Hello Virus Busters
You have been so kind to help other amatuers like me with Virus issues and I was hoping for the same. Anything you can suggest would be greatly appreciated
Running Vista 32. I have completed the Farbar scan, please see below.
Thanks in advance
Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 28-08-2012
Ran by SYSTEM at 28-08-2012 14:59:07
Running from E:\
Windows Vista (TM) Home Premium (X86) OS Language: English(US)
The current controlset is ControlSet001
==================== Registry (Whitelisted) ===================
HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [159744 2007-09-06] (Alps Electric Co., Ltd.)
HKLM\...\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [174872 2007-03-21] (Intel Corporation)
HKLM\...\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [16384 2008-02-13] ( )
HKLM\...\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe" [189736 2007-11-01] (CyberLink Corp.)
HKLM\...\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [51048 2008-10-17] (Symantec Corporation)
HKLM\...\Run: [BTHelena_McciTrayApp] C:\Program Files\BBDesktopHelpUpgradeAdvisor\McciTrayApp.exe [x]
HKLM\...\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [206064 2008-08-13] (SupportSoft, Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [141600 2009-11-12] (Apple Inc.)
HKLM\...\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup [103768 2009-09-12] (Citrix Systems, Inc.)
HKLM\...\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe [405504 2007-11-12] (IDT, Inc.)
HKLM\...\Run: [btbb_McciTrayApp] "C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [1584640 2009-09-14] (Alcatel-Lucent)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2010-08-09] (Apple Inc.)
HKLM\...\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation)
HKU\Louise\...\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [206064 2008-08-13] (SupportSoft, Inc.)
HKU\Louise\...\Run: [conhost] C:\Users\Louise\AppData\Roaming\Microsoft\conhost.exe [x]
HKU\Louise\...\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\Louise\...\Winlogon: [Shell] explorer.exe, [x]
HKU\Stephen\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-18] (Microsoft Corporation)
HKU\Stephen\...\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [206064 2008-08-13] (SupportSoft, Inc.)
HKU\Stephen\...\Run: [Spotify Web Helper] "C:\Users\Stephen\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1193176 2012-08-21] ()
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll [X]
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
ShortcutTarget: Kodak EasyShare software.lnk -> C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\QuickSet.lnk
ShortcutTarget: QuickSet.lnk -> C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
========================== Services (Whitelisted) ========================
2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
4 Automatic LiveUpdate Scheduler; "C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe" [243064 2007-08-31] (Symantec Corporation)
2 ccEvtMgr; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [149352 2008-10-17] (Symantec Corporation)
2 ccSetMgr; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [149352 2008-10-17] (Symantec Corporation)
2 CLTNetCnService; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [149352 2008-10-17] (Symantec Corporation)
3 comHost; "C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe" [55640 2007-12-27] (Symantec Corporation)
3 getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [33176 2009-03-03] (NOS Microsystems Ltd.)
3 GoToAssist; "C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe" Start=service [16680 2010-01-25] (Citrix Online, a division of Citrix Systems, Inc.)
3 LiveUpdate; "C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE" [3192184 2007-12-27] (Symantec Corporation)
2 LiveUpdate Notice; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [149352 2008-10-17] (Symantec Corporation)
2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter [201968 2008-08-13] (SupportSoft, Inc.)
3 Symantec Core LC; C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe [1251720 2008-04-20] ()
2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [x]
3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [x]
==================== Drivers (Whitelisted) ===================
3 COH_Mon; \??\C:\Windows\system32\Drivers\COH_Mon.sys [23888 2008-07-30] (Symantec Corporation)
2 CO_Mon; \??\C:\Windows\system32\drivers\CO_Mon.sys [36056 2007-12-27] (Symantec Corporation)
1 eeCtrl; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [371248 2009-02-25] (Symantec Corporation)
3 EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [101936 2009-02-25] (Symantec Corporation)
1 IDSvix86; \??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20090730.002\IDSvix86.sys [272432 2009-02-09] (Symantec Corporation)
3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2012-08-22] (Malwarebytes Corporation)
0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
3 nmwcd; C:\Windows\System32\drivers\nmwcd.sys [137216 2007-02-22] (Nokia)
3 nmwcdc; C:\Windows\System32\drivers\nmwcdc.sys [8320 2007-02-22] (Nokia)
3 nmwcdcj; C:\Windows\System32\drivers\nmwcdcj.sys [12288 2007-02-22] (Nokia)
3 nmwcdcm; C:\Windows\System32\drivers\nmwcdcm.sys [12288 2007-02-22] (Nokia)
0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [43840 2007-11-13] (Sonic Solutions)
1 SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [447024 2008-09-05] (Symantec Corporation)
3 SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [279088 2007-11-30] (Symantec Corporation)
3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [317616 2007-11-30] (Symantec Corporation)
1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [43696 2007-11-30] (Symantec Corporation)
3 SYMDNS; C:\Windows\System32\Drivers\SYMDNS.SYS [13616 2009-02-19] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [124464 2009-01-09] (Symantec Corporation)
3 SYMFW; C:\Windows\System32\Drivers\SYMFW.SYS [96560 2009-02-19] (Symantec Corporation)
1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [24112 2009-02-19] (Symantec Corporation)
3 SYMNDISV; C:\Windows\System32\Drivers\SYMNDISV.SYS [41008 2009-02-19] (Symantec Corporation)
3 SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [22320 2009-02-19] (Symantec Corporation)
1 SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [184496 2009-02-19] (Symantec Corporation)
3 tapvpn; C:\Windows\System32\DRIVERS\tapvpn.sys [27136 2008-01-23] (The OpenVPN Project)
3 zebrbus; C:\Windows\System32\DRIVERS\zebrbus.sys [83200 2008-01-15] (MCCI)
3 zebrmdfl; C:\Windows\System32\DRIVERS\zebrmdfl.sys [14848 2008-01-15] (MCCI Corporation)
3 zebrmdm; C:\Windows\System32\DRIVERS\zebrmdm.sys [109568 2008-01-15] (MCCI)
3 zebrmdmc; C:\Windows\System32\DRIVERS\zebrmdmc.sys [109568 2008-01-15] (MCCI)
4 blbdrive; C:\Windows\system32\drivers\blbdrive.sys [x]
3 hwdatacard; C:\Windows\System32\DRIVERS\ewusbmdm.sys [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]
3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]
3 NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20090731.004\NAVENG.SYS [x]
3 NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20090731.004\NAVEX15.SYS [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
3 SymIMMP; C:\Windows\System32\DRIVERS\SymIM.sys [x]
==================== NetSvcs (Whitelisted) =================
============ One Month Created Files and Folders ==============
2012-08-27 07:13 - 2012-08-27 07:13 - 00043600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\zochjfpl.sys
2012-08-23 10:05 - 2012-08-23 10:05 - 00001945 ____A C:\Windows\epplauncher.mif
2012-08-23 10:05 - 2012-08-23 10:05 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-08-23 10:03 - 2012-08-23 10:03 - 10288512 ____A (Microsoft Corporation) C:\Users\Stephen\Downloads\mseinstall(1).exe
2012-08-23 10:02 - 2012-08-23 10:02 - 12621696 ____A (Microsoft Corporation) C:\Users\Stephen\Downloads\mseinstall.exe
2012-08-22 12:26 - 2012-08-22 12:26 - 00000908 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-22 12:24 - 2012-08-22 12:24 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Louise\Downloads\mbam-setup-1.62.0.1300.exe
2012-08-22 12:04 - 2012-08-22 12:04 - 00652800 ____A C:\Users\Louise\Downloads\MicrosoftFixit50362(1).msi
2012-08-22 12:02 - 2012-08-22 12:02 - 00652800 ____A C:\Users\Louise\Downloads\MicrosoftFixit50362.msi
2012-08-21 23:11 - 2012-08-21 23:11 - 00000000 ____D C:\Users\Stephen\AppData\Roaming\Malwarebytes
2012-07-30 14:03 - 2012-07-30 14:03 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
============ 3 Months Modified Files ========================
2012-08-27 07:13 - 2012-08-27 07:13 - 00043600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\zochjfpl.sys
2012-08-23 10:46 - 2008-04-19 08:10 - 00196608 ____A C:\Windows\System32\Ikeext.etl
2012-08-23 10:45 - 2009-10-21 10:55 - 00279552 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
2012-08-23 10:44 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-23 10:44 - 2006-11-02 04:47 - 00003568 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-23 10:44 - 2006-11-02 04:47 - 00003568 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-23 10:29 - 2006-11-02 05:01 - 00032624 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-08-23 10:06 - 2008-04-11 09:43 - 01340809 ____A C:\Windows\WindowsUpdate.log
2012-08-23 10:05 - 2012-08-23 10:05 - 00001945 ____A C:\Windows\epplauncher.mif
2012-08-23 10:05 - 2006-11-02 02:33 - 00712984 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-23 10:03 - 2012-08-23 10:03 - 10288512 ____A (Microsoft Corporation) C:\Users\Stephen\Downloads\mseinstall(1).exe
2012-08-23 10:02 - 2012-08-23 10:02 - 12621696 ____A (Microsoft Corporation) C:\Users\Stephen\Downloads\mseinstall.exe
2012-08-23 08:37 - 2006-11-02 04:52 - 00064820 ____A C:\Windows\setupact.log
2012-08-22 23:45 - 2008-04-11 10:16 - 00073926 ____A C:\Windows\PFRO.log
2012-08-22 12:29 - 2011-06-13 12:19 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2012-08-22 12:28 - 2008-04-19 06:14 - 00005972 ____A C:\Users\Louise\AppData\Local\d3d9caps.dat
2012-08-22 12:26 - 2012-08-22 12:26 - 00000908 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-22 12:24 - 2012-08-22 12:24 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Louise\Downloads\mbam-setup-1.62.0.1300.exe
2012-08-22 12:04 - 2012-08-22 12:04 - 00652800 ____A C:\Users\Louise\Downloads\MicrosoftFixit50362(1).msi
2012-08-22 12:02 - 2012-08-22 12:02 - 00652800 ____A C:\Users\Louise\Downloads\MicrosoftFixit50362.msi
2012-08-06 11:12 - 2008-04-16 10:47 - 00000548 ____A C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Louise.job
2012-08-04 02:45 - 2012-07-22 08:17 - 00016384 ____A C:\Users\Louise\Documents\Maternity Pay.xls
2012-07-30 14:03 - 2012-07-30 14:03 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-07-30 14:03 - 2011-09-14 12:58 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-07-25 11:13 - 2010-01-17 06:00 - 00085504 ____A C:\Users\Public\Documents\Our Finances.xls
2012-07-23 09:10 - 2011-03-04 03:40 - 00041984 ____A C:\Users\Louise\Documents\My Finance.xls
2012-07-12 11:26 - 2006-11-02 04:47 - 00332504 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-12 10:50 - 2006-11-02 02:24 - 57442464 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-07-12 10:44 - 2006-11-02 02:23 - 00000240 ____A C:\Windows\win.ini
2012-07-11 11:03 - 2012-07-11 11:04 - 00476936 ____A (Sun Microsystems, Inc.) C:\Windows\System32\npdeployJava1.dll
2012-07-11 11:03 - 2012-07-11 11:03 - 00157448 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaws.exe
2012-07-11 11:03 - 2012-07-11 11:03 - 00149256 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaw.exe
2012-07-11 11:03 - 2012-07-11 11:03 - 00149256 ____A (Sun Microsystems, Inc.) C:\Windows\System32\java.exe
2012-07-11 11:03 - 2010-11-25 10:08 - 00472840 ____A (Sun Microsystems, Inc.) C:\Windows\System32\deployJava1.dll
2012-07-05 08:15 - 2012-07-05 08:15 - 00288340 ____A C:\Windows\msxml4-KB954430-enu.LOG
2012-07-05 08:15 - 2012-07-05 08:13 - 00298954 ____A C:\Windows\msxml4-KB973688-enu.LOG
2012-07-03 04:46 - 2011-06-13 12:19 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-01 11:38 - 2012-07-01 11:38 - 00027648 ___RA C:\Users\Public\Documents\ESBK.mb
2012-07-01 11:38 - 2012-07-01 11:38 - 00003072 ___RA C:\Users\Public\Documents\ESBK.mbb
2012-07-01 11:32 - 2012-07-01 11:32 - 00000006 __ASH C:\Users\Stephen\AppData\Roaming\desktop.ini
2012-07-01 11:32 - 2012-07-01 11:32 - 00000006 __ASH C:\Users\Stephen\AppData\Local\desktop.ini
2012-07-01 11:29 - 2008-07-31 12:35 - 00033162 ____A C:\Windows\DPINST.LOG
2012-07-01 11:25 - 2012-07-01 10:52 - 00001977 ____A C:\Users\Public\Desktop\Kodak EasyShare.lnk
2012-07-01 11:19 - 2012-07-01 11:19 - 01857488 ____A C:\Users\Stephen\Downloads\install_easyshare.exe
2012-07-01 06:20 - 2012-07-01 06:20 - 01857488 ____A C:\Users\Louise\Downloads\install_easyshare(2).exe
2012-07-01 06:19 - 2012-07-01 06:18 - 01857488 ____A C:\Users\Louise\Downloads\install_easyshare(1).exe
2012-06-13 05:40 - 2012-07-12 10:53 - 02047488 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-08 09:47 - 2012-07-11 11:13 - 11586048 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-05 08:47 - 2012-07-11 11:13 - 01401856 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 08:47 - 2012-07-11 11:13 - 01248768 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-04 07:26 - 2012-07-11 11:13 - 00440704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-02 14:19 - 2012-06-21 08:11 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-21 08:11 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-21 08:11 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-21 08:10 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-21 08:10 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:12 - 2012-06-21 08:11 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:12 - 2012-06-21 08:10 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 06:19 - 2012-06-21 08:10 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 06:12 - 2012-06-21 08:10 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 01:07 - 2012-07-12 10:46 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 00:43 - 2012-07-12 10:46 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 00:33 - 2012-07-12 10:47 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 00:26 - 2012-07-12 10:46 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 00:25 - 2012-07-12 10:47 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 00:25 - 2012-07-12 10:46 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 00:23 - 2012-07-12 10:47 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 00:21 - 2012-07-12 10:47 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 00:20 - 2012-07-12 10:47 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 00:19 - 2012-07-12 10:47 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 00:19 - 2012-07-12 10:47 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 00:17 - 2012-07-12 10:47 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 00:16 - 2012-07-12 10:47 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 00:14 - 2012-07-12 10:47 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-01 16:04 - 2012-07-11 11:13 - 00278528 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 16:03 - 2012-07-11 11:13 - 00204288 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-05-31 03:25 - 2009-10-03 00:17 - 00237072 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
ZeroAccess:
C:\Windows\Installer\{acf72554-e0db-6a4c-a1cd-546ce38f03e5}
C:\Windows\Installer\{acf72554-e0db-6a4c-a1cd-546ce38f03e5}\@
C:\Windows\Installer\{acf72554-e0db-6a4c-a1cd-546ce38f03e5}\L
C:\Windows\Installer\{acf72554-e0db-6a4c-a1cd-546ce38f03e5}\n
C:\Windows\Installer\{acf72554-e0db-6a4c-a1cd-546ce38f03e5}\U
C:\Windows\Installer\{acf72554-e0db-6a4c-a1cd-546ce38f03e5}\L\00000004.@
C:\Windows\Installer\{acf72554-e0db-6a4c-a1cd-546ce38f03e5}\L\201d3dde
ZeroAccess:
C:\Users\Stephen\AppData\Local\{acf72554-e0db-6a4c-a1cd-546ce38f03e5}
C:\Users\Stephen\AppData\Local\{acf72554-e0db-6a4c-a1cd-546ce38f03e5}\@
C:\Users\Stephen\AppData\Local\{acf72554-e0db-6a4c-a1cd-546ce38f03e5}\L
C:\Users\Stephen\AppData\Local\{acf72554-e0db-6a4c-a1cd-546ce38f03e5}\U
ZeroAccess:
C:\Windows\assembly\GAC\Desktop.ini
==================== Known DLLs (Whitelisted) =================
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 8737764F4FD36D6808EE80578409C843 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2012-07-26 09:45:19
Restore point made on: 2012-07-28 13:21:37
Restore point made on: 2012-08-01 12:51:46
Restore point made on: 2012-08-06 09:40:11
Restore point made on: 2012-08-17 13:23:38
Restore point made on: 2012-08-21 16:46:32
Restore point made on: 2012-08-22 12:06:17
==================== Memory info ===========================
Percentage of memory in use: 12%
Total physical RAM: 2037.43 MB
Available physical RAM: 1772.74 MB
Total Pagefile: 1969.32 MB
Available Pagefile: 1840.39 MB
Total Virtual: 2047.88 MB
Available Virtual: 1983.72 MB
==================== Partitions ============================
1 Drive c: (OS) (Fixed) (Total:136.46 GB) (Free:26.56 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
3 Drive e: (WD Passport) (Fixed) (Total:74.51 GB) (Free:27.39 GB) FAT32
4 Drive x: (RECOVERY) (Fixed) (Total:10 GB) (Free:5.77 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 149 GB 1024 KB
Disk 1 Online 75 GB 1528 KB
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 94 MB 32 KB
Partition 2 Primary 10 GB 95 MB
Partition 3 Primary 136 GB 10 GB
Partition 0 Extended 2560 MB 147 GB
Partition 4 Logical 2559 MB 147 GB
==================================================================================
Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 FAT Partition 94 MB Healthy Hidden
==================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 X RECOVERY NTFS Partition 10 GB Healthy Boot
==================================================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C OS NTFS Partition 136 GB Healthy
==================================================================================
Disk: 0
Partition 4
Type : DD
Hidden: Yes
Active: No
There is no volume associated with this partition.
==================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 75 GB 32 KB
==================================================================================
Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 E WD Passport FAT32 Partition 75 GB Healthy
==================================================================================
Last Boot: 2012-08-23 08:27
==================== End Of Log =============================
You have been so kind to help other amatuers like me with Virus issues and I was hoping for the same. Anything you can suggest would be greatly appreciated
Running Vista 32. I have completed the Farbar scan, please see below.
Thanks in advance
Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 28-08-2012
Ran by SYSTEM at 28-08-2012 14:59:07
Running from E:\
Windows Vista (TM) Home Premium (X86) OS Language: English(US)
The current controlset is ControlSet001
==================== Registry (Whitelisted) ===================
HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [159744 2007-09-06] (Alps Electric Co., Ltd.)
HKLM\...\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [174872 2007-03-21] (Intel Corporation)
HKLM\...\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [16384 2008-02-13] ( )
HKLM\...\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe" [189736 2007-11-01] (CyberLink Corp.)
HKLM\...\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [51048 2008-10-17] (Symantec Corporation)
HKLM\...\Run: [BTHelena_McciTrayApp] C:\Program Files\BBDesktopHelpUpgradeAdvisor\McciTrayApp.exe [x]
HKLM\...\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [206064 2008-08-13] (SupportSoft, Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [141600 2009-11-12] (Apple Inc.)
HKLM\...\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup [103768 2009-09-12] (Citrix Systems, Inc.)
HKLM\...\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe [405504 2007-11-12] (IDT, Inc.)
HKLM\...\Run: [btbb_McciTrayApp] "C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [1584640 2009-09-14] (Alcatel-Lucent)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2010-08-09] (Apple Inc.)
HKLM\...\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation)
HKU\Louise\...\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [206064 2008-08-13] (SupportSoft, Inc.)
HKU\Louise\...\Run: [conhost] C:\Users\Louise\AppData\Roaming\Microsoft\conhost.exe [x]
HKU\Louise\...\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\Louise\...\Winlogon: [Shell] explorer.exe, [x]
HKU\Stephen\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-18] (Microsoft Corporation)
HKU\Stephen\...\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [206064 2008-08-13] (SupportSoft, Inc.)
HKU\Stephen\...\Run: [Spotify Web Helper] "C:\Users\Stephen\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1193176 2012-08-21] ()
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll [X]
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
ShortcutTarget: Kodak EasyShare software.lnk -> C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\QuickSet.lnk
ShortcutTarget: QuickSet.lnk -> C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
========================== Services (Whitelisted) ========================
2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
4 Automatic LiveUpdate Scheduler; "C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe" [243064 2007-08-31] (Symantec Corporation)
2 ccEvtMgr; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [149352 2008-10-17] (Symantec Corporation)
2 ccSetMgr; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [149352 2008-10-17] (Symantec Corporation)
2 CLTNetCnService; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [149352 2008-10-17] (Symantec Corporation)
3 comHost; "C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe" [55640 2007-12-27] (Symantec Corporation)
3 getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [33176 2009-03-03] (NOS Microsystems Ltd.)
3 GoToAssist; "C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe" Start=service [16680 2010-01-25] (Citrix Online, a division of Citrix Systems, Inc.)
3 LiveUpdate; "C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE" [3192184 2007-12-27] (Symantec Corporation)
2 LiveUpdate Notice; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [149352 2008-10-17] (Symantec Corporation)
2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter [201968 2008-08-13] (SupportSoft, Inc.)
3 Symantec Core LC; C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe [1251720 2008-04-20] ()
2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [x]
3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [x]
==================== Drivers (Whitelisted) ===================
3 COH_Mon; \??\C:\Windows\system32\Drivers\COH_Mon.sys [23888 2008-07-30] (Symantec Corporation)
2 CO_Mon; \??\C:\Windows\system32\drivers\CO_Mon.sys [36056 2007-12-27] (Symantec Corporation)
1 eeCtrl; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [371248 2009-02-25] (Symantec Corporation)
3 EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [101936 2009-02-25] (Symantec Corporation)
1 IDSvix86; \??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20090730.002\IDSvix86.sys [272432 2009-02-09] (Symantec Corporation)
3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2012-08-22] (Malwarebytes Corporation)
0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
3 nmwcd; C:\Windows\System32\drivers\nmwcd.sys [137216 2007-02-22] (Nokia)
3 nmwcdc; C:\Windows\System32\drivers\nmwcdc.sys [8320 2007-02-22] (Nokia)
3 nmwcdcj; C:\Windows\System32\drivers\nmwcdcj.sys [12288 2007-02-22] (Nokia)
3 nmwcdcm; C:\Windows\System32\drivers\nmwcdcm.sys [12288 2007-02-22] (Nokia)
0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [43840 2007-11-13] (Sonic Solutions)
1 SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [447024 2008-09-05] (Symantec Corporation)
3 SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [279088 2007-11-30] (Symantec Corporation)
3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [317616 2007-11-30] (Symantec Corporation)
1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [43696 2007-11-30] (Symantec Corporation)
3 SYMDNS; C:\Windows\System32\Drivers\SYMDNS.SYS [13616 2009-02-19] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [124464 2009-01-09] (Symantec Corporation)
3 SYMFW; C:\Windows\System32\Drivers\SYMFW.SYS [96560 2009-02-19] (Symantec Corporation)
1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [24112 2009-02-19] (Symantec Corporation)
3 SYMNDISV; C:\Windows\System32\Drivers\SYMNDISV.SYS [41008 2009-02-19] (Symantec Corporation)
3 SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [22320 2009-02-19] (Symantec Corporation)
1 SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [184496 2009-02-19] (Symantec Corporation)
3 tapvpn; C:\Windows\System32\DRIVERS\tapvpn.sys [27136 2008-01-23] (The OpenVPN Project)
3 zebrbus; C:\Windows\System32\DRIVERS\zebrbus.sys [83200 2008-01-15] (MCCI)
3 zebrmdfl; C:\Windows\System32\DRIVERS\zebrmdfl.sys [14848 2008-01-15] (MCCI Corporation)
3 zebrmdm; C:\Windows\System32\DRIVERS\zebrmdm.sys [109568 2008-01-15] (MCCI)
3 zebrmdmc; C:\Windows\System32\DRIVERS\zebrmdmc.sys [109568 2008-01-15] (MCCI)
4 blbdrive; C:\Windows\system32\drivers\blbdrive.sys [x]
3 hwdatacard; C:\Windows\System32\DRIVERS\ewusbmdm.sys [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]
3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]
3 NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20090731.004\NAVENG.SYS [x]
3 NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20090731.004\NAVEX15.SYS [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
3 SymIMMP; C:\Windows\System32\DRIVERS\SymIM.sys [x]
==================== NetSvcs (Whitelisted) =================
============ One Month Created Files and Folders ==============
2012-08-27 07:13 - 2012-08-27 07:13 - 00043600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\zochjfpl.sys
2012-08-23 10:05 - 2012-08-23 10:05 - 00001945 ____A C:\Windows\epplauncher.mif
2012-08-23 10:05 - 2012-08-23 10:05 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-08-23 10:03 - 2012-08-23 10:03 - 10288512 ____A (Microsoft Corporation) C:\Users\Stephen\Downloads\mseinstall(1).exe
2012-08-23 10:02 - 2012-08-23 10:02 - 12621696 ____A (Microsoft Corporation) C:\Users\Stephen\Downloads\mseinstall.exe
2012-08-22 12:26 - 2012-08-22 12:26 - 00000908 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-22 12:24 - 2012-08-22 12:24 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Louise\Downloads\mbam-setup-1.62.0.1300.exe
2012-08-22 12:04 - 2012-08-22 12:04 - 00652800 ____A C:\Users\Louise\Downloads\MicrosoftFixit50362(1).msi
2012-08-22 12:02 - 2012-08-22 12:02 - 00652800 ____A C:\Users\Louise\Downloads\MicrosoftFixit50362.msi
2012-08-21 23:11 - 2012-08-21 23:11 - 00000000 ____D C:\Users\Stephen\AppData\Roaming\Malwarebytes
2012-07-30 14:03 - 2012-07-30 14:03 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
============ 3 Months Modified Files ========================
2012-08-27 07:13 - 2012-08-27 07:13 - 00043600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\zochjfpl.sys
2012-08-23 10:46 - 2008-04-19 08:10 - 00196608 ____A C:\Windows\System32\Ikeext.etl
2012-08-23 10:45 - 2009-10-21 10:55 - 00279552 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
2012-08-23 10:44 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-23 10:44 - 2006-11-02 04:47 - 00003568 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-23 10:44 - 2006-11-02 04:47 - 00003568 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-23 10:29 - 2006-11-02 05:01 - 00032624 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-08-23 10:06 - 2008-04-11 09:43 - 01340809 ____A C:\Windows\WindowsUpdate.log
2012-08-23 10:05 - 2012-08-23 10:05 - 00001945 ____A C:\Windows\epplauncher.mif
2012-08-23 10:05 - 2006-11-02 02:33 - 00712984 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-23 10:03 - 2012-08-23 10:03 - 10288512 ____A (Microsoft Corporation) C:\Users\Stephen\Downloads\mseinstall(1).exe
2012-08-23 10:02 - 2012-08-23 10:02 - 12621696 ____A (Microsoft Corporation) C:\Users\Stephen\Downloads\mseinstall.exe
2012-08-23 08:37 - 2006-11-02 04:52 - 00064820 ____A C:\Windows\setupact.log
2012-08-22 23:45 - 2008-04-11 10:16 - 00073926 ____A C:\Windows\PFRO.log
2012-08-22 12:29 - 2011-06-13 12:19 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2012-08-22 12:28 - 2008-04-19 06:14 - 00005972 ____A C:\Users\Louise\AppData\Local\d3d9caps.dat
2012-08-22 12:26 - 2012-08-22 12:26 - 00000908 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-22 12:24 - 2012-08-22 12:24 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Louise\Downloads\mbam-setup-1.62.0.1300.exe
2012-08-22 12:04 - 2012-08-22 12:04 - 00652800 ____A C:\Users\Louise\Downloads\MicrosoftFixit50362(1).msi
2012-08-22 12:02 - 2012-08-22 12:02 - 00652800 ____A C:\Users\Louise\Downloads\MicrosoftFixit50362.msi
2012-08-06 11:12 - 2008-04-16 10:47 - 00000548 ____A C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Louise.job
2012-08-04 02:45 - 2012-07-22 08:17 - 00016384 ____A C:\Users\Louise\Documents\Maternity Pay.xls
2012-07-30 14:03 - 2012-07-30 14:03 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-07-30 14:03 - 2011-09-14 12:58 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-07-25 11:13 - 2010-01-17 06:00 - 00085504 ____A C:\Users\Public\Documents\Our Finances.xls
2012-07-23 09:10 - 2011-03-04 03:40 - 00041984 ____A C:\Users\Louise\Documents\My Finance.xls
2012-07-12 11:26 - 2006-11-02 04:47 - 00332504 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-12 10:50 - 2006-11-02 02:24 - 57442464 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-07-12 10:44 - 2006-11-02 02:23 - 00000240 ____A C:\Windows\win.ini
2012-07-11 11:03 - 2012-07-11 11:04 - 00476936 ____A (Sun Microsystems, Inc.) C:\Windows\System32\npdeployJava1.dll
2012-07-11 11:03 - 2012-07-11 11:03 - 00157448 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaws.exe
2012-07-11 11:03 - 2012-07-11 11:03 - 00149256 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaw.exe
2012-07-11 11:03 - 2012-07-11 11:03 - 00149256 ____A (Sun Microsystems, Inc.) C:\Windows\System32\java.exe
2012-07-11 11:03 - 2010-11-25 10:08 - 00472840 ____A (Sun Microsystems, Inc.) C:\Windows\System32\deployJava1.dll
2012-07-05 08:15 - 2012-07-05 08:15 - 00288340 ____A C:\Windows\msxml4-KB954430-enu.LOG
2012-07-05 08:15 - 2012-07-05 08:13 - 00298954 ____A C:\Windows\msxml4-KB973688-enu.LOG
2012-07-03 04:46 - 2011-06-13 12:19 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-01 11:38 - 2012-07-01 11:38 - 00027648 ___RA C:\Users\Public\Documents\ESBK.mb
2012-07-01 11:38 - 2012-07-01 11:38 - 00003072 ___RA C:\Users\Public\Documents\ESBK.mbb
2012-07-01 11:32 - 2012-07-01 11:32 - 00000006 __ASH C:\Users\Stephen\AppData\Roaming\desktop.ini
2012-07-01 11:32 - 2012-07-01 11:32 - 00000006 __ASH C:\Users\Stephen\AppData\Local\desktop.ini
2012-07-01 11:29 - 2008-07-31 12:35 - 00033162 ____A C:\Windows\DPINST.LOG
2012-07-01 11:25 - 2012-07-01 10:52 - 00001977 ____A C:\Users\Public\Desktop\Kodak EasyShare.lnk
2012-07-01 11:19 - 2012-07-01 11:19 - 01857488 ____A C:\Users\Stephen\Downloads\install_easyshare.exe
2012-07-01 06:20 - 2012-07-01 06:20 - 01857488 ____A C:\Users\Louise\Downloads\install_easyshare(2).exe
2012-07-01 06:19 - 2012-07-01 06:18 - 01857488 ____A C:\Users\Louise\Downloads\install_easyshare(1).exe
2012-06-13 05:40 - 2012-07-12 10:53 - 02047488 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-08 09:47 - 2012-07-11 11:13 - 11586048 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-05 08:47 - 2012-07-11 11:13 - 01401856 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 08:47 - 2012-07-11 11:13 - 01248768 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-04 07:26 - 2012-07-11 11:13 - 00440704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-02 14:19 - 2012-06-21 08:11 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-21 08:11 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-21 08:11 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-21 08:10 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-21 08:10 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:12 - 2012-06-21 08:11 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:12 - 2012-06-21 08:10 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 06:19 - 2012-06-21 08:10 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 06:12 - 2012-06-21 08:10 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 01:07 - 2012-07-12 10:46 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 00:43 - 2012-07-12 10:46 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 00:33 - 2012-07-12 10:47 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 00:26 - 2012-07-12 10:46 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 00:25 - 2012-07-12 10:47 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 00:25 - 2012-07-12 10:46 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 00:23 - 2012-07-12 10:47 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 00:21 - 2012-07-12 10:47 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 00:20 - 2012-07-12 10:47 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 00:19 - 2012-07-12 10:47 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 00:19 - 2012-07-12 10:47 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 00:17 - 2012-07-12 10:47 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 00:16 - 2012-07-12 10:47 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 00:14 - 2012-07-12 10:47 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-01 16:04 - 2012-07-11 11:13 - 00278528 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 16:03 - 2012-07-11 11:13 - 00204288 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-05-31 03:25 - 2009-10-03 00:17 - 00237072 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
ZeroAccess:
C:\Windows\Installer\{acf72554-e0db-6a4c-a1cd-546ce38f03e5}
C:\Windows\Installer\{acf72554-e0db-6a4c-a1cd-546ce38f03e5}\@
C:\Windows\Installer\{acf72554-e0db-6a4c-a1cd-546ce38f03e5}\L
C:\Windows\Installer\{acf72554-e0db-6a4c-a1cd-546ce38f03e5}\n
C:\Windows\Installer\{acf72554-e0db-6a4c-a1cd-546ce38f03e5}\U
C:\Windows\Installer\{acf72554-e0db-6a4c-a1cd-546ce38f03e5}\L\00000004.@
C:\Windows\Installer\{acf72554-e0db-6a4c-a1cd-546ce38f03e5}\L\201d3dde
ZeroAccess:
C:\Users\Stephen\AppData\Local\{acf72554-e0db-6a4c-a1cd-546ce38f03e5}
C:\Users\Stephen\AppData\Local\{acf72554-e0db-6a4c-a1cd-546ce38f03e5}\@
C:\Users\Stephen\AppData\Local\{acf72554-e0db-6a4c-a1cd-546ce38f03e5}\L
C:\Users\Stephen\AppData\Local\{acf72554-e0db-6a4c-a1cd-546ce38f03e5}\U
ZeroAccess:
C:\Windows\assembly\GAC\Desktop.ini
==================== Known DLLs (Whitelisted) =================
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 8737764F4FD36D6808EE80578409C843 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2012-07-26 09:45:19
Restore point made on: 2012-07-28 13:21:37
Restore point made on: 2012-08-01 12:51:46
Restore point made on: 2012-08-06 09:40:11
Restore point made on: 2012-08-17 13:23:38
Restore point made on: 2012-08-21 16:46:32
Restore point made on: 2012-08-22 12:06:17
==================== Memory info ===========================
Percentage of memory in use: 12%
Total physical RAM: 2037.43 MB
Available physical RAM: 1772.74 MB
Total Pagefile: 1969.32 MB
Available Pagefile: 1840.39 MB
Total Virtual: 2047.88 MB
Available Virtual: 1983.72 MB
==================== Partitions ============================
1 Drive c: (OS) (Fixed) (Total:136.46 GB) (Free:26.56 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
3 Drive e: (WD Passport) (Fixed) (Total:74.51 GB) (Free:27.39 GB) FAT32
4 Drive x: (RECOVERY) (Fixed) (Total:10 GB) (Free:5.77 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 149 GB 1024 KB
Disk 1 Online 75 GB 1528 KB
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 94 MB 32 KB
Partition 2 Primary 10 GB 95 MB
Partition 3 Primary 136 GB 10 GB
Partition 0 Extended 2560 MB 147 GB
Partition 4 Logical 2559 MB 147 GB
==================================================================================
Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 FAT Partition 94 MB Healthy Hidden
==================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 X RECOVERY NTFS Partition 10 GB Healthy Boot
==================================================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C OS NTFS Partition 136 GB Healthy
==================================================================================
Disk: 0
Partition 4
Type : DD
Hidden: Yes
Active: No
There is no volume associated with this partition.
==================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 75 GB 32 KB
==================================================================================
Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 E WD Passport FAT32 Partition 75 GB Healthy
==================================================================================
Last Boot: 2012-08-23 08:27
==================== End Of Log =============================