TechSpot

Hello, I believe I'm infected with sirfef.w trojan

By DJackson
Jul 10, 2012
  1. Hi, I believe im infected with this trojan that Microsoft Security Essentials can't get rid of. If I try to delete it through MSE, it just forces me to reboot after a minute so I was unable to do anything. Somehow a system restore to a point earlier than when I tried to removed broke the loop but id rather not do that again. I did another scan and it says its ok but I want to be sure its completely gone from my system because its still there quarantined.

    EDIT: forgot to mention im on windows 7 64-bit too.
     
  2. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.
    Download Farbar Recovery Scan Tool and save it to a flash drive.

    You will need 64-bit download!

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.
    On the System Recovery Options menu you will get the following options:
      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst64 and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to the disclaimer.
    • Place a check next to List Drivers MD5 as well as the default check marks that are already there
    • Press Scan button.
    • type exit and reboot the computer normally
    • FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.
    Once again, please boot to the System Recovery Options and run FRST, as done previously.

    Type the following text in the blank box after Search:

    services.exe

    Click: Search file(s)

    [​IMG]

    When done searching, FRST makes a log, Search.txt, on the C:\ drive.

    Please provide the Search.txt in your reply along with the original FRST scan above.
     
  3. DJackson

    DJackson TS Rookie Topic Starter

    Scan result of Farbar Recovery Scan Tool Version: 09-07-2012
    Ran by SYSTEM at 10-07-2012 15:51:53
    Running from F:\
    Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [170264 2012-01-12] (Intel Corporation)
    HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [398104 2012-01-12] (Intel Corporation)
    HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [440600 2012-01-12] (Intel Corporation)
    HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [12343400 2011-12-27] (Realtek Semiconductor)
    HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
    HKLM\...\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui [190536 2010-06-14] (Logitech Inc.)
    HKLM\...\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun [855608 2007-09-26] (Microsoft Corporation)
    HKLM-x32\...\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291096 2012-01-02] (Intel Corporation)
    HKLM-x32\...\Run: [StartCCC] "C:\Users\David\Downloads\ATI.ACE\Core-Static\CLIStart.exe" MSRun [641664 2012-04-05] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml [10752 2012-02-20] ()
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [] [x]
    HKLM-x32\...\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [1561768 2012-05-04] (Ask)
    HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-04-03] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
    HKLM-x32\...\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
    HKU\David\...\Run: [Google Update] "C:\Users\David\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-05-15] (Google Inc.)
    HKU\David\...\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1242448 2012-05-15] (Valve Corporation)
    HKU\David\...\Run: [Desura] C:\Program Files (x86)\Desura\desura.exe -autostart [x]
    HKU\David\...\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet [6591800 2012-02-22] (Yahoo! Inc.)
    HKU\David\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
    HKU\David\...\Run: [Raptr] C:\PROGRA~2\Raptr\raptrstub.exe --startup [53168 2012-04-16] (Raptr, Inc)
    Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 209.18.47.61 209.18.47.62

    ==================== Services (Whitelisted) ======

    3 Futuremark SystemInfo Service; "C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe" [135584 2012-04-26] (Futuremark Corporation)
    2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
    3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
    2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-07-07] ()

    ========================== Drivers (Whitelisted) =============

    1 BIOS; \??\C:\Windows\system32\drivers\BIOS64.sys [14136 2011-08-08] (BIOSTAR Group)
    0 iusb3hcs; C:\Windows\System32\Drivers\iusb3hcs.sys [16152 2012-01-02] (Intel Corporation)
    3 iusb3hub; C:\Windows\System32\Drivers\iusb3hub.sys [355096 2012-01-02] (Intel Corporation)
    3 iusb3xhc; C:\Windows\System32\Drivers\iusb3xhc.sys [785688 2012-01-02] (Intel Corporation)
    3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]

    ========================== NetSvcs (Whitelisted) ===========


    ============ One Month Created Files and Folders ==============

    2012-07-10 11:44 - 2012-07-10 11:44 - 01434401 ____A (Farbar) C:\Users\David\Downloads\FRST64.exe
    2012-07-10 10:46 - 2012-07-10 10:46 - 00000000 ____D C:\Users\David\AppData\Local\{B108DF2D-D0D9-4114-ADE6-F67B7B743F6B}
    2012-07-10 10:46 - 2012-07-10 10:46 - 00000000 ____D C:\Users\David\AppData\Local\{85761071-B214-4A49-9A31-5737A381E748}
    2012-07-10 10:26 - 2012-07-10 10:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9E246BA6D32E2514
    2012-07-10 10:10 - 2012-07-10 10:10 - 00000000 __SHD C:\Windows\System32\%APPDATA%
    2012-07-10 02:32 - 2012-07-10 02:32 - 00000000 ____D C:\Users\David\AppData\Local\{E0968542-C699-4517-9A4C-05C7904DBCEF}
    2012-07-10 02:32 - 2012-07-10 02:32 - 00000000 ____D C:\Users\David\AppData\Local\{68FD5253-008F-4D8A-BBE5-8F6B66A7802D}
    2012-07-09 14:31 - 2012-07-09 14:31 - 00000000 ____D C:\Users\David\AppData\Local\{9161783C-F489-4117-A451-280AF8202BFF}
    2012-07-09 14:31 - 2012-07-09 14:31 - 00000000 ____D C:\Users\David\AppData\Local\{2559F657-7FC3-4F98-A769-C7B80D171F94}
    2012-07-07 11:24 - 2012-07-07 11:24 - 00000000 ____D C:\Users\David\AppData\Local\{D5B5AEB1-DD67-49E5-9975-922B779925DD}
    2012-07-07 11:24 - 2012-07-07 11:24 - 00000000 ____D C:\Users\David\AppData\Local\{50CF5E2B-7FD0-4EFD-B5B9-B68E77B87DF9}
    2012-07-06 21:57 - 2012-07-06 21:58 - 00000000 ____D C:\Users\David\Downloads\client_3
    2012-07-06 21:57 - 2012-07-06 21:57 - 00967844 ____A C:\Users\David\Downloads\client_3.zip
    2012-07-06 16:51 - 2012-07-06 16:52 - 00000000 ____D C:\Users\David\Downloads\client_new_new
    2012-07-06 16:51 - 2012-07-06 16:51 - 00895497 ____A C:\Users\David\Downloads\client_new_new.zip
    2012-07-06 16:04 - 2012-07-06 16:21 - 00000000 ____D C:\Users\David\Downloads\client
    2012-07-06 16:04 - 2012-07-06 16:04 - 00895736 ____A C:\Users\David\Downloads\client.zip
    2012-07-05 13:58 - 2012-07-05 13:58 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_xusb21_01001.Wdf
    2012-07-05 13:56 - 2012-07-05 13:56 - 00000000 ____D C:\Users\David\Desktop\PC Driver
    2012-07-05 13:55 - 2012-07-05 13:55 - 00000000 ____D C:\Users\David\Desktop\Software
    2012-07-05 13:49 - 2012-07-05 13:50 - 00000000 ____D C:\Program Files\Microsoft Xbox 360 Accessories
    2012-07-05 12:48 - 2012-07-05 13:31 - 00000000 ____D C:\Users\David\Documents\ManiaPlanet
    2012-07-05 12:47 - 2012-07-05 13:31 - 00000000 ____D C:\Users\All Users\ManiaPlanet
    2012-07-05 12:47 - 2012-07-05 12:47 - 00001087 ____A C:\Users\Public\Desktop\ManiaPlanet.lnk
    2012-07-05 12:47 - 2012-07-05 12:47 - 00000000 ____D C:\Program Files (x86)\ManiaPlanet
    2012-07-05 09:54 - 2012-07-05 10:31 - 877593826 ____A C:\Users\David\Downloads\ManiaPlanet_Setup-1.bin
    2012-07-05 09:49 - 2012-07-05 09:50 - 00000000 ____D C:\Users\David\AppData\Local\Downloader
    2012-07-05 09:49 - 2012-07-05 09:49 - 02235504 ____A C:\Users\David\Downloads\DownloaderSetup.exe
    2012-07-05 09:49 - 2012-07-05 09:49 - 00000000 ____D C:\Program Files (x86)\Downloader
    2012-07-05 09:48 - 2012-07-05 09:48 - 01147424 ____A (Nadeo ) C:\Users\David\Downloads\ManiaPlanet_Setup.exe
    2012-07-04 08:51 - 2012-07-04 08:51 - 00000000 ____D C:\Users\David\AppData\Local\{143F142B-97E5-4755-83A2-FFD322476A9D}
    2012-07-04 08:50 - 2012-07-04 08:51 - 00000000 ____D C:\Users\David\AppData\Local\{2072141A-8CBD-4E98-B7F9-BD3AC0526383}
    2012-07-02 14:38 - 2012-07-02 14:39 - 00000000 ____D C:\Users\David\AppData\Local\{F462CBF6-8252-48BA-BB82-FC57C58D1C5D}
    2012-07-02 14:38 - 2012-07-02 14:38 - 00000000 ____D C:\Users\David\AppData\Local\{832897F2-0C06-40E2-966F-A4BD58B4885A}
    2012-07-01 11:40 - 2012-07-01 11:40 - 00000000 ____D C:\Users\David\AppData\Local\{C597CD4F-B292-4BEE-BEB5-C238A05C6334}
    2012-07-01 11:40 - 2012-07-01 11:40 - 00000000 ____D C:\Users\David\AppData\Local\{485E4D3F-4BC2-49FB-9324-1182F8673042}
    2012-06-30 15:19 - 2012-06-30 15:19 - 00000000 ____D C:\Users\David\Downloads\Oniken_win_Demo
    2012-06-30 15:19 - 2012-06-30 15:19 - 00000000 ____D C:\Users\David\AppData\Roaming\Joymasher
    2012-06-30 15:18 - 2012-06-30 15:19 - 25498170 ____A C:\Users\David\Downloads\Oniken_win_Demo.zip
    2012-06-27 22:27 - 2012-06-27 22:29 - 00000000 ____D C:\Users\David\Documents\Front Mission Evolved
    2012-06-27 16:36 - 2012-06-27 16:36 - 00000000 ____D C:\Users\David\AppData\Local\AliensVsPredator
    2012-06-26 21:31 - 2012-06-26 21:31 - 00000000 ____D C:\Users\David\Downloads\iconoclasts
    2012-06-26 21:26 - 2012-06-26 21:28 - 15754097 ____A C:\Users\David\Downloads\iconoclasts.zip
    2012-06-24 17:22 - 2012-06-24 19:12 - 00000000 ____D C:\Users\David\AppData\Roaming\mIRC
    2012-06-24 17:22 - 2012-06-24 17:22 - 00000955 ____A C:\Users\Public\Desktop\mIRC.lnk
    2012-06-24 17:21 - 2012-06-24 17:22 - 00000000 ____D C:\Program Files (x86)\mIRC
    2012-06-24 17:21 - 2012-06-24 17:21 - 01912168 ____A (mIRC Co. Ltd.) C:\Users\David\Downloads\mirc725.exe
    2012-06-24 09:16 - 2012-06-24 09:16 - 00000000 ____D C:\Users\David\AppData\Local\{A6F23FB1-D83D-4244-AA75-7883B1C12CE7}
    2012-06-24 09:16 - 2012-06-24 09:16 - 00000000 ____D C:\Users\David\AppData\Local\{00819969-E8A6-4DC3-8BBC-270DDF6E8FF2}
    2012-06-23 11:56 - 2012-06-23 11:56 - 00000000 ____D C:\Users\David\AppData\Local\{6DB99B61-951C-40C4-B92D-2301E6DCA577}
    2012-06-23 11:56 - 2012-06-23 11:56 - 00000000 ____D C:\Users\David\AppData\Local\{2949869D-E671-4298-9263-C121B1D07EC0}
    2012-06-23 08:08 - 2012-06-23 08:08 - 00000000 ____D C:\Users\David\AppData\Local\Macromedia
    2012-06-21 20:57 - 2012-06-21 20:57 - 00000000 ____D C:\Program Files (x86)\FFXiBench3
    2012-06-21 20:53 - 2012-06-21 20:54 - 79677843 ____A C:\Users\David\Downloads\FFXiB3Setup.exe
    2012-06-21 13:41 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-21 13:41 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-21 13:41 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-21 13:41 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-21 13:40 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-21 13:40 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-21 13:40 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-21 13:40 - 2012-06-02 11:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-21 13:40 - 2012-06-02 11:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-21 09:35 - 2012-06-21 09:35 - 00000000 ____D C:\Users\David\AppData\Local\Logitech
    2012-06-21 08:57 - 2012-06-21 08:57 - 00000000 ____D C:\Program Files\Logitech
    2012-06-21 08:57 - 2012-06-21 08:57 - 00000000 ____D C:\Program Files\Common Files\Logitech
    2012-06-21 08:56 - 2012-06-21 08:56 - 17276616 ____A (Logitech ) C:\Users\David\Downloads\lgs510_x64.exe
    2012-06-18 12:20 - 2012-06-18 12:20 - 00000326 ____A C:\Users\David\Desktop\Ghost Recon Online (NCSA-Live).appref-ms
    2012-06-18 12:20 - 2012-06-18 12:20 - 00000000 ____D C:\Ubisoft
    2012-06-18 12:19 - 2012-06-18 12:19 - 00008927 ____A C:\Users\David\Downloads\Launcher.application
    2012-06-15 21:24 - 2012-06-15 21:26 - 00000000 ____D C:\Users\David\AppData\Local\SniperV2 Demo
    2012-06-14 13:12 - 2012-06-14 13:54 - 00000000 ____D C:\Users\David\Downloads\CryENGINE_PC_v3_4_0_3696_freeSDK
    2012-06-14 11:49 - 2012-06-14 12:03 - 1076809322 ____A C:\Users\David\Downloads\CryENGINE_PC_v3_4_0_3696_freeSDK.zip
    2012-06-14 09:10 - 2012-06-14 09:10 - 00000000 ____D C:\Users\David\AppData\Local\{96C2C7F1-C700-422B-B533-A24856FED567}
    2012-06-14 09:10 - 2012-06-14 09:10 - 00000000 ____D C:\Users\David\AppData\Local\{2B462B3E-E216-438D-85E8-7A1FC4CFC7EC}
    2012-06-13 23:00 - 2012-05-17 18:47 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-06-13 23:00 - 2012-05-17 18:16 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-06-13 23:00 - 2012-05-17 18:06 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-06-13 23:00 - 2012-05-17 17:59 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-06-13 23:00 - 2012-05-17 17:59 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-06-13 23:00 - 2012-05-17 17:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-06-13 23:00 - 2012-05-17 17:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-06-13 23:00 - 2012-05-17 17:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-06-13 23:00 - 2012-05-17 17:55 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-06-13 23:00 - 2012-05-17 17:55 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-06-13 23:00 - 2012-05-17 17:54 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-06-13 23:00 - 2012-05-17 17:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-06-13 23:00 - 2012-05-17 17:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-06-13 23:00 - 2012-05-17 17:47 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-06-13 23:00 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-06-13 23:00 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-06-13 23:00 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-06-13 23:00 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-06-13 23:00 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-06-13 23:00 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-06-13 23:00 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-06-13 23:00 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-06-13 23:00 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-06-13 23:00 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-06-13 23:00 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-06-13 23:00 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-06-13 23:00 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-06-13 23:00 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-06-13 20:13 - 2012-05-14 17:32 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-06-13 20:13 - 2012-05-04 03:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-06-13 20:13 - 2012-05-04 02:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-06-13 20:13 - 2012-05-04 02:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-06-13 20:13 - 2012-04-30 21:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
    2012-06-13 20:13 - 2012-04-27 19:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-06-13 20:13 - 2012-04-25 21:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
    2012-06-13 20:13 - 2012-04-25 21:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
    2012-06-13 20:13 - 2012-04-25 21:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
    2012-06-13 20:13 - 2012-04-07 04:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
    2012-06-13 20:13 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2012-06-13 20:12 - 2012-04-23 21:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-06-13 20:12 - 2012-04-23 21:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-06-13 20:12 - 2012-04-23 21:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-06-13 20:12 - 2012-04-23 20:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2012-06-13 20:12 - 2012-04-23 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2012-06-13 20:12 - 2012-04-23 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2012-06-13 16:38 - 2012-06-13 16:38 - 00000000 ____D C:\Users\David\AppData\Local\{8DC93F57-B89F-438E-9501-0E221C8C2F8D}
    2012-06-13 16:37 - 2012-06-13 16:38 - 00000000 ____D C:\Users\David\AppData\Local\{DA1766A7-79AD-41E8-8670-724541988D80}
    2012-06-12 15:13 - 2012-06-12 15:13 - 00000000 ____D C:\Users\David\Documents\CAPCOM
    2012-06-12 14:47 - 2012-06-12 15:00 - 609425440 ____A (CAPCOM CO., LTD. ) C:\Users\David\Downloads\nzd_ResidentEvil5_Benchmark.exe
    2012-06-12 14:26 - 2012-06-12 14:26 - 00000000 ____D C:\Users\David\AppData\Local\CAPCOM
    2012-06-12 14:25 - 2012-06-12 15:09 - 00000000 ____D C:\Program Files (x86)\CAPCOM
    2012-06-12 14:13 - 2012-06-12 14:21 - 507111232 ____A (CAPCOM CO., LTD. ) C:\Users\David\Downloads\DevilMayCry4_Benchmark.exe
    2012-06-12 12:43 - 2012-06-12 12:43 - 00000000 ____D C:\Users\David\AppData\Local\{B9946FCA-B743-49F0-AE02-CB50D0C18380}
    2012-06-12 12:43 - 2012-06-12 12:43 - 00000000 ____D C:\Users\David\AppData\Local\{9811B22A-F872-446E-869B-762B4E200E56}
    2012-06-11 22:01 - 2012-06-15 04:11 - 00001338 ____A C:\Users\David\Desktop\PHANTASY STAR ONLINE 2.lnk
    2012-06-11 20:12 - 2012-06-11 21:52 - 1411189227 ____A C:\Users\David\Desktop\PSO2_SETUP-2.bin
    2012-06-11 17:50 - 2012-06-11 20:12 - 2099010304 ____A C:\Users\David\Desktop\PSO2_SETUP-1.bin
    2012-06-11 17:50 - 2012-06-11 17:50 - 00995712 ____A (SEGA ) C:\Users\David\Desktop\PSO2_SETUP.exe
    2012-06-11 17:49 - 2012-06-11 17:49 - 00477136 ____A (SEGA Corporation) C:\Users\David\Downloads\downloader.exe
    2012-06-11 17:49 - 2012-06-11 17:49 - 00000000 ____D C:\Users\David\AppData\Roaming\SEGA


    ============ 3 Months Modified Files ========================

    2012-07-10 11:44 - 2012-07-10 11:44 - 01434401 ____A (Farbar) C:\Users\David\Downloads\FRST64.exe
    2012-07-10 11:44 - 2012-05-15 14:43 - 01532016 ____A C:\Windows\WindowsUpdate.log
    2012-07-10 11:44 - 2009-07-13 20:45 - 00022208 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-07-10 11:44 - 2009-07-13 20:45 - 00022208 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-07-10 11:25 - 2009-07-13 21:13 - 00795490 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-07-10 10:56 - 2012-05-15 14:51 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2875160302-1353166057-4037961884-1000UA.job
    2012-07-10 10:51 - 2012-05-15 12:25 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-07-10 10:44 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-07-10 10:44 - 2009-07-13 20:51 - 00032950 ____A C:\Windows\setupact.log
    2012-07-10 10:26 - 2012-07-10 10:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9E246BA6D32E2514
    2012-07-07 16:12 - 2012-05-15 18:43 - 00298016 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
    2012-07-07 16:12 - 2012-05-15 17:53 - 00298016 ____A C:\Windows\SysWOW64\PnkBstrB.exe
    2012-07-07 16:12 - 2012-05-15 17:53 - 00076888 ____A C:\Windows\SysWOW64\PnkBstrA.exe
    2012-07-07 16:09 - 2012-05-15 17:53 - 00189248 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
    2012-07-07 14:56 - 2012-05-15 14:51 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2875160302-1353166057-4037961884-1000Core.job
    2012-07-06 21:57 - 2012-07-06 21:57 - 00967844 ____A C:\Users\David\Downloads\client_3.zip
    2012-07-06 16:51 - 2012-07-06 16:51 - 00895497 ____A C:\Users\David\Downloads\client_new_new.zip
    2012-07-06 16:04 - 2012-07-06 16:04 - 00895736 ____A C:\Users\David\Downloads\client.zip
    2012-07-05 13:58 - 2012-07-05 13:58 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_xusb21_01001.Wdf
    2012-07-05 13:49 - 2012-05-15 17:21 - 00518172 ____A C:\Windows\DirectX.log
    2012-07-05 12:47 - 2012-07-05 12:47 - 00001087 ____A C:\Users\Public\Desktop\ManiaPlanet.lnk
    2012-07-05 10:31 - 2012-07-05 09:54 - 877593826 ____A C:\Users\David\Downloads\ManiaPlanet_Setup-1.bin
    2012-07-05 09:49 - 2012-07-05 09:49 - 02235504 ____A C:\Users\David\Downloads\DownloaderSetup.exe
    2012-07-05 09:48 - 2012-07-05 09:48 - 01147424 ____A (Nadeo ) C:\Users\David\Downloads\ManiaPlanet_Setup.exe
    2012-06-30 15:19 - 2012-06-30 15:18 - 25498170 ____A C:\Users\David\Downloads\Oniken_win_Demo.zip
    2012-06-26 21:28 - 2012-06-26 21:26 - 15754097 ____A C:\Users\David\Downloads\iconoclasts.zip
    2012-06-24 17:22 - 2012-06-24 17:22 - 00000955 ____A C:\Users\Public\Desktop\mIRC.lnk
    2012-06-24 17:21 - 2012-06-24 17:21 - 01912168 ____A (mIRC Co. Ltd.) C:\Users\David\Downloads\mirc725.exe
    2012-06-24 09:18 - 2012-05-24 05:32 - 00007669 ____A C:\Users\David\AppData\Local\Resmon.ResmonCfg
    2012-06-23 05:51 - 2012-05-15 12:25 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-06-23 05:51 - 2012-05-15 12:25 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-06-21 20:54 - 2012-06-21 20:53 - 79677843 ____A C:\Users\David\Downloads\FFXiB3Setup.exe
    2012-06-21 08:56 - 2012-06-21 08:56 - 17276616 ____A (Logitech ) C:\Users\David\Downloads\lgs510_x64.exe
    2012-06-18 12:20 - 2012-06-18 12:20 - 00000326 ____A C:\Users\David\Desktop\Ghost Recon Online (NCSA-Live).appref-ms
    2012-06-18 12:19 - 2012-06-18 12:19 - 00008927 ____A C:\Users\David\Downloads\Launcher.application
    2012-06-15 04:11 - 2012-06-11 22:01 - 00001338 ____A C:\Users\David\Desktop\PHANTASY STAR ONLINE 2.lnk
    2012-06-14 12:03 - 2012-06-14 11:49 - 1076809322 ____A C:\Users\David\Downloads\CryENGINE_PC_v3_4_0_3696_freeSDK.zip
    2012-06-14 03:24 - 2009-07-13 20:45 - 00342720 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-06-13 23:05 - 2012-06-04 15:33 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-06-12 15:00 - 2012-06-12 14:47 - 609425440 ____A (CAPCOM CO., LTD. ) C:\Users\David\Downloads\nzd_ResidentEvil5_Benchmark.exe
    2012-06-12 14:21 - 2012-06-12 14:13 - 507111232 ____A (CAPCOM CO., LTD. ) C:\Users\David\Downloads\DevilMayCry4_Benchmark.exe
    2012-06-11 21:52 - 2012-06-11 20:12 - 1411189227 ____A C:\Users\David\Desktop\PSO2_SETUP-2.bin
    2012-06-11 20:12 - 2012-06-11 17:50 - 2099010304 ____A C:\Users\David\Desktop\PSO2_SETUP-1.bin
    2012-06-11 17:50 - 2012-06-11 17:50 - 00995712 ____A (SEGA ) C:\Users\David\Desktop\PSO2_SETUP.exe
    2012-06-11 17:49 - 2012-06-11 17:49 - 00477136 ____A (SEGA Corporation) C:\Users\David\Downloads\downloader.exe
    2012-06-08 22:16 - 2010-11-20 19:47 - 00030648 ____A C:\Windows\PFRO.log
    2012-06-07 15:26 - 2012-06-07 15:26 - 03878112 ____A C:\Users\David\Downloads\battlelog-web-plugins-1.122.0-retail-prod.exe
    2012-06-07 15:11 - 2012-06-07 15:11 - 00001174 ____A C:\Users\Public\Desktop\Battlefield 3.lnk
    2012-06-07 07:54 - 2012-05-15 12:20 - 00086520 ____A C:\Users\David\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-06-06 17:00 - 2012-06-06 17:00 - 00002236 ____A C:\Users\Public\Desktop\Unreal Tournament 2004.lnk
    2012-06-06 12:19 - 2012-06-06 12:19 - 03742480 ____A (GOG.com ) C:\Users\David\Downloads\Setup_Downloader_3.0.51.exe
    2012-06-04 18:30 - 2012-06-04 18:30 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
    2012-06-02 14:19 - 2012-06-21 13:41 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-02 14:19 - 2012-06-21 13:41 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-02 14:19 - 2012-06-21 13:41 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-02 14:19 - 2012-06-21 13:40 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-02 14:19 - 2012-06-21 13:40 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-02 14:15 - 2012-06-21 13:41 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-02 14:15 - 2012-06-21 13:40 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-02 11:19 - 2012-06-21 13:40 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-02 11:15 - 2012-06-21 13:40 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-02 08:42 - 2012-06-02 08:36 - 149648323 ____A C:\Users\David\Downloads\Supergiant_Games_Bastion_Original_Soundtrack_MP3.zip
    2012-06-02 08:41 - 2012-06-02 08:37 - 155611809 ____A C:\Users\David\Downloads\Jim_Guthrie_Sword_and_Sworcery_LP_MP3.zip
    2012-06-02 08:40 - 2012-06-02 08:37 - 98481876 ____A C:\Users\David\Downloads\psychonautssoundtrackmp3.zip
    2012-06-02 08:38 - 2012-06-02 08:37 - 26441053 ____A C:\Users\David\Downloads\Limbo_Soundtrack_MP3.zip
    2012-06-01 21:58 - 2012-06-01 21:41 - 1074241265 ____A C:\Users\David\Downloads\UrbanTerror411.exe
    2012-05-31 14:14 - 2012-05-31 14:13 - 00071576 ____A C:\Users\David\Downloads\raptr_installer.exe
    2012-05-31 13:47 - 2012-05-31 13:42 - 76761968 ____A (Apple Inc.) C:\Users\David\Downloads\iTunes64Setup.exe
    2012-05-30 22:37 - 2012-05-30 22:32 - 315470531 ____A C:\Users\David\Downloads\StarForge_V0.1.zip
    2012-05-29 18:24 - 2012-05-29 18:24 - 01287528 ____A (Microsoft Corporation) C:\Users\David\Downloads\wlsetup-web.exe
    2012-05-25 18:31 - 2012-05-25 18:31 - 00002037 ____A C:\Users\Public\Desktop\Hi-Rez Diagnostics and Support.lnk
    2012-05-25 18:31 - 2012-05-25 18:31 - 00002028 ____A C:\Users\Public\Desktop\Tribes Ascend.lnk
    2012-05-25 18:30 - 2012-05-25 18:30 - 13235336 ____A (Hi-Rez Studios) C:\Users\David\Downloads\InstallHiRezGamesEnglish.exe
    2012-05-24 16:04 - 2012-05-24 16:04 - 00001141 ____A C:\Users\Public\Desktop\Yahoo! Messenger.lnk
    2012-05-24 16:02 - 2012-05-24 16:02 - 00424048 ____A (Yahoo! Inc.) C:\Users\David\Downloads\msgr11us.exe
    2012-05-24 11:46 - 2012-05-24 11:46 - 00001809 ____A C:\Users\Public\Desktop\3DMark 11.lnk
    2012-05-24 11:45 - 2012-05-24 11:41 - 294237056 ____A (Futuremark Corporation) C:\Users\David\Downloads\3DMark_11_v103_installer.exe
    2012-05-24 07:13 - 2012-05-24 07:13 - 00347424 ____A (Microsoft Corporation) C:\Users\David\Downloads\MicrosoftFixit.Printing.Run.exe
    2012-05-21 09:23 - 2012-05-21 09:23 - 00002019 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
    2012-05-20 23:01 - 2012-05-15 12:34 - 00788870 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-05-20 09:40 - 2012-05-20 09:25 - 1010847148 ____A C:\Users\David\Downloads\xonotic-0.6.0.zip
    2012-05-20 08:43 - 2012-05-20 08:43 - 02854217 ____A C:\Users\David\Downloads\pcsx2-0.9.8-r4600-binaries.7z
    2012-05-19 19:38 - 2012-05-17 18:58 - 02250024 ____A C:\Windows\SysWOW64\pbsvc.exe
    2012-05-19 16:25 - 2012-05-18 13:00 - 00466456 ____A (Creative Labs) C:\Windows\System32\wrap_oal.dll
    2012-05-19 16:25 - 2012-05-18 13:00 - 00444952 ____A (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
    2012-05-19 16:25 - 2012-05-18 13:00 - 00122904 ____A (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\System32\OpenAL32.dll
    2012-05-19 16:25 - 2012-05-18 13:00 - 00109080 ____A (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
    2012-05-19 13:44 - 2012-05-19 13:44 - 00001356 ____A C:\Users\Public\Desktop\Crysis SP Demo.lnk
    2012-05-19 11:34 - 2012-05-19 11:07 - 1902019901 ____A C:\Users\David\Downloads\Crysis_SP_Demo.exe
    2012-05-19 08:29 - 2012-05-19 08:29 - 00000093 ____A C:\Users\David\AppData\Local\fusioncache.dat
    2012-05-18 20:51 - 2012-05-18 20:51 - 02238840 ____A C:\Users\David\Downloads\ddohigh.exe
    2012-05-18 19:58 - 2012-05-18 19:58 - 00002236 ____A C:\Users\Public\Desktop\HP Deskjet 1000 J110 series.lnk
    2012-05-18 19:58 - 2012-05-18 19:58 - 00001194 ____A C:\Users\Public\Desktop\Shop for Supplies - HP Deskjet 1000 J110 series.lnk
    2012-05-18 19:58 - 2012-05-18 19:58 - 00001101 ____A C:\Users\Public\Desktop\HP Photo Creations.lnk
    2012-05-18 18:45 - 2012-05-18 18:45 - 00001603 ____A C:\Users\Public\Desktop\Combat Arms.lnk
    2012-05-18 17:29 - 2012-05-18 17:29 - 01953032 ____A C:\Users\David\Downloads\CombatArmsDownloader.exe
    2012-05-17 22:11 - 2012-05-17 22:11 - 00000336 ____A C:\Windows\game.ini
    2012-05-17 22:10 - 2012-05-17 21:40 - 1473748992 ____A C:\Users\David\Downloads\CoD4MWDemoSetup.exe
    2012-05-17 21:08 - 2012-05-17 21:04 - 181219350 ____A C:\Users\David\Downloads\FFXIVBenchmark.zip
    2012-05-17 21:00 - 2012-05-16 04:55 - 00026146 ____A C:\alotserviceruntime.log
    2012-05-17 21:00 - 2012-05-16 04:55 - 00019730 ____A C:\INSTALLHELPER.LOG
    2012-05-17 18:59 - 2012-05-17 18:59 - 00178800 ____A (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt_x64.dll
    2012-05-17 18:55 - 2012-05-17 18:55 - 00001124 ____A C:\Windows\SysWOW64\ealregsnapshot1.reg
    2012-05-17 18:47 - 2012-06-13 23:00 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-05-17 18:16 - 2012-06-13 23:00 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-05-17 18:06 - 2012-06-13 23:00 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-05-17 17:59 - 2012-06-13 23:00 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-05-17 17:59 - 2012-06-13 23:00 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-05-17 17:58 - 2012-06-13 23:00 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-05-17 17:58 - 2012-06-13 23:00 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-05-17 17:56 - 2012-06-13 23:00 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-05-17 17:55 - 2012-06-13 23:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-05-17 17:55 - 2012-06-13 23:00 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-05-17 17:54 - 2012-06-13 23:00 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-05-17 17:51 - 2012-06-13 23:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-05-17 17:51 - 2012-06-13 23:00 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-05-17 17:47 - 2012-06-13 23:00 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-05-17 15:11 - 2012-06-13 23:00 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-05-17 14:48 - 2012-06-13 23:00 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-05-17 14:45 - 2012-06-13 23:00 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-05-17 14:36 - 2012-06-13 23:00 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-05-17 14:35 - 2012-06-13 23:00 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-05-17 14:35 - 2012-06-13 23:00 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-05-17 14:33 - 2012-06-13 23:00 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-05-17 14:31 - 2012-06-13 23:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-05-17 14:29 - 2012-06-13 23:00 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-05-17 14:29 - 2012-06-13 23:00 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-05-17 14:27 - 2012-06-13 23:00 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-05-17 14:25 - 2012-06-13 23:00 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-05-17 14:24 - 2012-06-13 23:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-05-17 14:20 - 2012-06-13 23:00 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-05-16 09:33 - 2012-05-16 09:33 - 00000983 ____A C:\Users\Public\Desktop\Origin.lnk
    2012-05-16 09:33 - 2012-05-16 09:33 - 00000527 ____A C:\Windows\KB893803v2.log
    2012-05-16 09:32 - 2012-05-16 09:30 - 17054296 ____A (Electronic Arts, Inc.) C:\Users\David\Downloads\OriginThinSetup.exe
    2012-05-16 09:27 - 2012-05-16 09:26 - 03870984 ____A C:\Users\David\Downloads\battlelog-web-plugins-1.118.0-retail-prod.exe
    2012-05-16 05:27 - 2012-05-16 05:27 - 00000930 ____A C:\Users\Public\Desktop\CPUID HWMonitor.lnk
    2012-05-16 05:27 - 2012-05-16 05:26 - 04084576 ____A ( ) C:\Users\David\Downloads\hwmonitor_1.19-setup.exe
    2012-05-16 05:23 - 2012-05-16 05:23 - 00330853 ____A C:\Users\David\Downloads\RealTemp_370.zip
    2012-05-16 04:54 - 2012-05-16 04:54 - 00647776 ____A (OptimumInstaller) C:\Users\David\Downloads\7zip_Setup.exe
    2012-05-16 04:36 - 2012-05-16 04:36 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2012-05-16 04:36 - 2012-05-16 04:36 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2012-05-16 04:35 - 2012-05-16 04:35 - 00892360 ____A (Oracle Corporation) C:\Users\David\Downloads\chromeinstall-7u4.exe
    2012-05-16 04:29 - 2012-05-16 04:29 - 00000207 ____A C:\Users\Public\Desktop\Vindictus.url
    2012-05-16 03:41 - 2009-07-13 21:38 - 00025600 __ASH C:\Windows\System32\config\BCD-Template.LOG
    2012-05-16 03:41 - 2009-07-13 21:32 - 00028672 ____A C:\Windows\System32\config\BCD-Template
    2012-05-16 02:44 - 2009-07-13 21:01 - 00122093 ____A C:\Windows\SysWOW64\license.rtf
    2012-05-16 02:44 - 2009-07-13 21:01 - 00122093 ____A C:\Windows\System32\license.rtf
    2012-05-16 02:44 - 2009-07-13 20:46 - 00002790 ____A C:\Windows\DtcInstall.log
    2012-05-16 02:43 - 2012-05-16 02:43 - 00001355 ____A C:\Windows\TSSysprep.log
    2012-05-15 19:20 - 2012-05-15 19:20 - 01960400 ____A C:\Users\David\Downloads\VindictusDownloaderV152.exe
    2012-05-15 17:55 - 2012-05-15 17:55 - 00001809 ____A C:\Users\Public\Desktop\Launch Blacklight Retribution.lnk
    2012-05-15 17:45 - 2012-05-15 17:45 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
    2012-05-15 17:28 - 2012-05-15 17:28 - 01639789 ____A C:\Users\David\Downloads\winrar-x64-411.exe
    2012-05-15 17:27 - 2012-05-15 17:27 - 00025832 ____A C:\Users\David\Downloads\creator_translation.rar
    2012-05-15 17:05 - 2012-05-15 17:05 - 00001569 ____A C:\Users\David\Desktop\PHANTASY STAR ONLINE 2 ??????????????.lnk
    2012-05-15 16:43 - 2012-05-15 16:25 - 467911144 ____A C:\Users\David\Downloads\PSO2_Chara_Create_Trial_V1_00.zip
    2012-05-15 15:11 - 2012-05-15 15:11 - 00000219 ____A C:\Users\David\Desktop\Team Fortress 2.url
    2012-05-15 15:03 - 2012-05-15 15:03 - 00000917 ____A C:\Users\Public\Desktop\Steam.lnk
    2012-05-15 14:57 - 2012-05-15 14:57 - 00001134 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2012-05-15 14:43 - 2012-05-15 14:43 - 00000020 ___SH C:\Users\David\ntuser.ini
    2012-05-15 14:04 - 2012-05-15 14:04 - 00000000 ____A C:\Windows\ativpsrm.bin
    2012-05-15 12:45 - 2012-05-15 12:41 - 00010375 ____A C:\Windows\IE9_main.log
    2012-05-15 12:44 - 2012-05-15 12:44 - 03695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
    2012-05-15 12:44 - 2012-05-15 12:44 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
    2012-05-15 12:44 - 2012-05-15 12:44 - 00697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2012-05-15 12:44 - 2012-05-15 12:44 - 00603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2012-05-15 12:44 - 2012-05-15 12:44 - 00580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2012-05-15 12:44 - 2012-05-15 12:44 - 00534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
    2012-05-15 12:44 - 2012-05-15 12:44 - 00452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
    2012-05-15 12:44 - 2012-05-15 12:44 - 00448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
    2012-05-15 12:44 - 2012-05-15 12:44 - 00434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2012-05-15 12:44 - 2012-05-15 12:44 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2012-05-15 12:44 - 2012-05-15 12:44 - 00403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
    2012-05-15 12:44 - 2012-05-15 12:44 - 00367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2012-05-15 12:44 - 2012-05-15 12:44 - 00353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2012-05-15 12:44 - 2012-05-15 12:44 - 00353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2012-05-15 12:44 - 2012-05-15 12:44 - 00282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
    2012-05-15 12:44 - 2012-05-15 12:44 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
    2012-05-15 12:44 - 2012-05-15 12:44 - 00249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
    2012-05-15 12:44 - 2012-05-15 12:44 - 00227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
    2012-05-15 12:44 - 2012-05-15 12:44 - 00223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2012-05-15 12:44 - 2012-05-15 12:44 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
    2012-05-15 12:44 - 2012-05-15 12:44 - 00203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2012-05-15 12:44 - 2012-05-15 12:44 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
    2012-05-15 12:44 - 2012-05-15 12:44 - 00165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
    2012-05-15 12:44 - 2012-05-15 12:44 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
    2012-05-15 12:44 - 2012-05-15 12:44 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
    2012-05-15 12:44 - 2012-05-15 12:44 - 00162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2012-05-15 12:44 - 2012-05-15 12:44 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
    2012-05-15 12:44 - 2012-05-15 12:44 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
    2012-05-15 12:44 - 2012-05-15 12:44 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
    2012-05-15 12:44 - 2012-05-15 12:44 - 00152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
    2012-05-15 12:44 - 2012-05-15 12:44 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
    2012-05-15 12:44 - 2012-05-15 12:44 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
    2012-05-15 12:44 - 2012-05-15 12:44 - 00145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
    2012-05-15 12:44 - 2012-05-15 12:44 - 00135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
    2012-05-15 12:44 - 2012-05-15 12:44 - 00130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
    2012-05-15 12:44 - 2012-05-15 12:44 - 00123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2012-05-15 12:44 - 2012-05-15 12:44 - 00118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
    2012-05-15 12:44 - 2012-05-15 12:44 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
    2012-05-15 12:44 - 2012-05-15 12:44 - 00111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
    2012-05-15 12:44 - 2012-05-15 12:44 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
    2012-05-15 12:44 - 2012-05-15 12:44 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
    2012-05-15 12:44 - 2012-05-15 12:44 - 00101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
    2012-05-15 12:44 - 2012-05-15 12:44 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
    2012-05-15 12:44 - 2012-05-15 12:44 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
    2012-05-15 12:44 - 2012-05-15 12:44 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
    2012-05-15 12:44 - 2012-05-15 12:44 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
    2012-05-15 12:44 - 2012-05-15 12:44 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
    2012-05-15 12:44 - 2012-05-15 12:44 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
    2012-05-15 12:44 - 2012-05-15 12:44 - 00078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
    2012-05-15 12:44 - 2012-05-15 12:44 - 00076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
    2012-05-15 12:44 - 2012-05-15 12:44 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
    2012-05-15 12:44 - 2012-05-15 12:44 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
    2012-05-15 12:44 - 2012-05-15 12:44 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2012-05-15 12:44 - 2012-05-15 12:44 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
    2012-05-15 12:44 - 2012-05-15 12:44 - 00066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
    2012-05-15 12:44 - 2012-05-15 12:44 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
    2012-05-15 12:44 - 2012-05-15 12:44 - 00063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
    2012-05-15 12:44 - 2012-05-15 12:44 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
    2012-05-15 12:44 - 2012-05-15 12:44 - 00054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
    2012-05-15 12:44 - 2012-05-15 12:44 - 00049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
    2012-05-15 12:44 - 2012-05-15 12:44 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
    2012-05-15 12:44 - 2012-05-15 12:44 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
    2012-05-15 12:44 - 2012-05-15 12:44 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
    2012-05-15 12:44 - 2012-05-15 12:44 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
    2012-05-15 12:44 - 2012-05-15 12:44 - 00035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
    2012-05-15 12:44 - 2012-05-15 12:44 - 00031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2012-05-15 12:44 - 2012-05-15 12:44 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
    2012-05-15 12:44 - 2012-05-15 12:44 - 00023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
    2012-05-15 12:44 - 2012-05-15 12:44 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
    2012-05-15 12:44 - 2012-05-15 12:44 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
    2012-05-15 12:44 - 2012-05-15 12:44 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
    2012-05-15 12:44 - 2012-05-15 12:44 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
    2012-05-15 12:34 - 2012-05-15 12:34 - 00001945 ____A C:\Windows\epplauncher.mif
    2012-05-15 12:12 - 2012-05-15 12:12 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_iusb3hcs_01009.Wdf
    2012-05-15 12:04 - 2012-05-15 12:04 - 00018222 ____A C:\Windows\System32\results.xml
    2012-05-14 17:32 - 2012-06-13 20:13 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-05-04 03:06 - 2012-06-13 20:13 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-05-04 02:03 - 2012-06-13 20:13 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-05-04 02:03 - 2012-06-13 20:13 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-04-30 21:40 - 2012-06-13 20:13 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
    2012-04-27 19:55 - 2012-06-13 20:13 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-04-25 21:41 - 2012-06-13 20:13 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
    2012-04-25 21:41 - 2012-06-13 20:13 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
    2012-04-25 21:34 - 2012-06-13 20:13 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
    2012-04-23 21:37 - 2012-06-13 20:12 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-04-23 21:37 - 2012-06-13 20:12 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-04-23 21:37 - 2012-06-13 20:12 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-04-23 20:36 - 2012-06-13 20:12 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2012-04-23 20:36 - 2012-06-13 20:12 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2012-04-23 20:36 - 2012-06-13 20:12 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll

    ZeroAccess:
    C:\Windows\Installer\{ce3b5d36-073c-3953-74bf-7320aefdd26b}
    C:\Windows\Installer\{ce3b5d36-073c-3953-74bf-7320aefdd26b}\@
    C:\Windows\Installer\{ce3b5d36-073c-3953-74bf-7320aefdd26b}\L
    C:\Windows\Installer\{ce3b5d36-073c-3953-74bf-7320aefdd26b}\n

    ZeroAccess:
    C:\Users\David\AppData\Local\{ce3b5d36-073c-3953-74bf-7320aefdd26b}
    C:\Users\David\AppData\Local\{ce3b5d36-073c-3953-74bf-7320aefdd26b}\@
    C:\Users\David\AppData\Local\{ce3b5d36-073c-3953-74bf-7320aefdd26b}\L
    C:\Users\David\AppData\Local\{ce3b5d36-073c-3953-74bf-7320aefdd26b}\U
    C:\Users\David\AppData\Local\{ce3b5d36-073c-3953-74bf-7320aefdd26b}\U\00000001.@
    C:\Users\David\AppData\Local\{ce3b5d36-073c-3953-74bf-7320aefdd26b}\U\800000cb.@

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ========================= Memory info ======================

    Percentage of memory in use: 12%
    Total physical RAM: 8157.07 MB
    Available physical RAM: 7176.85 MB
    Total Pagefile: 8155.27 MB
    Available Pagefile: 7288.32 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ======================= Partitions =========================

    1 Drive c: () (Fixed) (Total:931.41 GB) (Free:631.05 GB) NTFS
    2 Drive e: (PC Receiver) (CDROM) (Total:0.1 GB) (Free:0 GB) CDFS
    3 Drive f: (USB20FD) (Removable) (Total:3.73 GB) (Free:3.64 GB) FAT32
    4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    5 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 931 GB 0 B
    Disk 1 Online 3824 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 100 MB 1024 KB
    Partition 2 Primary 931 GB 101 MB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y System Rese NTFS Partition 100 MB Healthy

    ==================================================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C NTFS Partition 931 GB Healthy

    ==================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 3823 MB 572 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 0C
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 F USB20FD FAT32 Removable 3823 MB Healthy

    ==================================================================================

    ==========================================================

    Last Boot: 2012-07-07 20:59

    ======================= End Of Log ==========================undefined
     
  4. DJackson

    DJackson TS Rookie Topic Starter

    Farbar Recovery Scan Tool Version: 09-07-2012
    Ran by SYSTEM at 2012-07-10 16:08:12
    Running from F:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    ====== End Of Search ======
     
  5. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    FRST Fixlist

    Please run the following:

    Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

    NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

    Now, please enter System Recovery Options then select Command Prompt.

    Run FRST and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Now restart, let it boot normally and tell me how it went.


    ComboFix

    Please download ComboFix[​IMG] by sUBs
    From BleepingComputer.com

    Please save the file to your Desktop, but rename it first to svchost.exe

    Important information about ComboFix

    Before the download:
    • Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
    • It is important to rename ComboFix before the download.
    • Please do not rename ComboFix to other names, but only the one indicated.
    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on svchost.exe & follow the prompts.
    • It will attempt to install the Recovery Console:
    • When ComboFix finishes, it will produce a report for you.
    • Please post the "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.
     
  6. DJackson

    DJackson TS Rookie Topic Starter

    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 09-07-2012
    Ran by SYSTEM at 2012-07-11 19:19:37 Run:1
    Running from F:\

    ==============================================

    C:\Windows\Installer\{ce3b5d36-073c-3953-74bf-7320aefdd26b} moved successfully.
    C:\Users\David\AppData\Local\{ce3b5d36-073c-3953-74bf-7320aefdd26b} moved successfully.

    ==== End of Fixlog ====

    ok I ran the fix, but I just looked at the history of windows security essentials and now in addition to quarantining sirefef.w, it apparently also had sirefef.m and p as well as TrojanDownloader:Win32/Cutwail.BE under quarantine as well. Should I just simply go ahead and run ComboFix and not worry about it?
     
  7. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Should be fine for ComboFix, go ahead, please.
     
  8. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Hello. Are you still with us?

    Your thread has been marked as "Inactive" because of your lack of reply. Please let us know how your computer is running, or if you want to continue in this topic.

    Thanks.
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...