Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sirefef trojan and MSE stuck in restart loop


  • This topic is locked This topic is locked
2 replies to this topic

#1 rapidlygoingbald

rapidlygoingbald

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:20 PM

Posted 04 August 2012 - 02:54 PM

Hi, I have a problem similar to other recent posts regarding SIREFEF but the advice posted in reply seems specific to that users computer, hence my creating a new post.
Yesterday I had to remove a Live Security Platinum infection, and I thought all had gone well, but now whenever I start the computer, Microsoft Security Essentials displays a message saying it has to restart. The computer reboots after a minute or so.

I have done a FRST scan:

FRST log:
Scan result of Farbar Recovery Scan Tool Version: 04-08-2012 01
Ran by SYSTEM at 04-08-2012 20:29:29
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [161304 2010-07-23] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [386584 2010-07-23] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [415256 2010-07-23] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [ETDWare] %ProgramFiles%\Elantech\ETDCtrl.exe [649608 2010-04-12] (ELAN Microelectronic Corp.)
HKLM\...\Run: [Acer ePower Management] C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" -h -k [263936 2010-06-28] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-12-07] (Apple Inc.)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)
HKU\Vicky\...\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED [641400 2011-10-26] (BitTorrent, Inc.)
HKU\Vicky\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
HKU\Vicky\...\Run: [replutil] rundll32 "C:\Windows\ctfmInit.dll",CreateProcessNotify [56320 2012-08-03] (FRISK Software International)
HKU\Vicky\...\Run: [wlmsca] "C:\Windows\System32\rundll32.exe" "C:\Users\Vicky\AppData\Roaming\wlmsca.dll",OSError [447488 2012-08-03] ()
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100

==================== Services (Whitelisted) ======

3 AdobeActiveFileMonitor8.0; C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [169312 2009-10-08] (Adobe Systems Incorporated)
2 DsiWMIService; C:\Program Files (x86)\Launch Manager\dsiwmis.exe [321104 2010-08-10] (Dritek System Inc.)
2 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [868896 2010-06-11] (Acer Incorporated)
3 GameConsoleService; "C:\Program Files (x86)\Packard Bell Games\Packard Bell Game Console\GameConsoleService.exe" [246520 2010-04-03] (WildTangent, Inc.)
2 GREGService; C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [255744 2010-06-28] (NewTech Infosystems, Inc.)
2 RichVideo; "C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe" [244904 2008-10-23] ()
2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2320920 2010-03-17] (Intel Corporation)
2 Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [243232 2010-01-28] (Acer Group)

========================== Drivers (Whitelisted) =============

3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-08-04 11:26 - 2012-08-04 11:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CDDC872129029F89
2012-08-04 11:26 - 2012-08-04 11:26 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\gzpkgjon.sys
2012-08-04 11:19 - 2012-08-04 11:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DB10B83A3DDB06F5
2012-08-04 11:10 - 2012-08-04 11:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.22A3FDABF855FCFF
2012-08-04 11:08 - 2012-08-04 11:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8A551DA9DDC89004
2012-08-04 11:04 - 2012-08-04 11:04 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0DF4BA8E55A14643
2012-08-04 11:02 - 2012-08-04 11:02 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D739155D65BC47FA
2012-08-04 10:55 - 2012-08-04 10:55 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B80916CF99A168B2
2012-08-04 10:55 - 2012-08-04 10:55 - 00000000 ____D C:\Users\Public\Desktop\CC Support
2012-08-04 10:51 - 2012-08-04 10:51 - 02030547 ____A C:\Users\Vicky\Desktop\EZ_Sirefix.exe
2012-08-04 10:29 - 2012-08-04 10:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EBBD11B5D63CA35F
2012-08-04 10:27 - 2012-08-04 10:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.15342DBC5A5EDE09
2012-08-04 10:25 - 2012-08-04 10:25 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F2D22E629B216081
2012-08-04 09:33 - 2012-08-04 09:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.40819CC56452450D
2012-08-04 09:30 - 2012-08-04 09:30 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FDF6128EC52260D1
2012-08-04 09:26 - 2012-08-04 09:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2E620A57677B02D6
2012-08-04 09:22 - 2012-08-04 09:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BBC255B3A0277422
2012-08-04 09:21 - 2012-08-04 09:21 - 00000000 ____D C:\Users\Vicky\AppData\Local\{ADAD849C-6BE7-4FA6-8874-A99A88041A58}
2012-08-04 09:21 - 2012-08-04 09:21 - 00000000 ____D C:\Users\Vicky\AppData\Local\{6CDD7E40-AB10-4200-87AB-E2DDAB2375AE}
2012-08-04 09:18 - 2012-08-04 09:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.665356F424697CC0
2012-08-04 09:18 - 2012-08-04 09:18 - 00000000 ____D C:\Users\Vicky\AppData\Local\{DB7357A7-DFDE-4741-9CB3-5D7E31E79DEA}
2012-08-03 15:34 - 2012-08-03 15:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.542CBF2A21DA816E
2012-08-03 15:31 - 2012-08-03 15:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.70A4540F00ABF793
2012-08-03 15:27 - 2012-08-03 15:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.379299A953CC12F7
2012-08-03 15:20 - 2012-08-03 15:20 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-08-03 15:20 - 2012-08-03 15:20 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-08-03 15:19 - 2012-08-03 15:19 - 12621696 ____A (Microsoft Corporation) C:\Users\Vicky\Downloads\mseinstall.exe
2012-08-03 15:15 - 2012-08-03 15:15 - 00000000 ___HD C:\Windows\msdownld.tmp
2012-08-03 11:57 - 2012-08-03 11:57 - 00000000 ____D C:\Users\Vicky\AppData\Roaming\Malwarebytes
2012-08-03 11:17 - 2012-08-03 11:17 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-08-03 11:14 - 2012-08-03 12:06 - 00000000 ____D C:\Users\Vicky\AppData\Roaming\Xaluev
2012-08-03 11:14 - 2012-08-03 11:21 - 00000000 ____D C:\Users\Vicky\AppData\Roaming\Riuhv
2012-08-03 11:14 - 2012-08-03 11:16 - 00000000 ____D C:\Users\All Users\0C1CFAF400593FD61B1961864F147CE7
2012-08-03 11:14 - 2012-08-03 11:14 - 00447488 ____A C:\Users\Vicky\AppData\Roaming\wlmsca.dll
2012-08-03 11:14 - 2012-08-03 11:14 - 00056320 ___AH (FRISK Software International) C:\Windows\ctfmInit.dll
2012-08-03 11:14 - 2012-08-03 11:14 - 00000000 ____D C:\Users\Vicky\AppData\Roaming\Igul
2012-08-03 11:14 - 2012-08-03 11:14 - 00000000 ____D C:\Users\Vicky\AppData\Local\{7B10BC00-DD9F-11E1-8270-B8AC6F996F26}
2012-08-03 08:11 - 2012-08-03 08:11 - 00000000 ____D C:\Users\Vicky\AppData\Local\{A18000C4-4DFF-4C5D-91C8-FC4CA8E6892C}
2012-08-03 08:10 - 2012-08-03 08:11 - 00000000 ____D C:\Users\Vicky\AppData\Local\{E5BBCF45-284F-45C9-8963-947214185CBD}
2012-08-02 14:01 - 2012-08-02 14:01 - 00000000 ____D C:\Users\Vicky\AppData\Local\{6157027C-2E65-4C34-9F3A-9F53E16412C6}
2012-08-02 14:01 - 2012-08-02 14:01 - 00000000 ____D C:\Users\Vicky\AppData\Local\{08776DF7-7B49-43AB-B6EC-4F367A4B3104}
2012-08-02 02:00 - 2012-08-02 02:01 - 00000000 ____D C:\Users\Vicky\AppData\Local\{CE5F44F9-1070-405E-8915-B835058DADB6}
2012-08-02 02:00 - 2012-08-02 02:00 - 00000000 ____D C:\Users\Vicky\AppData\Local\{847BF355-CBFC-4188-89D5-F3782EE278FE}
2012-08-01 10:49 - 2012-08-01 10:49 - 00000000 ____D C:\Users\Vicky\AppData\Local\{75F5DFE2-556F-419A-8D59-59F7F61C099C}
2012-08-01 10:49 - 2012-08-01 10:49 - 00000000 ____D C:\Users\Vicky\AppData\Local\{25DC8EF8-A471-4153-9BBA-0850EA0EC2C2}
2012-07-31 12:24 - 2012-07-31 12:24 - 00000000 ____D C:\Users\Vicky\AppData\Local\{3965CBF2-79F1-48CE-A1EA-CF3E61A0B1AB}
2012-07-31 12:23 - 2012-07-31 12:24 - 00000000 ____D C:\Users\Vicky\AppData\Local\{91BCF197-DC82-4A21-90C2-16DBB2D402C7}
2012-07-31 00:23 - 2012-07-31 00:23 - 00000000 ____D C:\Users\Vicky\AppData\Local\{639EBFD7-6945-445C-8B31-E1AF13244D4E}
2012-07-31 00:23 - 2012-07-31 00:23 - 00000000 ____D C:\Users\Vicky\AppData\Local\{3036B68F-4B86-45DF-8C25-0E94BE8786F4}
2012-07-30 11:20 - 2012-07-30 11:20 - 00000000 ____D C:\Users\Vicky\AppData\Local\{B8270EF0-FF3B-41E3-8F60-BDE5400209B5}
2012-07-30 11:20 - 2012-07-30 11:20 - 00000000 ____D C:\Users\Vicky\AppData\Local\{15ED38FA-3AF9-43D2-BCC9-156CE6842BCD}
2012-07-29 03:21 - 2012-07-29 03:21 - 00000000 ____D C:\Users\Vicky\AppData\Local\{EF8BA270-AD15-48CF-B0F5-8A631A66FCB2}
2012-07-29 03:21 - 2012-07-29 03:21 - 00000000 ____D C:\Users\Vicky\AppData\Local\{ED366F5F-328A-4FF6-8E16-476FC2501B76}
2012-07-28 15:20 - 2012-07-28 15:20 - 00000000 ____D C:\Users\Vicky\AppData\Local\{AA7084B1-D698-4441-AD13-09CC0286B4EC}
2012-07-28 15:20 - 2012-07-28 15:20 - 00000000 ____D C:\Users\Vicky\AppData\Local\{A8CEDC85-28CC-4711-9DEA-D4FE8B2A2DF8}
2012-07-27 12:15 - 2012-07-27 12:15 - 00000000 ____D C:\Users\Vicky\AppData\Local\{D0E20597-D9A1-4899-9D1C-CDA9D11BCBCC}
2012-07-27 12:14 - 2012-07-27 12:15 - 00000000 ____D C:\Users\Vicky\AppData\Local\{D63D93AB-EBE3-4EA9-B095-158C374A121A}
2012-07-26 15:50 - 2012-07-26 15:50 - 00000000 ____D C:\Users\Vicky\AppData\Local\{28CC3F1A-ECF3-4411-B922-B7AA71D03318}
2012-07-26 15:49 - 2012-07-26 15:50 - 00000000 ____D C:\Users\Vicky\AppData\Local\{1ECA944B-7E53-46C8-AC31-3C61D7EE5FF8}
2012-07-26 03:49 - 2012-07-26 03:49 - 00000000 ____D C:\Users\Vicky\AppData\Local\{ED62E044-A92E-4FC2-882B-BB807B3B94B6}
2012-07-26 03:49 - 2012-07-26 03:49 - 00000000 ____D C:\Users\Vicky\AppData\Local\{9AEBEF62-19A4-4642-B9E1-D6CF96508705}
2012-07-25 14:16 - 2012-07-25 14:16 - 00000000 ____D C:\Users\Vicky\AppData\Local\{F3692946-BB27-43F8-AA3E-57695869D52A}
2012-07-25 14:15 - 2012-07-25 14:16 - 00000000 ____D C:\Users\Vicky\AppData\Local\{4BB68DAC-3DBF-4148-8959-5B808A1FAB66}
2012-07-25 01:49 - 2012-07-25 01:49 - 00000000 ____D C:\Users\Vicky\AppData\Local\{76510599-E449-432F-98F4-6525455DCD61}
2012-07-25 01:49 - 2012-07-25 01:49 - 00000000 ____D C:\Users\Vicky\AppData\Local\{09F1D38C-527E-4CFE-95CA-2548973A9223}
2012-07-24 09:41 - 2012-07-24 09:41 - 00000000 ____D C:\Users\Vicky\AppData\Local\{E38EAF02-0550-46AC-8991-4F40B7B2B6AF}
2012-07-24 09:41 - 2012-07-24 09:41 - 00000000 ____D C:\Users\Vicky\AppData\Local\{78EB7582-1F34-4EB7-889E-C2C642440383}
2012-07-23 04:08 - 2012-07-23 04:09 - 00000000 ____D C:\Users\Vicky\AppData\Local\{9A928E68-0A1C-40A5-BC45-C40A629CA5FA}
2012-07-23 04:08 - 2012-07-23 04:08 - 00000000 ____D C:\Users\Vicky\AppData\Local\{80E3869E-7B7A-47ED-836A-71689D5DFC43}
2012-07-22 03:34 - 2012-07-22 03:34 - 00000000 ____D C:\Users\Vicky\AppData\Local\{EC1D0123-0FA6-4D68-A318-64D78F55D1DE}
2012-07-22 03:34 - 2012-07-22 03:34 - 00000000 ____D C:\Users\Vicky\AppData\Local\{3EC43C97-69FC-45B8-826D-8ACE9681B3C8}
2012-07-21 04:36 - 2012-07-21 04:36 - 00000000 ____D C:\Users\Vicky\AppData\Local\{D5277B86-7FC1-452F-A407-F1D11250527D}
2012-07-21 04:36 - 2012-07-21 04:36 - 00000000 ____D C:\Users\Vicky\AppData\Local\{893E4977-8CC2-45B4-9003-EB7131F733D4}
2012-07-20 04:00 - 2012-07-20 04:00 - 00000000 ____D C:\Users\Vicky\AppData\Local\{BF4D254C-D467-463C-9A09-C76965BA32C2}
2012-07-20 04:00 - 2012-07-20 04:00 - 00000000 ____D C:\Users\Vicky\AppData\Local\{3EA17F70-0419-45BD-8B2A-1805284F42C0}
2012-07-19 04:57 - 2012-07-19 04:58 - 00000000 ____D C:\Users\Vicky\AppData\Local\{852B9A39-4FF0-4764-8EB2-CAAF74FF627F}
2012-07-19 04:57 - 2012-07-19 04:57 - 00000000 ____D C:\Users\Vicky\AppData\Local\{B68092FB-7B92-43DA-862E-08BF84DB0568}
2012-07-18 04:18 - 2012-07-18 04:18 - 00000000 ____D C:\Users\Vicky\AppData\Local\{361516F3-4A58-41B2-9BA4-71FD92169D83}
2012-07-18 04:18 - 2012-07-18 04:18 - 00000000 ____D C:\Users\Vicky\AppData\Local\{30557B77-922D-432E-98A3-61471C9D574A}
2012-07-17 14:09 - 2012-07-17 14:09 - 00000000 ____D C:\Users\Vicky\AppData\Local\{9AD73680-6D91-455B-A024-7BEF2F7B5C60}
2012-07-17 14:09 - 2012-07-17 14:09 - 00000000 ____D C:\Users\Vicky\AppData\Local\{7BA85AFC-A07C-47AD-A87D-A5513DE1BF7B}
2012-07-17 02:09 - 2012-07-17 02:09 - 00000000 ____D C:\Users\Vicky\AppData\Local\{DF3093C4-7BD9-41B4-9676-E3DD735DBA9D}
2012-07-17 02:08 - 2012-07-17 02:09 - 00000000 ____D C:\Users\Vicky\AppData\Local\{68DBF916-C3F5-4504-BC2C-469C3F0D69EC}
2012-07-16 05:40 - 2012-07-16 05:40 - 00000000 ____D C:\Users\Vicky\AppData\Local\{8F2744AD-C93C-4520-89FA-F97A56DE1051}
2012-07-16 05:40 - 2012-07-16 05:40 - 00000000 ____D C:\Users\Vicky\AppData\Local\{22A87DBF-5D33-4C20-BC9F-E93514B99805}
2012-07-15 01:38 - 2012-07-15 01:38 - 00000000 ____D C:\Users\Vicky\AppData\Local\{10BA63ED-D9DF-4C6D-9580-7B4F15B58CCD}
2012-07-15 01:37 - 2012-07-15 01:38 - 00000000 ____D C:\Users\Vicky\AppData\Local\{433797F5-1AB5-426D-B33C-18A0D86AB39D}
2012-07-14 01:38 - 2012-07-14 01:39 - 00000000 ____D C:\Users\Vicky\AppData\Local\{FB32FA30-E42F-46D6-B090-FCB3D014939F}
2012-07-14 01:38 - 2012-07-14 01:38 - 00000000 ____D C:\Users\Vicky\AppData\Local\{D71A7DC8-577F-41D4-9020-306EACB35697}
2012-07-12 22:41 - 2012-07-12 22:41 - 00000000 ____D C:\Users\Vicky\AppData\Local\{DC64650F-735C-4A66-A922-5E8DA9B0819C}
2012-07-12 22:41 - 2012-07-12 22:41 - 00000000 ____D C:\Users\Vicky\AppData\Local\{142DDE97-B51B-4073-BBE8-964025AFB166}
2012-07-12 08:36 - 2012-07-12 08:36 - 00000000 ____D C:\Users\Vicky\AppData\Local\{E91CAC8F-67E9-4D08-A000-D0A83C4B848E}
2012-07-12 08:35 - 2012-07-12 08:36 - 00000000 ____D C:\Users\Vicky\AppData\Local\{85777BAA-AF93-4C6A-99F7-127255E5784A}
2012-07-11 05:22 - 2012-06-11 19:02 - 03147264 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-11 05:20 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-11 05:20 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-11 05:20 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-11 05:20 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-11 05:20 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-11 05:20 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-11 05:20 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-11 05:20 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-11 05:20 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-11 05:20 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-11 05:20 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-11 05:20 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-11 05:20 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-11 05:20 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-11 05:20 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-07-11 05:20 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-07-11 05:20 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-07-11 05:20 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-07-11 05:20 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-07-11 05:20 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-07-11 05:20 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-07-11 05:20 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-07-11 05:20 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-07-11 05:20 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-07-11 05:20 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-07-11 05:20 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-07-11 05:20 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-07-11 05:20 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-07-11 05:03 - 2012-07-11 05:04 - 00000000 ____D C:\Users\Vicky\AppData\Local\{23E9FFE9-3885-4E14-98DD-B4CDA1842AB0}
2012-07-11 05:03 - 2012-07-11 05:03 - 00000000 ____D C:\Users\Vicky\AppData\Local\{A3A8ED5F-9458-4666-B73F-2B9F1409154A}
2012-07-11 03:03 - 2012-06-08 21:30 - 14165504 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-11 03:03 - 2012-06-08 20:46 - 12868608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-11 03:03 - 2012-06-05 21:50 - 02003968 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-11 03:03 - 2012-06-05 21:50 - 01880064 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-11 03:03 - 2012-06-05 21:09 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-11 03:03 - 2012-06-05 21:09 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-11 03:03 - 2012-06-01 21:38 - 00152432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-11 03:03 - 2012-06-01 21:38 - 00095088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-11 03:03 - 2012-06-01 21:37 - 00459216 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-11 03:03 - 2012-06-01 21:27 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-11 03:03 - 2012-06-01 21:27 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-11 03:03 - 2012-06-01 20:48 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-11 03:03 - 2012-06-01 20:48 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-11 03:03 - 2012-06-01 20:47 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-11 03:03 - 2012-06-01 20:42 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-07-10 17:03 - 2012-07-10 17:03 - 00000000 ____D C:\Users\Vicky\AppData\Local\{D9F04C11-C983-40AA-85DE-3AD453ABC426}
2012-07-10 17:02 - 2012-07-10 17:03 - 00000000 ____D C:\Users\Vicky\AppData\Local\{36A701E7-5A49-4C47-986F-E6EDB253100C}
2012-07-10 05:02 - 2012-07-10 05:02 - 00000000 ____D C:\Users\Vicky\AppData\Local\{7FECBF29-EB32-49BC-8FC6-BE338A9399F9}
2012-07-10 05:02 - 2012-07-10 05:02 - 00000000 ____D C:\Users\Vicky\AppData\Local\{2568058A-CABC-4F1A-9A4A-330465655408}
2012-07-09 06:41 - 2012-07-09 06:41 - 00000000 ____D C:\Users\Vicky\AppData\Local\{F62C5074-DB42-4B6F-8FA1-56F0D5D8EBE5}
2012-07-09 06:41 - 2012-07-09 06:41 - 00000000 ____D C:\Users\Vicky\AppData\Local\{7492F917-EFB2-4279-A642-74AAD6A41A8B}
2012-07-08 07:25 - 2012-07-08 07:25 - 00000000 ____D C:\Users\Vicky\AppData\Local\{C5CE6A2E-0DE9-4457-B785-4AA89F6C149A}
2012-07-08 07:24 - 2012-07-08 07:25 - 00000000 ____D C:\Users\Vicky\AppData\Local\{A595F2A8-D1D0-41D0-958A-695693486CF6}
2012-07-07 13:38 - 2012-07-07 13:38 - 00000000 ____D C:\Users\Vicky\AppData\Local\{F50356B0-D6AB-4FB5-A1FA-7AB7B951AAE6}
2012-07-07 13:37 - 2012-07-07 13:38 - 00000000 ____D C:\Users\Vicky\AppData\Local\{F0EE0D84-4265-42EA-A56B-181DECC2AEC1}
2012-07-07 01:37 - 2012-07-07 01:37 - 00000000 ____D C:\Users\Vicky\AppData\Local\{71859BB7-0606-4C7C-985B-C6183E4BE6DF}
2012-07-07 01:37 - 2012-07-07 01:37 - 00000000 ____D C:\Users\Vicky\AppData\Local\{02DB80B2-173F-46FD-BF27-E28BEF2FB7CF}
2012-07-06 08:05 - 2012-07-06 08:05 - 00000000 ____D C:\Users\Vicky\AppData\Local\{AD1F71D1-2916-4E7B-B9F4-FDCD6B2B8DF8}
2012-07-06 08:05 - 2012-07-06 08:05 - 00000000 ____D C:\Users\Vicky\AppData\Local\{4004C512-102A-4AAD-88FA-5D23B3A8CA79}
2012-07-05 12:28 - 2012-07-05 12:28 - 00000000 ____D C:\Users\Vicky\AppData\Local\{E9670EAF-8141-423F-AEFA-8615BA4144B6}
2012-07-05 12:28 - 2012-07-05 12:28 - 00000000 ____D C:\Users\Vicky\AppData\Local\{1ECF2BFF-E310-4E8B-A3DB-5D7F5A85F688}


============ 3 Months Modified Files ========================

2012-08-04 11:26 - 2012-08-04 11:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CDDC872129029F89
2012-08-04 11:26 - 2012-08-04 11:26 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\gzpkgjon.sys
2012-08-04 11:25 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-04 11:25 - 2009-07-13 20:51 - 00054136 ____A C:\Windows\setupact.log
2012-08-04 11:19 - 2012-08-04 11:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DB10B83A3DDB06F5
2012-08-04 11:15 - 2009-07-13 15:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
2012-08-04 11:10 - 2012-08-04 11:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.22A3FDABF855FCFF
2012-08-04 11:08 - 2012-08-04 11:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8A551DA9DDC89004
2012-08-04 11:04 - 2012-08-04 11:04 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0DF4BA8E55A14643
2012-08-04 11:02 - 2012-08-04 11:02 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D739155D65BC47FA
2012-08-04 10:55 - 2012-08-04 10:55 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B80916CF99A168B2
2012-08-04 10:55 - 2009-07-13 21:08 - 00032608 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-08-04 10:51 - 2012-08-04 10:51 - 02030547 ____A C:\Users\Vicky\Desktop\EZ_Sirefix.exe
2012-08-04 10:29 - 2012-08-04 10:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EBBD11B5D63CA35F
2012-08-04 10:27 - 2012-08-04 10:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.15342DBC5A5EDE09
2012-08-04 10:25 - 2012-08-04 10:25 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F2D22E629B216081
2012-08-04 09:33 - 2012-08-04 09:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.40819CC56452450D
2012-08-04 09:30 - 2012-08-04 09:30 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FDF6128EC52260D1
2012-08-04 09:26 - 2012-08-04 09:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2E620A57677B02D6
2012-08-04 09:22 - 2012-08-04 09:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BBC255B3A0277422
2012-08-04 09:21 - 2012-04-13 02:09 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-04 09:18 - 2012-08-04 09:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.665356F424697CC0
2012-08-03 15:34 - 2012-08-03 15:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.542CBF2A21DA816E
2012-08-03 15:31 - 2012-08-03 15:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.70A4540F00ABF793
2012-08-03 15:27 - 2012-08-03 15:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.379299A953CC12F7
2012-08-03 15:24 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-03 15:24 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-03 15:21 - 2011-10-26 13:02 - 00001945 ____A C:\Windows\epplauncher.mif
2012-08-03 15:21 - 2011-10-26 12:13 - 01400799 ____A C:\Windows\WindowsUpdate.log
2012-08-03 15:20 - 2011-10-26 13:02 - 00736418 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-08-03 15:19 - 2012-08-03 15:19 - 12621696 ____A (Microsoft Corporation) C:\Users\Vicky\Downloads\mseinstall.exe
2012-08-03 15:15 - 2012-02-23 08:26 - 00014087 ____A C:\Windows\IE9_main.log
2012-08-03 15:08 - 2011-10-28 05:01 - 00008954 ____A C:\Users\Vicky\Documents\description.txt
2012-08-03 12:20 - 2011-10-26 13:26 - 00194962 ____A C:\Windows\PFRO.log
2012-08-03 11:57 - 2009-07-13 21:13 - 00730572 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-03 11:14 - 2012-08-03 11:14 - 00447488 ____A C:\Users\Vicky\AppData\Roaming\wlmsca.dll
2012-08-03 11:14 - 2012-08-03 11:14 - 00056320 ___AH (FRISK Software International) C:\Windows\ctfmInit.dll
2012-08-02 14:21 - 2012-04-13 02:09 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-02 14:21 - 2011-10-26 12:54 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-27 12:13 - 2009-07-13 20:45 - 00285000 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-26 14:28 - 2011-10-26 12:46 - 00064952 ____A C:\Users\Vicky\AppData\Local\GDIPFONTCACHEV1.DAT
2012-07-25 11:53 - 2012-05-20 11:43 - 00000099 ____A C:\Users\Public\LMDebug.log
2012-07-08 14:02 - 2011-10-28 04:55 - 00055296 ____A C:\Users\Vicky\Documents\pass.xls
2012-07-04 10:56 - 2012-06-20 09:34 - 00000819 ____A C:\Users\Vicky\Documents\Riddle & names.txt
2012-07-04 05:45 - 2012-07-04 05:45 - 00246069 ____A C:\Users\Vicky\Desktop\train ticket confirmation.xps
2012-07-03 04:46 - 2011-10-26 13:02 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-21 06:10 - 2011-10-26 12:27 - 00031779 ____A C:\Windows\DirectX.log
2012-06-11 19:02 - 2012-07-11 05:22 - 03147264 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-08 21:30 - 2012-07-11 03:03 - 14165504 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:46 - 2012-07-11 03:03 - 12868608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-05 21:50 - 2012-07-11 03:03 - 02003968 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 21:50 - 2012-07-11 03:03 - 01880064 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 21:09 - 2012-07-11 03:03 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:09 - 2012-07-11 03:03 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-02 14:19 - 2012-06-21 02:33 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-21 02:33 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-21 02:33 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-21 02:32 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-21 02:32 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-21 02:33 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-21 02:32 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 06:19 - 2012-06-21 02:32 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 06:15 - 2012-06-21 02:32 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 04:49 - 2012-07-11 05:20 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 04:17 - 2012-07-11 05:20 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 04:12 - 2012-07-11 05:20 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 04:05 - 2012-07-11 05:20 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 04:05 - 2012-07-11 05:20 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 04:04 - 2012-07-11 05:20 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 04:04 - 2012-07-11 05:20 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 04:03 - 2012-07-11 05:20 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 04:01 - 2012-07-11 05:20 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 04:00 - 2012-07-11 05:20 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 03:59 - 2012-07-11 05:20 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 03:57 - 2012-07-11 05:20 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 03:57 - 2012-07-11 05:20 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 03:54 - 2012-07-11 05:20 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 01:07 - 2012-07-11 05:20 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-02 00:43 - 2012-07-11 05:20 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-02 00:33 - 2012-07-11 05:20 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-02 00:26 - 2012-07-11 05:20 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-02 00:25 - 2012-07-11 05:20 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-02 00:25 - 2012-07-11 05:20 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-02 00:23 - 2012-07-11 05:20 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-02 00:21 - 2012-07-11 05:20 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-02 00:20 - 2012-07-11 05:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-02 00:19 - 2012-07-11 05:20 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-02 00:19 - 2012-07-11 05:20 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-02 00:17 - 2012-07-11 05:20 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-02 00:16 - 2012-07-11 05:20 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-02 00:14 - 2012-07-11 05:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-01 21:38 - 2012-07-11 03:03 - 00152432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 21:38 - 2012-07-11 03:03 - 00095088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 21:37 - 2012-07-11 03:03 - 00459216 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 21:27 - 2012-07-11 03:03 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 21:27 - 2012-07-11 03:03 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 20:48 - 2012-07-11 03:03 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 20:48 - 2012-07-11 03:03 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 20:47 - 2012-07-11 03:03 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 20:42 - 2012-07-11 03:03 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-05-31 14:36 - 2012-05-31 14:36 - 00610906 ____A C:\Users\Vicky\Desktop\pizza voucher.xps
2012-05-31 03:25 - 2011-10-26 13:00 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-05-08 11:42 - 2012-05-08 11:42 - 00002673 ____A C:\Users\Vicky\Desktop\Haunted Halls - Fears from Childhood Collectors Edition.lnk


ZeroAccess:
C:\Windows\Installer\{2b1ed030-498d-e865-0144-e9e96cb0bc04}
C:\Windows\Installer\{2b1ed030-498d-e865-0144-e9e96cb0bc04}\@
C:\Windows\Installer\{2b1ed030-498d-e865-0144-e9e96cb0bc04}\L
C:\Windows\Installer\{2b1ed030-498d-e865-0144-e9e96cb0bc04}\U
C:\Windows\Installer\{2b1ed030-498d-e865-0144-e9e96cb0bc04}\U\00000001.@

ZeroAccess:
C:\Users\Vicky\AppData\Local\{2b1ed030-498d-e865-0144-e9e96cb0bc04}
C:\Users\Vicky\AppData\Local\{2b1ed030-498d-e865-0144-e9e96cb0bc04}\@
C:\Users\Vicky\AppData\Local\{2b1ed030-498d-e865-0144-e9e96cb0bc04}\L
C:\Users\Vicky\AppData\Local\{2b1ed030-498d-e865-0144-e9e96cb0bc04}\U

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 18%
Total physical RAM: 3766.71 MB
Available physical RAM: 3083.87 MB
Total Pagefile: 3764.86 MB
Available Pagefile: 3074.09 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (Packard Bell) (Fixed) (Total:284.99 GB) (Free:230.58 GB) NTFS
2 Drive e: (PQSERVICE) (Fixed) (Total:13 GB) (Free:1.66 GB) NTFS
3 Drive f: (MediaShow V4) (CDROM) (Total:0.21 GB) (Free:0 GB) CDFS
4 Drive g: (SIMONS DISK) (Removable) (Total:0.24 GB) (Free:0.24 GB) FAT
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 245 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 13 GB 1024 KB
Partition 2 Primary 100 MB 13 GB
Partition 3 Primary 284 GB 13 GB

==================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E PQSERVICE NTFS Partition 13 GB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM RESE NTFS Partition 100 MB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C Packard Bel NTFS Partition 284 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 244 MB 16 KB

==================================================================================

Disk: 1
Partition 1
Type : 0E
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G SIMONS DISK FAT Removable 244 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-29 03:52

======================= End Of Log ==========================


Results of FRST services search:

Farbar Recovery Scan Tool Version: 04-08-2012 01
Ran by SYSTEM at 2012-08-04 20:36:27
Running from G:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2012-08-04 11:15] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

====== End Of Search ======

BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:20 AM

Posted 06 August 2012 - 12:52 PM

Hi rapidlygoingbald,

Welcome to the forum.

Please tell me if you still need assistance and the condition of the computer is the same. In case you still need assistance but the condition of the computer is changed please post a fresh FRST log with the latest FRST version and update me about the current situation.

#3 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:20 AM

Posted 11 August 2012 - 07:24 AM

This thread will now be closed due to lack of activity.

If you need this topic reopened, please send me a Private Message and I will reopen it for you.

If you should have a new issue, please start a new topic.

Every one else should start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users