ZeroAccess virus accompanied by BSOD (Windows 7)

Inactive
By MaxPowers
Jul 29, 2012
  1. Hello!

    I've been running into issues with this nasty ZeroAccess virus and removal of Micro Trend Titanium. I'm not sure if the BSOD that keeps occurring is related to one or the other. I've ran the Farbar tool (FRST64.exe), an below is what I've got from the FRST.txt file. I just need some assistance on proceeding further with the fixlist.txt file.

    Thanks in advance!

    Scan result of Farbar Recovery Scan Tool Version: 25-07-2012 01
    Ran by SYSTEM at 29-07-2012 14:48:47
    Running from H:\
    Windows 7 Professional (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11776104 2011-02-10] (Realtek Semiconductor)
    HKLM\...\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe -set Silent "1" SplashURL "" [1111568 2011-10-08] (Trend Micro Inc.)
    HKLM\...\Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [197152 2011-02-10] (Trend Micro Inc.)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-03-30] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [ZyngaGamesAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe" [841544 2010-11-15] (Splashtop Inc.)
    HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2011-05-20] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup [30192 2011-07-01] (Google)
    HKLM-x32\...\Run: [Smart File Advisor] "C:\Program Files (x86)\Smart File Advisor\sfa.exe" /checkassoc [280824 2011-04-04] (Filefacts.net)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-06-06] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin [1523360 2011-01-12] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [] [x]
    HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [36760 2011-09-05] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2904984 2011-09-05] (Adobe Systems Inc.)
    HKLM-x32\...\Run: [STCAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe" [x]
    HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [413696 2008-05-27] (Apple Inc.)
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-12-07] (Apple Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [ISTray] "C:\Program Files (x86)\PC Tools\PC Tools Security\pctsGui.exe" /hideGUI [2673624 2012-06-22] (PC Tools)
    HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)
    HKU\Jason Hwang\...\Run: [BitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED [6379888 2012-05-15] (BitTorrent, Inc.)
    HKU\Jason Hwang\...\Run: [DisplayFusion] "C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe" [4480456 2012-05-31] (Binary Fortress Software)
    HKU\Jason Hwang\...\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup [221184 2005-02-17] (InstallShield Software Corporation)
    HKU\Jason Hwang\...\Run: [Hobbyist Software VLC Streamer] "C:\Program Files (x86)\Hobbyist Software\VLC Streamer\VLC Streamer Configuration.exe" /startup [1642040 2012-06-28] (Hobbyist Software)
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\Rainmeter.lnk
    ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()

    ==================== Services (Whitelisted) ======

    2 Apache2.2; "C:\xampp\apache\bin\httpd.exe" -k runservice [18432 2011-09-10] (Apache Software Foundation)
    3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
    2 Browser Defender Update Service; "C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe" [575448 2012-06-22] (Threat Expert Ltd.)
    3 GoogleDesktopManager-051210-111108; "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" [30192 2011-07-01] (Google)
    2 KMService; C:\Windows\SysWow64\srvany.exe [8192 2011-08-31] ()
    2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)
    2 mi-raysat_3dsmax2011_64; "C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe" [86016 2010-03-09] ()
    2 mysql; C:\xampp\mysql\bin\mysqld.exe --defaults-file=C:\xampp\mysql\bin\my.ini mysql [5396 2012-02-28] ()
    2 SCBackService; C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe [477000 2010-11-15] (Splashtop Inc.)
    2 sdAuxService; C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [402368 2012-06-22] (PC Tools)
    2 sdCoreService; C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe [1118680 2012-06-22] (PC Tools)
    3 ThreatFire; C:\Program Files (x86)\PC Tools\PC Tools Security\TFEngine\TFService.exe service [71008 2012-06-22] (PC Tools)
    2 UNS; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [2655768 2010-10-05] (Intel Corporation)
    2 WCUService_STC_FF; C:\Program Files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe [493384 2011-03-23] (Splashtop Inc.)
    2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 [x]

    ========================== Drivers (Whitelisted) =============

    1 AppleCharger; C:\Windows\System32\Drivers\AppleCharger.sys [21104 2011-01-10] ()
    3 gdrv; \??\C:\Windows\gdrv.sys [25640 2011-07-03] (Windows (R) Server 2003 DDK provider)
    3 GVTDrv64; \??\C:\Windows\GVTDrv64.sys [30528 2011-07-03] ()
    3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)
    3 PCTBD; C:\Windows\System32\Drivers\PCTBD64.sys [85224 2012-06-22] (PC Tools)
    0 PCTCore; C:\Windows\System32\drivers\PCTCore64.sys [426616 2012-04-23] (PC Tools)
    0 pctDS; C:\Windows\System32\drivers\pctDS64.sys [453896 2012-02-28] (PC Tools)
    0 pctEFA; C:\Windows\System32\drivers\pctEFA64.sys [1096176 2012-02-28] (PC Tools)
    3 PCTFW-PacketFilter; \??\C:\Windows\system32\drivers\pctNdis-PacketFilter64.sys [123808 2012-04-19] (PC Tools)
    1 pctgntdi; \??\C:\Windows\System32\drivers\pctgntdi64.sys [341200 2012-06-22] (PC Tools)
    1 pctNdisLW64; C:\Windows\System32\Drivers\pctNdisLW64.sys [77976 2012-03-19] (PC Tools)
    3 pctplfw; \??\C:\Windows\System32\drivers\pctplfw64.sys [181032 2012-06-22] (PC Tools)
    3 pctplsg; \??\C:\Windows\System32\drivers\pctplsg64.sys [92928 2012-06-22] (PC Tools)
    1 PCTSD; C:\Windows\System32\Drivers\PCTSD64.sys [251560 2012-06-22] (PC Tools)
    2 tmactmon; C:\Windows\System32\Drivers\tmactmon.sys [90704 2010-08-08] (Trend Micro Inc.)
    2 tmcomm; C:\Windows\System32\Drivers\tmcomm.sys [144464 2010-08-08] (Trend Micro Inc.)
    2 tmevtmgr; C:\Windows\System32\Drivers\tmevtmgr.sys [67664 2010-08-08] (Trend Micro Inc.)
    1 tmtdi; C:\Windows\System32\Drivers\tmtdi.sys [105552 2010-08-08] (Trend Micro Inc.)
    3 WINIO; \??\D:\WINIO.sys [x]

    ========================== NetSvcs (Whitelisted) ===========


    ============ One Month Created Files and Folders ==============

    2012-07-28 16:36 - 2012-07-29 14:46 - 00000000 ____D C:\Windows\System32\config\HiveBackup
    2012-07-28 16:21 - 2012-07-28 16:23 - 00000000 ____D C:\FRST
    2012-07-25 19:44 - 2012-07-25 19:44 - 01402880 ____A C:\Users\Jason Hwang\Downloads\HiJackThis.msi
    2012-07-25 19:35 - 2012-07-25 19:35 - 00000000 ____D C:\Users\Jason Hwang\AppData\Roaming\Spam Monitor
    2012-07-25 19:35 - 2012-07-25 19:35 - 00000000 ____D C:\Users\Jason Hwang\AppData\Roaming\PC Tools
    2012-07-25 19:32 - 2012-07-25 19:32 - 00027256 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixZeroAccess.sys
    2012-07-25 17:34 - 2012-07-28 21:12 - 00000000 ____D C:\Users\Jason Hwang\AppData\Roaming\Malwarebytes
    2012-07-25 17:29 - 2012-07-28 21:14 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-07-25 17:29 - 2012-07-28 21:12 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-07-25 17:29 - 2012-07-25 17:29 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-07-25 17:29 - 2012-07-03 09:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-07-25 15:13 - 2012-07-25 15:13 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Jason Hwang\Desktop\mbam-setup-1.62.0.1300.exe
    2012-07-25 15:13 - 2012-07-25 15:02 - 01805736 ____A (Symantec Corporation) C:\Users\Jason Hwang\Desktop\FixZeroAccess.exe
    2012-07-24 20:21 - 2012-06-22 07:39 - 02267096 ____A (Threat Expert Ltd.) C:\Windows\PCTBDCore.dll
    2012-07-24 20:21 - 2012-06-22 07:39 - 01689560 ____A (Threat Expert Ltd.) C:\Windows\PCTBDRes.dll
    2012-07-24 20:21 - 2012-06-22 07:39 - 00149464 ____A (PC Tools) C:\Windows\SGDetectionTool.dll
    2012-07-24 20:21 - 2012-06-22 07:39 - 00085224 ____A (PC Tools) C:\Windows\System32\Drivers\PCTBD64.sys
    2012-07-24 20:21 - 2012-06-22 07:38 - 00767960 ____A C:\Windows\BDTSupport.dll
    2012-07-24 20:21 - 2012-06-22 06:43 - 00003488 ____A C:\Windows\UDB.zip
    2012-07-24 20:21 - 2012-06-22 06:43 - 00000882 ____A C:\Windows\RegSDImport.xml
    2012-07-24 20:21 - 2012-06-22 06:43 - 00000879 ____A C:\Windows\RegISSImport.xml
    2012-07-24 20:21 - 2012-06-22 06:43 - 00000131 ____A C:\Windows\IDB.zip
    2012-07-24 20:20 - 2012-07-28 21:12 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
    2012-07-24 20:20 - 2012-07-24 20:20 - 00002247 ____A C:\Users\Public\Desktop\PC Tools Internet Security.lnk
    2012-07-24 20:20 - 2012-06-22 11:35 - 00181032 ____A (PC Tools) C:\Windows\System32\Drivers\pctplfw64.sys
    2012-07-24 20:20 - 2012-06-22 11:35 - 00092928 ____A (PC Tools) C:\Windows\System32\Drivers\pctplsg64.sys
    2012-07-24 20:20 - 2012-06-22 11:33 - 00014808 ____A (PC Tools) C:\Windows\System32\Drivers\pctBTFix64.sys
    2012-07-24 20:20 - 2012-06-22 11:29 - 00341200 ____A (PC Tools) C:\Windows\System32\Drivers\pctgntdi64.sys
    2012-07-24 20:20 - 2012-06-22 11:29 - 00145464 ____A (PC Tools) C:\Windows\System32\Drivers\pctwfpfilter64.sys
    2012-07-24 20:20 - 2012-06-22 10:21 - 00706776 ____A (PC Tools) C:\Windows\System32\Drivers\TfSysMon.sys
    2012-07-24 20:20 - 2012-06-22 10:21 - 00065664 ____A (PC Tools) C:\Windows\System32\Drivers\TfFsMon.sys
    2012-07-24 20:20 - 2012-06-22 10:21 - 00041968 ____A (PC Tools) C:\Windows\System32\Drivers\TfNetMon.sys
    2012-07-24 20:20 - 2012-04-19 05:57 - 00123808 ____A (PC Tools) C:\Windows\System32\Drivers\pctNdis-PacketFilter64.sys
    2012-07-24 20:20 - 2012-03-19 08:02 - 00077976 ____A (PC Tools) C:\Windows\System32\Drivers\pctNdisLW64.sys
    2012-07-24 20:18 - 2012-07-24 20:18 - 04122624 ____A (PC Tools) C:\Users\Jason Hwang\Downloads\issetup.exe
    2012-07-24 20:18 - 2012-06-22 11:35 - 00251560 ____A (PC Tools) C:\Windows\System32\Drivers\PCTSD64.sys
    2012-07-24 20:18 - 2012-04-23 08:36 - 00426616 ____A (PC Tools) C:\Windows\System32\Drivers\PCTCore64.sys
    2012-07-24 20:18 - 2012-02-28 07:43 - 01096176 ____A (PC Tools) C:\Windows\System32\Drivers\pctEFA64.sys
    2012-07-24 20:18 - 2012-02-28 07:43 - 00453896 ____A (PC Tools) C:\Windows\System32\Drivers\pctDS64.sys
    2012-07-24 20:05 - 2012-07-24 20:06 - 00281368 ____A C:\Windows\Minidump\072512-29078-01.dmp
    2012-07-24 14:26 - 2012-07-28 21:11 - 00000000 ____D C:\Program Files (x86)\PC Tools
    2012-07-24 14:23 - 2012-07-28 21:12 - 00000000 ____D C:\Users\All Users\PC Tools
    2012-07-24 14:23 - 2012-07-24 14:23 - 00000000 ____D C:\Users\Jason Hwang\AppData\Roaming\TestApp
    2012-07-15 20:23 - 2012-07-15 20:23 - 00001426 ____A C:\Users\Jason Hwang\Downloads\menu_items.sql
    2012-07-13 14:29 - 2012-07-21 22:26 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-07-11 23:05 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-07-11 17:53 - 2012-07-11 17:55 - 00000000 ____D C:\Users\Jason Hwang\Desktop\John.Carter.2012.720p.BluRay.x264-SPARKS PublicHD
    2012-07-11 17:51 - 2012-07-11 17:51 - 00051466 ____A C:\Users\Jason Hwang\Downloads\[kat.ph]john.carter.2012.1080p.bluray.x264.sparks.publichd (1).torrent
    2012-07-11 17:50 - 2012-07-11 17:50 - 00008150 ____A C:\Users\Jason Hwang\Downloads\[kat.ph]john.carter.2012.720p.bluray.x264.sparks.publichd.torrent
    2012-07-11 17:49 - 2012-07-11 17:49 - 00051466 ____A C:\Users\Jason Hwang\Downloads\[kat.ph]john.carter.2012.1080p.bluray.x264.sparks.publichd.torrent
    2012-07-11 13:07 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2012-07-11 13:07 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2012-07-11 13:07 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
    2012-07-11 13:07 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
    2012-07-11 13:07 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
    2012-07-11 13:07 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2012-07-11 13:07 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2012-07-11 13:07 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
    2012-07-11 13:07 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
    2012-07-11 13:07 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
    2012-07-11 13:07 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
    2012-07-11 13:07 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
    2012-07-11 13:07 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
    2012-07-11 13:07 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2012-07-11 13:07 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2012-07-11 13:07 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2012-07-11 13:07 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2012-07-11 13:07 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
    2012-07-11 13:07 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
    2012-07-11 10:05 - 2012-07-11 10:32 - 1131295672 ____A (Microsoft Corporation) C:\Users\Jason Hwang\Downloads\OfficePro2010English_x64.exe
    2012-07-11 09:55 - 2012-07-11 17:00 - 00000000 ____D C:\Users\Jason Hwang\Desktop\LCC
    2012-07-11 09:48 - 2012-07-11 09:48 - 00000000 ____D C:\Users\Jason Hwang\AppData\Local\Macromedia
    2012-07-11 09:47 - 2012-07-28 21:12 - 00000000 ____D C:\Windows\System32\Macromed
    2012-07-11 09:47 - 2012-07-13 15:26 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-07-03 21:23 - 2012-07-03 21:23 - 00015500 ____A C:\Users\Jason Hwang\Downloads\[kat.ph]american.reunion.unrated.dvdrip.xvid.cocain.torrent

    ============ 3 Months Modified Files ========================

    2012-07-28 17:15 - 2012-04-22 16:13 - 316051504 ____A C:\Windows\MEMORY.DMP
    2012-07-25 19:44 - 2012-07-25 19:44 - 01402880 ____A C:\Users\Jason Hwang\Downloads\HiJackThis.msi
    2012-07-25 19:42 - 2009-07-13 20:45 - 00022096 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-07-25 19:42 - 2009-07-13 20:45 - 00022096 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-07-25 19:39 - 2009-07-13 21:13 - 00779092 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-07-25 19:34 - 2011-08-16 16:24 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-07-25 19:34 - 2010-11-20 19:47 - 01278034 ____A C:\Windows\PFRO.log
    2012-07-25 19:34 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-07-25 19:34 - 2009-07-13 20:51 - 00059895 ____A C:\Windows\setupact.log
    2012-07-25 19:32 - 2012-07-25 19:32 - 00027256 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixZeroAccess.sys
    2012-07-25 17:29 - 2012-07-25 17:29 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-07-25 15:13 - 2012-07-25 15:13 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Jason Hwang\Desktop\mbam-setup-1.62.0.1300.exe
    2012-07-25 15:02 - 2012-07-25 15:13 - 01805736 ____A (Symantec Corporation) C:\Users\Jason Hwang\Desktop\FixZeroAccess.exe
    2012-07-24 20:20 - 2012-07-24 20:20 - 00002247 ____A C:\Users\Public\Desktop\PC Tools Internet Security.lnk
    2012-07-24 20:18 - 2012-07-24 20:18 - 04122624 ____A (PC Tools) C:\Users\Jason Hwang\Downloads\issetup.exe
    2012-07-24 20:06 - 2012-07-24 20:05 - 00281368 ____A C:\Windows\Minidump\072512-29078-01.dmp
    2012-07-21 23:00 - 2011-07-02 04:07 - 01875891 ____A C:\Windows\WindowsUpdate.log
    2012-07-21 22:54 - 2011-08-16 16:24 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-07-21 22:26 - 2012-07-13 14:29 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-07-16 21:25 - 2011-07-01 22:45 - 00001456 ____A C:\Users\Jason Hwang\AppData\Local\Adobe Save for Web 12.0 Prefs
    2012-07-15 20:23 - 2012-07-15 20:23 - 00001426 ____A C:\Users\Jason Hwang\Downloads\menu_items.sql
    2012-07-13 15:26 - 2012-07-11 09:47 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-07-13 15:26 - 2011-07-01 01:54 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-07-11 23:23 - 2009-07-13 20:45 - 04983712 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-07-11 23:01 - 2011-07-22 18:32 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-07-11 17:51 - 2012-07-11 17:51 - 00051466 ____A C:\Users\Jason Hwang\Downloads\[kat.ph]john.carter.2012.1080p.bluray.x264.sparks.publichd (1).torrent
    2012-07-11 17:50 - 2012-07-11 17:50 - 00008150 ____A C:\Users\Jason Hwang\Downloads\[kat.ph]john.carter.2012.720p.bluray.x264.sparks.publichd.torrent
    2012-07-11 17:49 - 2012-07-11 17:49 - 00051466 ____A C:\Users\Jason Hwang\Downloads\[kat.ph]john.carter.2012.1080p.bluray.x264.sparks.publichd.torrent
    2012-07-11 10:32 - 2012-07-11 10:05 - 1131295672 ____A (Microsoft Corporation) C:\Users\Jason Hwang\Downloads\OfficePro2010English_x64.exe
    2012-07-03 21:23 - 2012-07-03 21:23 - 00015500 ____A C:\Users\Jason Hwang\Downloads\[kat.ph]american.reunion.unrated.dvdrip.xvid.cocain.torrent
    2012-07-03 09:46 - 2012-07-25 17:29 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-06-27 13:42 - 2012-06-27 13:42 - 05224832 ____A (Binary Fortress Software ) C:\Users\Jason Hwang\Downloads\DisplayFusionSetup-4.0.1.exe
    2012-06-23 22:45 - 2012-06-23 22:45 - 04387080 ____A ( ) C:\Users\Jason Hwang\Downloads\cpu-z_1.60.1-setup-en.exe
    2012-06-23 18:39 - 2012-06-23 18:39 - 00017078 ____A C:\Users\Jason Hwang\Downloads\[kat.ph]sherlock.holmes.a.game.of.shadows.2011.720p.bluray.publichd.torrent
    2012-06-23 18:39 - 2012-06-23 18:39 - 00017078 ____A C:\Users\Jason Hwang\Downloads\[kat.ph]sherlock.holmes.a.game.of.shadows.2011.720p.bluray.publichd (1).torrent
    2012-06-23 11:15 - 2012-05-05 13:12 - 00000022 ____A C:\Users\Jason Hwang\Downloads\iREB-r5.zip
    2012-06-22 11:35 - 2012-07-24 20:20 - 00181032 ____A (PC Tools) C:\Windows\System32\Drivers\pctplfw64.sys
    2012-06-22 11:35 - 2012-07-24 20:20 - 00092928 ____A (PC Tools) C:\Windows\System32\Drivers\pctplsg64.sys
    2012-06-22 11:35 - 2012-07-24 20:18 - 00251560 ____A (PC Tools) C:\Windows\System32\Drivers\PCTSD64.sys
    2012-06-22 11:33 - 2012-07-24 20:20 - 00014808 ____A (PC Tools) C:\Windows\System32\Drivers\pctBTFix64.sys
    2012-06-22 11:29 - 2012-07-24 20:20 - 00341200 ____A (PC Tools) C:\Windows\System32\Drivers\pctgntdi64.sys
    2012-06-22 11:29 - 2012-07-24 20:20 - 00145464 ____A (PC Tools) C:\Windows\System32\Drivers\pctwfpfilter64.sys
    2012-06-22 10:21 - 2012-07-24 20:20 - 00706776 ____A (PC Tools) C:\Windows\System32\Drivers\TfSysMon.sys
    2012-06-22 10:21 - 2012-07-24 20:20 - 00065664 ____A (PC Tools) C:\Windows\System32\Drivers\TfFsMon.sys
    2012-06-22 10:21 - 2012-07-24 20:20 - 00041968 ____A (PC Tools) C:\Windows\System32\Drivers\TfNetMon.sys
    2012-06-22 07:39 - 2012-07-24 20:21 - 02267096 ____A (Threat Expert Ltd.) C:\Windows\PCTBDCore.dll
    2012-06-22 07:39 - 2012-07-24 20:21 - 01689560 ____A (Threat Expert Ltd.) C:\Windows\PCTBDRes.dll
    2012-06-22 07:39 - 2012-07-24 20:21 - 00149464 ____A (PC Tools) C:\Windows\SGDetectionTool.dll
    2012-06-22 07:39 - 2012-07-24 20:21 - 00085224 ____A (PC Tools) C:\Windows\System32\Drivers\PCTBD64.sys
    2012-06-22 07:38 - 2012-07-24 20:21 - 00767960 ____A C:\Windows\BDTSupport.dll
    2012-06-22 06:43 - 2012-07-24 20:21 - 00003488 ____A C:\Windows\UDB.zip
    2012-06-22 06:43 - 2012-07-24 20:21 - 00000882 ____A C:\Windows\RegSDImport.xml
    2012-06-22 06:43 - 2012-07-24 20:21 - 00000879 ____A C:\Windows\RegISSImport.xml
    2012-06-22 06:43 - 2012-07-24 20:21 - 00000131 ____A C:\Windows\IDB.zip
    2012-06-11 19:08 - 2012-07-11 23:05 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-06-08 21:43 - 2012-07-11 13:07 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2012-06-08 20:41 - 2012-07-11 13:07 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2012-06-07 13:50 - 2012-06-07 13:49 - 16574016 ____A (Mozilla) C:\Users\Jason Hwang\Downloads\Firefox Setup 13.0.exe
    2012-06-06 13:07 - 2012-06-06 13:07 - 00125731 ____A C:\Users\Jason Hwang\Downloads\[kat.ph]21.jump.street.2012.r5.xvid.legi0n.torrent
    2012-06-06 13:04 - 2012-06-06 13:04 - 00034452 ____A C:\Users\Jason Hwang\Downloads\[kat.ph]goon.2011.limited.1080p.bluray.x264.maxhd.publichd.torrent
    2012-06-06 09:25 - 2012-06-06 09:25 - 00016542 ____A C:\Users\Jason Hwang\Downloads\[kat.ph]safe.house.2012.1080p.brrip.x264.1.5gb.yify.torrent
    2012-06-05 22:06 - 2012-07-11 13:07 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
    2012-06-05 22:06 - 2012-07-11 13:07 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
    2012-06-05 22:02 - 2012-07-11 13:07 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
    2012-06-05 21:05 - 2012-07-11 13:07 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2012-06-05 21:05 - 2012-07-11 13:07 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2012-06-05 21:03 - 2012-07-11 13:07 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
    2012-06-04 20:52 - 2012-06-04 20:02 - 00014410 ____A C:\Windows\DPINST.LOG
    2012-06-04 20:06 - 2012-06-04 20:06 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
    2012-06-04 20:02 - 2012-06-04 20:01 - 10043663 ____A C:\Users\Jason Hwang\Downloads\nookcolor-easyADB.exe
    2012-06-02 14:19 - 2012-06-21 15:17 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-02 14:19 - 2012-06-21 15:17 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-02 14:19 - 2012-06-21 15:17 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-02 14:19 - 2012-06-21 15:17 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-02 14:19 - 2012-06-21 15:17 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-02 14:15 - 2012-06-21 15:17 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-02 14:15 - 2012-06-21 15:17 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-02 11:19 - 2012-06-21 15:17 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-02 11:15 - 2012-06-21 15:17 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-01 21:50 - 2012-07-11 13:07 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
    2012-06-01 21:48 - 2012-07-11 13:07 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
    2012-06-01 21:48 - 2012-07-11 13:07 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
    2012-06-01 21:45 - 2012-07-11 13:07 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
    2012-06-01 21:44 - 2012-07-11 13:07 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
    2012-06-01 20:40 - 2012-07-11 13:07 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2012-06-01 20:40 - 2012-07-11 13:07 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2012-06-01 20:39 - 2012-07-11 13:07 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2012-06-01 20:34 - 2012-07-11 13:07 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2012-05-30 13:37 - 2012-05-30 13:37 - 00000132 ____A C:\Users\Jason Hwang\AppData\Roaming\Adobe PNG Format CS5 Prefs
    2012-05-29 20:26 - 2012-05-29 20:26 - 57713264 ____A (Alien Skin Software, LLC) C:\Users\Jason Hwang\Downloads\bokeh-2.0.1.463.exe
    2012-05-28 19:05 - 2012-05-28 19:04 - 37448775 ____A C:\Users\Jason Hwang\Downloads\android-sdk_r18-windows.zip
    2012-05-28 19:05 - 2012-05-28 19:04 - 135250659 ____A C:\Users\Jason Hwang\Downloads\eclipse-java-indigo-SR2-win32-x86_64.zip
    2012-05-26 00:03 - 2012-05-26 00:03 - 00023278 ____A C:\Users\Jason Hwang\Downloads\[kat.ph]this.means.war.2012.unrated.720p.bluray.x264.sparks.publichd.torrent
    2012-05-19 09:55 - 2012-05-19 09:55 - 06748258 ____A C:\Users\Jason Hwang\Downloads\4gb_clockwork-3.2.0.1.rar
    2012-05-19 09:13 - 2012-05-19 09:13 - 00045586 ____A C:\Users\Jason Hwang\Downloads\win32diskimager-source.zip
    2012-05-19 08:50 - 2012-05-19 08:49 - 76412939 ____A C:\Users\Jason Hwang\Downloads\uNooter.zip
    2012-05-16 08:37 - 2012-05-16 08:34 - 183158535 ____A C:\Users\Jason Hwang\Downloads\eclipse-SDK-3.7.2-win32-x86_64.zip
    2012-05-16 08:35 - 2012-05-16 08:34 - 116002218 ____A C:\Users\Jason Hwang\Downloads\eclipse-javascript-indigo-SR2-win32-x86_64.zip
    2012-05-14 20:01 - 2012-06-13 12:22 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-05-14 19:59 - 2012-06-13 12:22 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-05-14 19:03 - 2012-06-13 12:22 - 0a0981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-05-14 19:00 - 2012-06-13 12:22 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-05-06 21:04 - 2012-05-06 20:59 - 27678827 ____A C:\Users\Jason Hwang\Downloads\easports.wmv
    2012-05-05 23:39 - 2012-05-05 23:28 - 00001239 ____A C:\Windows\System32\Drivers\etc\hosts.umbrella
    2012-05-05 23:39 - 2012-05-04 15:51 - 00059511 ____A C:\Users\Jason Hwang\umbrella0.log
    2012-05-04 15:50 - 2012-05-04 15:50 - 00476960 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll
    2012-05-04 15:50 - 2012-05-04 15:50 - 00472864 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
    2012-05-04 15:50 - 2012-05-04 15:50 - 00157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
    2012-05-04 15:50 - 2012-05-04 15:50 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
    2012-05-04 15:50 - 2012-05-04 15:50 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
    2012-05-04 15:48 - 2012-05-04 15:48 - 00909088 ____A (Sun Microsystems, Inc.) C:\Users\Jason Hwang\Downloads\chromeinstall.exe
    2012-05-04 03:06 - 2012-06-13 12:22 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-05-04 02:03 - 2012-06-13 12:22 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-05-04 02:03 - 2012-06-13 12:22 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-05-02 16:39 - 2012-05-02 16:39 - 01404377 ____A C:\Users\Jason Hwang\Downloads\jqtouch-1.0-b4-rc (1).zip


    ZeroAccess:
    C:\Windows\Installer\{d773d200-db3e-1027-84b9-b3f1357a585d}
    C:\Windows\Installer\{d773d200-db3e-1027-84b9-b3f1357a585d}\@
    C:\Windows\Installer\{d773d200-db3e-1027-84b9-b3f1357a585d}\L
    C:\Windows\Installer\{d773d200-db3e-1027-84b9-b3f1357a585d}\U
    C:\Windows\Installer\{d773d200-db3e-1027-84b9-b3f1357a585d}\L\00000004.@
    C:\Windows\Installer\{d773d200-db3e-1027-84b9-b3f1357a585d}\L\201d3dde
    C:\Windows\Installer\{d773d200-db3e-1027-84b9-b3f1357a585d}\U\00000004.@
    C:\Windows\Installer\{d773d200-db3e-1027-84b9-b3f1357a585d}\U\00000008.@
    C:\Windows\Installer\{d773d200-db3e-1027-84b9-b3f1357a585d}\U\000000cb.@
    C:\Windows\Installer\{d773d200-db3e-1027-84b9-b3f1357a585d}\U\80000000.@
    C:\Windows\Installer\{d773d200-db3e-1027-84b9-b3f1357a585d}\U\80000032.@
    C:\Windows\Installer\{d773d200-db3e-1027-84b9-b3f1357a585d}\U\80000064.@

    ZeroAccess:
    C:\Users\Jason Hwang\AppData\Local\{d773d200-db3e-1027-84b9-b3f1357a585d}
    C:\Users\Jason Hwang\AppData\Local\{d773d200-db3e-1027-84b9-b3f1357a585d}\@
    C:\Users\Jason Hwang\AppData\Local\{d773d200-db3e-1027-84b9-b3f1357a585d}\L
    C:\Users\Jason Hwang\AppData\Local\{d773d200-db3e-1027-84b9-b3f1357a585d}\U
    C:\Users\Jason Hwang\AppData\Local\{d773d200-db3e-1027-84b9-b3f1357a585d}\L\00000004.@
    C:\Users\Jason Hwang\AppData\Local\{d773d200-db3e-1027-84b9-b3f1357a585d}\L\1afb2d56
    C:\Users\Jason Hwang\AppData\Local\{d773d200-db3e-1027-84b9-b3f1357a585d}\U\80000064.@

    ZeroAccess:
    C:\Windows\assembly\GAC_32\Desktop.ini

    ZeroAccess:
    C:\Windows\assembly\GAC_64\Desktop.ini

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe IS MISSING <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ========================= Memory info ======================

    Percentage of memory in use: 9%
    Total physical RAM: 8175.12 MB
    Available physical RAM: 7393.56 MB
    Total Pagefile: 8173.27 MB
    Available Pagefile: 7371.58 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ======================= Partitions =========================

    1 Drive c: () (Fixed) (Total:465.76 GB) (Free:338.2 GB) NTFS
    2 Drive d: (New Volume) (Fixed) (Total:931.51 GB) (Free:267.63 GB) NTFS
    3 Drive e: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    4 Drive f: (Media) (Fixed) (Total:1397.16 GB) (Free:1260.24 GB) NTFS
    6 Drive h: (Repair disc Windows 7 64-bit) (Removable) (Total:7.53 GB) (Free:7.3 GB) NTFS
    7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 465 GB 0 B
    Disk 1 Online 931 GB 0 B
    Disk 2 Online 1397 GB 1024 KB
    Disk 3 Online 7712 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 465 GB 1024 KB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 C NTFS Partition 465 GB Healthy

    ==================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 931 GB 1024 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 D New Volume NTFS Partition 931 GB Healthy

    ==================================================================================

    Partitions of Disk 2:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 100 MB 1024 KB
    Partition 2 Primary 1397 GB 101 MB

    ==================================================================================

    Disk: 2
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 E System Rese NTFS Partition 100 MB Healthy

    ==================================================================================

    Disk: 2
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 F Media NTFS Partition 1397 GB Healthy

    ==================================================================================

    Partitions of Disk 3:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 7711 MB 31 KB

    ==================================================================================

    Disk: 3
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 5 H Repair disc NTFS Removable 7711 MB Healthy

    ==================================================================================

    ==========================================================

    Last Boot: 2012-07-28 16:56

    ======================= End Of Log ==========================
  2. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

    Additional FRST Scan

    Once again, please boot to the System Recovery Options and run FRST, as done previously.

    Type the following text in the blank box after Search:

    services.exe

    Click: Search file(s)

    [​IMG]

    When done searching, FRST makes a log, Search.txt, on the C:\ drive.

    Please provide the Search.txt in your reply.
  3. MaxPowers

    MaxPowers Newcomer, in training Topic Starter

    Thanks DragonMasterJay for the quick reply. Below is the search.txt log:

    Farbar Recovery Scan Tool Version: 25-07-2012 01
    Ran by SYSTEM at 2012-07-29 17:53:04
    Running from H:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    ====== End Of Search ======
  4. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    FRST64 Fixlist

    Please run the following:

    Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

    NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

    Now, please enter System Recovery Options then select Command Prompt.

    Run FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Now restart, let it boot normally and tell me how it went.
  5. MaxPowers

    MaxPowers Newcomer, in training Topic Starter

    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 25-07-2012 01
    Ran by SYSTEM at 2012-07-30 17:44:18 Run:3
    Running from H:\

    ==============================================

    HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
    C:\Windows\Installer\{d773d200-db3e-1027-84b9-b3f1357a585d} moved successfully.
    C:\Users\Jason Hwang\AppData\Local\{d773d200-db3e-1027-84b9-b3f1357a585d} moved successfully.
    C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
    C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.

    ==== End of Fixlog ====

    I have PC Tools Internet Security and MWAM...should I run these to see if the virus is successfully gone?
  6. MaxPowers

    MaxPowers Newcomer, in training Topic Starter

    Oh, meant to include that the PC successfully restarted, and no more BSOD!
  7. MaxPowers

    MaxPowers Newcomer, in training Topic Starter

    I spoke too soon. The PC Tools Internet Security auto updated as well as MalwareBytes Anti Malware. I tried to download the a Micro Trend Titanium diag tool to uninstall, and decided to reboot. I got BSOD again. So I ran the FRST tool again.

    Scan result of Farbar Recovery Scan Tool Version: 25-07-2012 01
    Ran by SYSTEM at 30-07-2012 18:04:50
    Running from H:\
    Windows 7 Professional (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11776104 2011-02-10] (Realtek Semiconductor)
    HKLM\...\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe -set Silent "1" SplashURL "" [1111568 2011-10-08] (Trend Micro Inc.)
    HKLM\...\Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [197152 2011-02-10] (Trend Micro Inc.)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-03-30] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [ZyngaGamesAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe" [841544 2010-11-15] (Splashtop Inc.)
    HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2011-05-20] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup [30192 2011-07-01] (Google)
    HKLM-x32\...\Run: [Smart File Advisor] "C:\Program Files (x86)\Smart File Advisor\sfa.exe" /checkassoc [280824 2011-04-04] (Filefacts.net)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-06-06] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin [1523360 2011-01-12] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [] [x]
    HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [36760 2011-09-05] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2904984 2011-09-05] (Adobe Systems Inc.)
    HKLM-x32\...\Run: [STCAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe" [x]
    HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [413696 2008-05-27] (Apple Inc.)
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-12-07] (Apple Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [ISTray] "C:\Program Files (x86)\PC Tools\PC Tools Security\pctsGui.exe" /hideGUI [2673624 2012-06-22] (PC Tools)
    HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)
    HKU\Jason Hwang\...\Run: [BitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED [6379888 2012-05-15] (BitTorrent, Inc.)
    HKU\Jason Hwang\...\Run: [DisplayFusion] "C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe" [4480456 2012-05-31] (Binary Fortress Software)
    HKU\Jason Hwang\...\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup [221184 2005-02-17] (InstallShield Software Corporation)
    HKU\Jason Hwang\...\Run: [Hobbyist Software VLC Streamer] "C:\Program Files (x86)\Hobbyist Software\VLC Streamer\VLC Streamer Configuration.exe" /startup [1642040 2012-06-28] (Hobbyist Software)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\Rainmeter.lnk
    ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()

    ==================== Services (Whitelisted) ======

    2 Apache2.2; "C:\xampp\apache\bin\httpd.exe" -k runservice [18432 2011-09-10] (Apache Software Foundation)
    3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
    2 Browser Defender Update Service; "C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe" [575448 2012-06-22] (Threat Expert Ltd.)
    3 GoogleDesktopManager-051210-111108; "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" [30192 2011-07-01] (Google)
    2 KMService; C:\Windows\SysWow64\srvany.exe [8192 2011-08-31] ()
    2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)
    2 mi-raysat_3dsmax2011_64; "C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe" [86016 2010-03-09] ()
    2 mysql; C:\xampp\mysql\bin\mysqld.exe --defaults-file=C:\xampp\mysql\bin\my.ini mysql [5396 2012-02-28] ()
    2 SCBackService; C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe [477000 2010-11-15] (Splashtop Inc.)
    2 sdAuxService; C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [402368 2012-06-22] (PC Tools)
    2 sdCoreService; C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe [1118680 2012-06-22] (PC Tools)
    3 ThreatFire; C:\Program Files (x86)\PC Tools\PC Tools Security\TFEngine\TFService.exe service [71008 2012-06-22] (PC Tools)
    2 UNS; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [2655768 2010-10-05] (Intel Corporation)
    2 WCUService_STC_FF; C:\Program Files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe [493384 2011-03-23] (Splashtop Inc.)
    2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 [x]

    ========================== Drivers (Whitelisted) =============

    1 AppleCharger; C:\Windows\System32\Drivers\AppleCharger.sys [21104 2011-01-10] ()
    3 gdrv; \??\C:\Windows\gdrv.sys [25640 2011-07-03] (Windows (R) Server 2003 DDK provider)
    3 GVTDrv64; \??\C:\Windows\GVTDrv64.sys [30528 2011-07-03] ()
    3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)
    3 PCTBD; C:\Windows\System32\Drivers\PCTBD64.sys [85224 2012-06-22] (PC Tools)
    0 PCTCore; C:\Windows\System32\drivers\PCTCore64.sys [426616 2012-04-23] (PC Tools)
    0 pctDS; C:\Windows\System32\drivers\pctDS64.sys [453896 2012-02-28] (PC Tools)
    0 pctEFA; C:\Windows\System32\drivers\pctEFA64.sys [1096176 2012-02-28] (PC Tools)
    3 PCTFW-PacketFilter; \??\C:\Windows\system32\drivers\pctNdis-PacketFilter64.sys [123808 2012-04-19] (PC Tools)
    1 pctgntdi; \??\C:\Windows\System32\drivers\pctgntdi64.sys [341200 2012-06-22] (PC Tools)
    1 pctNdisLW64; C:\Windows\System32\Drivers\pctNdisLW64.sys [77976 2012-03-19] (PC Tools)
    3 pctplfw; \??\C:\Windows\System32\drivers\pctplfw64.sys [181032 2012-06-22] (PC Tools)
    3 pctplsg; \??\C:\Windows\System32\drivers\pctplsg64.sys [92928 2012-06-22] (PC Tools)
    1 PCTSD; C:\Windows\System32\Drivers\PCTSD64.sys [251560 2012-06-22] (PC Tools)
    2 tmactmon; C:\Windows\System32\Drivers\tmactmon.sys [90704 2010-08-08] (Trend Micro Inc.)
    2 tmcomm; C:\Windows\System32\Drivers\tmcomm.sys [144464 2010-08-08] (Trend Micro Inc.)
    2 tmevtmgr; C:\Windows\System32\Drivers\tmevtmgr.sys [67664 2010-08-08] (Trend Micro Inc.)
    1 tmtdi; C:\Windows\System32\Drivers\tmtdi.sys [105552 2010-08-08] (Trend Micro Inc.)
    3 WINIO; \??\D:\WINIO.sys [x]

    ========================== NetSvcs (Whitelisted) ===========


    ============ One Month Created Files and Folders ==============

    2012-07-30 13:59 - 2012-07-30 13:59 - 04265230 ____A C:\Users\Jason Hwang\Downloads\64bit.exe
    2012-07-30 13:47 - 2012-07-30 13:47 - 00283440 ____A C:\Windows\Minidump\073012-62369-01.dmp
    2012-07-30 13:46 - 2012-07-30 13:47 - 01638153 ____A C:\Windows\System32\Drivers\Cat.DB
    2012-07-28 16:36 - 2012-07-29 14:46 - 00000000 ____D C:\Windows\System32\config\HiveBackup
    2012-07-28 16:21 - 2012-07-28 16:23 - 00000000 ____D C:\FRST
    2012-07-25 19:44 - 2012-07-25 19:44 - 01402880 ____A C:\Users\Jason Hwang\Downloads\HiJackThis.msi
    2012-07-25 19:35 - 2012-07-25 19:35 - 00000000 ____D C:\Users\Jason Hwang\AppData\Roaming\Spam Monitor
    2012-07-25 19:35 - 2012-07-25 19:35 - 00000000 ____D C:\Users\Jason Hwang\AppData\Roaming\PC Tools
    2012-07-25 19:32 - 2012-07-25 19:32 - 00027256 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixZeroAccess.sys
    2012-07-25 17:34 - 2012-07-28 21:12 - 00000000 ____D C:\Users\Jason Hwang\AppData\Roaming\Malwarebytes
    2012-07-25 17:29 - 2012-07-28 21:14 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-07-25 17:29 - 2012-07-28 21:12 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-07-25 17:29 - 2012-07-25 17:29 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-07-25 17:29 - 2012-07-03 09:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-07-25 15:13 - 2012-07-25 15:13 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Jason Hwang\Desktop\mbam-setup-1.62.0.1300.exe
    2012-07-25 15:13 - 2012-07-25 15:02 - 01805736 ____A (Symantec Corporation) C:\Users\Jason Hwang\Desktop\FixZeroAccess.exe
    2012-07-24 20:21 - 2012-06-22 07:39 - 02267096 ____A (Threat Expert Ltd.) C:\Windows\PCTBDCore.dll
    2012-07-24 20:21 - 2012-06-22 07:39 - 01689560 ____A (Threat Expert Ltd.) C:\Windows\PCTBDRes.dll
    2012-07-24 20:21 - 2012-06-22 07:39 - 00149464 ____A (PC Tools) C:\Windows\SGDetectionTool.dll
    2012-07-24 20:21 - 2012-06-22 07:39 - 00085224 ____A (PC Tools) C:\Windows\System32\Drivers\PCTBD64.sys
    2012-07-24 20:21 - 2012-06-22 07:38 - 00767960 ____A C:\Windows\BDTSupport.dll
    2012-07-24 20:21 - 2012-06-22 06:43 - 00003488 ____A C:\Windows\UDB.zip
    2012-07-24 20:21 - 2012-06-22 06:43 - 00000882 ____A C:\Windows\RegSDImport.xml
    2012-07-24 20:21 - 2012-06-22 06:43 - 00000879 ____A C:\Windows\RegISSImport.xml
    2012-07-24 20:21 - 2012-06-22 06:43 - 00000131 ____A C:\Windows\IDB.zip
    2012-07-24 20:20 - 2012-07-28 21:12 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
    2012-07-24 20:20 - 2012-07-24 20:20 - 00002247 ____A C:\Users\Public\Desktop\PC Tools Internet Security.lnk
    2012-07-24 20:20 - 2012-06-22 11:35 - 00181032 ____A (PC Tools) C:\Windows\System32\Drivers\pctplfw64.sys
    2012-07-24 20:20 - 2012-06-22 11:35 - 00092928 ____A (PC Tools) C:\Windows\System32\Drivers\pctplsg64.sys
    2012-07-24 20:20 - 2012-06-22 11:33 - 00014808 ____A (PC Tools) C:\Windows\System32\Drivers\pctBTFix64.sys
    2012-07-24 20:20 - 2012-06-22 11:29 - 00341200 ____A (PC Tools) C:\Windows\System32\Drivers\pctgntdi64.sys
    2012-07-24 20:20 - 2012-06-22 11:29 - 00145464 ____A (PC Tools) C:\Windows\System32\Drivers\pctwfpfilter64.sys
    2012-07-24 20:20 - 2012-06-22 10:21 - 00706776 ____A (PC Tools) C:\Windows\System32\Drivers\TfSysMon.sys
    2012-07-24 20:20 - 2012-06-22 10:21 - 00065664 ____A (PC Tools) C:\Windows\System32\Drivers\TfFsMon.sys
    2012-07-24 20:20 - 2012-06-22 10:21 - 00041968 ____A (PC Tools) C:\Windows\System32\Drivers\TfNetMon.sys
    2012-07-24 20:20 - 2012-04-19 05:57 - 00123808 ____A (PC Tools) C:\Windows\System32\Drivers\pctNdis-PacketFilter64.sys
    2012-07-24 20:20 - 2012-03-19 08:02 - 00077976 ____A (PC Tools) C:\Windows\System32\Drivers\pctNdisLW64.sys
    2012-07-24 20:18 - 2012-07-24 20:18 - 04122624 ____A (PC Tools) C:\Users\Jason Hwang\Downloads\issetup.exe
    2012-07-24 20:18 - 2012-06-22 11:35 - 00251560 ____A (PC Tools) C:\Windows\System32\Drivers\PCTSD64.sys
    2012-07-24 20:18 - 2012-04-23 08:36 - 00426616 ____A (PC Tools) C:\Windows\System32\Drivers\PCTCore64.sys
    2012-07-24 20:18 - 2012-02-28 07:43 - 01096176 ____A (PC Tools) C:\Windows\System32\Drivers\pctEFA64.sys
    2012-07-24 20:18 - 2012-02-28 07:43 - 00453896 ____A (PC Tools) C:\Windows\System32\Drivers\pctDS64.sys
    2012-07-24 20:05 - 2012-07-24 20:06 - 00281368 ____A C:\Windows\Minidump\072512-29078-01.dmp
    2012-07-24 14:26 - 2012-07-28 21:11 - 00000000 ____D C:\Program Files (x86)\PC Tools
    2012-07-24 14:23 - 2012-07-28 21:12 - 00000000 ____D C:\Users\All Users\PC Tools
    2012-07-24 14:23 - 2012-07-24 14:23 - 00000000 ____D C:\Users\Jason Hwang\AppData\Roaming\TestApp
    2012-07-15 20:23 - 2012-07-15 20:23 - 00001426 ____A C:\Users\Jason Hwang\Downloads\menu_items.sql
    2012-07-13 14:29 - 2012-07-21 22:26 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-07-11 23:05 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-07-11 17:53 - 2012-07-11 17:55 - 00000000 ____D C:\Users\Jason Hwang\Desktop\John.Carter.2012.720p.BluRay.x264-SPARKS PublicHD
    2012-07-11 17:51 - 2012-07-11 17:51 - 00051466 ____A C:\Users\Jason Hwang\Downloads\[kat.ph]john.carter.2012.1080p.bluray.x264.sparks.publichd (1).torrent
    2012-07-11 17:50 - 2012-07-11 17:50 - 00008150 ____A C:\Users\Jason Hwang\Downloads\[kat.ph]john.carter.2012.720p.bluray.x264.sparks.publichd.torrent
    2012-07-11 17:49 - 2012-07-11 17:49 - 00051466 ____A C:\Users\Jason Hwang\Downloads\[kat.ph]john.carter.2012.1080p.bluray.x264.sparks.publichd.torrent
    2012-07-11 13:07 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2012-07-11 13:07 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2012-07-11 13:07 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
    2012-07-11 13:07 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
    2012-07-11 13:07 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
    2012-07-11 13:07 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2012-07-11 13:07 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2012-07-11 13:07 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
    2012-07-11 13:07 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
    2012-07-11 13:07 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
    2012-07-11 13:07 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
    2012-07-11 13:07 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
    2012-07-11 13:07 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
    2012-07-11 13:07 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2012-07-11 13:07 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2012-07-11 13:07 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2012-07-11 13:07 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2012-07-11 13:07 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
    2012-07-11 13:07 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
    2012-07-11 10:05 - 2012-07-11 10:32 - 1131295672 ____A (Microsoft Corporation) C:\Users\Jason Hwang\Downloads\OfficePro2010English_x64.exe
    2012-07-11 09:55 - 2012-07-11 17:00 - 00000000 ____D C:\Users\Jason Hwang\Desktop\LCC
    2012-07-11 09:48 - 2012-07-11 09:48 - 00000000 ____D C:\Users\Jason Hwang\AppData\Local\Macromedia
    2012-07-11 09:47 - 2012-07-28 21:12 - 00000000 ____D C:\Windows\System32\Macromed
    2012-07-11 09:47 - 2012-07-13 15:26 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-07-03 21:23 - 2012-07-03 21:23 - 00015500 ____A C:\Users\Jason Hwang\Downloads\[kat.ph]american.reunion.unrated.dvdrip.xvid.cocain.torrent

    ============ 3 Months Modified Files ========================

    2012-07-30 14:02 - 2010-11-20 19:47 - 01278342 ____A C:\Windows\PFRO.log
    2012-07-30 14:01 - 2011-07-02 04:07 - 01894334 ____A C:\Windows\WindowsUpdate.log
    2012-07-30 14:01 - 2009-07-13 20:45 - 00022096 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-07-30 14:01 - 2009-07-13 20:45 - 00022096 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-07-30 13:59 - 2012-07-30 13:59 - 04265230 ____A C:\Users\Jason Hwang\Downloads\64bit.exe
    2012-07-30 13:54 - 2011-08-16 16:24 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-07-30 13:51 - 2009-07-13 21:13 - 00779470 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-07-30 13:47 - 2012-07-30 13:47 - 00283440 ____A C:\Windows\Minidump\073012-62369-01.dmp
    2012-07-30 13:47 - 2012-07-30 13:46 - 01638153 ____A C:\Windows\System32\Drivers\Cat.DB
    2012-07-30 13:47 - 2012-04-22 16:13 - 380430632 ____A C:\Windows\MEMORY.DMP
    2012-07-30 13:47 - 2011-08-16 16:24 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-07-30 13:47 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-07-30 13:47 - 2009-07-13 20:51 - 00059951 ____A C:\Windows\setupact.log
    2012-07-25 19:44 - 2012-07-25 19:44 - 01402880 ____A C:\Users\Jason Hwang\Downloads\HiJackThis.msi
    2012-07-25 19:32 - 2012-07-25 19:32 - 00027256 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixZeroAccess.sys
    2012-07-25 17:29 - 2012-07-25 17:29 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-07-25 15:13 - 2012-07-25 15:13 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Jason Hwang\Desktop\mbam-setup-1.62.0.1300.exe
    2012-07-25 15:02 - 2012-07-25 15:13 - 01805736 ____A (Symantec Corporation) C:\Users\Jason Hwang\Desktop\FixZeroAccess.exe
    2012-07-24 20:20 - 2012-07-24 20:20 - 00002247 ____A C:\Users\Public\Desktop\PC Tools Internet Security.lnk
    2012-07-24 20:18 - 2012-07-24 20:18 - 04122624 ____A (PC Tools) C:\Users\Jason Hwang\Downloads\issetup.exe
    2012-07-24 20:06 - 2012-07-24 20:05 - 00281368 ____A C:\Windows\Minidump\072512-29078-01.dmp
    2012-07-21 22:26 - 2012-07-13 14:29 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-07-16 21:25 - 2011-07-01 22:45 - 00001456 ____A C:\Users\Jason Hwang\AppData\Local\Adobe Save for Web 12.0 Prefs
    2012-07-15 20:23 - 2012-07-15 20:23 - 00001426 ____A C:\Users\Jason Hwang\Downloads\menu_items.sql
    2012-07-13 15:26 - 2012-07-11 09:47 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-07-13 15:26 - 2011-07-01 01:54 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-07-11 23:23 - 2009-07-13 20:45 - 04983712 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-07-11 23:01 - 2011-07-22 18:32 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-07-11 17:51 - 2012-07-11 17:51 - 00051466 ____A C:\Users\Jason Hwang\Downloads\[kat.ph]john.carter.2012.1080p.bluray.x264.sparks.publichd (1).torrent
    2012-07-11 17:50 - 2012-07-11 17:50 - 00008150 ____A C:\Users\Jason Hwang\Downloads\[kat.ph]john.carter.2012.720p.bluray.x264.sparks.publichd.torrent
    2012-07-11 17:49 - 2012-07-11 17:49 - 00051466 ____A C:\Users\Jason Hwang\Downloads\[kat.ph]john.carter.2012.1080p.bluray.x264.sparks.publichd.torrent
    2012-07-11 10:32 - 2012-07-11 10:05 - 1131295672 ____A (Microsoft Corporation) C:\Users\Jason Hwang\Downloads\OfficePro2010English_x64.exe
    2012-07-03 21:23 - 2012-07-03 21:23 - 00015500 ____A C:\Users\Jason Hwang\Downloads\[kat.ph]american.reunion.unrated.dvdrip.xvid.cocain.torrent
    2012-07-03 09:46 - 2012-07-25 17:29 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-06-27 13:42 - 2012-06-27 13:42 - 05224832 ____A (Binary Fortress Software ) C:\Users\Jason Hwang\Downloads\DisplayFusionSetup-4.0.1.exe
    2012-06-23 22:45 - 2012-06-23 22:45 - 04387080 ____A ( ) C:\Users\Jason Hwang\Downloads\cpu-z_1.60.1-setup-en.exe
    2012-06-23 18:39 - 2012-06-23 18:39 - 00017078 ____A C:\Users\Jason Hwang\Downloads\[kat.ph]sherlock.holmes.a.game.of.shadows.2011.720p.bluray.publichd.torrent
    2012-06-23 18:39 - 2012-06-23 18:39 - 00017078 ____A C:\Users\Jason Hwang\Downloads\[kat.ph]sherlock.holmes.a.game.of.shadows.2011.720p.bluray.publichd (1).torrent
    2012-06-23 11:15 - 2012-05-05 13:12 - 00000022 ____A C:\Users\Jason Hwang\Downloads\iREB-r5.zip
    2012-06-22 11:35 - 2012-07-24 20:20 - 00181032 ____A (PC Tools) C:\Windows\System32\Drivers\pctplfw64.sys
    2012-06-22 11:35 - 2012-07-24 20:20 - 00092928 ____A (PC Tools) C:\Windows\System32\Drivers\pctplsg64.sys
    2012-06-22 11:35 - 2012-07-24 20:18 - 00251560 ____A (PC Tools) C:\Windows\System32\Drivers\PCTSD64.sys
    2012-06-22 11:33 - 2012-07-24 20:20 - 00014808 ____A (PC Tools) C:\Windows\System32\Drivers\pctBTFix64.sys
    2012-06-22 11:29 - 2012-07-24 20:20 - 00341200 ____A (PC Tools) C:\Windows\System32\Drivers\pctgntdi64.sys
    2012-06-22 11:29 - 2012-07-24 20:20 - 00145464 ____A (PC Tools) C:\Windows\System32\Drivers\pctwfpfilter64.sys
    2012-06-22 10:21 - 2012-07-24 20:20 - 00706776 ____A (PC Tools) C:\Windows\System32\Drivers\TfSysMon.sys
    2012-06-22 10:21 - 2012-07-24 20:20 - 00065664 ____A (PC Tools) C:\Windows\System32\Drivers\TfFsMon.sys
    2012-06-22 10:21 - 2012-07-24 20:20 - 00041968 ____A (PC Tools) C:\Windows\System32\Drivers\TfNetMon.sys
    2012-06-22 07:39 - 2012-07-24 20:21 - 02267096 ____A (Threat Expert Ltd.) C:\Windows\PCTBDCore.dll
    2012-06-22 07:39 - 2012-07-24 20:21 - 01689560 ____A (Threat Expert Ltd.) C:\Windows\PCTBDRes.dll
    2012-06-22 07:39 - 2012-07-24 20:21 - 00149464 ____A (PC Tools) C:\Windows\SGDetectionTool.dll
    2012-06-22 07:39 - 2012-07-24 20:21 - 00085224 ____A (PC Tools) C:\Windows\System32\Drivers\PCTBD64.sys
    2012-06-22 07:38 - 2012-07-24 20:21 - 00767960 ____A C:\Windows\BDTSupport.dll
    2012-06-22 06:43 - 2012-07-24 20:21 - 00003488 ____A C:\Windows\UDB.zip
    2012-06-22 06:43 - 2012-07-24 20:21 - 00000882 ____A C:\Windows\RegSDImport.xml
    2012-06-22 06:43 - 2012-07-24 20:21 - 00000879 ____A C:\Windows\RegISSImport.xml
    2012-06-22 06:43 - 2012-07-24 20:21 - 00000131 ____A C:\Windows\IDB.zip
    2012-06-11 19:08 - 2012-07-11 23:05 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-06-08 21:43 - 2012-07-11 13:07 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2012-06-08 20:41 - 2012-07-11 13:07 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2012-06-07 13:50 - 2012-06-07 13:49 - 16574016 ____A (Mozilla) C:\Users\Jason Hwang\Downloads\Firefox Setup 13.0.exe
    2012-06-06 13:07 - 2012-06-06 13:07 - 00125731 ____A C:\Users\Jason Hwang\Downloads\[kat.ph]21.jump.street.2012.r5.xvid.legi0n.torrent
    2012-06-06 13:04 - 2012-06-06 13:04 - 00034452 ____A C:\Users\Jason Hwang\Downloads\[kat.ph]goon.2011.limited.1080p.bluray.x264.maxhd.publichd.torrent
    2012-06-06 09:25 - 2012-06-06 09:25 - 00016542 ____A C:\Users\Jason Hwang\Downloads\[kat.ph]safe.house.2012.1080p.brrip.x264.1.5gb.yify.torrent
    2012-06-05 22:06 - 2012-07-11 13:07 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
    2012-06-05 22:06 - 2012-07-11 13:07 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
    2012-06-05 22:02 - 2012-07-11 13:07 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
    2012-06-05 21:05 - 2012-07-11 13:07 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2012-06-05 21:05 - 2012-07-11 13:07 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2012-06-05 21:03 - 2012-07-11 13:07 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
    2012-06-04 20:52 - 2012-06-04 20:02 - 00014410 ____A C:\Windows\DPINST.LOG
    2012-06-04 20:06 - 2012-06-04 20:06 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
    2012-06-04 20:02 - 2012-06-04 20:01 - 10043663 ____A C:\Users\Jason Hwang\Downloads\nookcolor-easyADB.exe
    2012-06-02 14:19 - 2012-06-21 15:17 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-02 14:19 - 2012-06-21 15:17 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-02 14:19 - 2012-06-21 15:17 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-02 14:19 - 2012-06-21 15:17 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-02 14:19 - 2012-06-21 15:17 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-02 14:15 - 2012-06-21 15:17 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-02 14:15 - 2012-06-21 15:17 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-02 11:19 - 2012-06-21 15:17 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-02 11:15 - 2012-06-21 15:17 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-01 21:50 - 2012-07-11 13:07 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
    2012-06-01 21:48 - 2012-07-11 13:07 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
    2012-06-01 21:48 - 2012-07-11 13:07 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
    2012-06-01 21:45 - 2012-07-11 13:07 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
    2012-06-01 21:44 - 2012-07-11 13:07 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
    2012-06-01 20:40 - 2012-07-11 13:07 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2012-06-01 20:40 - 2012-07-11 13:07 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2012-06-01 20:39 - 2012-07-11 13:07 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2012-06-01 20:34 - 2012-07-11 13:07 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2012-05-30 13:37 - 2012-05-30 13:37 - 00000132 ____A C:\Users\Jason Hwang\AppData\Roaming\Adobe PNG Format CS5 Prefs
    2012-05-29 20:26 - 2012-05-29 20:26 - 57713264 ____A (Alien Skin Software, LLC) C:\Users\Jason Hwang\Downloads\bokeh-2.0.1.463.exe
    2012-05-28 19:05 - 2012-05-28 19:04 - 37448775 ____A C:\Users\Jason Hwang\Downloads\android-sdk_r18-windows.zip
    2012-05-28 19:05 - 2012-05-28 19:04 - 135250659 ____A C:\Users\Jason Hwang\Downloads\eclipse-java-indigo-SR2-win32-x86_64.zip
    2012-05-26 00:03 - 2012-05-26 00:03 - 00023278 ____A C:\Users\Jason Hwang\Downloads\[kat.ph]this.means.war.2012.unrated.720p.bluray.x264.sparks.publichd.torrent
    2012-05-19 09:55 - 2012-05-19 09:55 - 06748258 ____A C:\Users\Jason Hwang\Downloads\4gb_clockwork-3.2.0.1.rar
    2012-05-19 09:13 - 2012-05-19 09:13 - 00045586 ____A C:\Users\Jason Hwang\Downloads\win32diskimager-source.zip
    2012-05-19 08:50 - 2012-05-19 08:49 - 76412939 ____A C:\Users\Jason Hwang\Downloads\uNooter.zip
    2012-05-16 08:37 - 2012-05-16 08:34 - 183158535 ____A C:\Users\Jason Hwang\Downloads\eclipse-SDK-3.7.2-win32-x86_64.zip
    2012-05-16 08:35 - 2012-05-16 08:34 - 116002218 ____A C:\Users\Jason Hwang\Downloads\eclipse-javascript-indigo-SR2-win32-x86_64.zip
    2012-05-14 20:01 - 2012-06-13 12:22 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-05-14 19:59 - 2012-06-13 12:22 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-05-14 19:03 - 2012-06-13 12:22 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-05-14 19:00 - 2012-06-13 12:22 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-05-06 21:04 - 2012-05-06 20:59 - 27678827 ____A C:\Users\Jason Hwang\Downloads\easports.wmv
    2012-05-05 23:39 - 2012-05-05 23:28 - 00001239 ____A C:\Windows\System32\Drivers\etc\hosts.umbrella
    2012-05-05 23:39 - 2012-05-04 15:51 - 00059511 ____A C:\Users\Jason Hwang\umbrella0.log
    2012-05-04 15:50 - 2012-05-04 15:50 - 00476960 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll
    2012-05-04 15:50 - 2012-05-04 15:50 - 00472864 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
    2012-05-04 15:50 - 2012-05-04 15:50 - 00157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
    2012-05-04 15:50 - 2012-05-04 15:50 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
    2012-05-04 15:50 - 2012-05-04 15:50 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
    2012-05-04 15:48 - 2012-05-04 15:48 - 00909088 ____A (Sun Microsystems, Inc.) C:\Users\Jason Hwang\Downloads\chromeinstall.exe
    2012-05-04 03:06 - 2012-06-13 12:22 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-05-04 02:03 - 2012-06-13 12:22 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-05-04 02:03 - 2012-06-13 12:22 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-05-02 16:39 - 2012-05-02 16:39 - 01404377 ____A C:\Users\Jason Hwang\Downloads\jqtouch-1.0-b4-rc (1).zip


    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ========================= Memory info ======================

    Percentage of memory in use: 9%
    Total physical RAM: 8175.12 MB
    Available physical RAM: 7395.64 MB
    Total Pagefile: 8173.27 MB
    Available Pagefile: 7375.11 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ======================= Partitions =========================

    1 Drive c: () (Fixed) (Total:465.76 GB) (Free:337.24 GB) NTFS
    2 Drive d: (New Volume) (Fixed) (Total:931.51 GB) (Free:267.63 GB) NTFS
    3 Drive e: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.04 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    4 Drive f: (Media) (Fixed) (Total:1397.16 GB) (Free:1260.24 GB) NTFS
    6 Drive h: (Repair disc Windows 7 64-bit) (Removable) (Total:7.53 GB) (Free:7.3 GB) NTFS
    7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 465 GB 0 B
    Disk 1 Online 931 GB 0 B
    Disk 2 Online 1397 GB 1024 KB
    Disk 3 Online 7712 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 465 GB 1024 KB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 C NTFS Partition 465 GB Healthy

    ==================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 931 GB 1024 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 D New Volume NTFS Partition 931 GB Healthy

    ==================================================================================

    Partitions of Disk 2:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 100 MB 1024 KB
    Partition 2 Primary 1397 GB 101 MB

    ==================================================================================

    Disk: 2
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 E System Rese NTFS Partition 100 MB Healthy

    ==================================================================================

    Disk: 2
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 F Media NTFS Partition 1397 GB Healthy

    ==================================================================================

    Partitions of Disk 3:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 7711 MB 31 KB

    ==================================================================================

    Disk: 3
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 5 H Repair disc NTFS Removable 7711 MB Healthy

    ==================================================================================

    ==========================================================

    Last Boot: 2012-07-28 16:56

    ======================= End Of Log ==========================















    Services.exe Below:

    Farbar Recovery Scan Tool Version: 25-07-2012 01
    Ran by SYSTEM at 2012-07-30 18:06:01
    Running from H:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    ====== End Of Search ======
  8. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Try this in Safe Mode with Networking:

    ComboFix

    Please download ComboFix[​IMG] by sUBs
    From BleepingComputer.com

    Please save the file to your Desktop, but rename it first to svchost.exe

    Important information about ComboFix

    Before the download:
    • Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
    • It is important to rename ComboFix before the download.
    • Please do not rename ComboFix to other names, but only the one indicated.
    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on svchost.exe & follow the prompts.
    • It will attempt to install the Recovery Console:
    • When ComboFix finishes, it will produce a report for you.
    • Please post the "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.
  9. MaxPowers

    MaxPowers Newcomer, in training Topic Starter

    I keep getting BSOD. I can't even access any modes of Safe Mode (Safe Mode or Safe Mode with Networking). Is there anything in the FRST/services logs that posted most recently that I can get rid of?
  10. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Please post a new FRST log, and I'll find out...
  11. MaxPowers

    MaxPowers Newcomer, in training Topic Starter

    FRST.txt

    Scan result of Farbar Recovery Scan Tool Version: 25-07-2012 01
    Ran by SYSTEM at 01-08-2012 12:11:49
    Running from H:\
    Windows 7 Professional (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11776104 2011-02-10] (Realtek Semiconductor)
    HKLM\...\Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [197152 2011-02-10] (Trend Micro Inc.)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-03-30] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [ZyngaGamesAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe" [841544 2010-11-15] (Splashtop Inc.)
    HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2011-05-20] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup [30192 2011-07-01] (Google)
    HKLM-x32\...\Run: [Smart File Advisor] "C:\Program Files (x86)\Smart File Advisor\sfa.exe" /checkassoc [280824 2011-04-04] (Filefacts.net)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-06-06] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin [1523360 2011-01-12] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [] [x]
    HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [36760 2011-09-05] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2904984 2011-09-05] (Adobe Systems Inc.)
    HKLM-x32\...\Run: [STCAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe" [x]
    HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [413696 2008-05-27] (Apple Inc.)
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-12-07] (Apple Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [ISTray] "C:\Program Files (x86)\PC Tools\PC Tools Security\pctsGui.exe" /hideGUI [2673624 2012-06-22] (PC Tools)
    HKU\Jason Hwang\...\Run: [BitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED [6379888 2012-05-15] (BitTorrent, Inc.)
    HKU\Jason Hwang\...\Run: [DisplayFusion] "C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe" [4480456 2012-05-31] (Binary Fortress Software)
    HKU\Jason Hwang\...\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup [221184 2005-02-17] (InstallShield Software Corporation)
    HKU\Jason Hwang\...\Run: [Hobbyist Software VLC Streamer] "C:\Program Files (x86)\Hobbyist Software\VLC Streamer\VLC Streamer Configuration.exe" /startup [1642040 2012-06-28] (Hobbyist Software)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\Rainmeter.lnk
    ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()

    ==================== Services (Whitelisted) ======

    2 Apache2.2; "C:\xampp\apache\bin\httpd.exe" -k runservice [18432 2011-09-10] (Apache Software Foundation)
    3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
    2 Browser Defender Update Service; "C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe" [575448 2012-06-22] (Threat Expert Ltd.)
    3 GoogleDesktopManager-051210-111108; "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" [30192 2011-07-01] (Google)
    2 KMService; C:\Windows\SysWow64\srvany.exe [8192 2011-08-31] ()
    2 mi-raysat_3dsmax2011_64; "C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe" [86016 2010-03-09] ()
    2 mysql; C:\xampp\mysql\bin\mysqld.exe --defaults-file=C:\xampp\mysql\bin\my.ini mysql [5396 2012-02-28] ()
    2 SCBackService; C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe [477000 2010-11-15] (Splashtop Inc.)
    2 sdAuxService; C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [402368 2012-06-22] (PC Tools)
    2 sdCoreService; C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe [1118680 2012-06-22] (PC Tools)
    2 UNS; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [2655768 2010-10-05] (Intel Corporation)
    2 WCUService_STC_FF; C:\Program Files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe [493384 2011-03-23] (Splashtop Inc.)
    2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 [x]

    ========================== Drivers (Whitelisted) =============

    1 AppleCharger; C:\Windows\System32\Drivers\AppleCharger.sys [21104 2011-01-10] ()
    3 gdrv; \??\C:\Windows\gdrv.sys [25640 2011-07-03] (Windows (R) Server 2003 DDK provider)
    3 GVTDrv64; \??\C:\Windows\GVTDrv64.sys [30528 2011-07-03] ()
    3 PCTBD; C:\Windows\System32\Drivers\PCTBD64.sys [85224 2012-06-22] (PC Tools)
    0 PCTCore; C:\Windows\System32\drivers\PCTCore64.sys [426616 2012-04-23] (PC Tools)
    0 pctDS; C:\Windows\System32\drivers\pctDS64.sys [453896 2012-02-28] (PC Tools)
    3 PCTFW-PacketFilter; \??\C:\Windows\system32\drivers\pctNdis-PacketFilter64.sys [123808 2012-04-19] (PC Tools)
    1 pctgntdi; \??\C:\Windows\System32\drivers\pctgntdi64.sys [341200 2012-06-22] (PC Tools)
    1 pctNdisLW64; C:\Windows\System32\Drivers\pctNdisLW64.sys [77976 2012-03-19] (PC Tools)
    3 pctplfw; \??\C:\Windows\System32\drivers\pctplfw64.sys [181032 2012-06-22] (PC Tools)
    3 pctplsg; \??\C:\Windows\System32\drivers\pctplsg64.sys [92928 2012-06-22] (PC Tools)
    1 PCTSD; C:\Windows\System32\Drivers\PCTSD64.sys [251560 2012-06-22] (PC Tools)
    2 tmactmon; C:\Windows\System32\Drivers\tmactmon.sys [90704 2010-08-08] (Trend Micro Inc.)
    2 tmcomm; C:\Windows\System32\Drivers\tmcomm.sys [144464 2010-08-08] (Trend Micro Inc.)
    2 tmevtmgr; C:\Windows\System32\Drivers\tmevtmgr.sys [67664 2010-08-08] (Trend Micro Inc.)
    1 tmtdi; C:\Windows\System32\Drivers\tmtdi.sys [105552 2010-08-08] (Trend Micro Inc.)
    3 WINIO; \??\D:\WINIO.sys [x]

    ========================== NetSvcs (Whitelisted) ===========


    ============ One Month Created Files and Folders ==============

    2012-07-28 16:36 - 2012-07-29 14:46 - 00000000 ____D C:\Windows\System32\config\HiveBackup
    2012-07-28 16:21 - 2012-07-28 16:23 - 00000000 ____D C:\FRST
    2012-07-25 19:44 - 2012-07-25 19:44 - 01402880 ____A C:\Users\Jason Hwang\Downloads\HiJackThis.msi
    2012-07-25 19:35 - 2012-07-25 19:35 - 00000000 ____D C:\Users\Jason Hwang\AppData\Roaming\Spam Monitor
    2012-07-25 19:35 - 2012-07-25 19:35 - 00000000 ____D C:\Users\Jason Hwang\AppData\Roaming\PC Tools
    2012-07-25 19:32 - 2012-07-25 19:32 - 00027256 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixZeroAccess.sys
    2012-07-25 17:34 - 2012-07-31 20:13 - 00000000 ____D C:\Users\Jason Hwang\AppData\Roaming\Malwarebytes
    2012-07-25 17:29 - 2012-07-31 20:16 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-07-25 17:29 - 2012-07-31 20:13 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-07-25 17:29 - 2012-07-25 17:29 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-07-25 17:29 - 2012-07-03 09:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-07-25 15:13 - 2012-07-25 15:13 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Jason Hwang\Desktop\mbam-setup-1.62.0.1300.exe
    2012-07-25 15:13 - 2012-07-25 15:02 - 01805736 ____A (Symantec Corporation) C:\Users\Jason Hwang\Desktop\FixZeroAccess.exe
    2012-07-24 20:21 - 2012-06-22 07:39 - 02267096 ____A (Threat Expert Ltd.) C:\Windows\PCTBDCore.dll
    2012-07-24 20:21 - 2012-06-22 07:39 - 01689560 ____A (Threat Expert Ltd.) C:\Windows\PCTBDRes.dll
    2012-07-24 20:21 - 2012-06-22 07:39 - 00149464 ____A (PC Tools) C:\Windows\SGDetectionTool.dll
    2012-07-24 20:21 - 2012-06-22 07:39 - 00085224 ____A (PC Tools) C:\Windows\System32\Drivers\PCTBD64.sys
    2012-07-24 20:21 - 2012-06-22 07:38 - 00767960 ____A C:\Windows\BDTSupport.dll
    2012-07-24 20:21 - 2012-06-22 06:43 - 00003488 ____A C:\Windows\UDB.zip
    2012-07-24 20:21 - 2012-06-22 06:43 - 00000882 ____A C:\Windows\RegSDImport.xml
    2012-07-24 20:21 - 2012-06-22 06:43 - 00000879 ____A C:\Windows\RegISSImport.xml
    2012-07-24 20:21 - 2012-06-22 06:43 - 00000131 ____A C:\Windows\IDB.zip
    2012-07-24 20:20 - 2012-07-31 20:14 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
    2012-07-24 20:20 - 2012-07-24 20:20 - 00002247 ____A C:\Users\Public\Desktop\PC Tools Internet Security.lnk
    2012-07-24 20:20 - 2012-06-22 11:35 - 00181032 ____A (PC Tools) C:\Windows\System32\Drivers\pctplfw64.sys
    2012-07-24 20:20 - 2012-06-22 11:35 - 00092928 ____A (PC Tools) C:\Windows\System32\Drivers\pctplsg64.sys
    2012-07-24 20:20 - 2012-06-22 11:33 - 00014808 ____A (PC Tools) C:\Windows\System32\Drivers\pctBTFix64.sys
    2012-07-24 20:20 - 2012-06-22 11:29 - 00341200 ____A (PC Tools) C:\Windows\System32\Drivers\pctgntdi64.sys
    2012-07-24 20:20 - 2012-06-22 11:29 - 00145464 ____A (PC Tools) C:\Windows\System32\Drivers\pctwfpfilter64.sys
    2012-07-24 20:20 - 2012-06-22 10:21 - 00706776 ____A (PC Tools) C:\Windows\System32\Drivers\TfSysMon.sys
    2012-07-24 20:20 - 2012-06-22 10:21 - 00065664 ____A (PC Tools) C:\Windows\System32\Drivers\TfFsMon.sys
    2012-07-24 20:20 - 2012-06-22 10:21 - 00041968 ____A (PC Tools) C:\Windows\System32\Drivers\TfNetMon.sys
    2012-07-24 20:20 - 2012-04-19 05:57 - 00123808 ____A (PC Tools) C:\Windows\System32\Drivers\pctNdis-PacketFilter64.sys
    2012-07-24 20:20 - 2012-03-19 08:02 - 00077976 ____A (PC Tools) C:\Windows\System32\Drivers\pctNdisLW64.sys
    2012-07-24 20:18 - 2012-07-24 20:18 - 04122624 ____A (PC Tools) C:\Users\Jason Hwang\Downloads\issetup.exe
    2012-07-24 20:18 - 2012-06-22 11:35 - 00251560 ____A (PC Tools) C:\Windows\System32\Drivers\PCTSD64.sys
    2012-07-24 20:18 - 2012-04-23 08:36 - 00426616 ____A (PC Tools) C:\Windows\System32\Drivers\PCTCore64.sys
    2012-07-24 20:18 - 2012-02-28 07:43 - 01096176 ____A (PC Tools) C:\Windows\System32\Drivers\pctEFA64.sys
    2012-07-24 20:18 - 2012-02-28 07:43 - 00453896 ____A (PC Tools) C:\Windows\System32\Drivers\pctDS64.sys
    2012-07-24 20:05 - 2012-07-24 20:06 - 00281368 ____A C:\Windows\Minidump\072512-29078-01.dmp
    2012-07-24 14:26 - 2012-07-31 20:12 - 00000000 ____D C:\Program Files (x86)\PC Tools
    2012-07-24 14:23 - 2012-07-31 20:13 - 00000000 ____D C:\Users\All Users\PC Tools
    2012-07-24 14:23 - 2012-07-24 14:23 - 00000000 ____D C:\Users\Jason Hwang\AppData\Roaming\TestApp
    2012-07-15 20:23 - 2012-07-15 20:23 - 00001426 ____A C:\Users\Jason Hwang\Downloads\menu_items.sql
    2012-07-13 14:29 - 2012-07-21 22:26 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-07-11 23:05 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-07-11 17:53 - 2012-07-11 17:55 - 00000000 ____D C:\Users\Jason Hwang\Desktop\John.Carter.2012.720p.BluRay.x264-SPARKS PublicHD
    2012-07-11 17:51 - 2012-07-11 17:51 - 00051466 ____A C:\Users\Jason Hwang\Downloads\[kat.ph]john.carter.2012.1080p.bluray.x264.sparks.publichd (1).torrent
    2012-07-11 17:50 - 2012-07-11 17:50 - 00008150 ____A C:\Users\Jason Hwang\Downloads\[kat.ph]john.carter.2012.720p.bluray.x264.sparks.publichd.torrent
    2012-07-11 17:49 - 2012-07-11 17:49 - 00051466 ____A C:\Users\Jason Hwang\Downloads\[kat.ph]john.carter.2012.1080p.bluray.x264.sparks.publichd.torrent
    2012-07-11 13:07 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2012-07-11 13:07 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2012-07-11 13:07 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
    2012-07-11 13:07 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
    2012-07-11 13:07 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
    2012-07-11 13:07 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2012-07-11 13:07 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2012-07-11 13:07 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
    2012-07-11 13:07 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
    2012-07-11 13:07 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
    2012-07-11 13:07 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
    2012-07-11 13:07 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
    2012-07-11 13:07 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
    2012-07-11 13:07 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2012-07-11 13:07 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2012-07-11 13:07 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2012-07-11 13:07 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2012-07-11 13:07 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
    2012-07-11 13:07 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
    2012-07-11 10:05 - 2012-07-11 10:32 - 1131295672 ____A (Microsoft Corporation) C:\Users\Jason Hwang\Downloads\OfficePro2010English_x64.exe
    2012-07-11 09:55 - 2012-07-11 17:00 - 00000000 ____D C:\Users\Jason Hwang\Desktop\LCC
    2012-07-11 09:48 - 2012-07-11 09:48 - 00000000 ____D C:\Users\Jason Hwang\AppData\Local\Macromedia
    2012-07-11 09:47 - 2012-07-31 20:14 - 00000000 ____D C:\Windows\System32\Macromed
    2012-07-11 09:47 - 2012-07-13 15:26 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-07-03 21:23 - 2012-07-03 21:23 - 00015500 ____A C:\Users\Jason Hwang\Downloads\[kat.ph]american.reunion.unrated.dvdrip.xvid.cocain.torrent

    ============ 3 Months Modified Files ========================

    2012-07-31 19:33 - 2012-04-22 16:13 - 298127408 ____A C:\Windows\MEMORY.DMP
    2012-07-25 19:44 - 2012-07-25 19:44 - 01402880 ____A C:\Users\Jason Hwang\Downloads\HiJackThis.msi
    2012-07-25 19:42 - 2009-07-13 20:45 - 00022096 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-07-25 19:42 - 2009-07-13 20:45 - 00022096 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-07-25 19:39 - 2009-07-13 21:13 - 00779092 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-07-25 19:34 - 2011-08-16 16:24 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-07-25 19:34 - 2010-11-20 19:47 - 01278034 ____A C:\Windows\PFRO.log
    2012-07-25 19:34 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-07-25 19:34 - 2009-07-13 20:51 - 00059895 ____A C:\Windows\setupact.log
    2012-07-25 19:32 - 2012-07-25 19:32 - 00027256 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixZeroAccess.sys
    2012-07-25 17:29 - 2012-07-25 17:29 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-07-25 15:13 - 2012-07-25 15:13 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Jason Hwang\Desktop\mbam-setup-1.62.0.1300.exe
    2012-07-25 15:02 - 2012-07-25 15:13 - 01805736 ____A (Symantec Corporation) C:\Users\Jason Hwang\Desktop\FixZeroAccess.exe
    2012-07-24 20:20 - 2012-07-24 20:20 - 00002247 ____A C:\Users\Public\Desktop\PC Tools Internet Security.lnk
    2012-07-24 20:18 - 2012-07-24 20:18 - 04122624 ____A (PC Tools) C:\Users\Jason Hwang\Downloads\issetup.exe
    2012-07-24 20:06 - 2012-07-24 20:05 - 00281368 ____A C:\Windows\Minidump\072512-29078-01.dmp
    2012-07-21 23:00 - 2011-07-02 04:07 - 01875891 ____A C:\Windows\WindowsUpdate.log
    2012-07-21 22:54 - 2011-08-16 16:24 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-07-21 22:26 - 2012-07-13 14:29 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-07-16 21:25 - 2011-07-01 22:45 - 00001456 ____A C:\Users\Jason Hwang\AppData\Local\Adobe Save for Web 12.0 Prefs
    2012-07-15 20:23 - 2012-07-15 20:23 - 00001426 ____A C:\Users\Jason Hwang\Downloads\menu_items.sql
    2012-07-13 15:26 - 2012-07-11 09:47 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-07-13 15:26 - 2011-07-01 01:54 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-07-11 23:23 - 2009-07-13 20:45 - 04983712 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-07-11 23:01 - 2011-07-22 18:32 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-07-11 17:51 - 2012-07-11 17:51 - 00051466 ____A C:\Users\Jason Hwang\Downloads\[kat.ph]john.carter.2012.1080p.bluray.x264.sparks.publichd (1).torrent
    2012-07-11 17:50 - 2012-07-11 17:50 - 00008150 ____A C:\Users\Jason Hwang\Downloads\[kat.ph]john.carter.2012.720p.bluray.x264.sparks.publichd.torrent
    2012-07-11 17:49 - 2012-07-11 17:49 - 00051466 ____A C:\Users\Jason Hwang\Downloads\[kat.ph]john.carter.2012.1080p.bluray.x264.sparks.publichd.torrent
    2012-07-11 10:32 - 2012-07-11 10:05 - 1131295672 ____A (Microsoft Corporation) C:\Users\Jason Hwang\Downloads\OfficePro2010English_x64.exe
    2012-07-03 21:23 - 2012-07-03 21:23 - 00015500 ____A C:\Users\Jason Hwang\Downloads\[kat.ph]american.reunion.unrated.dvdrip.xvid.cocain.torrent
    2012-07-03 09:46 - 2012-07-25 17:29 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-06-27 13:42 - 2012-06-27 13:42 - 05224832 ____A (Binary Fortress Software ) C:\Users\Jason Hwang\Downloads\DisplayFusionSetup-4.0.1.exe
    2012-06-23 22:45 - 2012-06-23 22:45 - 04387080 ____A ( ) C:\Users\Jason Hwang\Downloads\cpu-z_1.60.1-setup-en.exe
    2012-06-23 18:39 - 2012-06-23 18:39 - 00017078 ____A C:\Users\Jason Hwang\Downloads\[kat.ph]sherlock.holmes.a.game.of.shadows.2011.720p.bluray.publichd.torrent
    2012-06-23 18:39 - 2012-06-23 18:39 - 00017078 ____A C:\Users\Jason Hwang\Downloads\[kat.ph]sherlock.holmes.a.game.of.shadows.2011.720p.bluray.publichd (1).torrent
    2012-06-23 11:15 - 2012-05-05 13:12 - 00000022 ____A C:\Users\Jason Hwang\Downloads\iREB-r5.zip
    2012-06-22 11:35 - 2012-07-24 20:20 - 00181032 ____A (PC Tools) C:\Windows\System32\Drivers\pctplfw64.sys
    2012-06-22 11:35 - 2012-07-24 20:20 - 00092928 ____A (PC Tools) C:\Windows\System32\Drivers\pctplsg64.sys
    2012-06-22 11:35 - 2012-07-24 20:18 - 00251560 ____A (PC Tools) C:\Windows\System32\Drivers\PCTSD64.sys
    2012-06-22 11:33 - 2012-07-24 20:20 - 00014808 ____A (PC Tools) C:\Windows\System32\Drivers\pctBTFix64.sys
    2012-06-22 11:29 - 2012-07-24 20:20 - 00341200 ____A (PC Tools) C:\Windows\System32\Drivers\pctgntdi64.sys
    2012-06-22 11:29 - 2012-07-24 20:20 - 00145464 ____A (PC Tools) C:\Windows\System32\Drivers\pctwfpfilter64.sys
    2012-06-22 10:21 - 2012-07-24 20:20 - 00706776 ____A (PC Tools) C:\Windows\System32\Drivers\TfSysMon.sys
    2012-06-22 10:21 - 2012-07-24 20:20 - 00065664 ____A (PC Tools) C:\Windows\System32\Drivers\TfFsMon.sys
    2012-06-22 10:21 - 2012-07-24 20:20 - 00041968 ____A (PC Tools) C:\Windows\System32\Drivers\TfNetMon.sys
    2012-06-22 07:39 - 2012-07-24 20:21 - 02267096 ____A (Threat Expert Ltd.) C:\Windows\PCTBDCore.dll
    2012-06-22 07:39 - 2012-07-24 20:21 - 01689560 ____A (Threat Expert Ltd.) C:\Windows\PCTBDRes.dll
    2012-06-22 07:39 - 2012-07-24 20:21 - 00149464 ____A (PC Tools) C:\Windows\SGDetectionTool.dll
    2012-06-22 07:39 - 2012-07-24 20:21 - 00085224 ____A (PC Tools) C:\Windows\System32\Drivers\PCTBD64.sys
    2012-06-22 07:38 - 2012-07-24 20:21 - 00767960 ____A C:\Windows\BDTSupport.dll
    2012-06-22 06:43 - 2012-07-24 20:21 - 00003488 ____A C:\Windows\UDB.zip
    2012-06-22 06:43 - 2012-07-24 20:21 - 00000882 ____A C:\Windows\RegSDImport.xml
    2012-06-22 06:43 - 2012-07-24 20:21 - 00000879 ____A C:\Windows\RegISSImport.xml
    2012-06-22 06:43 - 2012-07-24 20:21 - 00000131 ____A C:\Windows\IDB.zip
    2012-06-11 19:08 - 2012-07-11 23:05 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-06-08 21:43 - 2012-07-11 13:07 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2012-06-08 20:41 - 2012-07-11 13:07 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2012-06-07 13:50 - 2012-06-07 13:49 - 16574016 ____A (Mozilla) C:\Users\Jason Hwang\Downloads\Firefox Setup 13.0.exe
    2012-06-06 13:07 - 2012-06-06 13:07 - 00125731 ____A C:\Users\Jason Hwang\Downloads\[kat.ph]21.jump.street.2012.r5.xvid.legi0n.torrent
    2012-06-06 13:04 - 2012-06-06 13:04 - 00034452 ____A C:\Users\Jason Hwang\Downloads\[kat.ph]goon.2011.limited.1080p.bluray.x264.maxhd.publichd.torrent
    2012-06-06 09:25 - 2012-06-06 09:25 - 00016542 ____A C:\Users\Jason Hwang\Downloads\[kat.ph]safe.house.2012.1080p.brrip.x264.1.5gb.yify.torrent
    2012-06-05 22:06 - 2012-07-11 13:07 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
    2012-06-05 22:06 - 2012-07-11 13:07 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
    2012-06-05 22:02 - 2012-07-11 13:07 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
    2012-06-05 21:05 - 2012-07-11 13:07 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2012-06-05 21:05 - 2012-07-11 13:07 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2012-06-05 21:03 - 2012-07-11 13:07 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
    2012-06-04 20:52 - 2012-06-04 20:02 - 00014410 ____A C:\Windows\DPINST.LOG
    2012-06-04 20:06 - 2012-06-04 20:06 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
    2012-06-04 20:02 - 2012-06-04 20:01 - 10043663 ____A C:\Users\Jason Hwang\Downloads\nookcolor-easyADB.exe
    2012-06-02 14:19 - 2012-06-21 15:17 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-02 14:19 - 2012-06-21 15:17 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-02 14:19 - 2012-06-21 15:17 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-02 14:19 - 2012-06-21 15:17 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-02 14:19 - 2012-06-21 15:17 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-02 14:15 - 2012-06-21 15:17 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-02 14:15 - 2012-06-21 15:17 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-02 11:19 - 2012-06-21 15:17 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-02 11:15 - 2012-06-21 15:17 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-01 21:50 - 2012-07-11 13:07 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
    2012-06-01 21:48 - 2012-07-11 13:07 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
    2012-06-01 21:48 - 2012-07-11 13:07 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
    2012-06-01 21:45 - 2012-07-11 13:07 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
    2012-06-01 21:44 - 2012-07-11 13:07 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
    2012-06-01 20:40 - 2012-07-11 13:07 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2012-06-01 20:40 - 2012-07-11 13:07 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2012-06-01 20:39 - 2012-07-11 13:07 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2012-06-01 20:34 - 2012-07-11 13:07 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2012-05-30 13:37 - 2012-05-30 13:37 - 00000132 ____A C:\Users\Jason Hwang\AppData\Roaming\Adobe PNG Format CS5 Prefs
    2012-05-29 20:26 - 2012-05-29 20:26 - 57713264 ____A (Alien Skin Software, LLC) C:\Users\Jason Hwang\Downloads\bokeh-2.0.1.463.exe
    2012-05-28 19:05 - 2012-05-28 19:04 - 37448775 ____A C:\Users\Jason Hwang\Downloads\android-sdk_r18-windows.zip
    2012-05-28 19:05 - 2012-05-28 19:04 - 135250659 ____A C:\Users\Jason Hwang\Downloads\eclipse-java-indigo-SR2-win32-x86_64.zip
    2012-05-26 00:03 - 2012-05-26 00:03 - 00023278 ____A C:\Users\Jason Hwang\Downloads\[kat.ph]this.means.war.2012.unrated.720p.bluray.x264.sparks.publichd.torrent
    2012-05-19 09:55 - 2012-05-19 09:55 - 06748258 ____A C:\Users\Jason Hwang\Downloads\4gb_clockwork-3.2.0.1.rar
    2012-05-19 09:13 - 2012-05-19 09:13 - 00045586 ____A C:\Users\Jason Hwang\Downloads\win32diskimager-source.zip
    2012-05-19 08:50 - 2012-05-19 08:49 - 76412939 ____A C:\Users\Jason Hwang\Downloads\uNooter.zip
    2012-05-16 08:37 - 2012-05-16 08:34 - 183158535 ____A C:\Users\Jason Hwang\Downloads\eclipse-SDK-3.7.2-win32-x86_64.zip
    2012-05-16 08:35 - 2012-05-16 08:34 - 116002218 ____A C:\Users\Jason Hwang\Downloads\eclipse-javascript-indigo-SR2-win32-x86_64.zip
    2012-05-14 20:01 - 2012-06-13 12:22 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-05-14 19:59 - 2012-06-13 12:22 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-05-14 19:03 - 2012-06-13 12:22 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-05-14 19:00 - 2012-06-13 12:22 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-05-06 21:04 - 2012-05-06 20:59 - 27678827 ____A C:\Users\Jason Hwang\Downloads\easports.wmv
    2012-05-05 23:39 - 2012-05-05 23:28 - 00001239 ____A C:\Windows\System32\Drivers\etc\hosts.umbrella
    2012-05-05 23:39 - 2012-05-04 15:51 - 00059511 ____A C:\Users\Jason Hwang\umbrella0.log
    2012-05-04 15:50 - 2012-05-04 15:50 - 00476960 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll
    2012-05-04 15:50 - 2012-05-04 15:50 - 00472864 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
    2012-05-04 15:50 - 2012-05-04 15:50 - 00157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
    2012-05-04 15:50 - 2012-05-04 15:50 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
    2012-05-04 15:50 - 2012-05-04 15:50 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
    2012-05-04 15:48 - 2012-05-04 15:48 - 00909088 ____A (Sun Microsystems, Inc.) C:\Users\Jason Hwang\Downloads\chromeinstall.exe
    2012-05-04 03:06 - 2012-06-13 12:22 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-05-04 02:03 - 2012-06-13 12:22 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-05-04 02:03 - 2012-06-13 12:22 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe


    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe IS MISSING <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ========================= Memory info ======================

    Percentage of memory in use: 9%
    Total physical RAM: 8175.12 MB
    Available physical RAM: 7360.76 MB
    Total Pagefile: 8173.27 MB
    Available Pagefile: 7339.19 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ======================= Partitions =========================

    1 Drive c: () (Fixed) (Total:465.76 GB) (Free:337.12 GB) NTFS
    2 Drive d: (New Volume) (Fixed) (Total:931.51 GB) (Free:267.63 GB) NTFS
    3 Drive e: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.04 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    4 Drive f: (Media) (Fixed) (Total:1397.16 GB) (Free:1260.24 GB) NTFS
    6 Drive h: (Repair disc Windows 7 64-bit) (Removable) (Total:7.53 GB) (Free:7.3 GB) NTFS
    7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 465 GB 0 B
    Disk 1 Online 931 GB 0 B
    Disk 2 Online 1397 GB 1024 KB
    Disk 3 Online 7712 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 465 GB 1024 KB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 C NTFS Partition 465 GB Healthy

    ==================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 931 GB 1024 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 D New Volume NTFS Partition 931 GB Healthy

    ==================================================================================

    Partitions of Disk 2:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 100 MB 1024 KB
    Partition 2 Primary 1397 GB 101 MB

    ==================================================================================

    Disk: 2
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 E System Rese NTFS Partition 100 MB Healthy

    ==================================================================================

    Disk: 2
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 F Media NTFS Partition 1397 GB Healthy

    ==================================================================================

    Partitions of Disk 3:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 7711 MB 31 KB

    ==================================================================================

    Disk: 3
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 5 H Repair disc NTFS Removable 7711 MB Healthy

    ==================================================================================

    ==========================================================

    Last Boot: 2012-07-28 16:56

    ======================= End Of Log ==========================



















    Search.txt

    Farbar Recovery Scan Tool Version: 25-07-2012 01
    Ran by SYSTEM at 2012-08-01 12:17:05
    Running from H:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    ====== End Of Search ======
     
  12. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    FRST64 Fixlist

    Please run the following:

    Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

    NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

    Now, please enter System Recovery Options then select Command Prompt.

    Run FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Now restart, let it boot normally and tell me how it went.
  13. MaxPowers

    MaxPowers Newcomer, in training Topic Starter

    Fixlog:

    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 25-07-2012 01
    Ran by SYSTEM at 2012-08-02 19:46:04 Run:5
    Running from H:\

    ==============================================


    ==== End of Fixlog ====




    Restarted and got BSOD again.
  14. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Boot to the Repair your Computer options. Select Command Prompt as before.

    Do not boot to FRST program. Just Command Prompt...

    Please do the following in Command Prompt and hit enter:

    copy C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe c:\windows\system32\services.exe


    Let it restart and let me know how it goes...
  15. MaxPowers

    MaxPowers Newcomer, in training Topic Starter

    The file was copied. But upon restart, I still get the BSOD. Why does it say amd64? I've got an Intel i7?
  16. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Do you know the code that was on the BSOD?
  17. MaxPowers

    MaxPowers Newcomer, in training Topic Starter

    "Technical information:

    *** STOP: 0x000000F4 (0x000000000000003, 0xFFFFFA8009509060, 0xFFFFFA8009509340, 0xFFFFF800031E0510) "
  18. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Try the copy in the Recovery Console again please. Let me know what happens.
  19. MaxPowers

    MaxPowers Newcomer, in training Topic Starter

    I restored to a later date, and removed Trend Micro Titanium. No more BSOD, since it was the reason why I kept getting it.

    However, restoring it, brought back the ZeroAccess virus. These are the FRST.txt and Search.txt files


    Scan result of Farbar Recovery Scan Tool Version: 25-07-2012 01
    Ran by SYSTEM at 10-08-2012 00:43:50
    Running from H:\
    Windows 7 Professional (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11776104 2011-02-10] (Realtek Semiconductor)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-03-30] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [ZyngaGamesAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe" [841544 2010-11-15] (Splashtop Inc.)
    HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2011-05-20] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup [30192 2011-07-01] (Google)
    HKLM-x32\...\Run: [Smart File Advisor] "C:\Program Files (x86)\Smart File Advisor\sfa.exe" /checkassoc [280824 2011-04-04] (Filefacts.net)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-06-06] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin [1523360 2011-01-12] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [] [x]
    HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [36760 2011-09-05] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2904984 2011-09-05] (Adobe Systems Inc.)
    HKLM-x32\...\Run: [STCAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe" [x]
    HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [413696 2008-05-27] (Apple Inc.)
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-12-07] (Apple Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [ISTray] "C:\Program Files (x86)\PC Tools\PC Tools Security\pctsGui.exe" /hideGUI [2673624 2012-06-22] (PC Tools)
    HKU\Jason Hwang\...\Run: [BitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED [6379888 2012-05-15] (BitTorrent, Inc.)
    HKU\Jason Hwang\...\Run: [DisplayFusion] "C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe" [4480456 2012-05-31] (Binary Fortress Software)
    HKU\Jason Hwang\...\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup [221184 2005-02-17] (InstallShield Software Corporation)
    HKU\Jason Hwang\...\Run: [Hobbyist Software VLC Streamer] "C:\Program Files (x86)\Hobbyist Software\VLC Streamer\VLC Streamer Configuration.exe" /startup [1642040 2012-06-28] (Hobbyist Software)
    HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [462920 2012-07-03] (Malwarebytes Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\Rainmeter.lnk
    ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()

    ==================== Services (Whitelisted) ======

    2 Apache2.2; "C:\xampp\apache\bin\httpd.exe" -k runservice [18432 2011-09-10] (Apache Software Foundation)
    3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
    2 Browser Defender Update Service; "C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe" [575448 2012-06-22] (Threat Expert Ltd.)
    3 GoogleDesktopManager-051210-111108; "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" [30192 2011-07-01] (Google)
    2 KMService; C:\Windows\SysWow64\srvany.exe [8192 2011-08-31] ()
    2 mi-raysat_3dsmax2011_64; "C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe" [86016 2010-03-09] ()
    2 mysql; C:\xampp\mysql\bin\mysqld.exe --defaults-file=C:\xampp\mysql\bin\my.ini mysql [5396 2012-02-28] ()
    2 SCBackService; C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe [477000 2010-11-15] (Splashtop Inc.)
    2 sdAuxService; C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [402368 2012-06-22] (PC Tools)
    2 sdCoreService; C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe [1118680 2012-06-22] (PC Tools)
    3 ThreatFire; C:\Program Files (x86)\PC Tools\PC Tools Security\TFEngine\TFService.exe service [71008 2012-06-22] (PC Tools)
    2 UNS; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [2655768 2010-10-05] (Intel Corporation)
    2 WCUService_STC_FF; C:\Program Files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe [493384 2011-03-23] (Splashtop Inc.)

    ========================== Drivers (Whitelisted) =============

    1 AppleCharger; C:\Windows\System32\Drivers\AppleCharger.sys [21104 2011-01-10] ()
    3 gdrv; \??\C:\Windows\gdrv.sys [25640 2011-07-03] (Windows (R) Server 2003 DDK provider)
    3 GVTDrv64; \??\C:\Windows\GVTDrv64.sys [30528 2011-07-03] ()
    3 PCTBD; C:\Windows\System32\Drivers\PCTBD64.sys [85224 2012-06-22] (PC Tools)
    0 PCTCore; C:\Windows\System32\drivers\PCTCore64.sys [426616 2012-04-23] (PC Tools)
    0 pctDS; C:\Windows\System32\drivers\pctDS64.sys [453896 2012-02-28] (PC Tools)
    0 pctEFA; C:\Windows\System32\drivers\pctEFA64.sys [1096176 2012-02-28] (PC Tools)
    3 PCTFW-PacketFilter; \??\C:\Windows\system32\drivers\pctNdis-PacketFilter64.sys [123808 2012-04-19] (PC Tools)
    1 pctgntdi; \??\C:\Windows\System32\drivers\pctgntdi64.sys [341200 2012-06-22] (PC Tools)
    1 pctNdisLW64; C:\Windows\System32\Drivers\pctNdisLW64.sys [77976 2012-03-19] (PC Tools)
    3 pctplfw; \??\C:\Windows\System32\drivers\pctplfw64.sys [181032 2012-06-22] (PC Tools)
    3 pctplsg; \??\C:\Windows\System32\drivers\pctplsg64.sys [92928 2012-06-22] (PC Tools)
    1 PCTSD; C:\Windows\System32\Drivers\PCTSD64.sys [251560 2012-06-22] (PC Tools)
    3 WINIO; \??\D:\WINIO.sys [x]

    ========================== NetSvcs (Whitelisted) ===========


    ============ One Month Created Files and Folders ==============

    2012-08-09 20:41 - 2012-08-09 20:41 - 00000000 ____A C:\Windows\SysWOW64\SM.lock
    2012-08-09 20:31 - 2012-07-03 09:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-08-09 20:30 - 2012-06-22 07:39 - 02267096 ____A (Threat Expert Ltd.) C:\Windows\PCTBDCore.dll
    2012-08-09 20:30 - 2012-06-22 07:39 - 01689560 ____A (Threat Expert Ltd.) C:\Windows\PCTBDRes.dll
    2012-08-09 20:30 - 2012-06-22 07:39 - 00149464 ____A (PC Tools) C:\Windows\SGDetectionTool.dll
    2012-08-09 20:30 - 2012-06-22 07:39 - 00085224 ____A (PC Tools) C:\Windows\System32\Drivers\PCTBD64.sys
    2012-08-09 20:30 - 2012-06-22 07:38 - 00767960 ____A C:\Windows\BDTSupport.dll
    2012-08-09 20:30 - 2012-06-22 06:43 - 00003488 ____A C:\Windows\UDB.zip
    2012-08-09 20:30 - 2012-06-22 06:43 - 00000882 ____A C:\Windows\RegSDImport.xml
    2012-08-09 20:30 - 2012-06-22 06:43 - 00000879 ____A C:\Windows\RegISSImport.xml
    2012-08-09 20:30 - 2012-06-22 06:43 - 00000131 ____A C:\Windows\IDB.zip
    2012-08-09 20:29 - 2012-08-09 20:29 - 00002247 ____A C:\Users\Public\Desktop\PC Tools Internet Security.lnk
    2012-08-09 20:29 - 2012-06-22 11:35 - 00181032 ____A (PC Tools) C:\Windows\System32\Drivers\pctplfw64.sys
    2012-08-09 20:29 - 2012-06-22 11:35 - 00092928 ____A (PC Tools) C:\Windows\System32\Drivers\pctplsg64.sys
    2012-08-09 20:29 - 2012-06-22 11:33 - 00014808 ____A (PC Tools) C:\Windows\System32\Drivers\pctBTFix64.sys
    2012-08-09 20:29 - 2012-06-22 11:29 - 00341200 ____A (PC Tools) C:\Windows\System32\Drivers\pctgntdi64.sys
    2012-08-09 20:29 - 2012-06-22 11:29 - 00145464 ____A (PC Tools) C:\Windows\System32\Drivers\pctwfpfilter64.sys
    2012-08-09 20:29 - 2012-06-22 10:21 - 00706776 ____A (PC Tools) C:\Windows\System32\Drivers\TfSysMon.sys
    2012-08-09 20:29 - 2012-06-22 10:21 - 00065664 ____A (PC Tools) C:\Windows\System32\Drivers\TfFsMon.sys
    2012-08-09 20:29 - 2012-06-22 10:21 - 00041968 ____A (PC Tools) C:\Windows\System32\Drivers\TfNetMon.sys
    2012-08-09 20:29 - 2012-04-19 05:57 - 00123808 ____A (PC Tools) C:\Windows\System32\Drivers\pctNdis-PacketFilter64.sys
    2012-08-09 20:29 - 2012-03-19 08:02 - 00077976 ____A (PC Tools) C:\Windows\System32\Drivers\pctNdisLW64.sys
    2012-08-09 20:27 - 2012-08-09 20:31 - 01638153 ____A C:\Windows\System32\Drivers\Cat.DB
    2012-08-09 20:26 - 2012-08-09 20:26 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Jason Hwang\Downloads\mbam-setup-1.62.0.1300.exe
    2012-08-09 20:26 - 2012-06-22 11:35 - 00251560 ____A (PC Tools) C:\Windows\System32\Drivers\PCTSD64.sys
    2012-08-09 20:26 - 2012-04-23 08:36 - 00426616 ____A (PC Tools) C:\Windows\System32\Drivers\PCTCore64.sys
    2012-08-09 20:26 - 2012-02-28 07:43 - 01096176 ____A (PC Tools) C:\Windows\System32\Drivers\pctEFA64.sys
    2012-08-09 20:26 - 2012-02-28 07:43 - 00453896 ____A (PC Tools) C:\Windows\System32\Drivers\pctDS64.sys
    2012-08-09 20:25 - 2012-08-09 20:25 - 04122624 ____A (PC Tools) C:\Users\Jason Hwang\Downloads\issetup.exe
    2012-08-09 20:06 - 2012-07-28 14:45 - 04265230 ____A C:\Users\Jason Hwang\Desktop\64bit.exe
    2012-08-09 20:06 - 2010-05-11 23:22 - 00000000 ____D C:\Users\Jason Hwang\Desktop\64bit
    2012-07-28 16:36 - 2012-07-29 14:46 - 00000000 ____D C:\Windows\System32\config\HiveBackup
    2012-07-28 16:21 - 2012-07-28 16:23 - 00000000 ____D C:\FRST
    2012-07-25 19:35 - 2012-07-25 19:35 - 00000000 ____D C:\Users\Jason Hwang\AppData\Roaming\Spam Monitor
    2012-07-25 19:35 - 2012-07-25 19:35 - 00000000 ____D C:\Users\Jason Hwang\AppData\Roaming\PC Tools
    2012-07-25 17:34 - 2012-08-09 23:14 - 00000000 ____D C:\Users\Jason Hwang\AppData\Roaming\Malwarebytes
    2012-07-25 17:29 - 2012-08-09 23:14 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-07-25 17:29 - 2012-08-09 20:31 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-07-24 20:20 - 2012-08-09 23:14 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
    2012-07-24 14:26 - 2012-08-09 20:29 - 00000000 ____D C:\Program Files (x86)\PC Tools
    2012-07-24 14:23 - 2012-08-09 23:14 - 00000000 ____D C:\Users\All Users\PC Tools
    2012-07-24 14:23 - 2012-07-24 14:23 - 00000000 ____D C:\Users\Jason Hwang\AppData\Roaming\TestApp
    2012-07-15 20:23 - 2012-07-15 20:23 - 00001426 ____A C:\Users\Jason Hwang\Downloads\menu_items.sql
    2012-07-13 14:29 - 2012-08-09 20:41 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-07-11 23:05 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-07-11 17:53 - 2012-07-11 17:55 - 00000000 ____D C:\Users\Jason Hwang\Desktop\John.Carter.2012.720p.BluRay.x264-SPARKS PublicHD
    2012-07-11 17:51 - 2012-07-11 17:51 - 00051466 ____A C:\Users\Jason Hwang\Downloads\[kat.ph]john.carter.2012.1080p.bluray.x264.sparks.publichd (1).torrent
    2012-07-11 17:50 - 2012-07-11 17:50 - 00008150 ____A C:\Users\Jason Hwang\Downloads\[kat.ph]john.carter.2012.720p.bluray.x264.sparks.publichd.torrent
    2012-07-11 17:49 - 2012-07-11 17:49 - 00051466 ____A C:\Users\Jason Hwang\Downloads\[kat.ph]john.carter.2012.1080p.bluray.x264.sparks.publichd.torrent
    2012-07-11 13:07 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2012-07-11 13:07 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2012-07-11 13:07 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
    2012-07-11 13:07 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
    2012-07-11 13:07 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
    2012-07-11 13:07 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2012-07-11 13:07 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2012-07-11 13:07 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
    2012-07-11 13:07 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
    2012-07-11 13:07 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
    2012-07-11 13:07 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
    2012-07-11 13:07 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
    2012-07-11 13:07 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
    2012-07-11 13:07 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2012-07-11 13:07 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2012-07-11 13:07 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2012-07-11 13:07 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2012-07-11 13:07 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
    2012-07-11 13:07 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
    2012-07-11 10:05 - 2012-07-11 10:32 - 1131295672 ____A (Microsoft Corporation) C:\Users\Jason Hwang\Downloads\OfficePro2010English_x64.exe
    2012-07-11 09:55 - 2012-07-11 17:00 - 00000000 ____D C:\Users\Jason Hwang\Desktop\LCC
    2012-07-11 09:48 - 2012-07-11 09:48 - 00000000 ____D C:\Users\Jason Hwang\AppData\Local\Macromedia
    2012-07-11 09:47 - 2012-08-09 23:56 - 00000000 ____D C:\Windows\System32\Macromed
    2012-07-11 09:47 - 2012-08-09 20:26 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

    ============ 3 Months Modified Files ========================

    2012-08-09 20:41 - 2012-08-09 20:41 - 00000000 ____A C:\Windows\SysWOW64\SM.lock
    2012-08-09 20:41 - 2012-07-13 14:29 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-08-09 20:41 - 2011-08-16 16:24 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-08-09 20:41 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-08-09 20:41 - 2009-07-13 20:51 - 00060007 ____A C:\Windows\setupact.log
    2012-08-09 20:39 - 2009-07-13 21:13 - 00779266 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-08-09 20:34 - 2011-07-02 04:07 - 01902298 ____A C:\Windows\WindowsUpdate.log
    2012-08-09 20:31 - 2012-08-09 20:27 - 01638153 ____A C:\Windows\System32\Drivers\Cat.DB
    2012-08-09 20:30 - 2009-07-13 20:45 - 00022096 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-08-09 20:30 - 2009-07-13 20:45 - 00022096 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-08-09 20:29 - 2012-08-09 20:29 - 00002247 ____A C:\Users\Public\Desktop\PC Tools Internet Security.lnk
    2012-08-09 20:26 - 2012-08-09 20:26 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Jason Hwang\Downloads\mbam-setup-1.62.0.1300.exe
    2012-08-09 20:26 - 2012-07-11 09:47 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-08-09 20:26 - 2011-07-01 01:54 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-08-09 20:25 - 2012-08-09 20:25 - 04122624 ____A (PC Tools) C:\Users\Jason Hwang\Downloads\issetup.exe
    2012-07-28 14:45 - 2012-08-09 20:06 - 04265230 ____A C:\Users\Jason Hwang\Desktop\64bit.exe
    2012-07-21 22:54 - 2011-08-16 16:24 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-07-16 21:25 - 2011-07-01 22:45 - 00001456 ____A C:\Users\Jason Hwang\AppData\Local\Adobe Save for Web 12.0 Prefs
    2012-07-15 20:23 - 2012-07-15 20:23 - 00001426 ____A C:\Users\Jason Hwang\Downloads\menu_items.sql
    2012-07-11 23:23 - 2009-07-13 20:45 - 04983712 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-07-11 23:01 - 2011-07-22 18:32 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-07-11 17:51 - 2012-07-11 17:51 - 00051466 ____A C:\Users\Jason Hwang\Downloads\[kat.ph]john.carter.2012.1080p.bluray.x264.sparks.publichd (1).torrent
    2012-07-11 17:50 - 2012-07-11 17:50 - 00008150 ____A C:\Users\Jason Hwang\Downloads\[kat.ph]john.carter.2012.720p.bluray.x264.sparks.publichd.torrent
    2012-07-11 17:49 - 2012-07-11 17:49 - 00051466 ____A C:\Users\Jason Hwang\Downloads\[kat.ph]john.carter.2012.1080p.bluray.x264.sparks.publichd.torrent
    2012-07-11 11:10 - 2010-11-20 19:47 - 00636148 ____A C:\Windows\PFRO.log
    2012-07-11 10:32 - 2012-07-11 10:05 - 1131295672 ____A (Microsoft Corporation) C:\Users\Jason Hwang\Downloads\OfficePro2010English_x64.exe
    2012-07-03 21:23 - 2012-07-03 21:23 - 00015500 ____A C:\Users\Jason Hwang\Downloads\[kat.ph]american.reunion.unrated.dvdrip.xvid.cocain.torrent
    2012-07-03 09:46 - 2012-08-09 20:31 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-06-27 13:42 - 2012-06-27 13:42 - 05224832 ____A (Binary Fortress Software ) C:\Users\Jason Hwang\Downloads\DisplayFusionSetup-4.0.1.exe
    2012-06-23 22:45 - 2012-06-23 22:45 - 04387080 ____A ( ) C:\Users\Jason Hwang\Downloads\cpu-z_1.60.1-setup-en.exe
    2012-06-23 18:39 - 2012-06-23 18:39 - 00017078 ____A C:\Users\Jason Hwang\Downloads\[kat.ph]sherlock.holmes.a.game.of.shadows.2011.720p.bluray.publichd.torrent
    2012-06-23 18:39 - 2012-06-23 18:39 - 00017078 ____A C:\Users\Jason Hwang\Downloads\[kat.ph]sherlock.holmes.a.game.of.shadows.2011.720p.bluray.publichd (1).torrent
    2012-06-23 11:15 - 2012-05-05 13:12 - 00000022 ____A C:\Users\Jason Hwang\Downloads\iREB-r5.zip
    2012-06-22 11:35 - 2012-08-09 20:29 - 00181032 ____A (PC Tools) C:\Windows\System32\Drivers\pctplfw64.sys
    2012-06-22 11:35 - 2012-08-09 20:29 - 00092928 ____A (PC Tools) C:\Windows\System32\Drivers\pctplsg64.sys
    2012-06-22 11:35 - 2012-08-09 20:26 - 00251560 ____A (PC Tools) C:\Windows\System32\Drivers\PCTSD64.sys
    2012-06-22 11:33 - 2012-08-09 20:29 - 00014808 ____A (PC Tools) C:\Windows\System32\Drivers\pctBTFix64.sys
    2012-06-22 11:29 - 2012-08-09 20:29 - 00341200 ____A (PC Tools) C:\Windows\System32\Drivers\pctgntdi64.sys
    2012-06-22 11:29 - 2012-08-09 20:29 - 00145464 ____A (PC Tools) C:\Windows\System32\Drivers\pctwfpfilter64.sys
    2012-06-22 10:21 - 2012-08-09 20:29 - 00706776 ____A (PC Tools) C:\Windows\System32\Drivers\TfSysMon.sys
    2012-06-22 10:21 - 2012-08-09 20:29 - 00065664 ____A (PC Tools) C:\Windows\System32\Drivers\TfFsMon.sys
    2012-06-22 10:21 - 2012-08-09 20:29 - 00041968 ____A (PC Tools) C:\Windows\System32\Drivers\TfNetMon.sys
    2012-06-22 07:39 - 2012-08-09 20:30 - 02267096 ____A (Threat Expert Ltd.) C:\Windows\PCTBDCore.dll
    2012-06-22 07:39 - 2012-08-09 20:30 - 01689560 ____A (Threat Expert Ltd.) C:\Windows\PCTBDRes.dll
    2012-06-22 07:39 - 2012-08-09 20:30 - 00149464 ____A (PC Tools) C:\Windows\SGDetectionTool.dll
    2012-06-22 07:39 - 2012-08-09 20:30 - 00085224 ____A (PC Tools) C:\Windows\System32\Drivers\PCTBD64.sys
    2012-06-22 07:38 - 2012-08-09 20:30 - 00767960 ____A C:\Windows\BDTSupport.dll
    2012-06-22 06:43 - 2012-08-09 20:30 - 00003488 ____A C:\Windows\UDB.zip
    2012-06-22 06:43 - 2012-08-09 20:30 - 00000882 ____A C:\Windows\RegSDImport.xml
    2012-06-22 06:43 - 2012-08-09 20:30 - 00000879 ____A C:\Windows\RegISSImport.xml
    2012-06-22 06:43 - 2012-08-09 20:30 - 00000131 ____A C:\Windows\IDB.zip
    2012-06-11 19:08 - 2012-07-11 23:05 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-06-08 21:43 - 2012-07-11 13:07 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2012-06-08 20:41 - 2012-07-11 13:07 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2012-06-07 13:50 - 2012-06-07 13:49 - 16574016 ____A (Mozilla) C:\Users\Jason Hwang\Downloads\Firefox Setup 13.0.exe
    2012-06-06 13:07 - 2012-06-06 13:07 - 00125731 ____A C:\Users\Jason Hwang\Downloads\[kat.ph]21.jump.street.2012.r5.xvid.legi0n.torrent
    2012-06-06 13:04 - 2012-06-06 13:04 - 00034452 ____A C:\Users\Jason Hwang\Downloads\[kat.ph]goon.2011.limited.1080p.bluray.x264.maxhd.publichd.torrent
    2012-06-06 09:25 - 2012-06-06 09:25 - 00016542 ____A C:\Users\Jason Hwang\Downloads\[kat.ph]safe.house.2012.1080p.brrip.x264.1.5gb.yify.torrent
    2012-06-05 22:06 - 2012-07-11 13:07 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
    2012-06-05 22:06 - 2012-07-11 13:07 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
    2012-06-05 22:02 - 2012-07-11 13:07 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
    2012-06-05 21:05 - 2012-07-11 13:07 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2012-06-05 21:05 - 2012-07-11 13:07 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2012-06-05 21:03 - 2012-07-11 13:07 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
    2012-06-04 20:52 - 2012-06-04 20:02 - 00014410 ____A C:\Windows\DPINST.LOG
    2012-06-04 20:06 - 2012-06-04 20:06 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
    2012-06-04 20:02 - 2012-06-04 20:01 - 10043663 ____A C:\Users\Jason Hwang\Downloads\nookcolor-easyADB.exe
    2012-06-02 14:19 - 2012-06-21 15:17 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-02 14:19 - 2012-06-21 15:17 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-02 14:19 - 2012-06-21 15:17 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-02 14:19 - 2012-06-21 15:17 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-02 14:19 - 2012-06-21 15:17 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-02 14:15 - 2012-06-21 15:17 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-02 14:15 - 2012-06-21 15:17 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-02 11:19 - 2012-06-21 15:17 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-02 11:15 - 2012-06-21 15:17 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-01 21:50 - 2012-07-11 13:07 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
    2012-06-01 21:48 - 2012-07-11 13:07 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
    2012-06-01 21:48 - 2012-07-11 13:07 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
    2012-06-01 21:45 - 2012-07-11 13:07 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
    2012-06-01 21:44 - 2012-07-11 13:07 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
    2012-06-01 20:40 - 2012-07-11 13:07 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2012-06-01 20:40 - 2012-07-11 13:07 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2012-06-01 20:39 - 2012-07-11 13:07 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2012-06-01 20:34 - 2012-07-11 13:07 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2012-05-30 13:37 - 2012-05-30 13:37 - 00000132 ____A C:\Users\Jason Hwang\AppData\Roaming\Adobe PNG Format CS5 Prefs
    2012-05-29 20:26 - 2012-05-29 20:26 - 57713264 ____A (Alien Skin Software, LLC) C:\Users\Jason Hwang\Downloads\bokeh-2.0.1.463.exe
    2012-05-28 19:05 - 2012-05-28 19:04 - 37448775 ____A C:\Users\Jason Hwang\Downloads\android-sdk_r18-windows.zip
    2012-05-28 19:05 - 2012-05-28 19:04 - 135250659 ____A C:\Users\Jason Hwang\Downloads\eclipse-java-indigo-SR2-win32-x86_64.zip
    2012-05-26 00:03 - 2012-05-26 00:03 - 00023278 ____A C:\Users\Jason Hwang\Downloads\[kat.ph]this.means.war.2012.unrated.720p.bluray.x264.sparks.publichd.torrent
    2012-05-19 09:55 - 2012-05-19 09:55 - 06748258 ____A C:\Users\Jason Hwang\Downloads\4gb_clockwork-3.2.0.1.rar
    2012-05-19 09:13 - 2012-05-19 09:13 - 00045586 ____A C:\Users\Jason Hwang\Downloads\win32diskimager-source.zip
    2012-05-19 08:50 - 2012-05-19 08:49 - 76412939 ____A C:\Users\Jason Hwang\Downloads\uNooter.zip
    2012-05-16 08:37 - 2012-05-16 08:34 - 183158535 ____A C:\Users\Jason Hwang\Downloads\eclipse-SDK-3.7.2-win32-x86_64.zip
    2012-05-16 08:35 - 2012-05-16 08:34 - 116002218 ____A C:\Users\Jason Hwang\Downloads\eclipse-javascript-indigo-SR2-win32-x86_64.zip
    2012-05-14 20:01 - 2012-06-13 12:22 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-05-14 19:59 - 2012-06-13 12:22 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-05-14 19:03 - 2012-06-13 12:22 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-05-14 19:00 - 2012-06-13 12:22 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll


    ZeroAccess:
    C:\Windows\Installer\{d773d200-db3e-1027-84b9-b3f1357a585d}
    C:\Windows\Installer\{d773d200-db3e-1027-84b9-b3f1357a585d}\@

    ZeroAccess:
    C:\Windows\assembly\GAC_32\Desktop.ini

    ZeroAccess:
    C:\Windows\assembly\GAC_64\Desktop.ini

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe 50BEA589F7D7958BDD2528A8F69D05CC ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ========================= Memory info ======================

    Percentage of memory in use: 9%
    Total physical RAM: 8175.12 MB
    Available physical RAM: 7363.49 MB
    Total Pagefile: 8173.27 MB
    Available Pagefile: 7341.25 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ======================= Partitions =========================

    1 Drive c: () (Fixed) (Total:465.76 GB) (Free:337.72 GB) NTFS
    2 Drive d: (New Volume) (Fixed) (Total:931.51 GB) (Free:267.63 GB) NTFS
    3 Drive e: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.04 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    4 Drive f: (Media) (Fixed) (Total:1397.16 GB) (Free:1260.24 GB) NTFS
    6 Drive h: (Repair disc Windows 7 64-bit) (Removable) (Total:7.53 GB) (Free:7.3 GB) NTFS
    7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 465 GB 0 B
    Disk 1 Online 931 GB 0 B
    Disk 2 Online 1397 GB 1024 KB
    Disk 3 Online 7712 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 465 GB 1024 KB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 C NTFS Partition 465 GB Healthy

    ==================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 931 GB 1024 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 D New Volume NTFS Partition 931 GB Healthy

    ==================================================================================

    Partitions of Disk 2:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 100 MB 1024 KB
    Partition 2 Primary 1397 GB 101 MB

    ==================================================================================

    Disk: 2
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 E System Rese NTFS Partition 100 MB Healthy

    ==================================================================================

    Disk: 2
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 F Media NTFS Partition 1397 GB Healthy

    ==================================================================================

    Partitions of Disk 3:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 7711 MB 31 KB

    ==================================================================================

    Disk: 3
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 5 H Repair disc NTFS Removable 7711 MB Healthy

    ==================================================================================

    ==========================================================

    Last Boot: 2012-07-28 16:56

    ======================= End Of Log ==========================













    Search.txt file

    Farbar Recovery Scan Tool Version: 25-07-2012 01
    Ran by SYSTEM at 2012-08-10 00:45:06
    Running from H:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0329216 ____A (Microsoft Corporation) 50BEA589F7D7958BDD2528A8F69D05CC

    ====== End Of Search ======
  20. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    FRST64 Fixlist

    Please run the following:

    Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

    NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

    Now, please enter System Recovery Options then select Command Prompt.

    Run FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Now restart, let it boot normally and tell me how it went.
  21. MaxPowers

    MaxPowers Newcomer, in training Topic Starter

    What about this line though?

    C:\Windows\System32\services.exe 50BEA589F7D7958BDD2528A8F69D05CC ZeroAccess <==== ATTENTION!.
  22. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    My apologies. Appeared to have missed that somehow...

    FRST64 Fixlist

    Please run the following:

    Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

    NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

    Now, please enter System Recovery Options then select Command Prompt.

    Run FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Now restart, let it boot normally and tell me how it went.
  23. MaxPowers

    MaxPowers Newcomer, in training Topic Starter

    Reboot went fine. I performed a full scan with PC Tools Internet Security and Malware Anti Malware. It picked up some residual viruses of the Zero Access. I restarted the PC, and performed a scan a few days later, and it seems like PC Tools picked up the ZeroAccess virus again. After restarting, and having the PC on for a day, I have noticed that while connected to the internet, none of my browsers work and the memory load is at 45% with no applications running. PC Tools pics up no virus, and MWAM picks up no malware.
  24. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Please post the log from MBAM.

    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
    • Copy and paste the entire report in your next reply.
  25. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello. Are you still with us?

    Your thread has been marked as "Inactive" because of your lack of reply. Please let us know how your computer is running, or if you want to continue in this topic.

    Thanks.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.