eldude_182
Posts: 6 +0
I have a windows vista 32 bit system here are my results:
Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 25-07-2012 01
Ran by SYSTEM at 02-08-2012 01:22:47
Running from G:\
Windows Vista (TM) Home Premium Service Pack 1 (X86) OS Language: English(US)
The current controlset is ControlSet001
========================== Registry (Whitelisted) =============
HKLM\...\Run: [] [x]
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [141848 2008-02-11] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [166424 2008-02-11] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [133656 2008-02-11] (Intel Corporation)
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation)
HKU\Jenny\...\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [17425072 2012-06-07] (Skype Technologies S.A.)
HKU\Jenny\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 208.67.220.220 200.107.239.2
================================ Services (Whitelisted) ==================
2 ALaunchService; C:\Acer\ALaunch\ALaunchSvc.exe [51200 2007-09-19] ()
2 BBSvc; C:\Program Files\Microsoft\BingBar\7.1.362.0\BBSvc.exe [193816 2012-02-13] (Microsoft Corporation.)
3 BBUpdate; C:\Program Files\Microsoft\BingBar\7.1.362.0\SeaPort.exe [240408 2012-02-13] (Microsoft Corporation.)
2 eDataSecurity Service; "C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe" [506416 2008-01-02] (Egis Incorporated)
2 eLockService; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [24576 2007-10-01] (Acer Inc.)
2 eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [131072 2007-12-20] (Acer Inc.)
2 eRecoveryService; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [57344 2007-09-10] (Acer Inc.)
2 eSettingsService; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [24576 2007-12-19] ()
2 Eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [21504 2008-01-20] (Microsoft Corporation)
2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe -p [110592 2007-11-27] ()
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [11552 2012-03-26] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [214952 2012-03-26] (Microsoft Corporation)
3 PCTSFileEnum; C:\Program Files\PC Tools\DMScanning\PCTSFiles.exe [89048 2012-06-22] (PC Tools)
2 RichVideo; "C:\Program Files\CyberLink\Shared Files\RichVideo.exe" [266343 2007-12-04] ()
2 Skype C2C Service; "C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe" [3048136 2012-05-30] (Skype Technologies S.A.)
2 SkypeUpdate; "C:\Program Files\Skype\Updater\Updater.exe" [160944 2012-06-07] (Skype Technologies)
2 WMIService; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [167936 2007-09-20] (acer)
2 McShield; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [x]
3 McSysmon; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [x]
========================== Drivers (Whitelisted) =============
3 DynCal; C:\Windows\System32\drivers\Dyncal.sys [12928 2007-11-07] (Padix Co., Ltd)
2 int15; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys [15392 2007-07-03] (Acer, Inc.)
0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
3 PCTBD; C:\Windows\System32\Drivers\PCTBD.sys [70768 2012-06-22] (PC Tools)
0 PCTCore; C:\Windows\System32\drivers\PCTCore.sys [383368 2012-04-23] (PC Tools)
0 pctDS; C:\Windows\System32\drivers\pctDS.sys [342168 2012-02-28] (PC Tools)
1 PCTSD; C:\Windows\System32\Drivers\PCTSD.sys [203120 2012-06-22] (PC Tools)
3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1729152 2007-06-12] ()
3 USBMULCD; C:\Windows\System32\drivers\CM106.sys [1516032 2009-01-09] (C-Media Electronics Inc)
3 winbondcir; C:\Windows\System32\DRIVERS\winbondcir.sys [43008 2007-03-28] (Winbond Electronics Corporation)
2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; \??\C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [41456 2008-01-04] (Cyberlink Corp.)
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
========================== NetSvcs (Whitelisted) ===========
============ One Month Created Files and Folders ==============
2012-08-01 16:56 - 2012-08-01 16:56 - 00043480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\vnjxqmas.sys
2012-07-29 20:24 - 2012-07-30 15:25 - 00000000 ____D C:\FRST
2012-07-29 19:04 - 2012-07-29 19:05 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-07-29 18:48 - 2012-07-29 18:48 - 00000000 ____D C:\Users\Jenny\AppData\Local\VS Revo Group
2012-07-29 18:48 - 2012-07-29 18:48 - 00000000 ____D C:\Program Files\VS Revo Group
2012-07-29 18:48 - 2009-12-30 03:21 - 00027192 ____A (VS Revo Group) C:\Windows\System32\Drivers\revoflt.sys
2012-07-29 18:44 - 2012-07-29 18:45 - 00000000 ____D C:\Users\Jenny\Downloads\Revo.Uninstaller.Pro.v2.5.8.0.Cracked-F4CG
2012-07-29 18:19 - 2012-07-29 18:21 - 00000000 ____D C:\Users\All Users\TuneUp Software
2012-07-29 18:19 - 2012-07-29 18:19 - 00000000 ____D C:\Users\Jenny\AppData\Roaming\TuneUp Software
2012-07-29 17:41 - 2012-07-29 17:41 - 00006655 ____A C:\Users\Jenny\Downloads\Read Me.txt
2012-07-29 17:41 - 2012-07-29 17:41 - 00000179 ____A C:\Users\Jenny\Downloads\license.txt
2012-07-29 17:33 - 2012-07-29 17:33 - 00000000 ____D C:\Program Files\uTorrent
2012-07-29 17:32 - 2012-07-29 18:56 - 00000000 ____D C:\Users\Jenny\AppData\Roaming\uTorrent
2012-07-29 17:31 - 2012-07-29 17:31 - 00895376 ____A (BitTorrent, Inc.) C:\Users\Jenny\Downloads\uTorrent.exe
2012-07-29 16:52 - 2012-06-22 03:39 - 02267096 ____A (Threat Expert Ltd.) C:\Windows\PCTBDCore.dll
2012-07-29 16:52 - 2012-06-22 03:39 - 01689560 ____A (Threat Expert Ltd.) C:\Windows\PCTBDRes.dll
2012-07-29 16:52 - 2012-06-22 03:39 - 00149464 ____A (PC Tools) C:\Windows\SGDetectionTool.dll
2012-07-29 16:52 - 2012-06-22 03:39 - 00070768 ____A (PC Tools) C:\Windows\System32\Drivers\PCTBD.sys
2012-07-29 16:52 - 2012-06-22 03:38 - 00767960 ____A C:\Windows\BDTSupport.dll
2012-07-29 16:52 - 2012-06-22 02:43 - 00003488 ____A C:\Windows\UDB.zip
2012-07-29 16:52 - 2012-06-22 02:43 - 00000882 ____A C:\Windows\RegSDImport.xml
2012-07-29 16:52 - 2012-06-22 02:43 - 00000879 ____A C:\Windows\RegISSImport.xml
2012-07-29 16:52 - 2012-06-22 02:43 - 00000131 ____A C:\Windows\IDB.zip
2012-07-29 16:51 - 2012-06-22 07:29 - 00254944 ____A (PC Tools) C:\Windows\System32\Drivers\pctgntdi.sys
2012-07-29 16:51 - 2012-06-22 07:29 - 00107896 ____A (PC Tools) C:\Windows\System32\Drivers\pctwfpfilter.sys
2012-07-29 16:50 - 2012-06-22 07:35 - 00070568 ____A (PC Tools) C:\Windows\System32\Drivers\pctplsg.sys
2012-07-29 16:50 - 2012-06-22 07:33 - 00017880 ____A (PC Tools) C:\Windows\System32\Drivers\pctBTFix.sys
2012-07-29 16:27 - 2012-07-29 18:54 - 00000000 ____D C:\Program Files\PC Tools
2012-07-29 16:27 - 2012-07-29 16:52 - 00000000 ____D C:\Program Files\Common Files\PC Tools
2012-07-29 16:27 - 2012-06-22 07:34 - 00203120 ____A (PC Tools) C:\Windows\System32\Drivers\PCTSD.sys
2012-07-29 16:27 - 2012-04-23 04:36 - 00383368 ____A (PC Tools) C:\Windows\System32\Drivers\PCTCore.sys
2012-07-29 16:27 - 2012-04-23 04:36 - 00162584 ____A (PC Tools) C:\Windows\System32\Drivers\PCTAppEvent.sys
2012-07-29 16:27 - 2012-02-28 03:43 - 00909728 ____A (PC Tools) C:\Windows\System32\Drivers\pctEFA.sys
2012-07-29 16:27 - 2012-02-28 03:43 - 00342168 ____A (PC Tools) C:\Windows\System32\Drivers\pctDS.sys
2012-07-29 16:26 - 2012-07-29 16:50 - 00000000 ____D C:\Users\All Users\PC Tools
2012-07-29 16:26 - 2012-07-29 16:26 - 00000000 ____D C:\Users\Jenny\AppData\Roaming\TestApp
2012-07-29 16:04 - 2012-07-29 16:04 - 00001818 ____A C:\Users\Jenny\Documents\antivirus.txt
2012-07-29 15:42 - 2012-07-29 15:42 - 00000000 __SHD C:\Users\All Users\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-07-29 15:39 - 2012-07-29 15:42 - 27959216 ____A (TuneUp Software) C:\Users\Jenny\Downloads\TuneUpUtilities2012_es-ES.exe
2012-07-29 15:18 - 2012-07-29 19:05 - 00001912 ____A C:\Windows\epplauncher.mif
2012-07-29 15:17 - 2012-07-29 15:18 - 10300288 ____A (Microsoft Corporation) C:\Users\Jenny\Downloads\mseinstall.exe
2012-07-26 15:59 - 2012-07-26 15:59 - 00217088 __RSH (gv) C:\Users\Jenny\koiumi.exe
2012-07-26 15:59 - 2012-07-26 15:59 - 00053248 ____A (Nonsyllabic) C:\Users\Jenny\jiarem.com
2012-07-26 15:56 - 2012-07-26 15:56 - 00193024 ____A C:\Users\Jenny\1mgf.exe
2012-07-26 15:56 - 2012-07-26 15:56 - 00086016 __RSH (rousedness) C:\Users\Jenny\jmbav.exe
2012-07-26 15:56 - 2012-07-26 15:56 - 00053248 ____A (Nonsyllabic) C:\Users\Jenny\hiizuz.com
2012-07-26 15:53 - 2012-07-26 15:53 - 00086016 __RSH (rousedness) C:\Users\Jenny\niedep.exe
2012-07-26 15:52 - 2012-07-26 15:56 - 00086016 ____A (rousedness) C:\Users\Jenny\start1.exe
2012-07-26 15:52 - 2012-07-26 15:56 - 00016384 ____A C:\Users\Jenny\zmgf.exe
2012-07-26 15:52 - 2012-07-26 15:52 - 00086016 __RSH (rousedness) C:\Users\Jenny\heateh.exe
2012-07-26 15:52 - 2012-07-26 15:52 - 00053248 ____A (Nonsyllabic) C:\Users\Jenny\weohox.com
2012-07-26 15:52 - 2012-07-26 15:52 - 00053248 ____A (Nonsyllabic) C:\Users\Jenny\puipeb.com
2012-07-26 15:52 - 2012-07-26 15:52 - 00053248 ____A (Nonsyllabic) C:\Users\Jenny\kbiw.com
2012-07-21 14:22 - 2012-07-21 14:22 - 19119176 ____A (PokerStars) C:\Users\Jenny\Downloads\PokerStarsInstallPM.exe
2012-07-21 14:16 - 2012-07-21 14:17 - 19119168 ____A (PokerStars) C:\Users\Jenny\Downloads\PokerStarsInstallPM (1).exe
2012-07-21 14:08 - 2012-07-29 19:17 - 00000000 ____D C:\Users\Jenny\AppData\Local\PokerStars.NET
2012-07-21 14:08 - 2012-07-21 14:08 - 00000894 ____A C:\Users\Public\Desktop\PokerStars.net.lnk
2012-07-21 14:07 - 2012-07-21 14:09 - 00000000 ____D C:\Program Files\PokerStars.NET
2012-07-21 04:58 - 2012-07-21 04:58 - 00000288 ____A C:\Users\Jenny\Desktop\Terry Habdas Facebook.url
2012-07-09 07:41 - 2012-07-09 07:41 - 00000000 ____D C:\Users\Jenny\AppData\Local\Downloaded Installations
============ 3 Months Modified Files ========================
2012-08-01 16:56 - 2012-08-01 16:56 - 00043480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\vnjxqmas.sys
2012-08-01 16:56 - 2011-07-28 12:41 - 00279552 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
2012-08-01 16:55 - 2006-11-02 07:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-01 16:55 - 2006-11-02 06:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-01 16:55 - 2006-11-02 06:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-01 16:54 - 2008-01-20 20:47 - 01407852 ____A C:\Windows\PFRO.log
2012-08-01 16:53 - 2006-11-02 07:01 - 00032564 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-30 15:52 - 2006-11-02 06:47 - 00303536 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-29 21:06 - 2012-05-06 14:30 - 00000680 ____A C:\Users\Jenny\AppData\Local\d3d9caps.dat
2012-07-29 20:58 - 2008-01-21 01:23 - 01506514 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-29 20:45 - 2008-07-14 12:36 - 01274328 ____A C:\Windows\WindowsUpdate.log
2012-07-29 19:05 - 2012-07-29 15:18 - 00001912 ____A C:\Windows\epplauncher.mif
2012-07-29 19:00 - 2012-06-14 07:13 - 00000838 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-29 17:41 - 2012-07-29 17:41 - 00006655 ____A C:\Users\Jenny\Downloads\Read Me.txt
2012-07-29 17:41 - 2012-07-29 17:41 - 00000179 ____A C:\Users\Jenny\Downloads\license.txt
2012-07-29 17:31 - 2012-07-29 17:31 - 00895376 ____A (BitTorrent, Inc.) C:\Users\Jenny\Downloads\uTorrent.exe
2012-07-29 16:04 - 2012-07-29 16:04 - 00001818 ____A C:\Users\Jenny\Documents\antivirus.txt
2012-07-29 15:42 - 2012-07-29 15:39 - 27959216 ____A (TuneUp Software) C:\Users\Jenny\Downloads\TuneUpUtilities2012_es-ES.exe
2012-07-29 15:18 - 2012-07-29 15:17 - 10300288 ____A (Microsoft Corporation) C:\Users\Jenny\Downloads\mseinstall.exe
2012-07-26 15:59 - 2012-07-26 15:59 - 00217088 __RSH (gv) C:\Users\Jenny\koiumi.exe
2012-07-26 15:59 - 2012-07-26 15:59 - 00053248 ____A (Nonsyllabic) C:\Users\Jenny\jiarem.com
2012-07-26 15:56 - 2012-07-26 15:56 - 00193024 ____A C:\Users\Jenny\1mgf.exe
2012-07-26 15:56 - 2012-07-26 15:56 - 00086016 __RSH (rousedness) C:\Users\Jenny\jmbav.exe
2012-07-26 15:56 - 2012-07-26 15:56 - 00053248 ____A (Nonsyllabic) C:\Users\Jenny\hiizuz.com
2012-07-26 15:56 - 2012-07-26 15:52 - 00086016 ____A (rousedness) C:\Users\Jenny\start1.exe
2012-07-26 15:56 - 2012-07-26 15:52 - 00016384 ____A C:\Users\Jenny\zmgf.exe
2012-07-26 15:53 - 2012-07-26 15:53 - 00086016 __RSH (rousedness) C:\Users\Jenny\niedep.exe
2012-07-26 15:52 - 2012-07-26 15:52 - 00086016 __RSH (rousedness) C:\Users\Jenny\heateh.exe
2012-07-26 15:52 - 2012-07-26 15:52 - 00053248 ____A (Nonsyllabic) C:\Users\Jenny\weohox.com
2012-07-26 15:52 - 2012-07-26 15:52 - 00053248 ____A (Nonsyllabic) C:\Users\Jenny\puipeb.com
2012-07-26 15:52 - 2012-07-26 15:52 - 00053248 ____A (Nonsyllabic) C:\Users\Jenny\kbiw.com
2012-07-25 07:29 - 2006-11-02 06:52 - 00192559 ____A C:\Windows\setupact.log
2012-07-21 14:22 - 2012-07-21 14:22 - 19119176 ____A (PokerStars) C:\Users\Jenny\Downloads\PokerStarsInstallPM.exe
2012-07-21 14:17 - 2012-07-21 14:16 - 19119168 ____A (PokerStars) C:\Users\Jenny\Downloads\PokerStarsInstallPM (1).exe
2012-07-21 14:08 - 2012-07-21 14:08 - 00000894 ____A C:\Users\Public\Desktop\PokerStars.net.lnk
2012-07-21 04:58 - 2012-07-21 04:58 - 00000288 ____A C:\Users\Jenny\Desktop\Terry Habdas Facebook.url
2012-07-12 10:03 - 2012-06-14 07:13 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-07-12 10:03 - 2012-06-14 07:13 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-06-22 07:35 - 2012-07-29 16:50 - 00070568 ____A (PC Tools) C:\Windows\System32\Drivers\pctplsg.sys
2012-06-22 07:34 - 2012-07-29 16:27 - 00203120 ____A (PC Tools) C:\Windows\System32\Drivers\PCTSD.sys
2012-06-22 07:33 - 2012-07-29 16:50 - 00017880 ____A (PC Tools) C:\Windows\System32\Drivers\pctBTFix.sys
2012-06-22 07:29 - 2012-07-29 16:51 - 00254944 ____A (PC Tools) C:\Windows\System32\Drivers\pctgntdi.sys
2012-06-22 07:29 - 2012-07-29 16:51 - 00107896 ____A (PC Tools) C:\Windows\System32\Drivers\pctwfpfilter.sys
2012-06-22 03:39 - 2012-07-29 16:52 - 02267096 ____A (Threat Expert Ltd.) C:\Windows\PCTBDCore.dll
2012-06-22 03:39 - 2012-07-29 16:52 - 01689560 ____A (Threat Expert Ltd.) C:\Windows\PCTBDRes.dll
2012-06-22 03:39 - 2012-07-29 16:52 - 00149464 ____A (PC Tools) C:\Windows\SGDetectionTool.dll
2012-06-22 03:39 - 2012-07-29 16:52 - 00070768 ____A (PC Tools) C:\Windows\System32\Drivers\PCTBD.sys
2012-06-22 03:38 - 2012-07-29 16:52 - 00767960 ____A C:\Windows\BDTSupport.dll
2012-06-22 02:43 - 2012-07-29 16:52 - 00003488 ____A C:\Windows\UDB.zip
2012-06-22 02:43 - 2012-07-29 16:52 - 00000882 ____A C:\Windows\RegSDImport.xml
2012-06-22 02:43 - 2012-07-29 16:52 - 00000879 ____A C:\Windows\RegISSImport.xml
2012-06-22 02:43 - 2012-07-29 16:52 - 00000131 ____A C:\Windows\IDB.zip
2012-06-14 08:20 - 2012-06-14 08:20 - 00001878 ____A C:\Users\Public\Desktop\Skype.lnk
2012-06-14 08:13 - 2012-06-14 08:13 - 00946352 ____A (Skype Technologies S.A.) C:\Users\Jenny\Downloads\SkypeSetup.exe
2012-06-06 05:00 - 2012-06-06 05:00 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2012-06-06 04:57 - 2012-06-06 04:57 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_07_00.Wdf
2012-06-05 23:28 - 2012-06-05 23:28 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-06-05 23:28 - 2012-06-05 23:28 - 00580608 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-06-05 23:28 - 2012-06-05 23:28 - 00434176 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-06-05 23:28 - 2012-06-05 23:28 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-06-05 23:28 - 2012-06-05 23:28 - 00367104 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-06-05 23:28 - 2012-06-05 23:28 - 00353792 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-06-05 23:28 - 2012-06-05 23:28 - 00353584 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-06-05 23:28 - 2012-06-05 23:28 - 00227840 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-06-05 23:28 - 2012-06-05 23:28 - 00223232 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-06-05 23:28 - 2012-06-05 23:28 - 00203776 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-06-05 23:28 - 2012-06-05 23:28 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-06-05 23:28 - 2012-06-05 23:28 - 00162304 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-06-05 23:28 - 2012-06-05 23:28 - 00161792 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-06-05 23:28 - 2012-06-05 23:28 - 00152064 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-06-05 23:28 - 2012-06-05 23:28 - 00150528 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-06-05 23:28 - 2012-06-05 23:28 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-05 23:28 - 2012-06-05 23:28 - 00130560 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-06-05 23:28 - 2012-06-05 23:28 - 00123392 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-06-05 23:28 - 2012-06-05 23:28 - 00118784 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-06-05 23:28 - 2012-06-05 23:28 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\advpack.dll
2012-06-05 23:28 - 2012-06-05 23:28 - 00110592 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-06-05 23:28 - 2012-06-05 23:28 - 00101888 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-06-05 23:28 - 2012-06-05 23:28 - 00086528 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-06-05 23:28 - 2012-06-05 23:28 - 00078848 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-06-05 23:28 - 2012-06-05 23:28 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-06-05 23:28 - 2012-06-05 23:28 - 00074752 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-06-05 23:28 - 2012-06-05 23:28 - 00074752 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-06-05 23:28 - 2012-06-05 23:28 - 00074240 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-06-05 23:28 - 2012-06-05 23:28 - 00066048 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-06-05 23:28 - 2012-06-05 23:28 - 00063488 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-06-05 23:28 - 2012-06-05 23:28 - 00054272 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-06-05 23:28 - 2012-06-05 23:28 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-06-05 23:28 - 2012-06-05 23:28 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-06-05 23:28 - 2012-06-05 23:28 - 00035840 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-06-05 23:28 - 2012-06-05 23:28 - 00031744 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-06-05 23:28 - 2012-06-05 23:28 - 00023552 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-06-05 23:28 - 2012-06-05 23:28 - 00011776 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-06-05 23:28 - 2012-06-05 23:28 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-06-05 23:28 - 2012-06-05 19:22 - 00009855 ____A C:\Windows\IE9_main.log
2012-06-05 23:28 - 2006-11-02 00:32 - 00008798 ____A C:\Windows\System32\icrav03.rat
2012-06-05 23:28 - 2006-11-02 00:32 - 00001988 ____A C:\Windows\System32\ticrf.rat
2012-06-05 23:27 - 2012-06-05 23:27 - 00979456 ____A (Microsoft Corporation) C:\Windows\System32\MFH264Dec.dll
2012-06-05 23:26 - 2012-06-05 23:26 - 02873344 ____A (Microsoft Corporation) C:\Windows\System32\mf.dll
2012-06-05 23:26 - 2012-06-05 23:26 - 01554432 ____A (Microsoft Corporation) C:\Windows\System32\xpsservices.dll
2012-06-05 23:26 - 2012-06-05 23:26 - 01075712 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2012-06-05 23:26 - 2012-06-05 23:26 - 01029120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2012-06-05 23:26 - 2012-06-05 23:26 - 00847360 ____A (Microsoft Corporation) C:\Windows\System32\OpcServices.dll
2012-06-05 23:26 - 2012-06-05 23:26 - 00667648 ____A (Microsoft Corporation) C:\Windows\System32\printfilterpipelinesvc.exe
2012-06-05 23:26 - 2012-06-05 23:26 - 00638336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2012-06-05 23:26 - 2012-06-05 23:26 - 00586240 ____A (Microsoft Corporation) C:\Windows\System32\stobject.dll
2012-06-05 23:26 - 2012-06-05 23:26 - 00486400 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-06-05 23:26 - 2012-06-05 23:26 - 00478720 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2012-06-05 23:26 - 2012-06-05 23:26 - 00357376 ____A (Microsoft Corporation) C:\Windows\System32\MFHEAACdec.dll
2012-06-05 23:26 - 2012-06-05 23:26 - 00302592 ____A (Microsoft Corporation) C:\Windows\System32\mfmp4src.dll
2012-06-05 23:26 - 2012-06-05 23:26 - 00261632 ____A (Microsoft Corporation) C:\Windows\System32\mfreadwrite.dll
2012-06-05 23:26 - 2012-06-05 23:26 - 00258048 ____A (Microsoft Corporation) C:\Windows\System32\winspool.drv
2012-06-05 23:26 - 2012-06-05 23:26 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\mfplat.dll
2012-06-05 23:26 - 2012-06-05 23:26 - 00189952 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2012-06-05 23:26 - 2012-06-05 23:26 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\XpsRasterService.dll
2012-06-05 23:26 - 2012-06-05 23:26 - 00098816 ____A (Microsoft Corporation) C:\Windows\System32\mfps.dll
2012-06-05 23:26 - 2012-06-05 23:26 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2012-06-05 23:26 - 2012-06-05 23:26 - 00026112 ____A (Microsoft Corporation) C:\Windows\System32\printfilterpipelineprxy.dll
2012-06-05 23:25 - 2012-06-05 23:25 - 00974848 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2012-06-05 23:25 - 2012-06-05 23:25 - 00519680 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2012-06-05 23:25 - 2012-06-05 23:25 - 00369664 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2012-06-05 23:25 - 2012-06-05 23:25 - 00321024 ____A (Microsoft Corporation) C:\Windows\System32\PhotoMetadataHandler.dll
2012-06-05 23:25 - 2012-06-05 23:25 - 00252928 ____A (Microsoft Corporation) C:\Windows\System32\dxdiag.exe
2012-06-05 23:25 - 2012-06-05 23:25 - 00195584 ____A (Microsoft Corporation) C:\Windows\System32\dxdiagn.dll
2012-06-05 23:25 - 2012-06-05 23:25 - 00189440 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2012-06-05 22:17 - 2012-06-05 22:17 - 00000445 ____A C:\Windows\SynInst.log
2012-05-31 04:25 - 2012-06-05 17:48 - 00237072 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-05-29 10:52 - 2012-05-29 10:52 - 01695705 ____A C:\Users\Jenny\Downloads\work contracts.zip
2012-05-06 14:47 - 2012-05-06 14:47 - 00000552 ____A C:\Users\Jenny\AppData\Local\d3d8caps.dat
ZeroAccess:
C:\Windows\Installer\{3624a3a5-981d-04b1-98b0-f76430e75c5c}
C:\Windows\Installer\{3624a3a5-981d-04b1-98b0-f76430e75c5c}\@
C:\Windows\Installer\{3624a3a5-981d-04b1-98b0-f76430e75c5c}\L
C:\Windows\Installer\{3624a3a5-981d-04b1-98b0-f76430e75c5c}\n
C:\Windows\Installer\{3624a3a5-981d-04b1-98b0-f76430e75c5c}\U
C:\Windows\Installer\{3624a3a5-981d-04b1-98b0-f76430e75c5c}\L\00000004.@
C:\Windows\Installer\{3624a3a5-981d-04b1-98b0-f76430e75c5c}\L\201d3dde
ZeroAccess:
C:\Users\Jenny\AppData\Local\{3624a3a5-981d-04b1-98b0-f76430e75c5c}
C:\Users\Jenny\AppData\Local\{3624a3a5-981d-04b1-98b0-f76430e75c5c}\@
C:\Users\Jenny\AppData\Local\{3624a3a5-981d-04b1-98b0-f76430e75c5c}\L
C:\Users\Jenny\AppData\Local\{3624a3a5-981d-04b1-98b0-f76430e75c5c}\n
C:\Users\Jenny\AppData\Local\{3624a3a5-981d-04b1-98b0-f76430e75c5c}\U
ZeroAccess:
C:\Windows\assembly\GAC\Desktop.ini
========================= Known DLLs (Whitelisted) ============
========================= Bamital & volsnap Check ============
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 8737764F4FD36D6808EE80578409C843 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
========================= Memory info ======================
Percentage of memory in use: 18%
Total physical RAM: 2037.68 MB
Available physical RAM: 1660.12 MB
Total Pagefile: 1850.34 MB
Available Pagefile: 1712.9 MB
Total Virtual: 2047.88 MB
Available Virtual: 1980.93 MB
======================= Partitions =========================
1 Drive c: (ACER) (Fixed) (Total:69.77 GB) (Free:20.57 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (DATA) (Fixed) (Total:69.52 GB) (Free:69.43 GB) NTFS
3 Drive e: (MultiBoot) (CDROM) (Total:0.56 GB) (Free:0 GB) CDFS
4 Drive f: (PQSERVICE) (Fixed) (Total:9.76 GB) (Free:2.05 GB) NTFS
5 Drive g: () (Removable) (Total:7.39 GB) (Free:7.39 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 149 GB 0 B
Disk 1 Online 7584 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 10 GB 32 KB
Partition 2 Primary 70 GB 10 GB
Partition 3 Primary 70 GB 80 GB
==================================================================================
Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F PQSERVICE NTFS Partition 10 GB Healthy Hidden
==================================================================================
Disk: 0
Partition 2
Type : 06
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C ACER NTFS Partition 70 GB Healthy
==================================================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D DATA NTFS Partition 70 GB Healthy
==================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7584 MB 40 KB
==================================================================================
Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 G FAT32 Removable 7584 MB Healthy
==================================================================================
==========================================================
Last Boot: 2012-07-29 19:06
======================= End Of Log ==========================
Farbar Recovery Scan Tool Version: 25-07-2012 01
Ran by SYSTEM at 2012-08-02 01:24:02
Running from G:\
================== Search: "services.exe" ===================
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
[2011-07-28 12:41] - [2009-04-11 00:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2008-01-20 20:24] - [2008-01-20 20:24] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C
C:\Windows\System32\services.exe
[2011-07-28 12:41] - [2012-08-01 16:56] - 0279552 ____A (Microsoft Corporation) 8737764F4FD36D6808EE80578409C843
=== End Of Search ===
Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 25-07-2012 01
Ran by SYSTEM at 02-08-2012 01:22:47
Running from G:\
Windows Vista (TM) Home Premium Service Pack 1 (X86) OS Language: English(US)
The current controlset is ControlSet001
========================== Registry (Whitelisted) =============
HKLM\...\Run: [] [x]
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [141848 2008-02-11] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [166424 2008-02-11] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [133656 2008-02-11] (Intel Corporation)
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation)
HKU\Jenny\...\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [17425072 2012-06-07] (Skype Technologies S.A.)
HKU\Jenny\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 208.67.220.220 200.107.239.2
================================ Services (Whitelisted) ==================
2 ALaunchService; C:\Acer\ALaunch\ALaunchSvc.exe [51200 2007-09-19] ()
2 BBSvc; C:\Program Files\Microsoft\BingBar\7.1.362.0\BBSvc.exe [193816 2012-02-13] (Microsoft Corporation.)
3 BBUpdate; C:\Program Files\Microsoft\BingBar\7.1.362.0\SeaPort.exe [240408 2012-02-13] (Microsoft Corporation.)
2 eDataSecurity Service; "C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe" [506416 2008-01-02] (Egis Incorporated)
2 eLockService; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [24576 2007-10-01] (Acer Inc.)
2 eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [131072 2007-12-20] (Acer Inc.)
2 eRecoveryService; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [57344 2007-09-10] (Acer Inc.)
2 eSettingsService; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [24576 2007-12-19] ()
2 Eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [21504 2008-01-20] (Microsoft Corporation)
2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe -p [110592 2007-11-27] ()
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [11552 2012-03-26] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [214952 2012-03-26] (Microsoft Corporation)
3 PCTSFileEnum; C:\Program Files\PC Tools\DMScanning\PCTSFiles.exe [89048 2012-06-22] (PC Tools)
2 RichVideo; "C:\Program Files\CyberLink\Shared Files\RichVideo.exe" [266343 2007-12-04] ()
2 Skype C2C Service; "C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe" [3048136 2012-05-30] (Skype Technologies S.A.)
2 SkypeUpdate; "C:\Program Files\Skype\Updater\Updater.exe" [160944 2012-06-07] (Skype Technologies)
2 WMIService; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [167936 2007-09-20] (acer)
2 McShield; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [x]
3 McSysmon; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [x]
========================== Drivers (Whitelisted) =============
3 DynCal; C:\Windows\System32\drivers\Dyncal.sys [12928 2007-11-07] (Padix Co., Ltd)
2 int15; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys [15392 2007-07-03] (Acer, Inc.)
0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
3 PCTBD; C:\Windows\System32\Drivers\PCTBD.sys [70768 2012-06-22] (PC Tools)
0 PCTCore; C:\Windows\System32\drivers\PCTCore.sys [383368 2012-04-23] (PC Tools)
0 pctDS; C:\Windows\System32\drivers\pctDS.sys [342168 2012-02-28] (PC Tools)
1 PCTSD; C:\Windows\System32\Drivers\PCTSD.sys [203120 2012-06-22] (PC Tools)
3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1729152 2007-06-12] ()
3 USBMULCD; C:\Windows\System32\drivers\CM106.sys [1516032 2009-01-09] (C-Media Electronics Inc)
3 winbondcir; C:\Windows\System32\DRIVERS\winbondcir.sys [43008 2007-03-28] (Winbond Electronics Corporation)
2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; \??\C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [41456 2008-01-04] (Cyberlink Corp.)
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
========================== NetSvcs (Whitelisted) ===========
============ One Month Created Files and Folders ==============
2012-08-01 16:56 - 2012-08-01 16:56 - 00043480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\vnjxqmas.sys
2012-07-29 20:24 - 2012-07-30 15:25 - 00000000 ____D C:\FRST
2012-07-29 19:04 - 2012-07-29 19:05 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-07-29 18:48 - 2012-07-29 18:48 - 00000000 ____D C:\Users\Jenny\AppData\Local\VS Revo Group
2012-07-29 18:48 - 2012-07-29 18:48 - 00000000 ____D C:\Program Files\VS Revo Group
2012-07-29 18:48 - 2009-12-30 03:21 - 00027192 ____A (VS Revo Group) C:\Windows\System32\Drivers\revoflt.sys
2012-07-29 18:44 - 2012-07-29 18:45 - 00000000 ____D C:\Users\Jenny\Downloads\Revo.Uninstaller.Pro.v2.5.8.0.Cracked-F4CG
2012-07-29 18:19 - 2012-07-29 18:21 - 00000000 ____D C:\Users\All Users\TuneUp Software
2012-07-29 18:19 - 2012-07-29 18:19 - 00000000 ____D C:\Users\Jenny\AppData\Roaming\TuneUp Software
2012-07-29 17:41 - 2012-07-29 17:41 - 00006655 ____A C:\Users\Jenny\Downloads\Read Me.txt
2012-07-29 17:41 - 2012-07-29 17:41 - 00000179 ____A C:\Users\Jenny\Downloads\license.txt
2012-07-29 17:33 - 2012-07-29 17:33 - 00000000 ____D C:\Program Files\uTorrent
2012-07-29 17:32 - 2012-07-29 18:56 - 00000000 ____D C:\Users\Jenny\AppData\Roaming\uTorrent
2012-07-29 17:31 - 2012-07-29 17:31 - 00895376 ____A (BitTorrent, Inc.) C:\Users\Jenny\Downloads\uTorrent.exe
2012-07-29 16:52 - 2012-06-22 03:39 - 02267096 ____A (Threat Expert Ltd.) C:\Windows\PCTBDCore.dll
2012-07-29 16:52 - 2012-06-22 03:39 - 01689560 ____A (Threat Expert Ltd.) C:\Windows\PCTBDRes.dll
2012-07-29 16:52 - 2012-06-22 03:39 - 00149464 ____A (PC Tools) C:\Windows\SGDetectionTool.dll
2012-07-29 16:52 - 2012-06-22 03:39 - 00070768 ____A (PC Tools) C:\Windows\System32\Drivers\PCTBD.sys
2012-07-29 16:52 - 2012-06-22 03:38 - 00767960 ____A C:\Windows\BDTSupport.dll
2012-07-29 16:52 - 2012-06-22 02:43 - 00003488 ____A C:\Windows\UDB.zip
2012-07-29 16:52 - 2012-06-22 02:43 - 00000882 ____A C:\Windows\RegSDImport.xml
2012-07-29 16:52 - 2012-06-22 02:43 - 00000879 ____A C:\Windows\RegISSImport.xml
2012-07-29 16:52 - 2012-06-22 02:43 - 00000131 ____A C:\Windows\IDB.zip
2012-07-29 16:51 - 2012-06-22 07:29 - 00254944 ____A (PC Tools) C:\Windows\System32\Drivers\pctgntdi.sys
2012-07-29 16:51 - 2012-06-22 07:29 - 00107896 ____A (PC Tools) C:\Windows\System32\Drivers\pctwfpfilter.sys
2012-07-29 16:50 - 2012-06-22 07:35 - 00070568 ____A (PC Tools) C:\Windows\System32\Drivers\pctplsg.sys
2012-07-29 16:50 - 2012-06-22 07:33 - 00017880 ____A (PC Tools) C:\Windows\System32\Drivers\pctBTFix.sys
2012-07-29 16:27 - 2012-07-29 18:54 - 00000000 ____D C:\Program Files\PC Tools
2012-07-29 16:27 - 2012-07-29 16:52 - 00000000 ____D C:\Program Files\Common Files\PC Tools
2012-07-29 16:27 - 2012-06-22 07:34 - 00203120 ____A (PC Tools) C:\Windows\System32\Drivers\PCTSD.sys
2012-07-29 16:27 - 2012-04-23 04:36 - 00383368 ____A (PC Tools) C:\Windows\System32\Drivers\PCTCore.sys
2012-07-29 16:27 - 2012-04-23 04:36 - 00162584 ____A (PC Tools) C:\Windows\System32\Drivers\PCTAppEvent.sys
2012-07-29 16:27 - 2012-02-28 03:43 - 00909728 ____A (PC Tools) C:\Windows\System32\Drivers\pctEFA.sys
2012-07-29 16:27 - 2012-02-28 03:43 - 00342168 ____A (PC Tools) C:\Windows\System32\Drivers\pctDS.sys
2012-07-29 16:26 - 2012-07-29 16:50 - 00000000 ____D C:\Users\All Users\PC Tools
2012-07-29 16:26 - 2012-07-29 16:26 - 00000000 ____D C:\Users\Jenny\AppData\Roaming\TestApp
2012-07-29 16:04 - 2012-07-29 16:04 - 00001818 ____A C:\Users\Jenny\Documents\antivirus.txt
2012-07-29 15:42 - 2012-07-29 15:42 - 00000000 __SHD C:\Users\All Users\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-07-29 15:39 - 2012-07-29 15:42 - 27959216 ____A (TuneUp Software) C:\Users\Jenny\Downloads\TuneUpUtilities2012_es-ES.exe
2012-07-29 15:18 - 2012-07-29 19:05 - 00001912 ____A C:\Windows\epplauncher.mif
2012-07-29 15:17 - 2012-07-29 15:18 - 10300288 ____A (Microsoft Corporation) C:\Users\Jenny\Downloads\mseinstall.exe
2012-07-26 15:59 - 2012-07-26 15:59 - 00217088 __RSH (gv) C:\Users\Jenny\koiumi.exe
2012-07-26 15:59 - 2012-07-26 15:59 - 00053248 ____A (Nonsyllabic) C:\Users\Jenny\jiarem.com
2012-07-26 15:56 - 2012-07-26 15:56 - 00193024 ____A C:\Users\Jenny\1mgf.exe
2012-07-26 15:56 - 2012-07-26 15:56 - 00086016 __RSH (rousedness) C:\Users\Jenny\jmbav.exe
2012-07-26 15:56 - 2012-07-26 15:56 - 00053248 ____A (Nonsyllabic) C:\Users\Jenny\hiizuz.com
2012-07-26 15:53 - 2012-07-26 15:53 - 00086016 __RSH (rousedness) C:\Users\Jenny\niedep.exe
2012-07-26 15:52 - 2012-07-26 15:56 - 00086016 ____A (rousedness) C:\Users\Jenny\start1.exe
2012-07-26 15:52 - 2012-07-26 15:56 - 00016384 ____A C:\Users\Jenny\zmgf.exe
2012-07-26 15:52 - 2012-07-26 15:52 - 00086016 __RSH (rousedness) C:\Users\Jenny\heateh.exe
2012-07-26 15:52 - 2012-07-26 15:52 - 00053248 ____A (Nonsyllabic) C:\Users\Jenny\weohox.com
2012-07-26 15:52 - 2012-07-26 15:52 - 00053248 ____A (Nonsyllabic) C:\Users\Jenny\puipeb.com
2012-07-26 15:52 - 2012-07-26 15:52 - 00053248 ____A (Nonsyllabic) C:\Users\Jenny\kbiw.com
2012-07-21 14:22 - 2012-07-21 14:22 - 19119176 ____A (PokerStars) C:\Users\Jenny\Downloads\PokerStarsInstallPM.exe
2012-07-21 14:16 - 2012-07-21 14:17 - 19119168 ____A (PokerStars) C:\Users\Jenny\Downloads\PokerStarsInstallPM (1).exe
2012-07-21 14:08 - 2012-07-29 19:17 - 00000000 ____D C:\Users\Jenny\AppData\Local\PokerStars.NET
2012-07-21 14:08 - 2012-07-21 14:08 - 00000894 ____A C:\Users\Public\Desktop\PokerStars.net.lnk
2012-07-21 14:07 - 2012-07-21 14:09 - 00000000 ____D C:\Program Files\PokerStars.NET
2012-07-21 04:58 - 2012-07-21 04:58 - 00000288 ____A C:\Users\Jenny\Desktop\Terry Habdas Facebook.url
2012-07-09 07:41 - 2012-07-09 07:41 - 00000000 ____D C:\Users\Jenny\AppData\Local\Downloaded Installations
============ 3 Months Modified Files ========================
2012-08-01 16:56 - 2012-08-01 16:56 - 00043480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\vnjxqmas.sys
2012-08-01 16:56 - 2011-07-28 12:41 - 00279552 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
2012-08-01 16:55 - 2006-11-02 07:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-01 16:55 - 2006-11-02 06:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-01 16:55 - 2006-11-02 06:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-01 16:54 - 2008-01-20 20:47 - 01407852 ____A C:\Windows\PFRO.log
2012-08-01 16:53 - 2006-11-02 07:01 - 00032564 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-30 15:52 - 2006-11-02 06:47 - 00303536 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-29 21:06 - 2012-05-06 14:30 - 00000680 ____A C:\Users\Jenny\AppData\Local\d3d9caps.dat
2012-07-29 20:58 - 2008-01-21 01:23 - 01506514 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-29 20:45 - 2008-07-14 12:36 - 01274328 ____A C:\Windows\WindowsUpdate.log
2012-07-29 19:05 - 2012-07-29 15:18 - 00001912 ____A C:\Windows\epplauncher.mif
2012-07-29 19:00 - 2012-06-14 07:13 - 00000838 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-29 17:41 - 2012-07-29 17:41 - 00006655 ____A C:\Users\Jenny\Downloads\Read Me.txt
2012-07-29 17:41 - 2012-07-29 17:41 - 00000179 ____A C:\Users\Jenny\Downloads\license.txt
2012-07-29 17:31 - 2012-07-29 17:31 - 00895376 ____A (BitTorrent, Inc.) C:\Users\Jenny\Downloads\uTorrent.exe
2012-07-29 16:04 - 2012-07-29 16:04 - 00001818 ____A C:\Users\Jenny\Documents\antivirus.txt
2012-07-29 15:42 - 2012-07-29 15:39 - 27959216 ____A (TuneUp Software) C:\Users\Jenny\Downloads\TuneUpUtilities2012_es-ES.exe
2012-07-29 15:18 - 2012-07-29 15:17 - 10300288 ____A (Microsoft Corporation) C:\Users\Jenny\Downloads\mseinstall.exe
2012-07-26 15:59 - 2012-07-26 15:59 - 00217088 __RSH (gv) C:\Users\Jenny\koiumi.exe
2012-07-26 15:59 - 2012-07-26 15:59 - 00053248 ____A (Nonsyllabic) C:\Users\Jenny\jiarem.com
2012-07-26 15:56 - 2012-07-26 15:56 - 00193024 ____A C:\Users\Jenny\1mgf.exe
2012-07-26 15:56 - 2012-07-26 15:56 - 00086016 __RSH (rousedness) C:\Users\Jenny\jmbav.exe
2012-07-26 15:56 - 2012-07-26 15:56 - 00053248 ____A (Nonsyllabic) C:\Users\Jenny\hiizuz.com
2012-07-26 15:56 - 2012-07-26 15:52 - 00086016 ____A (rousedness) C:\Users\Jenny\start1.exe
2012-07-26 15:56 - 2012-07-26 15:52 - 00016384 ____A C:\Users\Jenny\zmgf.exe
2012-07-26 15:53 - 2012-07-26 15:53 - 00086016 __RSH (rousedness) C:\Users\Jenny\niedep.exe
2012-07-26 15:52 - 2012-07-26 15:52 - 00086016 __RSH (rousedness) C:\Users\Jenny\heateh.exe
2012-07-26 15:52 - 2012-07-26 15:52 - 00053248 ____A (Nonsyllabic) C:\Users\Jenny\weohox.com
2012-07-26 15:52 - 2012-07-26 15:52 - 00053248 ____A (Nonsyllabic) C:\Users\Jenny\puipeb.com
2012-07-26 15:52 - 2012-07-26 15:52 - 00053248 ____A (Nonsyllabic) C:\Users\Jenny\kbiw.com
2012-07-25 07:29 - 2006-11-02 06:52 - 00192559 ____A C:\Windows\setupact.log
2012-07-21 14:22 - 2012-07-21 14:22 - 19119176 ____A (PokerStars) C:\Users\Jenny\Downloads\PokerStarsInstallPM.exe
2012-07-21 14:17 - 2012-07-21 14:16 - 19119168 ____A (PokerStars) C:\Users\Jenny\Downloads\PokerStarsInstallPM (1).exe
2012-07-21 14:08 - 2012-07-21 14:08 - 00000894 ____A C:\Users\Public\Desktop\PokerStars.net.lnk
2012-07-21 04:58 - 2012-07-21 04:58 - 00000288 ____A C:\Users\Jenny\Desktop\Terry Habdas Facebook.url
2012-07-12 10:03 - 2012-06-14 07:13 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-07-12 10:03 - 2012-06-14 07:13 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-06-22 07:35 - 2012-07-29 16:50 - 00070568 ____A (PC Tools) C:\Windows\System32\Drivers\pctplsg.sys
2012-06-22 07:34 - 2012-07-29 16:27 - 00203120 ____A (PC Tools) C:\Windows\System32\Drivers\PCTSD.sys
2012-06-22 07:33 - 2012-07-29 16:50 - 00017880 ____A (PC Tools) C:\Windows\System32\Drivers\pctBTFix.sys
2012-06-22 07:29 - 2012-07-29 16:51 - 00254944 ____A (PC Tools) C:\Windows\System32\Drivers\pctgntdi.sys
2012-06-22 07:29 - 2012-07-29 16:51 - 00107896 ____A (PC Tools) C:\Windows\System32\Drivers\pctwfpfilter.sys
2012-06-22 03:39 - 2012-07-29 16:52 - 02267096 ____A (Threat Expert Ltd.) C:\Windows\PCTBDCore.dll
2012-06-22 03:39 - 2012-07-29 16:52 - 01689560 ____A (Threat Expert Ltd.) C:\Windows\PCTBDRes.dll
2012-06-22 03:39 - 2012-07-29 16:52 - 00149464 ____A (PC Tools) C:\Windows\SGDetectionTool.dll
2012-06-22 03:39 - 2012-07-29 16:52 - 00070768 ____A (PC Tools) C:\Windows\System32\Drivers\PCTBD.sys
2012-06-22 03:38 - 2012-07-29 16:52 - 00767960 ____A C:\Windows\BDTSupport.dll
2012-06-22 02:43 - 2012-07-29 16:52 - 00003488 ____A C:\Windows\UDB.zip
2012-06-22 02:43 - 2012-07-29 16:52 - 00000882 ____A C:\Windows\RegSDImport.xml
2012-06-22 02:43 - 2012-07-29 16:52 - 00000879 ____A C:\Windows\RegISSImport.xml
2012-06-22 02:43 - 2012-07-29 16:52 - 00000131 ____A C:\Windows\IDB.zip
2012-06-14 08:20 - 2012-06-14 08:20 - 00001878 ____A C:\Users\Public\Desktop\Skype.lnk
2012-06-14 08:13 - 2012-06-14 08:13 - 00946352 ____A (Skype Technologies S.A.) C:\Users\Jenny\Downloads\SkypeSetup.exe
2012-06-06 05:00 - 2012-06-06 05:00 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2012-06-06 04:57 - 2012-06-06 04:57 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_07_00.Wdf
2012-06-05 23:28 - 2012-06-05 23:28 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-06-05 23:28 - 2012-06-05 23:28 - 00580608 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-06-05 23:28 - 2012-06-05 23:28 - 00434176 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-06-05 23:28 - 2012-06-05 23:28 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-06-05 23:28 - 2012-06-05 23:28 - 00367104 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-06-05 23:28 - 2012-06-05 23:28 - 00353792 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-06-05 23:28 - 2012-06-05 23:28 - 00353584 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-06-05 23:28 - 2012-06-05 23:28 - 00227840 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-06-05 23:28 - 2012-06-05 23:28 - 00223232 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-06-05 23:28 - 2012-06-05 23:28 - 00203776 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-06-05 23:28 - 2012-06-05 23:28 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-06-05 23:28 - 2012-06-05 23:28 - 00162304 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-06-05 23:28 - 2012-06-05 23:28 - 00161792 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-06-05 23:28 - 2012-06-05 23:28 - 00152064 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-06-05 23:28 - 2012-06-05 23:28 - 00150528 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-06-05 23:28 - 2012-06-05 23:28 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-05 23:28 - 2012-06-05 23:28 - 00130560 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-06-05 23:28 - 2012-06-05 23:28 - 00123392 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-06-05 23:28 - 2012-06-05 23:28 - 00118784 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-06-05 23:28 - 2012-06-05 23:28 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\advpack.dll
2012-06-05 23:28 - 2012-06-05 23:28 - 00110592 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-06-05 23:28 - 2012-06-05 23:28 - 00101888 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-06-05 23:28 - 2012-06-05 23:28 - 00086528 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-06-05 23:28 - 2012-06-05 23:28 - 00078848 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-06-05 23:28 - 2012-06-05 23:28 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-06-05 23:28 - 2012-06-05 23:28 - 00074752 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-06-05 23:28 - 2012-06-05 23:28 - 00074752 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-06-05 23:28 - 2012-06-05 23:28 - 00074240 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-06-05 23:28 - 2012-06-05 23:28 - 00066048 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-06-05 23:28 - 2012-06-05 23:28 - 00063488 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-06-05 23:28 - 2012-06-05 23:28 - 00054272 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-06-05 23:28 - 2012-06-05 23:28 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-06-05 23:28 - 2012-06-05 23:28 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-06-05 23:28 - 2012-06-05 23:28 - 00035840 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-06-05 23:28 - 2012-06-05 23:28 - 00031744 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-06-05 23:28 - 2012-06-05 23:28 - 00023552 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-06-05 23:28 - 2012-06-05 23:28 - 00011776 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-06-05 23:28 - 2012-06-05 23:28 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-06-05 23:28 - 2012-06-05 19:22 - 00009855 ____A C:\Windows\IE9_main.log
2012-06-05 23:28 - 2006-11-02 00:32 - 00008798 ____A C:\Windows\System32\icrav03.rat
2012-06-05 23:28 - 2006-11-02 00:32 - 00001988 ____A C:\Windows\System32\ticrf.rat
2012-06-05 23:27 - 2012-06-05 23:27 - 00979456 ____A (Microsoft Corporation) C:\Windows\System32\MFH264Dec.dll
2012-06-05 23:26 - 2012-06-05 23:26 - 02873344 ____A (Microsoft Corporation) C:\Windows\System32\mf.dll
2012-06-05 23:26 - 2012-06-05 23:26 - 01554432 ____A (Microsoft Corporation) C:\Windows\System32\xpsservices.dll
2012-06-05 23:26 - 2012-06-05 23:26 - 01075712 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2012-06-05 23:26 - 2012-06-05 23:26 - 01029120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2012-06-05 23:26 - 2012-06-05 23:26 - 00847360 ____A (Microsoft Corporation) C:\Windows\System32\OpcServices.dll
2012-06-05 23:26 - 2012-06-05 23:26 - 00667648 ____A (Microsoft Corporation) C:\Windows\System32\printfilterpipelinesvc.exe
2012-06-05 23:26 - 2012-06-05 23:26 - 00638336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2012-06-05 23:26 - 2012-06-05 23:26 - 00586240 ____A (Microsoft Corporation) C:\Windows\System32\stobject.dll
2012-06-05 23:26 - 2012-06-05 23:26 - 00486400 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-06-05 23:26 - 2012-06-05 23:26 - 00478720 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2012-06-05 23:26 - 2012-06-05 23:26 - 00357376 ____A (Microsoft Corporation) C:\Windows\System32\MFHEAACdec.dll
2012-06-05 23:26 - 2012-06-05 23:26 - 00302592 ____A (Microsoft Corporation) C:\Windows\System32\mfmp4src.dll
2012-06-05 23:26 - 2012-06-05 23:26 - 00261632 ____A (Microsoft Corporation) C:\Windows\System32\mfreadwrite.dll
2012-06-05 23:26 - 2012-06-05 23:26 - 00258048 ____A (Microsoft Corporation) C:\Windows\System32\winspool.drv
2012-06-05 23:26 - 2012-06-05 23:26 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\mfplat.dll
2012-06-05 23:26 - 2012-06-05 23:26 - 00189952 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2012-06-05 23:26 - 2012-06-05 23:26 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\XpsRasterService.dll
2012-06-05 23:26 - 2012-06-05 23:26 - 00098816 ____A (Microsoft Corporation) C:\Windows\System32\mfps.dll
2012-06-05 23:26 - 2012-06-05 23:26 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2012-06-05 23:26 - 2012-06-05 23:26 - 00026112 ____A (Microsoft Corporation) C:\Windows\System32\printfilterpipelineprxy.dll
2012-06-05 23:25 - 2012-06-05 23:25 - 00974848 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2012-06-05 23:25 - 2012-06-05 23:25 - 00519680 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2012-06-05 23:25 - 2012-06-05 23:25 - 00369664 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2012-06-05 23:25 - 2012-06-05 23:25 - 00321024 ____A (Microsoft Corporation) C:\Windows\System32\PhotoMetadataHandler.dll
2012-06-05 23:25 - 2012-06-05 23:25 - 00252928 ____A (Microsoft Corporation) C:\Windows\System32\dxdiag.exe
2012-06-05 23:25 - 2012-06-05 23:25 - 00195584 ____A (Microsoft Corporation) C:\Windows\System32\dxdiagn.dll
2012-06-05 23:25 - 2012-06-05 23:25 - 00189440 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2012-06-05 22:17 - 2012-06-05 22:17 - 00000445 ____A C:\Windows\SynInst.log
2012-05-31 04:25 - 2012-06-05 17:48 - 00237072 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-05-29 10:52 - 2012-05-29 10:52 - 01695705 ____A C:\Users\Jenny\Downloads\work contracts.zip
2012-05-06 14:47 - 2012-05-06 14:47 - 00000552 ____A C:\Users\Jenny\AppData\Local\d3d8caps.dat
ZeroAccess:
C:\Windows\Installer\{3624a3a5-981d-04b1-98b0-f76430e75c5c}
C:\Windows\Installer\{3624a3a5-981d-04b1-98b0-f76430e75c5c}\@
C:\Windows\Installer\{3624a3a5-981d-04b1-98b0-f76430e75c5c}\L
C:\Windows\Installer\{3624a3a5-981d-04b1-98b0-f76430e75c5c}\n
C:\Windows\Installer\{3624a3a5-981d-04b1-98b0-f76430e75c5c}\U
C:\Windows\Installer\{3624a3a5-981d-04b1-98b0-f76430e75c5c}\L\00000004.@
C:\Windows\Installer\{3624a3a5-981d-04b1-98b0-f76430e75c5c}\L\201d3dde
ZeroAccess:
C:\Users\Jenny\AppData\Local\{3624a3a5-981d-04b1-98b0-f76430e75c5c}
C:\Users\Jenny\AppData\Local\{3624a3a5-981d-04b1-98b0-f76430e75c5c}\@
C:\Users\Jenny\AppData\Local\{3624a3a5-981d-04b1-98b0-f76430e75c5c}\L
C:\Users\Jenny\AppData\Local\{3624a3a5-981d-04b1-98b0-f76430e75c5c}\n
C:\Users\Jenny\AppData\Local\{3624a3a5-981d-04b1-98b0-f76430e75c5c}\U
ZeroAccess:
C:\Windows\assembly\GAC\Desktop.ini
========================= Known DLLs (Whitelisted) ============
========================= Bamital & volsnap Check ============
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 8737764F4FD36D6808EE80578409C843 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
========================= Memory info ======================
Percentage of memory in use: 18%
Total physical RAM: 2037.68 MB
Available physical RAM: 1660.12 MB
Total Pagefile: 1850.34 MB
Available Pagefile: 1712.9 MB
Total Virtual: 2047.88 MB
Available Virtual: 1980.93 MB
======================= Partitions =========================
1 Drive c: (ACER) (Fixed) (Total:69.77 GB) (Free:20.57 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (DATA) (Fixed) (Total:69.52 GB) (Free:69.43 GB) NTFS
3 Drive e: (MultiBoot) (CDROM) (Total:0.56 GB) (Free:0 GB) CDFS
4 Drive f: (PQSERVICE) (Fixed) (Total:9.76 GB) (Free:2.05 GB) NTFS
5 Drive g: () (Removable) (Total:7.39 GB) (Free:7.39 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 149 GB 0 B
Disk 1 Online 7584 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 10 GB 32 KB
Partition 2 Primary 70 GB 10 GB
Partition 3 Primary 70 GB 80 GB
==================================================================================
Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F PQSERVICE NTFS Partition 10 GB Healthy Hidden
==================================================================================
Disk: 0
Partition 2
Type : 06
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C ACER NTFS Partition 70 GB Healthy
==================================================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D DATA NTFS Partition 70 GB Healthy
==================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7584 MB 40 KB
==================================================================================
Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 G FAT32 Removable 7584 MB Healthy
==================================================================================
==========================================================
Last Boot: 2012-07-29 19:06
======================= End Of Log ==========================
Farbar Recovery Scan Tool Version: 25-07-2012 01
Ran by SYSTEM at 2012-08-02 01:24:02
Running from G:\
================== Search: "services.exe" ===================
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
[2011-07-28 12:41] - [2009-04-11 00:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2008-01-20 20:24] - [2008-01-20 20:24] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C
C:\Windows\System32\services.exe
[2011-07-28 12:41] - [2012-08-01 16:56] - 0279552 ____A (Microsoft Corporation) 8737764F4FD36D6808EE80578409C843
=== End Of Search ===