I installed MSE and now windows continually reports that it will reboot in one minute.
Here is the FRST:
Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 07-07-2012
Ran by SYSTEM at 06-07-2012 17:20:11
Running from F:\
Windows 7 Home Premium (X86) OS Language: English(US)
The current controlset is ControlSet001
========================== Registry (Whitelisted) =============
HKLM\...\Run: [] [x]
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
================================ Services (Whitelisted) ==================
2 AMD External Events Utility; C:\Windows\System32\atiesrxx.exe [176128 2009-07-29] (AMD)
2 cfWiMAXService; "C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe" [185712 2009-08-10] (TOSHIBA CORPORATION)
2 ConfigFree Service; "C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe" [46448 2009-03-10] (TOSHIBA CORPORATION)
2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
3 GameConsoleService; "C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe" [250616 2009-05-22] (WildTangent, Inc.)
3 odserv; "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE" [440696 2011-07-20] (Microsoft Corporation)
3 ose; "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" [145184 2006-10-26] (Microsoft Corporation)
4 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [51512 2009-08-17] (TOSHIBA Corporation)
4 TosCoSrv; "C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe" [464224 2009-08-05] (TOSHIBA Corporation)
4 TOSHIBA HDD SSD Alert Service; "C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe" [111960 2009-08-03] (TOSHIBA Corporation)
2 McMPFSvc; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [x]
2 mcmscsvc; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [x]
2 McNaiAnn; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [x]
2 McNASvc; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [x]
2 McProxy; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [x]
2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [x]
3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [x]
========================== Drivers (Whitelisted) =============
3 AgereSoftModem; C:\Windows\System32\DRIVERS\AGRSM.sys [1035776 2009-07-13] (LSI Corp)
0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [36208 2009-07-02] (COMPAL ELECTRONIC INC.)
3 MBAMSwissArmy; \??\C:\windows\system32\drivers\mbamswissarmy.sys [40776 2012-07-06] (Malwarebytes Corporation)
0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
3 RTL8187Se; C:\Windows\System32\DRIVERS\RTL8187Se.sys [372736 2009-08-13] (Realtek Semiconductor Corporation )
3 sscdbus; C:\Windows\System32\DRIVERS\sscdbus.sys [58352 2005-08-17] (MCCI)
3 sscdmdfl; C:\Windows\System32\DRIVERS\sscdmdfl.sys [8272 2005-08-17] (MCCI)
3 sscdmdm; C:\Windows\System32\DRIVERS\sscdmdm.sys [93872 2005-08-17] (MCCI)
3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [73696 2005-08-17] (MCCI)
3 RSUSBSTOR; C:\Windows\System32\Drivers\RtsUStor.sys [x]
3 RtsUIR; C:\Windows\System32\DRIVERS\Rts516xIR.sys [x]
3 USBCCID; C:\Windows\System32\DRIVERS\RtsUCcid.sys [x]
========================== NetSvcs (Whitelisted) ===========
============ One Month Created Files and Folders ==============
2012-07-06 17:20 - 2012-07-06 17:20 - 00000000 ____D C:\FRST
2012-07-06 16:16 - 2012-07-06 16:16 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2012-07-06 16:14 - 2012-07-06 16:14 - 00001082 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-06 16:14 - 2012-07-06 16:14 - 00000000 ____D C:\Users\Madeleine\AppData\Roaming\Malwarebytes
2012-07-06 16:14 - 2012-07-06 16:14 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-07-06 16:14 - 2012-07-06 16:14 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-07-06 16:14 - 2012-04-04 14:56 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-06 16:10 - 2012-07-06 15:56 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Madeleine\Desktop\mbam-setup-1.61.0.1400.exe
2012-07-06 16:01 - 2012-07-06 16:01 - 00000000 ____D C:\Windows\pss
2012-07-06 15:20 - 2012-07-06 15:25 - 00000924 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2154832967-2336251912-3245014883-1001UA.job
2012-07-06 15:20 - 2012-07-06 15:25 - 00000872 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2154832967-2336251912-3245014883-1001Core.job
2012-07-06 15:18 - 2012-07-06 15:18 - 00739856 ____A (Google Inc.) C:\Users\Madeleine\Downloads\ChromeSetup.exe
2012-07-06 15:14 - 2012-07-06 15:14 - 00001945 ____A C:\Windows\epplauncher.mif
2012-07-06 15:13 - 2012-07-06 15:14 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-07-06 15:12 - 2012-07-06 15:12 - 10288512 ____A (Microsoft Corporation) C:\Users\Madeleine\Downloads\mseinstall.exe
2012-06-23 20:06 - 2012-06-23 20:06 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-22 17:59 - 2012-06-02 14:19 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-22 17:59 - 2012-06-02 14:19 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-22 17:59 - 2012-06-02 14:19 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-22 17:59 - 2012-06-02 14:19 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-22 17:59 - 2012-06-02 14:19 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-22 17:59 - 2012-06-02 14:12 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-22 17:59 - 2012-06-02 14:12 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-22 17:58 - 2012-06-02 14:19 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-22 17:58 - 2012-06-02 14:12 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-17 16:06 - 2012-06-17 16:06 - 00002261 ____A C:\Users\Madeleine\Desktop\Kindle.lnk
2012-06-17 16:06 - 2012-06-17 16:06 - 00000000 ____D C:\Users\Madeleine\Documents\My Kindle Content
2012-06-17 16:06 - 2012-06-17 16:06 - 00000000 ____D C:\Users\Madeleine\AppData\Local\Amazon
2012-06-17 16:04 - 2012-06-17 16:06 - 28901696 ____A (Amazon.com) C:\Users\Madeleine\Downloads\KindleForPC-installer.exe
2012-06-17 15:15 - 2012-06-17 15:16 - 00000000 ____D C:\Users\Madeleine\Desktop\wigglestick
2012-06-13 16:48 - 2012-04-27 19:17 - 00183808 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-13 16:48 - 2012-04-19 21:00 - 01231360 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-13 16:48 - 2012-04-19 20:57 - 06027776 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-13 16:48 - 2012-04-19 20:57 - 00627712 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-06-13 16:48 - 2012-04-19 20:56 - 11020800 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-13 16:48 - 2012-04-19 20:56 - 02073600 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-13 16:47 - 2012-05-14 19:03 - 00981504 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-13 16:47 - 2012-05-14 19:00 - 00048128 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-13 16:47 - 2012-05-14 17:05 - 02343936 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-13 16:47 - 2012-04-30 20:44 - 00164352 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-06-13 16:47 - 2012-04-25 20:45 - 00129536 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-13 16:47 - 2012-04-25 20:45 - 00058880 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-13 16:47 - 2012-04-25 20:41 - 00008192 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-13 16:47 - 2012-04-23 20:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-06-13 16:47 - 2012-04-23 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-13 16:47 - 2012-04-23 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-06-13 16:47 - 2012-04-19 21:00 - 00132096 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-13 16:47 - 2012-04-19 20:57 - 00067584 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-13 16:47 - 2012-04-19 20:56 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-13 16:47 - 2012-04-19 19:16 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-13 16:47 - 2012-04-16 20:34 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-13 16:47 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-06-09 13:49 - 2012-06-09 13:49 - 00000000 ____D C:\Users\Madeleine\AppData\Local\Macromedia
2012-06-09 13:48 - 2012-07-06 15:43 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-09 13:48 - 2012-06-22 17:49 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
============ 3 Months Modified Files ========================
2012-07-06 16:16 - 2012-07-06 16:16 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2012-07-06 16:16 - 2011-01-19 19:23 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-06 16:15 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-06 16:15 - 2009-07-13 20:39 - 00072173 ____A C:\Windows\setupact.log
2012-07-06 16:14 - 2012-07-06 16:14 - 00001082 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-06 15:58 - 2010-07-20 04:28 - 01507162 ____A C:\Windows\WindowsUpdate.log
2012-07-06 15:56 - 2012-07-06 16:10 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Madeleine\Desktop\mbam-setup-1.61.0.1400.exe
2012-07-06 15:43 - 2012-06-09 13:48 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-06 15:27 - 2009-08-27 20:23 - 00208804 ____A C:\Windows\PFRO.log
2012-07-06 15:25 - 2012-07-06 15:20 - 00000924 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2154832967-2336251912-3245014883-1001UA.job
2012-07-06 15:25 - 2012-07-06 15:20 - 00000872 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2154832967-2336251912-3245014883-1001Core.job
2012-07-06 15:18 - 2012-07-06 15:18 - 00739856 ____A (Google Inc.) C:\Users\Madeleine\Downloads\ChromeSetup.exe
2012-07-06 15:17 - 2009-07-13 20:34 - 00016304 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-06 15:17 - 2009-07-13 20:34 - 00016304 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-06 15:14 - 2012-07-06 15:14 - 00001945 ____A C:\Windows\epplauncher.mif
2012-07-06 15:14 - 2009-08-27 20:12 - 00743360 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-06 15:12 - 2012-07-06 15:12 - 10288512 ____A (Microsoft Corporation) C:\Users\Madeleine\Downloads\mseinstall.exe
2012-07-06 15:12 - 2011-01-19 19:23 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-06-30 08:22 - 2011-05-17 08:31 - 00003318 ____A C:\Users\Madeleine\AppData\Roaming\wklnhst.dat
2012-06-22 17:49 - 2012-06-09 13:48 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-06-22 17:49 - 2011-05-12 21:37 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-06-17 16:06 - 2012-06-17 16:06 - 00002261 ____A C:\Users\Madeleine\Desktop\Kindle.lnk
2012-06-17 16:06 - 2012-06-17 16:04 - 28901696 ____A (Amazon.com) C:\Users\Madeleine\Downloads\KindleForPC-installer.exe
2012-06-14 22:26 - 2009-07-13 20:33 - 00340792 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-13 22:29 - 2011-09-24 14:41 - 56731752 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-02 14:19 - 2012-06-22 17:59 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-22 17:59 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-22 17:59 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-22 17:59 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-22 17:59 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:19 - 2012-06-22 17:58 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 14:12 - 2012-06-22 17:59 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:12 - 2012-06-22 17:59 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 14:12 - 2012-06-22 17:58 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-05-26 21:03 - 2012-05-26 21:03 - 00230912 ____A C:\Users\Madeleine\Desktop\Pimpernel.wps
2012-05-26 16:38 - 2009-07-13 20:53 - 00032554 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-05-25 15:56 - 2012-05-25 15:54 - 43383792 ____A (Online Media Technologies Ltd. ) C:\Users\Madeleine\Downloads\AVSAudioEditor.exe
2012-05-14 19:03 - 2012-06-13 16:47 - 00981504 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-14 19:00 - 2012-06-13 16:47 - 00048128 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-14 17:05 - 2012-06-13 16:47 - 02343936 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-13 13:19 - 2012-04-13 22:24 - 00001412 ____A C:\Users\Madeleine\Desktop\passwords.rtf
2012-04-30 20:44 - 2012-06-13 16:47 - 00164352 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-27 19:17 - 2012-06-13 16:48 - 00183808 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-25 20:45 - 2012-06-13 16:47 - 00129536 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 20:45 - 2012-06-13 16:47 - 00058880 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 20:41 - 2012-06-13 16:47 - 00008192 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-23 20:36 - 2012-06-13 16:47 - 01158656 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 20:36 - 2012-06-13 16:47 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 20:36 - 2012-06-13 16:47 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-19 21:00 - 2012-06-13 16:48 - 01231360 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-04-19 21:00 - 2012-06-13 16:47 - 00132096 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-04-19 20:57 - 2012-06-13 16:48 - 06027776 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-04-19 20:57 - 2012-06-13 16:48 - 00627712 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-04-19 20:57 - 2012-06-13 16:47 - 00067584 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-04-19 20:56 - 2012-06-13 16:48 - 11020800 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-04-19 20:56 - 2012-06-13 16:48 - 02073600 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-04-19 20:56 - 2012-06-13 16:47 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-04-19 19:16 - 2012-06-13 16:47 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-04-16 20:34 - 2012-06-13 16:47 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
ZeroAccess:
C:\Windows\Installer
C:\Windows\Installer\{5f39f308-db65-0458-aa60-040a08dbd9c9}\@
C:\Windows\Installer\{5f39f308-db65-0458-aa60-040a08dbd9c9}\L
C:\Windows\Installer\{5f39f308-db65-0458-aa60-040a08dbd9c9}\U
C:\Windows\Installer\{5f39f308-db65-0458-aa60-040a08dbd9c9}\U\00000001.@
C:\Windows\Installer\{5f39f308-db65-0458-aa60-040a08dbd9c9}\U\80000000.@
ZeroAccess:
C:\Users\Madeleine\AppData\Local
C:\Users\Madeleine\AppData\Local\{5f39f308-db65-0458-aa60-040a08dbd9c9}\@
C:\Users\Madeleine\AppData\Local\{5f39f308-db65-0458-aa60-040a08dbd9c9}\L
C:\Users\Madeleine\AppData\Local\{5f39f308-db65-0458-aa60-040a08dbd9c9}\U
========================= Known DLLs (Whitelisted) ============
========================= Bamital & volsnap Check ============
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe A302BBFF2A7278C0E239EE5D471D86A9 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
========================= Memory info ======================
Percentage of memory in use: 20%
Total physical RAM: 1790.42 MB
Available physical RAM: 1423.92 MB
Total Pagefile: 1790.42 MB
Available Pagefile: 1419.48 MB
Total Virtual: 2047.88 MB
Available Virtual: 1971.55 MB
======================= Partitions =========================
1 Drive c: (TI105866W0A) (Fixed) (Total:223.33 GB) (Free:179.19 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (System) (Fixed) (Total:1.46 GB) (Free:1.28 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: (Transcend) (Removable) (Total:3.73 GB) (Free:3.55 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 232 GB 0 B
Disk 1 Online 3830 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 1500 MB 1024 KB
Partition 2 Primary 223 GB 1501 MB
Partition 3 Primary 8 GB 224 GB
==================================================================================
Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D System NTFS Partition 1500 MB Healthy Hidden
==================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C TI105866W0A NTFS Partition 223 GB Healthy
==================================================================================
Disk: 0
Partition 3
Type : 17 (Suspicious Type)
Hidden: Yes
Active: No
There is no volume associated with this partition.
==================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3826 MB 4096 KB
==================================================================================
Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F Transcend FAT32 Removable 3826 MB Healthy
==================================================================================
==========================================================
Last Boot: 2012-04-12 18:48
======================= End Of Log ==========================
which is all l can run
Here is the FRST:
Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 07-07-2012
Ran by SYSTEM at 06-07-2012 17:20:11
Running from F:\
Windows 7 Home Premium (X86) OS Language: English(US)
The current controlset is ControlSet001
========================== Registry (Whitelisted) =============
HKLM\...\Run: [] [x]
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
================================ Services (Whitelisted) ==================
2 AMD External Events Utility; C:\Windows\System32\atiesrxx.exe [176128 2009-07-29] (AMD)
2 cfWiMAXService; "C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe" [185712 2009-08-10] (TOSHIBA CORPORATION)
2 ConfigFree Service; "C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe" [46448 2009-03-10] (TOSHIBA CORPORATION)
2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
3 GameConsoleService; "C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe" [250616 2009-05-22] (WildTangent, Inc.)
3 odserv; "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE" [440696 2011-07-20] (Microsoft Corporation)
3 ose; "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" [145184 2006-10-26] (Microsoft Corporation)
4 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [51512 2009-08-17] (TOSHIBA Corporation)
4 TosCoSrv; "C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe" [464224 2009-08-05] (TOSHIBA Corporation)
4 TOSHIBA HDD SSD Alert Service; "C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe" [111960 2009-08-03] (TOSHIBA Corporation)
2 McMPFSvc; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [x]
2 mcmscsvc; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [x]
2 McNaiAnn; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [x]
2 McNASvc; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [x]
2 McProxy; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [x]
2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [x]
3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [x]
========================== Drivers (Whitelisted) =============
3 AgereSoftModem; C:\Windows\System32\DRIVERS\AGRSM.sys [1035776 2009-07-13] (LSI Corp)
0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [36208 2009-07-02] (COMPAL ELECTRONIC INC.)
3 MBAMSwissArmy; \??\C:\windows\system32\drivers\mbamswissarmy.sys [40776 2012-07-06] (Malwarebytes Corporation)
0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
3 RTL8187Se; C:\Windows\System32\DRIVERS\RTL8187Se.sys [372736 2009-08-13] (Realtek Semiconductor Corporation )
3 sscdbus; C:\Windows\System32\DRIVERS\sscdbus.sys [58352 2005-08-17] (MCCI)
3 sscdmdfl; C:\Windows\System32\DRIVERS\sscdmdfl.sys [8272 2005-08-17] (MCCI)
3 sscdmdm; C:\Windows\System32\DRIVERS\sscdmdm.sys [93872 2005-08-17] (MCCI)
3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [73696 2005-08-17] (MCCI)
3 RSUSBSTOR; C:\Windows\System32\Drivers\RtsUStor.sys [x]
3 RtsUIR; C:\Windows\System32\DRIVERS\Rts516xIR.sys [x]
3 USBCCID; C:\Windows\System32\DRIVERS\RtsUCcid.sys [x]
========================== NetSvcs (Whitelisted) ===========
============ One Month Created Files and Folders ==============
2012-07-06 17:20 - 2012-07-06 17:20 - 00000000 ____D C:\FRST
2012-07-06 16:16 - 2012-07-06 16:16 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2012-07-06 16:14 - 2012-07-06 16:14 - 00001082 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-06 16:14 - 2012-07-06 16:14 - 00000000 ____D C:\Users\Madeleine\AppData\Roaming\Malwarebytes
2012-07-06 16:14 - 2012-07-06 16:14 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-07-06 16:14 - 2012-07-06 16:14 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-07-06 16:14 - 2012-04-04 14:56 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-06 16:10 - 2012-07-06 15:56 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Madeleine\Desktop\mbam-setup-1.61.0.1400.exe
2012-07-06 16:01 - 2012-07-06 16:01 - 00000000 ____D C:\Windows\pss
2012-07-06 15:20 - 2012-07-06 15:25 - 00000924 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2154832967-2336251912-3245014883-1001UA.job
2012-07-06 15:20 - 2012-07-06 15:25 - 00000872 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2154832967-2336251912-3245014883-1001Core.job
2012-07-06 15:18 - 2012-07-06 15:18 - 00739856 ____A (Google Inc.) C:\Users\Madeleine\Downloads\ChromeSetup.exe
2012-07-06 15:14 - 2012-07-06 15:14 - 00001945 ____A C:\Windows\epplauncher.mif
2012-07-06 15:13 - 2012-07-06 15:14 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-07-06 15:12 - 2012-07-06 15:12 - 10288512 ____A (Microsoft Corporation) C:\Users\Madeleine\Downloads\mseinstall.exe
2012-06-23 20:06 - 2012-06-23 20:06 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-22 17:59 - 2012-06-02 14:19 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-22 17:59 - 2012-06-02 14:19 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-22 17:59 - 2012-06-02 14:19 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-22 17:59 - 2012-06-02 14:19 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-22 17:59 - 2012-06-02 14:19 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-22 17:59 - 2012-06-02 14:12 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-22 17:59 - 2012-06-02 14:12 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-22 17:58 - 2012-06-02 14:19 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-22 17:58 - 2012-06-02 14:12 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-17 16:06 - 2012-06-17 16:06 - 00002261 ____A C:\Users\Madeleine\Desktop\Kindle.lnk
2012-06-17 16:06 - 2012-06-17 16:06 - 00000000 ____D C:\Users\Madeleine\Documents\My Kindle Content
2012-06-17 16:06 - 2012-06-17 16:06 - 00000000 ____D C:\Users\Madeleine\AppData\Local\Amazon
2012-06-17 16:04 - 2012-06-17 16:06 - 28901696 ____A (Amazon.com) C:\Users\Madeleine\Downloads\KindleForPC-installer.exe
2012-06-17 15:15 - 2012-06-17 15:16 - 00000000 ____D C:\Users\Madeleine\Desktop\wigglestick
2012-06-13 16:48 - 2012-04-27 19:17 - 00183808 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-13 16:48 - 2012-04-19 21:00 - 01231360 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-13 16:48 - 2012-04-19 20:57 - 06027776 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-13 16:48 - 2012-04-19 20:57 - 00627712 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-06-13 16:48 - 2012-04-19 20:56 - 11020800 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-13 16:48 - 2012-04-19 20:56 - 02073600 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-13 16:47 - 2012-05-14 19:03 - 00981504 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-13 16:47 - 2012-05-14 19:00 - 00048128 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-13 16:47 - 2012-05-14 17:05 - 02343936 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-13 16:47 - 2012-04-30 20:44 - 00164352 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-06-13 16:47 - 2012-04-25 20:45 - 00129536 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-13 16:47 - 2012-04-25 20:45 - 00058880 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-13 16:47 - 2012-04-25 20:41 - 00008192 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-13 16:47 - 2012-04-23 20:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-06-13 16:47 - 2012-04-23 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-13 16:47 - 2012-04-23 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-06-13 16:47 - 2012-04-19 21:00 - 00132096 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-13 16:47 - 2012-04-19 20:57 - 00067584 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-13 16:47 - 2012-04-19 20:56 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-13 16:47 - 2012-04-19 19:16 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-13 16:47 - 2012-04-16 20:34 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-13 16:47 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-06-09 13:49 - 2012-06-09 13:49 - 00000000 ____D C:\Users\Madeleine\AppData\Local\Macromedia
2012-06-09 13:48 - 2012-07-06 15:43 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-09 13:48 - 2012-06-22 17:49 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
============ 3 Months Modified Files ========================
2012-07-06 16:16 - 2012-07-06 16:16 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2012-07-06 16:16 - 2011-01-19 19:23 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-06 16:15 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-06 16:15 - 2009-07-13 20:39 - 00072173 ____A C:\Windows\setupact.log
2012-07-06 16:14 - 2012-07-06 16:14 - 00001082 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-06 15:58 - 2010-07-20 04:28 - 01507162 ____A C:\Windows\WindowsUpdate.log
2012-07-06 15:56 - 2012-07-06 16:10 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Madeleine\Desktop\mbam-setup-1.61.0.1400.exe
2012-07-06 15:43 - 2012-06-09 13:48 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-06 15:27 - 2009-08-27 20:23 - 00208804 ____A C:\Windows\PFRO.log
2012-07-06 15:25 - 2012-07-06 15:20 - 00000924 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2154832967-2336251912-3245014883-1001UA.job
2012-07-06 15:25 - 2012-07-06 15:20 - 00000872 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2154832967-2336251912-3245014883-1001Core.job
2012-07-06 15:18 - 2012-07-06 15:18 - 00739856 ____A (Google Inc.) C:\Users\Madeleine\Downloads\ChromeSetup.exe
2012-07-06 15:17 - 2009-07-13 20:34 - 00016304 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-06 15:17 - 2009-07-13 20:34 - 00016304 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-06 15:14 - 2012-07-06 15:14 - 00001945 ____A C:\Windows\epplauncher.mif
2012-07-06 15:14 - 2009-08-27 20:12 - 00743360 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-06 15:12 - 2012-07-06 15:12 - 10288512 ____A (Microsoft Corporation) C:\Users\Madeleine\Downloads\mseinstall.exe
2012-07-06 15:12 - 2011-01-19 19:23 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-06-30 08:22 - 2011-05-17 08:31 - 00003318 ____A C:\Users\Madeleine\AppData\Roaming\wklnhst.dat
2012-06-22 17:49 - 2012-06-09 13:48 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-06-22 17:49 - 2011-05-12 21:37 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-06-17 16:06 - 2012-06-17 16:06 - 00002261 ____A C:\Users\Madeleine\Desktop\Kindle.lnk
2012-06-17 16:06 - 2012-06-17 16:04 - 28901696 ____A (Amazon.com) C:\Users\Madeleine\Downloads\KindleForPC-installer.exe
2012-06-14 22:26 - 2009-07-13 20:33 - 00340792 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-13 22:29 - 2011-09-24 14:41 - 56731752 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-02 14:19 - 2012-06-22 17:59 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-22 17:59 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-22 17:59 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-22 17:59 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-22 17:59 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:19 - 2012-06-22 17:58 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 14:12 - 2012-06-22 17:59 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:12 - 2012-06-22 17:59 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 14:12 - 2012-06-22 17:58 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-05-26 21:03 - 2012-05-26 21:03 - 00230912 ____A C:\Users\Madeleine\Desktop\Pimpernel.wps
2012-05-26 16:38 - 2009-07-13 20:53 - 00032554 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-05-25 15:56 - 2012-05-25 15:54 - 43383792 ____A (Online Media Technologies Ltd. ) C:\Users\Madeleine\Downloads\AVSAudioEditor.exe
2012-05-14 19:03 - 2012-06-13 16:47 - 00981504 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-14 19:00 - 2012-06-13 16:47 - 00048128 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-14 17:05 - 2012-06-13 16:47 - 02343936 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-13 13:19 - 2012-04-13 22:24 - 00001412 ____A C:\Users\Madeleine\Desktop\passwords.rtf
2012-04-30 20:44 - 2012-06-13 16:47 - 00164352 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-27 19:17 - 2012-06-13 16:48 - 00183808 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-25 20:45 - 2012-06-13 16:47 - 00129536 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 20:45 - 2012-06-13 16:47 - 00058880 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 20:41 - 2012-06-13 16:47 - 00008192 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-23 20:36 - 2012-06-13 16:47 - 01158656 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 20:36 - 2012-06-13 16:47 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 20:36 - 2012-06-13 16:47 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-19 21:00 - 2012-06-13 16:48 - 01231360 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-04-19 21:00 - 2012-06-13 16:47 - 00132096 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-04-19 20:57 - 2012-06-13 16:48 - 06027776 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-04-19 20:57 - 2012-06-13 16:48 - 00627712 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-04-19 20:57 - 2012-06-13 16:47 - 00067584 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-04-19 20:56 - 2012-06-13 16:48 - 11020800 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-04-19 20:56 - 2012-06-13 16:48 - 02073600 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-04-19 20:56 - 2012-06-13 16:47 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-04-19 19:16 - 2012-06-13 16:47 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-04-16 20:34 - 2012-06-13 16:47 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
ZeroAccess:
C:\Windows\Installer
C:\Windows\Installer\{5f39f308-db65-0458-aa60-040a08dbd9c9}\@
C:\Windows\Installer\{5f39f308-db65-0458-aa60-040a08dbd9c9}\L
C:\Windows\Installer\{5f39f308-db65-0458-aa60-040a08dbd9c9}\U
C:\Windows\Installer\{5f39f308-db65-0458-aa60-040a08dbd9c9}\U\00000001.@
C:\Windows\Installer\{5f39f308-db65-0458-aa60-040a08dbd9c9}\U\80000000.@
ZeroAccess:
C:\Users\Madeleine\AppData\Local
C:\Users\Madeleine\AppData\Local\{5f39f308-db65-0458-aa60-040a08dbd9c9}\@
C:\Users\Madeleine\AppData\Local\{5f39f308-db65-0458-aa60-040a08dbd9c9}\L
C:\Users\Madeleine\AppData\Local\{5f39f308-db65-0458-aa60-040a08dbd9c9}\U
========================= Known DLLs (Whitelisted) ============
========================= Bamital & volsnap Check ============
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe A302BBFF2A7278C0E239EE5D471D86A9 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
========================= Memory info ======================
Percentage of memory in use: 20%
Total physical RAM: 1790.42 MB
Available physical RAM: 1423.92 MB
Total Pagefile: 1790.42 MB
Available Pagefile: 1419.48 MB
Total Virtual: 2047.88 MB
Available Virtual: 1971.55 MB
======================= Partitions =========================
1 Drive c: (TI105866W0A) (Fixed) (Total:223.33 GB) (Free:179.19 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (System) (Fixed) (Total:1.46 GB) (Free:1.28 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: (Transcend) (Removable) (Total:3.73 GB) (Free:3.55 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 232 GB 0 B
Disk 1 Online 3830 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 1500 MB 1024 KB
Partition 2 Primary 223 GB 1501 MB
Partition 3 Primary 8 GB 224 GB
==================================================================================
Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D System NTFS Partition 1500 MB Healthy Hidden
==================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C TI105866W0A NTFS Partition 223 GB Healthy
==================================================================================
Disk: 0
Partition 3
Type : 17 (Suspicious Type)
Hidden: Yes
Active: No
There is no volume associated with this partition.
==================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3826 MB 4096 KB
==================================================================================
Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F Transcend FAT32 Removable 3826 MB Healthy
==================================================================================
==========================================================
Last Boot: 2012-04-12 18:48
======================= End Of Log ==========================
which is all l can run