49 - 00001266 ____A C:\Users\User\Desktop\shutdown.exe.lnk
2012-07-31 19:47 - 2012-07-31 19:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.12DAC5342ED193F6
2012-07-31 19:45 - 2012-07-31 19:45 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E416A7260CC7B5D4
2012-07-31 19:40 - 2012-07-31 19:40 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.73B13A75D09881C8
2012-07-31 19:40 - 2012-05-25 20:43 - 00001908 ____A C:\Windows\diagwrn.xml
2012-07-31 19:40 - 2012-05-25 20:43 - 00001908 ____A C:\Windows\diagerr.xml
2012-07-31 19:39 - 2012-07-31 18:54 - 00000000 ____A C:\Windows\setuperr.log
2012-07-31 19:37 - 2012-07-31 19:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3430E85C1B22F702
2012-07-31 19:29 - 2012-07-31 19:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AA62F578CBA126F6
2012-07-31 19:27 - 2012-07-31 19:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B8EF0533CE153B09
2012-07-31 19:22 - 2012-07-31 19:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6B3F1872868AE20A
2012-07-31 19:18 - 2012-07-31 19:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B83AD3E274B58191
2012-07-31 19:18 - 2009-07-14 06:08 - 00032636 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-31 19:16 - 2012-07-31 19:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AF7127CA5E6E1C04
2012-07-31 19:12 - 2012-07-31 19:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A49B56B67E74589A
2012-07-31 19:09 - 2012-07-31 19:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F846DE37E5EDFEBB
2012-07-31 19:07 - 2012-07-31 19:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.713FBE1AE927D49A
2012-07-31 19:05 - 2012-07-31 19:05 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BCCB87E809456620
2012-07-31 19:03 - 2012-07-31 19:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CDCF952B78A93386
2012-07-31 19:01 - 2009-07-14 05:45 - 00024960 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-31 19:01 - 2009-07-14 05:45 - 00024960 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-31 18:59 - 2012-07-31 18:58 - 00005893 ____A C:\Windows\WindowsUpdate.log
2012-07-31 18:59 - 2011-04-22 09:04 - 00001945 ____A C:\Windows\epplauncher.mif
2012-07-31 18:58 - 2012-05-26 12:36 - 00786470 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-07-31 18:58 - 2009-07-14 06:13 - 00781348 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-31 18:52 - 2012-07-31 18:52 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-31 18:51 - 2012-07-31 18:51 - 00033096 ____A C:\Windows\System32\Drivers\mbamchameleon.sys
2012-07-31 18:41 - 2012-07-31 18:41 - 00056320 ___AH (FRISK Software International) C:\Windows\SysWOW64\PATHDate.dll
2012-07-29 19:44 - 2012-07-29 19:43 - 46935512 ____A C:\Users\User\Desktop\spitfire on my tail-part1(1.07).rar
2012-07-29 18:08 - 2011-09-09 20:27 - 00282696 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
2012-07-29 18:08 - 2011-09-05 18:14 - 00282696 ____A C:\Windows\SysWOW64\PnkBstrB.exe
2012-07-28 17:06 - 2012-07-28 17:06 - 00342601 ____A C:\Users\User\Desktop\DCS A-10C Operator Checklists 8b.zip
2012-07-25 13:43 - 2011-11-28 13:55 - 00002038 ___AH C:\Users\User\Documents\Default.rdp
2012-07-24 11:18 - 2012-07-24 11:17 - 00066558 ____A C:\Users\User\Desktop\Winners + Entrants (test + duplicates removed) RAeS 2012 FarnAirshow.xlsx
2012-07-24 09:35 - 2012-07-24 09:35 - 00066057 ____A C:\Users\User\Desktop\Entrants (test + duplicates removed) RAeS 2012 Farnborough Airshow works - Copy.xlsx
2012-07-22 18:05 - 2011-09-05 18:14 - 00282696 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
2012-07-20 09:19 - 2012-04-20 20:04 - 00000391 ____A C:\Users\User\Desktop\FF sharon.txt
2012-07-13 11:55 - 2012-07-15 16:01 - 00608678 ____A C:\Users\User\Desktop\Cdr Gabby Wise.amr
2012-07-11 19:12 - 2012-07-11 19:12 - 00000000 ____H C:\Users\User\Desktop\~WRL0109.tmp
2012-07-11 05:27 - 2009-07-14 05:45 - 07813744 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-10 21:05 - 2012-07-10 21:05 - 03906749 ____A C:\Users\User\Desktop\WeTransfer-w7FRKk2y.zip
2012-07-09 05:42 - 2012-07-09 05:42 - 00001750 ____A C:\Users\Public\Desktop\Browser Choice.lnk
2012-07-03 13:46 - 2012-07-31 18:52 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-02 18:25 - 2012-07-02 18:25 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2012-06-28 20:16 - 2011-09-05 18:14 - 00076888 ____A C:\Windows\SysWOW64\PnkBstrA.exe
2012-06-28 19:10 - 2012-06-28 20:16 - 03166792 ____N C:\Windows\SysWOW64\pbsvc.exe
2012-06-26 19:07 - 2012-06-26 18:30 - 00000189 ____A C:\Users\User\Desktop\Koeran air.txt
2012-06-25 16:04 - 2012-06-25 16:04 - 01394248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml4.dll
2012-06-22 07:21 - 2012-06-25 09:46 - 25723166 ____A C:\Users\User\Desktop\insituOregon 077.AVI
2012-06-15 18:38 - 2011-07-03 16:45 - 00001616 ____A C:\Users\User\Desktop\Video text jane garnham.txt
2012-06-12 04:08 - 2012-07-11 01:54 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-09 06:43 - 2012-07-10 20:16 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-09 05:41 - 2012-07-10 20:16 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-06 07:06 - 2012-07-10 20:16 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-06 07:06 - 2012-07-10 20:16 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-06 07:02 - 2012-07-10 20:16 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-06 06:05 - 2012-07-10 20:16 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-06 06:05 - 2012-07-10 20:16 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-06 06:03 - 2012-07-10 20:16 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-02 23:19 - 2012-06-25 18:46 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 23:19 - 2012-06-25 18:46 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 23:19 - 2012-06-25 18:46 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 23:19 - 2012-06-25 18:46 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 23:19 - 2012-06-25 18:46 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 23:15 - 2012-06-25 18:46 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 23:15 - 2012-06-25 18:46 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 15:19 - 2012-06-25 18:46 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 15:15 - 2012-06-25 18:46 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 13:49 - 2012-07-11 01:52 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 13:17 - 2012-07-11 01:52 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 13:12 - 2012-07-11 01:52 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 13:05 - 2012-07-11 01:52 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 13:05 - 2012-07-11 01:52 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 13:04 - 2012-07-11 01:52 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 13:04 - 2012-07-11 01:52 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 13:03 - 2012-07-11 01:52 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 13:01 - 2012-07-11 01:52 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 13:00 - 2012-07-11 01:52 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 12:59 - 2012-07-11 01:52 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 12:57 - 2012-07-11 01:52 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 12:57 - 2012-07-11 01:52 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 12:54 - 2012-07-11 01:52 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 10:07 - 2012-07-11 01:52 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-02 09:43 - 2012-07-11 01:52 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-02 09:33 - 2012-07-11 01:52 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-02 09:26 - 2012-07-11 01:52 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-02 09:25 - 2012-07-11 01:52 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-02 09:25 - 2012-07-11 01:52 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-02 09:23 - 2012-07-11 01:52 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-02 09:21 - 2012-07-11 01:52 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-02 09:20 - 2012-07-11 01:52 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-02 09:19 - 2012-07-11 01:52 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-02 09:19 - 2012-07-11 01:52 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-02 09:17 - 2012-07-11 01:52 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-02 09:16 - 2012-07-11 01:52 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-02 09:14 - 2012-07-11 01:52 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-02 06:50 - 2012-07-10 20:16 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-02 06:48 - 2012-07-10 20:16 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-02 06:48 - 2012-07-10 20:16 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-02 06:45 - 2012-07-10 20:16 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-02 06:44 - 2012-07-10 20:16 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-02 05:40 - 2012-07-10 20:16 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-02 05:40 - 2012-07-10 20:16 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-02 05:39 - 2012-07-10 20:16 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-02 05:34 - 2012-07-10 20:16 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 03695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-05-27 14:25 - 2012-05-27 14:25 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-05-27 14:25 - 2012-05-27 14:25 - 00697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-05-27 14:25 - 2012-05-27 14:25 - 00434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-05-27 14:25 - 2012-05-27 14:25 - 00353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-05-27 14:25 - 2012-05-27 14:25 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-05-27 14:25 - 2012-05-27 14:25 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2012-05-27 14:25 - 2012-05-27 14:25 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2012-05-27 14:25 - 2012-05-27 14:25 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-05-27 14:25 - 2012-05-27 14:25 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-05-27 14:25 - 2012-05-27 14:25 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-05-27 14:25 - 2012-05-27 14:25 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-05-27 14:25 - 2012-05-27 14:25 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-05-27 14:25 - 2012-05-27 14:25 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2012-05-27 14:25 - 2012-05-27 14:25 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-05-27 14:25 - 2012-05-27 14:25 - 00066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-05-27 14:25 - 2012-05-27 14:25 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-05-27 14:25 - 2012-05-27 14:25 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-05-27 14:25 - 2012-05-27 14:25 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-05-27 14:25 - 2012-05-27 14:25 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-05-27 14:25 - 2012-05-27 14:25 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-05-26 20:49 - 2009-07-14 06:38 - 00025600 __ASH C:\Windows\System32\config\BCD-Template.LOG
2012-05-26 20:49 - 2009-07-14 06:32 - 00028672 ____A C:\Windows\System32\config\BCD-Template
2012-05-26 20:48 - 2012-05-26 20:48 - 00262144 ____A C:\Windows\System32\config\userdiff
2012-05-26 13:29 - 2012-05-26 13:29 - 00000716 ____A C:\Users\Public\Desktop\TrackIR v5.lnk
2012-05-26 12:52 - 2012-05-26 12:52 - 00000029 ____A C:\Users\User\Desktop\Windows product key.txt
2012-05-26 12:49 - 2012-05-26 12:49 - 00000000 ____A C:\Users\User\Desktop\New Text Document (3).txt
2012-05-26 12:25 - 2012-05-26 12:25 - 00139640 ____A C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2012-05-26 12:24 - 2012-05-26 12:24 - 00000020 ___SH C:\Users\User\ntuser.ini
2012-05-26 12:24 - 2012-05-26 12:24 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2012-05-26 12:02 - 2012-05-26 12:02 - 00022744 ____A C:\Windows\System32\emptyregdb.dat
2012-05-26 11:29 - 2012-05-26 11:11 - 00004404 ____A C:\Users\User\Desktop\Windows Compatibility Report.htm
2012-05-25 20:21 - 2012-05-25 20:21 - 00000198 ____A C:\Users\User\Desktop\repair.bat
2012-05-25 20:03 - 2012-05-25 20:03 - 01700352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gdiplus.dll
2012-05-25 20:01 - 2012-05-25 20:01 - 85869224 ____A (COMODO) C:\Users\User\Desktop\cfw_installer.exe
2012-05-25 19:46 - 2012-05-25 19:46 - 00116016 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\77648603.sys
2012-05-25 19:31 - 2012-05-25 19:31 - 00116016 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\72382705.sys
2012-05-25 19:05 - 2012-05-25 19:31 - 02126936 ____A (Kaspersky Lab ZAO) C:\Users\User\Desktop\tdsskiller.exe
2012-05-25 17:52 - 2012-05-25 17:52 - 12621696 ____A (Microsoft Corporation) C:\Users\User\Downloads\mseinstall.exe
2012-05-25 17:46 - 2012-05-25 17:43 - 00000361 ____A C:\rkill.log
2012-05-25 09:47 - 2012-05-25 09:45 - 00004096 ____A C:\Users\Public\Documents\000031A7.LCS
2012-05-25 09:45 - 2012-05-25 09:45 - 00000829 ____A C:\Users\Public\Desktop\Launch Iron Front.lnk
2012-05-25 08:47 - 2012-04-10 18:14 - 00000155 ____A C:\Users\User\Desktop\New Text Document (2).txt
2012-05-13 20:38 - 2012-05-13 11:32 - 00001831 ____A C:\Users\User\Desktop\Questions for FLt Lt Bond.txt
2012-05-12 18:41 - 2012-05-12 18:41 - 00000324 ____A C:\Users\User\Desktop\Ghost Recon Online.appref-ms
2012-05-04 12:06 - 2012-06-14 05:14 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 11:03 - 2012-06-14 05:14 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 11:03 - 2012-06-14 05:14 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

ZeroAccess:
C:\Windows\Installer\{42af9215-5df0-c946-7946-dcb955ea01b4}
C:\Windows\Installer\{42af9215-5df0-c946-7946-dcb955ea01b4}\@
C:\Windows\Installer\{42af9215-5df0-c946-7946-dcb955ea01b4}\L
C:\Windows\Installer\{42af9215-5df0-c946-7946-dcb955ea01b4}\U
C:\Windows\Installer\{42af9215-5df0-c946-7946-dcb955ea01b4}\L\00000004.@
C:\Windows\Installer\{42af9215-5df0-c946-7946-dcb955ea01b4}\L\201d3dde
C:\Windows\Installer\{42af9215-5df0-c946-7946-dcb955ea01b4}\U\00000008.@

ZeroAccess:
C:\Users\User\AppData\Local\{42af9215-5df0-c946-7946-dcb955ea01b4}
C:\Users\User\AppData\Local\{42af9215-5df0-c946-7946-dcb955ea01b4}\@
C:\Users\User\AppData\Local\{42af9215-5df0-c946-7946-dcb955ea01b4}\L
C:\Users\User\AppData\Local\{42af9215-5df0-c946-7946-dcb955ea01b4}\U

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2009-07-14 00:19] - [2009-07-14 02:39] - 0328704 ____A () D41D8CD98F00B204E9800998ECF8427E

C:\Windows\System32\services.exe IS INFECTED. <===== ATTENTION!

C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 9%
Total physical RAM: 16360.84 MB
Available physical RAM: 14773.46 MB
Total Pagefile: 32719.87 MB
Available Pagefile: 31095.36 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:111.69 GB) (Free:15.88 GB) NTFS
2 Drive d: () (Fixed) (Total:931.51 GB) (Free:375.1 GB) NTFS
4 Drive f: () (Removable) (Total:3.7 GB) (Free:3.7 GB) FAT32

DiskPart has encountered an error: The RPC server is unavailable.
See the System Event Log for more information.


==========================================================

Last Boot: 2012-07-19 10:41

======================= End Of Log ==========================

BC AdBot (Login to Remove)

 


#2 Fashdisc

Fashdisc
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:51 PM

Posted 05 August 2012 - 06:48 AM

Problem now resolved. PLease ignore/delete.

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:51 PM

Posted 05 August 2012 - 04:35 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/463307 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:51 PM

Posted 09 August 2012 - 04:30 PM

You have stated that you no longer need help with this issue, therefore I am closing this topic. If that is not the case and you need or wish to continue with this topic, please send any Moderator a Personal Message (PM) that you would like this topic re-opened.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users