Sadly, we somehow got variations of this virus on two different computers in our house over the weekend. Starting with the first, here are the logs that I have seen requested. Thank you so much for your help.
Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 10-08-2012
Ran by SYSTEM at 13-08-2012 15:27:23
Running from E:\
Windows 7 Professional (X86) OS Language: English(US)
The current controlset is ControlSet001
========================== Registry (Whitelisted) =============
HKLM\...\Run: [OEM13Mon.exe] C:\Windows\OEM13Mon.exe [36864 2008-01-07] (Creative Technology Ltd.)
HKLM\...\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE [124512 2007-05-21] (CANON INC.)
HKLM\...\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s [118784 2007-07-27] (Creative Technology Ltd.)
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [13543968 2008-06-09] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit [92704 2008-06-09] (NVIDIA Corporation)
HKLM\...\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start [96800 2008-06-09] (NVIDIA Corporation)
HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1316136 2008-06-20] (Synaptics, Inc.)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-03-30] (Adobe Systems Incorporated)
HKLM\...\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-10-06] (Apple Inc.)
HKLM\...\Run: [BambooCore] C:\Program Files\Bamboo Dock\BambooCore.exe [646232 2011-09-28] ()
HKLM\...\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript [1047656 2011-05-29] (Malwarebytes Corporation)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-09-27] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421736 2011-10-09] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation)
HKU\Kristin\...\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [4283256 2011-05-13] (Microsoft Corporation)
HKU\Kristin\...\Run: [AdobeBridge] "C:\Program Files\Adobe\Adobe Bridge CS5.1\Bridge.exe" -stealth [x]
HKLM\...\Runonce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-unins...VWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg"&"inst=NzctNTA2NjM0MzM0LVNUMSsyLUZQOSs2LUJBUjlHKzEtVEI5KzItRkwrOS1GMTBNKzUtWDIwMTArMi1RSVgxKzQtRjEwTTEwRCsy"&"prod=90"&"ver=10.0.1204 [x]
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\MozyHome Status.lnk
ShortcutTarget: MozyHome Status.lnk -> C:\Program Files\MozyHome\mozystat.exe (Mozy, Inc.)
Startup: C:\Users\Kristin\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Kristin\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
================================ Services (Whitelisted) ==================
2 CronService; "C:\Prey\platform\windows\cronsvc.exe" [19968 2011-02-15] (Fork Ltd.)
2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
3 MozillaMaintenance; "C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe" [113120 2012-08-12] (Mozilla Foundation)
2 mozybackup; "C:\Program Files\MozyHome\mozybackup.exe" [53016 2011-08-04] (Mozy, Inc.)
2 o2flash; C:\Windows\System32\DRIVERS\o2flash.exe [71512 2008-07-29] (O2Micro International)
2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [x]
3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [x]
========================== Drivers (Whitelisted) =============
3 KMWDFILTERx86; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [25088 2009-04-29] (Windows (R) Codename Longhorn DDK provider)
3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [39984 2011-05-29] (Malwarebytes Corporation)
1 mozyFilter; C:\Windows\System32\DRIVERS\mozy.sys [54776 2011-08-04] (Mozy, Inc.)
0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
3 O2MDRDR; C:\Windows\System32\DRIVERS\o2media.sys [51288 2008-07-29] (O2Micro )
3 O2SDRDR; C:\Windows\System32\DRIVERS\o2sd.sys [43608 2008-06-12] (O2Micro )
3 OEM13Vfx; C:\Windows\System32\DRIVERS\OEM13Vfx.sys [7424 2007-03-05] (EyePower Games Pte. Ltd.)
3 OEM13Vid; C:\Windows\System32\DRIVERS\OEM13Vid.sys [235840 2008-05-28] (Creative Technology Ltd.)
0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [x]
========================== NetSvcs (Whitelisted) ===========
============ One Month Created Files and Folders ==============
2012-08-13 15:27 - 2012-08-13 15:27 - 00000000 ____D C:\FRST
2012-08-13 11:40 - 2012-08-13 13:36 - 00000000 ____D C:\Windows\Microsoft Antimalware
2012-08-13 10:28 - 2012-08-13 10:28 - 00000000 ____D C:\Users\Kristin\AppData\Local\{71D538E0-E574-11E1-8270-B8AC6F996F26}
2012-08-13 10:27 - 2012-08-13 14:43 - 00000000 ____D C:\Users\All Users\036DFF981969ABD46956E294F875EF7E
2012-08-13 10:27 - 2012-08-13 10:27 - 00000000 ____D C:\Users\All Users\2070E0A4130E33
2012-08-13 10:16 - 2012-08-13 10:16 - 00000000 ____D C:\Users\Kristin\AppData\Local\{131A79D7-F84E-4F44-A6D9-D7A9BDAF125D}
2012-08-13 10:15 - 2012-08-13 10:15 - 00000000 ____D C:\Users\Kristin\AppData\Local\{D4609D89-EE42-463B-A99E-F0E42D85E2A0}
2012-08-13 09:32 - 2012-08-13 14:43 - 00000000 ____D C:\57a3a2a65f63a8b29e82e66d6a21d0a6
2012-08-13 09:32 - 2012-08-13 09:32 - 00000000 ____D C:\Windows\System32\EventProviders
2012-08-13 08:59 - 2012-08-13 08:59 - 00000000 ____D C:\Users\Kristin\AppData\Local\{B08972E3-A6A8-43AB-9506-5FD1CCCEC7E1}
2012-08-13 08:59 - 2012-08-13 08:59 - 00000000 ____D C:\Users\Kristin\AppData\Local\{60201B2E-6604-44F5-BB16-27C9A9510086}
2012-08-12 11:41 - 2012-08-12 11:41 - 00000000 ____D C:\Users\All Users\Mozilla
2012-08-12 11:41 - 2012-08-12 11:41 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2012-08-12 11:31 - 2012-08-12 11:31 - 00000000 ____D C:\Users\Kristin\AppData\Local\{04D60F10-7B4E-46C0-8A2B-334A4F3698E2}
============ 3 Months Modified Files ========================
2012-08-13 13:56 - 2010-05-21 01:38 - 00729688 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-13 13:52 - 2009-07-13 20:33 - 04298496 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-13 11:34 - 2010-06-02 21:27 - 00055487 ____A C:\Users\All Users\nvModes.dat
2012-08-13 11:34 - 2010-06-02 21:27 - 00055487 ____A C:\Users\All Users\nvModes.001
2012-08-13 09:33 - 2010-05-21 00:17 - 01289336 ____A C:\Windows\WindowsUpdate.log
2012-08-13 09:29 - 2009-07-13 18:04 - 00000478 ____A C:\Windows\win.ini
2012-08-13 09:18 - 2011-07-08 12:01 - 00000029 ____A C:\Windows\System32\TempWmicBatchFile.bat
2012-08-13 09:14 - 2011-02-08 16:06 - 00001945 ____A C:\Windows\epplauncher.mif
2012-08-13 09:09 - 2009-07-13 20:34 - 00013472 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-13 09:09 - 2009-07-13 20:34 - 00013472 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-13 08:58 - 2010-05-21 09:08 - 00000884 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-08-13 08:58 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-13 08:58 - 2009-07-13 20:39 - 00053254 ____A C:\Windows\setupact.log
2012-08-13 08:57 - 2010-05-22 17:07 - 00024372 ____A C:\Windows\PFRO.log
2012-08-13 08:55 - 2010-05-21 09:08 - 00000888 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-06-03 18:18 - 2009-03-26 14:31 - 01120256 __ASH C:\Users\Kristin\Documents\Thumbs.db
ZeroAccess:
C:\Windows\Installer\{d00231f8-6a55-d5aa-d478-15e280f935db}
C:\Windows\Installer\{d00231f8-6a55-d5aa-d478-15e280f935db}\L
ZeroAccess:
C:\Users\Kristin\AppData\Local\{d00231f8-6a55-d5aa-d478-15e280f935db}
C:\Users\Kristin\AppData\Local\{d00231f8-6a55-d5aa-d478-15e280f935db}\@
C:\Users\Kristin\AppData\Local\{d00231f8-6a55-d5aa-d478-15e280f935db}\L
C:\Users\Kristin\AppData\Local\{d00231f8-6a55-d5aa-d478-15e280f935db}\n
C:\Users\Kristin\AppData\Local\{d00231f8-6a55-d5aa-d478-15e280f935db}\U
========================= Known DLLs (Whitelisted) ============
========================= Bamital & volsnap Check ============
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
========================= Memory info ======================
Percentage of memory in use: 14%
Total physical RAM: 3070.43 MB
Available physical RAM: 2627.05 MB
Total Pagefile: 3068.71 MB
Available Pagefile: 2634.01 MB
Total Virtual: 2047.88 MB
Available Virtual: 1968.7 MB
======================= Partitions =========================
1 Drive c: (OS) (Fixed) (Total:149.01 GB) (Free:9.35 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
3 Drive e: () (Removable) (Total:3.74 GB) (Free:3.46 GB) FAT32
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 149 GB 0 B
Disk 1 Online 3837 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 149 GB 39 MB
==================================================================================
Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 FAT Partition 39 MB Healthy Hidden
==================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C OS NTFS Partition 149 GB Healthy
==================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3833 MB 4032 KB
==================================================================================
Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E FAT32 Removable 3833 MB Healthy
==================================================================================
Last Boot: 2012-08-09 14:11
======================= End Of Log ==========================
Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 10-08-2012
Ran by SYSTEM at 13-08-2012 15:27:23
Running from E:\
Windows 7 Professional (X86) OS Language: English(US)
The current controlset is ControlSet001
========================== Registry (Whitelisted) =============
HKLM\...\Run: [OEM13Mon.exe] C:\Windows\OEM13Mon.exe [36864 2008-01-07] (Creative Technology Ltd.)
HKLM\...\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE [124512 2007-05-21] (CANON INC.)
HKLM\...\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s [118784 2007-07-27] (Creative Technology Ltd.)
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [13543968 2008-06-09] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit [92704 2008-06-09] (NVIDIA Corporation)
HKLM\...\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start [96800 2008-06-09] (NVIDIA Corporation)
HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1316136 2008-06-20] (Synaptics, Inc.)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-03-30] (Adobe Systems Incorporated)
HKLM\...\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-10-06] (Apple Inc.)
HKLM\...\Run: [BambooCore] C:\Program Files\Bamboo Dock\BambooCore.exe [646232 2011-09-28] ()
HKLM\...\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript [1047656 2011-05-29] (Malwarebytes Corporation)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-09-27] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421736 2011-10-09] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation)
HKU\Kristin\...\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [4283256 2011-05-13] (Microsoft Corporation)
HKU\Kristin\...\Run: [AdobeBridge] "C:\Program Files\Adobe\Adobe Bridge CS5.1\Bridge.exe" -stealth [x]
HKLM\...\Runonce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-unins...VWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg"&"inst=NzctNTA2NjM0MzM0LVNUMSsyLUZQOSs2LUJBUjlHKzEtVEI5KzItRkwrOS1GMTBNKzUtWDIwMTArMi1RSVgxKzQtRjEwTTEwRCsy"&"prod=90"&"ver=10.0.1204 [x]
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\MozyHome Status.lnk
ShortcutTarget: MozyHome Status.lnk -> C:\Program Files\MozyHome\mozystat.exe (Mozy, Inc.)
Startup: C:\Users\Kristin\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Kristin\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
================================ Services (Whitelisted) ==================
2 CronService; "C:\Prey\platform\windows\cronsvc.exe" [19968 2011-02-15] (Fork Ltd.)
2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
3 MozillaMaintenance; "C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe" [113120 2012-08-12] (Mozilla Foundation)
2 mozybackup; "C:\Program Files\MozyHome\mozybackup.exe" [53016 2011-08-04] (Mozy, Inc.)
2 o2flash; C:\Windows\System32\DRIVERS\o2flash.exe [71512 2008-07-29] (O2Micro International)
2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [x]
3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [x]
========================== Drivers (Whitelisted) =============
3 KMWDFILTERx86; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [25088 2009-04-29] (Windows (R) Codename Longhorn DDK provider)
3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [39984 2011-05-29] (Malwarebytes Corporation)
1 mozyFilter; C:\Windows\System32\DRIVERS\mozy.sys [54776 2011-08-04] (Mozy, Inc.)
0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
3 O2MDRDR; C:\Windows\System32\DRIVERS\o2media.sys [51288 2008-07-29] (O2Micro )
3 O2SDRDR; C:\Windows\System32\DRIVERS\o2sd.sys [43608 2008-06-12] (O2Micro )
3 OEM13Vfx; C:\Windows\System32\DRIVERS\OEM13Vfx.sys [7424 2007-03-05] (EyePower Games Pte. Ltd.)
3 OEM13Vid; C:\Windows\System32\DRIVERS\OEM13Vid.sys [235840 2008-05-28] (Creative Technology Ltd.)
0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [x]
========================== NetSvcs (Whitelisted) ===========
============ One Month Created Files and Folders ==============
2012-08-13 15:27 - 2012-08-13 15:27 - 00000000 ____D C:\FRST
2012-08-13 11:40 - 2012-08-13 13:36 - 00000000 ____D C:\Windows\Microsoft Antimalware
2012-08-13 10:28 - 2012-08-13 10:28 - 00000000 ____D C:\Users\Kristin\AppData\Local\{71D538E0-E574-11E1-8270-B8AC6F996F26}
2012-08-13 10:27 - 2012-08-13 14:43 - 00000000 ____D C:\Users\All Users\036DFF981969ABD46956E294F875EF7E
2012-08-13 10:27 - 2012-08-13 10:27 - 00000000 ____D C:\Users\All Users\2070E0A4130E33
2012-08-13 10:16 - 2012-08-13 10:16 - 00000000 ____D C:\Users\Kristin\AppData\Local\{131A79D7-F84E-4F44-A6D9-D7A9BDAF125D}
2012-08-13 10:15 - 2012-08-13 10:15 - 00000000 ____D C:\Users\Kristin\AppData\Local\{D4609D89-EE42-463B-A99E-F0E42D85E2A0}
2012-08-13 09:32 - 2012-08-13 14:43 - 00000000 ____D C:\57a3a2a65f63a8b29e82e66d6a21d0a6
2012-08-13 09:32 - 2012-08-13 09:32 - 00000000 ____D C:\Windows\System32\EventProviders
2012-08-13 08:59 - 2012-08-13 08:59 - 00000000 ____D C:\Users\Kristin\AppData\Local\{B08972E3-A6A8-43AB-9506-5FD1CCCEC7E1}
2012-08-13 08:59 - 2012-08-13 08:59 - 00000000 ____D C:\Users\Kristin\AppData\Local\{60201B2E-6604-44F5-BB16-27C9A9510086}
2012-08-12 11:41 - 2012-08-12 11:41 - 00000000 ____D C:\Users\All Users\Mozilla
2012-08-12 11:41 - 2012-08-12 11:41 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2012-08-12 11:31 - 2012-08-12 11:31 - 00000000 ____D C:\Users\Kristin\AppData\Local\{04D60F10-7B4E-46C0-8A2B-334A4F3698E2}
============ 3 Months Modified Files ========================
2012-08-13 13:56 - 2010-05-21 01:38 - 00729688 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-13 13:52 - 2009-07-13 20:33 - 04298496 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-13 11:34 - 2010-06-02 21:27 - 00055487 ____A C:\Users\All Users\nvModes.dat
2012-08-13 11:34 - 2010-06-02 21:27 - 00055487 ____A C:\Users\All Users\nvModes.001
2012-08-13 09:33 - 2010-05-21 00:17 - 01289336 ____A C:\Windows\WindowsUpdate.log
2012-08-13 09:29 - 2009-07-13 18:04 - 00000478 ____A C:\Windows\win.ini
2012-08-13 09:18 - 2011-07-08 12:01 - 00000029 ____A C:\Windows\System32\TempWmicBatchFile.bat
2012-08-13 09:14 - 2011-02-08 16:06 - 00001945 ____A C:\Windows\epplauncher.mif
2012-08-13 09:09 - 2009-07-13 20:34 - 00013472 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-13 09:09 - 2009-07-13 20:34 - 00013472 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-13 08:58 - 2010-05-21 09:08 - 00000884 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-08-13 08:58 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-13 08:58 - 2009-07-13 20:39 - 00053254 ____A C:\Windows\setupact.log
2012-08-13 08:57 - 2010-05-22 17:07 - 00024372 ____A C:\Windows\PFRO.log
2012-08-13 08:55 - 2010-05-21 09:08 - 00000888 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-06-03 18:18 - 2009-03-26 14:31 - 01120256 __ASH C:\Users\Kristin\Documents\Thumbs.db
ZeroAccess:
C:\Windows\Installer\{d00231f8-6a55-d5aa-d478-15e280f935db}
C:\Windows\Installer\{d00231f8-6a55-d5aa-d478-15e280f935db}\L
ZeroAccess:
C:\Users\Kristin\AppData\Local\{d00231f8-6a55-d5aa-d478-15e280f935db}
C:\Users\Kristin\AppData\Local\{d00231f8-6a55-d5aa-d478-15e280f935db}\@
C:\Users\Kristin\AppData\Local\{d00231f8-6a55-d5aa-d478-15e280f935db}\L
C:\Users\Kristin\AppData\Local\{d00231f8-6a55-d5aa-d478-15e280f935db}\n
C:\Users\Kristin\AppData\Local\{d00231f8-6a55-d5aa-d478-15e280f935db}\U
========================= Known DLLs (Whitelisted) ============
========================= Bamital & volsnap Check ============
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
========================= Memory info ======================
Percentage of memory in use: 14%
Total physical RAM: 3070.43 MB
Available physical RAM: 2627.05 MB
Total Pagefile: 3068.71 MB
Available Pagefile: 2634.01 MB
Total Virtual: 2047.88 MB
Available Virtual: 1968.7 MB
======================= Partitions =========================
1 Drive c: (OS) (Fixed) (Total:149.01 GB) (Free:9.35 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
3 Drive e: () (Removable) (Total:3.74 GB) (Free:3.46 GB) FAT32
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 149 GB 0 B
Disk 1 Online 3837 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 149 GB 39 MB
==================================================================================
Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 FAT Partition 39 MB Healthy Hidden
==================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C OS NTFS Partition 149 GB Healthy
==================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3833 MB 4032 KB
==================================================================================
Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E FAT32 Removable 3833 MB Healthy
==================================================================================
Last Boot: 2012-08-09 14:11
======================= End Of Log ==========================