Stock_Victim
Posts: 15 +0
Hello,
Well, looks like I am a victim. I can't stop the computer from rebooting itself in normal mode, safemode, safemode with networking. MSE was the antivirus used. Win 7, 32-bit. I have already run FRST for 32-bit and this is the following log:
Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 04-07-2012 01
Ran by SYSTEM at 04-07-2012 11:30:05
Running from F:\
Windows 7 Professional (X86) OS Language: English(US)
The current controlset is ControlSet001
========================== Registry (Whitelisted) =============
HKLM\...\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [67488 2007-09-10] (Adobe Systems Incorporated)
HKLM\...\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe [479232 2009-09-15] (Nikon Corporation)
HKLM\...\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe [827904 2009-10-23] ()
HKLM\...\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe" [976320 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [FUFAXSTM] "C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe" [847872 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [1311312 2010-06-25] (Logitech, Inc.)
HKLM\...\Run: [CTxfiHlp] CTXFIHLP.EXE [x]
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM\...\Run: [NUSB3MON] "C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-03-27] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation)
HKU\Kylie\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKU\Kylie\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-03-24] (Google Inc.)
HKU\Kylie\...\Run: [Google Update] "C:\Users\Mazi\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-03-21] (Google Inc.)
HKU\Kylie\...\Run: [MoeMonitor.exe] "C:\Users\Mazi\AppData\Local\Microsoft\Live Mesh\Bin\Servicing\0.9.4014.7\MoeMonitor.exe" [x]
HKU\Kylie\...\Run: [SoftAuto.exe] "C:\Program Files\Creative\Software Update 3\SoftAuto.exe" [405504 2008-08-12] (Creative Technology Ltd)
HKU\Kylie\...\Run: [WLSync] "C:\Program Files\Windows Live\Mesh\WLSync.exe" /background [1449824 2012-03-08] (Microsoft Corporation)
HKU\Kylie\...\Run: [WorkForce 630(Network)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIGBA.EXE /FU "C:\Windows\TEMP\E_S1B8E.tmp" /EF "HKCU" [201216 2010-01-12] (SEIKO EPSON CORPORATION)
HKU\Kylie\...\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59240 2012-02-24] (Apple Inc.)
HKU\Kylie\...\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKU\Mazi\...\Run: [Google Update] "C:\Users\Mazi\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-03-21] (Google Inc.)
HKU\Mazi\...\Run: [SoftAuto.exe] "C:\Program Files\Creative\Software Update 3\SoftAuto.exe" [405504 2008-08-12] (Creative Technology Ltd)
HKU\Mazi\...\Run: [WLSync] "C:\Program Files\Windows Live\Mesh\WLSync.exe" /background [1449824 2012-03-08] (Microsoft Corporation)
HKU\Mazi\...\Run: [WorkForce 630(Network)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIGBA.EXE /FU "C:\Windows\TEMP\E_S1B8E.tmp" /EF "HKCU" [201216 2010-01-12] (SEIKO EPSON CORPORATION)
HKU\Mazi\...\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59240 2012-02-24] (Apple Inc.)
HKU\Mazi\...\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKU\Pamela\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-03-24] (Google Inc.)
HKU\Pamela\...\Run: [Google Update] "C:\Users\Pamela\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-03-24] (Google Inc.)
HKU\Pamela\...\Run: [MoeMonitor.exe] "C:\Users\Mazi\AppData\Local\Microsoft\Live Mesh\Bin\Servicing\0.9.4014.7\MoeMonitor.exe" [x]
HKU\Pamela\...\Run: [SoftAuto.exe] "C:\Program Files\Creative\Software Update 3\SoftAuto.exe" [405504 2008-08-12] (Creative Technology Ltd)
HKU\Pamela\...\Run: [WorkForce 630(Network)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIGBA.EXE /FU "C:\Windows\TEMP\E_S1B8E.tmp" /EF "HKCU" [201216 2010-01-12] (SEIKO EPSON CORPORATION)
HKU\Pamela\...\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59240 2012-02-24] (Apple Inc.)
HKU\Pamela\...\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKU\UpdatusUser.Mazi-PC\...\Run: [Google Update] "C:\Users\Mazi\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-03-21] (Google Inc.)
HKU\UpdatusUser.Mazi-PC\...\Run: [SoftAuto.exe] "C:\Program Files\Creative\Software Update 3\SoftAuto.exe" [405504 2008-08-12] (Creative Technology Ltd)
HKU\UpdatusUser.Mazi-PC\...\Run: [WLSync] "C:\Program Files\Windows Live\Mesh\WLSync.exe" /background [1449824 2012-03-08] (Microsoft Corporation)
HKU\UpdatusUser.Mazi-PC\...\Run: [WorkForce 630(Network)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIGBA.EXE /FU "C:\Windows\TEMP\E_S1B8E.tmp" /EF "HKCU" [201216 2010-01-12] (SEIKO EPSON CORPORATION)
HKU\UpdatusUser.Mazi-PC\...\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59240 2012-02-24] (Apple Inc.)
HKU\UpdatusUser.Mazi-PC\...\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [X]
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Polar WebSync.lnk
ShortcutTarget: Polar WebSync.lnk -> C:\Program Files\Polar\WebSync\WebSync.exe ()
Startup: C:\Users\Mazi\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)
Startup: C:\Users\Mazi\Start Menu\Programs\Startup\GoZone iSync.lnk
ShortcutTarget: GoZone iSync.lnk -> C:\Program Files\GoZone\GoZone_iSync.exe (Virgin HealthMiles Inc.)
================================ Services (Whitelisted) ==================
2 AdobeActiveFileMonitor6.0; C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [124832 2007-09-10] ()
3 Creative ALchemy AL6 Licensing Service; "C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe" [79360 2010-05-12] (Creative Labs)
2 CTDevice_Srv; C:\Program Files\Creative\Shared Files\CTDevSrv.exe [61440 2007-04-01] (Creative Technology Ltd)
3 CTUPnPSv; C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe [64000 2008-05-21] (Creative Technology Ltd)
2 EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION)
2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
2 IntuitUpdateService; "C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" [13672 2010-08-23] (Intuit Inc.)
3 LBTServ; C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe [293456 2010-05-06] (Logitech, Inc.)
2 MDM; "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE" [322120 2003-06-19] (Microsoft Corporation)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [11552 2012-03-26] (Microsoft Corporation)
4 NetMsmqActivator; "C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator [124240 2010-03-18] (Microsoft Corporation)
4 NetPipeActivator; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
4 NetTcpActivator; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [214952 2012-03-26] (Microsoft Corporation)
2 nvUpdatusService; C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2348352 2012-02-29] (NVIDIA Corporation)
2 Polar Daemon; "C:\Program Files\Polar\Daemon\polard.exe" [368128 2011-05-06] ()
2 Predictamus Information Service; "C:\Program Files\Mazi Innovations\Predictamus Information Service (PIS)\PredictamusInformationService.exe" [11776 2010-08-11] ()
2 StatusAgent4; C:\Windows\system32\SAgent4.exe [131072 2006-12-19] (SEIKO EPSON CORPORATION)
2 Stereo Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [382272 2012-02-29] (NVIDIA Corporation)
3 WPFFontCache_v0400; C:\Windows\Microsoft.NET\Framework\v4.0.21006\WPF\WPFFontCache_v0400.exe [x]
========================== Drivers (Whitelisted) =============
3 ctdvda2k; C:\Windows\System32\drivers\ctdvda2k.sys [347144 2010-05-05] (Creative Technology Ltd)
3 dvd43llh; C:\Windows\System32\DRIVERS\dvd43llh.sys [18816 2010-04-04] (RIF)
3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [40912 2010-03-18] (Logitech, Inc.)
3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [10448 2010-03-18] (Logitech, Inc.)
3 lvpopflt; C:\Windows\System32\DRIVERS\lvpopflt.sys [1921184 2007-05-11] (Logitech Inc.)
3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41888 2007-05-11] (Logitech Inc.)
3 LVUVC; C:\Windows\System32\DRIVERS\lvuvc.sys [3580832 2007-05-11] (Logitech Inc.)
0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [62208 2010-11-19] (Renesas Electronics Corporation)
3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [141568 2010-11-19] (Renesas Electronics Corporation)
3 RDPDISPM; C:\Windows\System32\DRIVERS\rdpdispm.sys [9040 2010-03-21] (Microsoft Corporation)
3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
3 ALSysIO; \??\C:\Users\Mazi\AppData\Local\Temp\ALSysIO.sys [x]
========================== NetSvcs (Whitelisted) ===========
============ One Month Created Files and Folders ==============
2012-07-04 11:29 - 2012-07-04 11:30 - 00000000 ____D C:\FRST
2012-07-04 09:57 - 2012-07-04 09:57 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-07-04 09:42 - 2012-07-04 09:42 - 10288512 ____A (Microsoft Corporation) C:\Users\Mazi\Desktop\mseinstall.exe
2012-07-04 07:57 - 2012-07-04 07:57 - 00000000 ____D C:\Users\Mazi\AppData\Local\{B181ED3E-9846-4DFB-BA23-573C879B53E0}
2012-07-04 07:57 - 2012-07-04 07:57 - 00000000 ____D C:\Users\Mazi\AppData\Local\{516A4CBF-1388-4A42-B596-A53BD1E9DFEF}
2012-07-02 11:13 - 2012-07-03 17:17 - 00000000 ____D C:\Users\Pamela\Desktop\Golnaz weddimg
2012-07-01 19:37 - 2012-07-01 19:38 - 00000000 ____D C:\Users\Mazi\AppData\Local\{3D083E7B-BF19-4B4C-86E7-C8C4573F9424}
2012-07-01 19:37 - 2012-07-01 19:37 - 00000000 ____D C:\Users\Mazi\AppData\Local\{9646A0DE-942B-4554-AF71-D8B18325326A}
2012-06-29 10:45 - 2012-06-29 10:45 - 00000000 ____D C:\Users\Pamela\AppData\Roaming\Creative
2012-06-24 11:13 - 2012-06-24 11:13 - 00000000 ____D C:\Users\Mazi\AppData\Local\{4F7AB726-1462-4CEE-BFCC-16E7615F252E}
2012-06-23 23:13 - 2012-06-23 23:13 - 00000000 ____D C:\Users\Mazi\AppData\Local\{EA843E7A-0C09-48F6-B87B-4DB8B40F8856}
2012-06-23 20:36 - 2012-06-23 20:36 - 00000000 ____D C:\Users\Pamela\AppData\Local\Macromedia
2012-06-23 11:12 - 2012-06-24 11:13 - 00000000 ____D C:\Users\Mazi\AppData\Local\{B2F14FE6-6C2F-4B0E-84DF-FB4066FCFCBC}
2012-06-23 11:12 - 2012-06-23 11:12 - 00000000 ____D C:\Users\Mazi\AppData\Local\{A11470F8-2758-4575-BFF1-C664C02C8597}
2012-06-22 14:45 - 2012-06-22 14:45 - 00000000 ____D C:\Users\Mazi\AppData\Local\Macromedia
2012-06-22 13:18 - 2012-06-22 13:18 - 00001753 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-06-22 13:17 - 2012-06-22 13:18 - 00000000 ____D C:\Program Files\iTunes
2012-06-22 13:17 - 2012-06-22 13:17 - 00000000 ____D C:\Program Files\iPod
2012-06-22 13:00 - 2012-06-22 13:00 - 00000000 ____D C:\Users\Mazi\AppData\Local\{F9E1C952-0476-4EB8-8553-FCF9EC38E749}
2012-06-22 12:59 - 2012-06-22 13:00 - 00000000 ____D C:\Users\Mazi\AppData\Local\{E6A9EE7B-FFAA-437E-B07B-C0531FEE2E57}
2012-06-21 13:00 - 2012-06-02 14:19 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-21 13:00 - 2012-06-02 14:19 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-21 13:00 - 2012-06-02 14:19 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-21 13:00 - 2012-06-02 14:19 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-21 13:00 - 2012-06-02 14:19 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-21 13:00 - 2012-06-02 14:12 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-21 13:00 - 2012-06-02 14:12 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-21 12:59 - 2012-06-02 14:19 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-21 12:59 - 2012-06-02 14:12 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-12 22:20 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-12 22:20 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-12 22:20 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-12 22:20 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-12 22:20 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-12 22:20 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-12 22:20 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-12 22:20 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-12 22:20 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-12 22:20 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-12 22:20 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-12 22:20 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-12 22:20 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-12 22:20 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-12 13:26 - 2012-05-14 17:05 - 02343936 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-12 13:26 - 2012-04-30 20:44 - 00164352 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-06-12 13:26 - 2012-04-27 19:17 - 00183808 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-12 13:26 - 2012-04-25 20:45 - 00129536 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-12 13:26 - 2012-04-25 20:45 - 00058880 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-12 13:26 - 2012-04-25 20:41 - 00008192 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-12 13:26 - 2012-04-23 20:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-06-12 13:26 - 2012-04-23 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-12 13:26 - 2012-04-23 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-06-12 13:26 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-06-10 20:37 - 2012-06-10 20:37 - 00000000 ____D C:\Users\Mazi\AppData\Local\{92584DBC-43F0-4E82-98B2-5460B4F17AD2}
2012-06-10 20:36 - 2012-06-10 20:37 - 00000000 ____D C:\Users\Mazi\AppData\Local\{49C319BD-3C0D-4D64-813F-B218D14FE09C}
============ 3 Months Modified Files ========================
2012-07-04 10:21 - 2010-03-22 05:45 - 00000000 ____A C:\PREDICTAMUS_INFO_SRVICE_LOG.log
2012-07-04 10:21 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-04 10:21 - 2009-07-13 20:39 - 00091345 ____A C:\Windows\setupact.log
2012-07-04 10:14 - 2010-03-24 19:16 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-04 09:59 - 2010-03-15 23:09 - 01673795 ____A C:\Windows\WindowsUpdate.log
2012-07-04 09:57 - 2011-02-04 12:18 - 00001945 ____A C:\Windows\epplauncher.mif
2012-07-04 09:57 - 2010-03-15 23:17 - 00412048 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-04 09:53 - 2009-07-13 20:34 - 00013472 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-04 09:53 - 2009-07-13 20:34 - 00013472 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-04 09:45 - 2010-04-08 15:04 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2534515453-1742631250-888195653-1003UA.job
2012-07-04 09:42 - 2012-07-04 09:42 - 10288512 ____A (Microsoft Corporation) C:\Users\Mazi\Desktop\mseinstall.exe
2012-07-04 09:33 - 2010-03-21 14:46 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2534515453-1742631250-888195653-1001UA.job
2012-07-04 09:30 - 2010-03-21 09:43 - 00002009 ____A C:\Windows\LkmdfCoInst.log
2012-07-04 09:29 - 2010-03-21 09:43 - 00016400 ____A (Logitech, Inc.) C:\Windows\System32\Drivers\LNonPnP.sys
2012-07-04 09:16 - 2010-03-24 19:16 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-03 20:33 - 2010-03-21 14:46 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2534515453-1742631250-888195653-1001Core.job
2012-07-03 15:45 - 2010-04-08 15:04 - 00000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2534515453-1742631250-888195653-1003Core.job
2012-06-22 14:44 - 2012-04-12 10:04 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-06-22 14:44 - 2011-05-15 18:49 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-06-22 14:34 - 2009-07-13 20:53 - 00032604 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-06-22 13:18 - 2012-06-22 13:18 - 00001753 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-06-13 15:27 - 2009-07-13 20:33 - 00590816 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-12 22:22 - 2010-03-16 13:25 - 56731752 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-06 11:29 - 2010-03-21 10:48 - 00000020 ____H C:\Users\All Users\PKP_DLdw.DAT
2012-06-06 11:21 - 2010-03-21 10:02 - 00000020 ____H C:\Users\All Users\PKP_DLdu.DAT
2012-06-03 10:20 - 2012-06-03 10:20 - 00001037 ____A C:\Users\Mazi\Desktop\Dropbox.lnk
2012-06-03 09:40 - 2012-06-03 09:40 - 18002040 ____A (Dropbox, Inc.) C:\Users\Mazi\Desktop\Dropbox 1.4.7.exe
2012-06-02 14:19 - 2012-06-21 13:00 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-21 13:00 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-21 13:00 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-21 13:00 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-21 13:00 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:19 - 2012-06-21 12:59 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 14:12 - 2012-06-21 13:00 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:12 - 2012-06-21 13:00 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 14:12 - 2012-06-21 12:59 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-05-31 07:14 - 2010-03-16 20:00 - 00000426 ____A C:\Windows\BRWMARK.INI
2012-05-18 09:38 - 2012-03-10 10:41 - 00002479 ____A C:\Users\Public\Desktop\Safari.lnk
2012-05-17 15:11 - 2012-06-12 22:20 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-17 14:48 - 2012-06-12 22:20 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-17 14:45 - 2012-06-12 22:20 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-17 14:36 - 2012-06-12 22:20 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-17 14:35 - 2012-06-12 22:20 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-17 14:35 - 2012-06-12 22:20 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-17 14:33 - 2012-06-12 22:20 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-17 14:31 - 2012-06-12 22:20 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-17 14:29 - 2012-06-12 22:20 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-17 14:29 - 2012-06-12 22:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-17 14:27 - 2012-06-12 22:20 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-17 14:25 - 2012-06-12 22:20 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-17 14:24 - 2012-06-12 22:20 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-17 14:20 - 2012-06-12 22:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-14 17:05 - 2012-06-12 13:26 - 02343936 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-10 16:31 - 2010-03-16 13:32 - 00048658 ____A C:\Windows\PFRO.log
2012-05-10 14:58 - 2011-03-13 18:56 - 00000039 ____A C:\Windows\vbaddin.ini
2012-04-30 20:44 - 2012-06-12 13:26 - 00164352 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-27 19:17 - 2012-06-12 13:26 - 00183808 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-25 20:45 - 2012-06-12 13:26 - 00129536 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 20:45 - 2012-06-12 13:26 - 00058880 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 20:41 - 2012-06-12 13:26 - 00008192 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-23 20:36 - 2012-06-12 13:26 - 01158656 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 20:36 - 2012-06-12 13:26 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 20:36 - 2012-06-12 13:26 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-23 06:47 - 2010-03-20 19:48 - 00190616 ____A C:\Users\Pamela\AppData\Local\GDIPFONTCACHEV1.DAT
2012-04-22 19:48 - 2010-03-16 19:19 - 00190616 ____A C:\Users\Mazi\AppData\Local\GDIPFONTCACHEV1.DAT
2012-04-21 15:57 - 2010-06-12 11:23 - 00381088 ____A C:\Windows\DirectX.log
2012-04-18 19:56 - 2012-04-18 19:56 - 00094208 ____A (Apple Inc.) C:\Windows\System32\QuickTimeVR.qtx
2012-04-18 19:56 - 2012-04-18 19:56 - 00069632 ____A (Apple Inc.) C:\Windows\System32\QuickTime.qts
2012-04-12 08:28 - 2012-04-12 08:28 - 00001984 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
2012-04-07 03:26 - 2012-06-12 13:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
ZeroAccess:
C:\Windows\Installer\{ab1b01e3-cf1a-74db-ef7f-a2ca816fb802}
C:\Windows\Installer\{ab1b01e3-cf1a-74db-ef7f-a2ca816fb802}\@
C:\Windows\Installer\{ab1b01e3-cf1a-74db-ef7f-a2ca816fb802}\L
C:\Windows\Installer\{ab1b01e3-cf1a-74db-ef7f-a2ca816fb802}\n
C:\Windows\Installer\{ab1b01e3-cf1a-74db-ef7f-a2ca816fb802}\U
C:\Windows\Installer\{ab1b01e3-cf1a-74db-ef7f-a2ca816fb802}\L\00000004.@
C:\Windows\Installer\{ab1b01e3-cf1a-74db-ef7f-a2ca816fb802}\L\201d3dde
C:\Windows\Installer\{ab1b01e3-cf1a-74db-ef7f-a2ca816fb802}\U\00000004.@
C:\Windows\Installer\{ab1b01e3-cf1a-74db-ef7f-a2ca816fb802}\U\00000008.@
C:\Windows\Installer\{ab1b01e3-cf1a-74db-ef7f-a2ca816fb802}\U\000000cb.@
C:\Windows\Installer\{ab1b01e3-cf1a-74db-ef7f-a2ca816fb802}\U\80000000.@
C:\Windows\Installer\{ab1b01e3-cf1a-74db-ef7f-a2ca816fb802}\U\80000032.@
ZeroAccess:
C:\Users\Mazi\AppData\Local\{ab1b01e3-cf1a-74db-ef7f-a2ca816fb802}
C:\Users\Mazi\AppData\Local\{ab1b01e3-cf1a-74db-ef7f-a2ca816fb802}\@
C:\Users\Mazi\AppData\Local\{ab1b01e3-cf1a-74db-ef7f-a2ca816fb802}\L
C:\Users\Mazi\AppData\Local\{ab1b01e3-cf1a-74db-ef7f-a2ca816fb802}\n
C:\Users\Mazi\AppData\Local\{ab1b01e3-cf1a-74db-ef7f-a2ca816fb802}\U
C:\Users\Mazi\AppData\Local\{ab1b01e3-cf1a-74db-ef7f-a2ca816fb802}\U\00000004.@
C:\Users\Mazi\AppData\Local\{ab1b01e3-cf1a-74db-ef7f-a2ca816fb802}\U\000000cb.@
C:\Users\Mazi\AppData\Local\{ab1b01e3-cf1a-74db-ef7f-a2ca816fb802}\U\80000000.@
========================= Known DLLs (Whitelisted) ============
========================= Bamital & volsnap Check ============
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe A302BBFF2A7278C0E239EE5D471D86A9 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
========================= Memory info ======================
Percentage of memory in use: 11%
Total physical RAM: 4095.12 MB
Available physical RAM: 3606.24 MB
Total Pagefile: 4093.39 MB
Available Pagefile: 3608.48 MB
Total Virtual: 2047.88 MB
Available Virtual: 1968.7 MB
======================= Partitions =========================
2 Drive c: () (Fixed) (Total:298.09 GB) (Free:138.86 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
3 Drive d: () (Fixed) (Total:698.63 GB) (Free:449.83 GB) NTFS
5 Drive f: () (Removable) (Total:0.24 GB) (Free:0.13 GB) FAT
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 2048 KB
Disk 1 Online 698 GB 0 B
Disk 2 Online 250 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 298 GB 1024 KB
==================================================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 298 GB Healthy
==================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 698 GB 1024 KB
==================================================================================
Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D NTFS Partition 698 GB Healthy
==================================================================================
Partitions of Disk 2:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 249 MB 16 KB
==================================================================================
Disk: 2
Partition 1
Type : 06
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FAT Removable 249 MB Healthy
==================================================================================
==========================================================
Last Boot: 2012-06-28 17:42
======================= End Of Log ==========================
Well, looks like I am a victim. I can't stop the computer from rebooting itself in normal mode, safemode, safemode with networking. MSE was the antivirus used. Win 7, 32-bit. I have already run FRST for 32-bit and this is the following log:
Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 04-07-2012 01
Ran by SYSTEM at 04-07-2012 11:30:05
Running from F:\
Windows 7 Professional (X86) OS Language: English(US)
The current controlset is ControlSet001
========================== Registry (Whitelisted) =============
HKLM\...\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [67488 2007-09-10] (Adobe Systems Incorporated)
HKLM\...\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe [479232 2009-09-15] (Nikon Corporation)
HKLM\...\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe [827904 2009-10-23] ()
HKLM\...\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe" [976320 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [FUFAXSTM] "C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe" [847872 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [1311312 2010-06-25] (Logitech, Inc.)
HKLM\...\Run: [CTxfiHlp] CTXFIHLP.EXE [x]
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM\...\Run: [NUSB3MON] "C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-03-27] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation)
HKU\Kylie\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKU\Kylie\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-03-24] (Google Inc.)
HKU\Kylie\...\Run: [Google Update] "C:\Users\Mazi\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-03-21] (Google Inc.)
HKU\Kylie\...\Run: [MoeMonitor.exe] "C:\Users\Mazi\AppData\Local\Microsoft\Live Mesh\Bin\Servicing\0.9.4014.7\MoeMonitor.exe" [x]
HKU\Kylie\...\Run: [SoftAuto.exe] "C:\Program Files\Creative\Software Update 3\SoftAuto.exe" [405504 2008-08-12] (Creative Technology Ltd)
HKU\Kylie\...\Run: [WLSync] "C:\Program Files\Windows Live\Mesh\WLSync.exe" /background [1449824 2012-03-08] (Microsoft Corporation)
HKU\Kylie\...\Run: [WorkForce 630(Network)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIGBA.EXE /FU "C:\Windows\TEMP\E_S1B8E.tmp" /EF "HKCU" [201216 2010-01-12] (SEIKO EPSON CORPORATION)
HKU\Kylie\...\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59240 2012-02-24] (Apple Inc.)
HKU\Kylie\...\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKU\Mazi\...\Run: [Google Update] "C:\Users\Mazi\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-03-21] (Google Inc.)
HKU\Mazi\...\Run: [SoftAuto.exe] "C:\Program Files\Creative\Software Update 3\SoftAuto.exe" [405504 2008-08-12] (Creative Technology Ltd)
HKU\Mazi\...\Run: [WLSync] "C:\Program Files\Windows Live\Mesh\WLSync.exe" /background [1449824 2012-03-08] (Microsoft Corporation)
HKU\Mazi\...\Run: [WorkForce 630(Network)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIGBA.EXE /FU "C:\Windows\TEMP\E_S1B8E.tmp" /EF "HKCU" [201216 2010-01-12] (SEIKO EPSON CORPORATION)
HKU\Mazi\...\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59240 2012-02-24] (Apple Inc.)
HKU\Mazi\...\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKU\Pamela\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-03-24] (Google Inc.)
HKU\Pamela\...\Run: [Google Update] "C:\Users\Pamela\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-03-24] (Google Inc.)
HKU\Pamela\...\Run: [MoeMonitor.exe] "C:\Users\Mazi\AppData\Local\Microsoft\Live Mesh\Bin\Servicing\0.9.4014.7\MoeMonitor.exe" [x]
HKU\Pamela\...\Run: [SoftAuto.exe] "C:\Program Files\Creative\Software Update 3\SoftAuto.exe" [405504 2008-08-12] (Creative Technology Ltd)
HKU\Pamela\...\Run: [WorkForce 630(Network)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIGBA.EXE /FU "C:\Windows\TEMP\E_S1B8E.tmp" /EF "HKCU" [201216 2010-01-12] (SEIKO EPSON CORPORATION)
HKU\Pamela\...\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59240 2012-02-24] (Apple Inc.)
HKU\Pamela\...\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKU\UpdatusUser.Mazi-PC\...\Run: [Google Update] "C:\Users\Mazi\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-03-21] (Google Inc.)
HKU\UpdatusUser.Mazi-PC\...\Run: [SoftAuto.exe] "C:\Program Files\Creative\Software Update 3\SoftAuto.exe" [405504 2008-08-12] (Creative Technology Ltd)
HKU\UpdatusUser.Mazi-PC\...\Run: [WLSync] "C:\Program Files\Windows Live\Mesh\WLSync.exe" /background [1449824 2012-03-08] (Microsoft Corporation)
HKU\UpdatusUser.Mazi-PC\...\Run: [WorkForce 630(Network)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIGBA.EXE /FU "C:\Windows\TEMP\E_S1B8E.tmp" /EF "HKCU" [201216 2010-01-12] (SEIKO EPSON CORPORATION)
HKU\UpdatusUser.Mazi-PC\...\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59240 2012-02-24] (Apple Inc.)
HKU\UpdatusUser.Mazi-PC\...\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [X]
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Polar WebSync.lnk
ShortcutTarget: Polar WebSync.lnk -> C:\Program Files\Polar\WebSync\WebSync.exe ()
Startup: C:\Users\Mazi\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)
Startup: C:\Users\Mazi\Start Menu\Programs\Startup\GoZone iSync.lnk
ShortcutTarget: GoZone iSync.lnk -> C:\Program Files\GoZone\GoZone_iSync.exe (Virgin HealthMiles Inc.)
================================ Services (Whitelisted) ==================
2 AdobeActiveFileMonitor6.0; C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [124832 2007-09-10] ()
3 Creative ALchemy AL6 Licensing Service; "C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe" [79360 2010-05-12] (Creative Labs)
2 CTDevice_Srv; C:\Program Files\Creative\Shared Files\CTDevSrv.exe [61440 2007-04-01] (Creative Technology Ltd)
3 CTUPnPSv; C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe [64000 2008-05-21] (Creative Technology Ltd)
2 EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION)
2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
2 IntuitUpdateService; "C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" [13672 2010-08-23] (Intuit Inc.)
3 LBTServ; C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe [293456 2010-05-06] (Logitech, Inc.)
2 MDM; "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE" [322120 2003-06-19] (Microsoft Corporation)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [11552 2012-03-26] (Microsoft Corporation)
4 NetMsmqActivator; "C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator [124240 2010-03-18] (Microsoft Corporation)
4 NetPipeActivator; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
4 NetTcpActivator; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [214952 2012-03-26] (Microsoft Corporation)
2 nvUpdatusService; C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2348352 2012-02-29] (NVIDIA Corporation)
2 Polar Daemon; "C:\Program Files\Polar\Daemon\polard.exe" [368128 2011-05-06] ()
2 Predictamus Information Service; "C:\Program Files\Mazi Innovations\Predictamus Information Service (PIS)\PredictamusInformationService.exe" [11776 2010-08-11] ()
2 StatusAgent4; C:\Windows\system32\SAgent4.exe [131072 2006-12-19] (SEIKO EPSON CORPORATION)
2 Stereo Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [382272 2012-02-29] (NVIDIA Corporation)
3 WPFFontCache_v0400; C:\Windows\Microsoft.NET\Framework\v4.0.21006\WPF\WPFFontCache_v0400.exe [x]
========================== Drivers (Whitelisted) =============
3 ctdvda2k; C:\Windows\System32\drivers\ctdvda2k.sys [347144 2010-05-05] (Creative Technology Ltd)
3 dvd43llh; C:\Windows\System32\DRIVERS\dvd43llh.sys [18816 2010-04-04] (RIF)
3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [40912 2010-03-18] (Logitech, Inc.)
3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [10448 2010-03-18] (Logitech, Inc.)
3 lvpopflt; C:\Windows\System32\DRIVERS\lvpopflt.sys [1921184 2007-05-11] (Logitech Inc.)
3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41888 2007-05-11] (Logitech Inc.)
3 LVUVC; C:\Windows\System32\DRIVERS\lvuvc.sys [3580832 2007-05-11] (Logitech Inc.)
0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [62208 2010-11-19] (Renesas Electronics Corporation)
3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [141568 2010-11-19] (Renesas Electronics Corporation)
3 RDPDISPM; C:\Windows\System32\DRIVERS\rdpdispm.sys [9040 2010-03-21] (Microsoft Corporation)
3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
3 ALSysIO; \??\C:\Users\Mazi\AppData\Local\Temp\ALSysIO.sys [x]
========================== NetSvcs (Whitelisted) ===========
============ One Month Created Files and Folders ==============
2012-07-04 11:29 - 2012-07-04 11:30 - 00000000 ____D C:\FRST
2012-07-04 09:57 - 2012-07-04 09:57 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-07-04 09:42 - 2012-07-04 09:42 - 10288512 ____A (Microsoft Corporation) C:\Users\Mazi\Desktop\mseinstall.exe
2012-07-04 07:57 - 2012-07-04 07:57 - 00000000 ____D C:\Users\Mazi\AppData\Local\{B181ED3E-9846-4DFB-BA23-573C879B53E0}
2012-07-04 07:57 - 2012-07-04 07:57 - 00000000 ____D C:\Users\Mazi\AppData\Local\{516A4CBF-1388-4A42-B596-A53BD1E9DFEF}
2012-07-02 11:13 - 2012-07-03 17:17 - 00000000 ____D C:\Users\Pamela\Desktop\Golnaz weddimg
2012-07-01 19:37 - 2012-07-01 19:38 - 00000000 ____D C:\Users\Mazi\AppData\Local\{3D083E7B-BF19-4B4C-86E7-C8C4573F9424}
2012-07-01 19:37 - 2012-07-01 19:37 - 00000000 ____D C:\Users\Mazi\AppData\Local\{9646A0DE-942B-4554-AF71-D8B18325326A}
2012-06-29 10:45 - 2012-06-29 10:45 - 00000000 ____D C:\Users\Pamela\AppData\Roaming\Creative
2012-06-24 11:13 - 2012-06-24 11:13 - 00000000 ____D C:\Users\Mazi\AppData\Local\{4F7AB726-1462-4CEE-BFCC-16E7615F252E}
2012-06-23 23:13 - 2012-06-23 23:13 - 00000000 ____D C:\Users\Mazi\AppData\Local\{EA843E7A-0C09-48F6-B87B-4DB8B40F8856}
2012-06-23 20:36 - 2012-06-23 20:36 - 00000000 ____D C:\Users\Pamela\AppData\Local\Macromedia
2012-06-23 11:12 - 2012-06-24 11:13 - 00000000 ____D C:\Users\Mazi\AppData\Local\{B2F14FE6-6C2F-4B0E-84DF-FB4066FCFCBC}
2012-06-23 11:12 - 2012-06-23 11:12 - 00000000 ____D C:\Users\Mazi\AppData\Local\{A11470F8-2758-4575-BFF1-C664C02C8597}
2012-06-22 14:45 - 2012-06-22 14:45 - 00000000 ____D C:\Users\Mazi\AppData\Local\Macromedia
2012-06-22 13:18 - 2012-06-22 13:18 - 00001753 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-06-22 13:17 - 2012-06-22 13:18 - 00000000 ____D C:\Program Files\iTunes
2012-06-22 13:17 - 2012-06-22 13:17 - 00000000 ____D C:\Program Files\iPod
2012-06-22 13:00 - 2012-06-22 13:00 - 00000000 ____D C:\Users\Mazi\AppData\Local\{F9E1C952-0476-4EB8-8553-FCF9EC38E749}
2012-06-22 12:59 - 2012-06-22 13:00 - 00000000 ____D C:\Users\Mazi\AppData\Local\{E6A9EE7B-FFAA-437E-B07B-C0531FEE2E57}
2012-06-21 13:00 - 2012-06-02 14:19 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-21 13:00 - 2012-06-02 14:19 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-21 13:00 - 2012-06-02 14:19 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-21 13:00 - 2012-06-02 14:19 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-21 13:00 - 2012-06-02 14:19 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-21 13:00 - 2012-06-02 14:12 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-21 13:00 - 2012-06-02 14:12 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-21 12:59 - 2012-06-02 14:19 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-21 12:59 - 2012-06-02 14:12 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-12 22:20 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-12 22:20 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-12 22:20 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-12 22:20 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-12 22:20 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-12 22:20 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-12 22:20 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-12 22:20 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-12 22:20 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-12 22:20 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-12 22:20 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-12 22:20 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-12 22:20 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-12 22:20 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-12 13:26 - 2012-05-14 17:05 - 02343936 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-12 13:26 - 2012-04-30 20:44 - 00164352 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-06-12 13:26 - 2012-04-27 19:17 - 00183808 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-12 13:26 - 2012-04-25 20:45 - 00129536 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-12 13:26 - 2012-04-25 20:45 - 00058880 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-12 13:26 - 2012-04-25 20:41 - 00008192 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-12 13:26 - 2012-04-23 20:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-06-12 13:26 - 2012-04-23 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-12 13:26 - 2012-04-23 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-06-12 13:26 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-06-10 20:37 - 2012-06-10 20:37 - 00000000 ____D C:\Users\Mazi\AppData\Local\{92584DBC-43F0-4E82-98B2-5460B4F17AD2}
2012-06-10 20:36 - 2012-06-10 20:37 - 00000000 ____D C:\Users\Mazi\AppData\Local\{49C319BD-3C0D-4D64-813F-B218D14FE09C}
============ 3 Months Modified Files ========================
2012-07-04 10:21 - 2010-03-22 05:45 - 00000000 ____A C:\PREDICTAMUS_INFO_SRVICE_LOG.log
2012-07-04 10:21 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-04 10:21 - 2009-07-13 20:39 - 00091345 ____A C:\Windows\setupact.log
2012-07-04 10:14 - 2010-03-24 19:16 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-04 09:59 - 2010-03-15 23:09 - 01673795 ____A C:\Windows\WindowsUpdate.log
2012-07-04 09:57 - 2011-02-04 12:18 - 00001945 ____A C:\Windows\epplauncher.mif
2012-07-04 09:57 - 2010-03-15 23:17 - 00412048 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-04 09:53 - 2009-07-13 20:34 - 00013472 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-04 09:53 - 2009-07-13 20:34 - 00013472 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-04 09:45 - 2010-04-08 15:04 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2534515453-1742631250-888195653-1003UA.job
2012-07-04 09:42 - 2012-07-04 09:42 - 10288512 ____A (Microsoft Corporation) C:\Users\Mazi\Desktop\mseinstall.exe
2012-07-04 09:33 - 2010-03-21 14:46 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2534515453-1742631250-888195653-1001UA.job
2012-07-04 09:30 - 2010-03-21 09:43 - 00002009 ____A C:\Windows\LkmdfCoInst.log
2012-07-04 09:29 - 2010-03-21 09:43 - 00016400 ____A (Logitech, Inc.) C:\Windows\System32\Drivers\LNonPnP.sys
2012-07-04 09:16 - 2010-03-24 19:16 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-03 20:33 - 2010-03-21 14:46 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2534515453-1742631250-888195653-1001Core.job
2012-07-03 15:45 - 2010-04-08 15:04 - 00000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2534515453-1742631250-888195653-1003Core.job
2012-06-22 14:44 - 2012-04-12 10:04 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-06-22 14:44 - 2011-05-15 18:49 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-06-22 14:34 - 2009-07-13 20:53 - 00032604 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-06-22 13:18 - 2012-06-22 13:18 - 00001753 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-06-13 15:27 - 2009-07-13 20:33 - 00590816 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-12 22:22 - 2010-03-16 13:25 - 56731752 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-06 11:29 - 2010-03-21 10:48 - 00000020 ____H C:\Users\All Users\PKP_DLdw.DAT
2012-06-06 11:21 - 2010-03-21 10:02 - 00000020 ____H C:\Users\All Users\PKP_DLdu.DAT
2012-06-03 10:20 - 2012-06-03 10:20 - 00001037 ____A C:\Users\Mazi\Desktop\Dropbox.lnk
2012-06-03 09:40 - 2012-06-03 09:40 - 18002040 ____A (Dropbox, Inc.) C:\Users\Mazi\Desktop\Dropbox 1.4.7.exe
2012-06-02 14:19 - 2012-06-21 13:00 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-21 13:00 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-21 13:00 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-21 13:00 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-21 13:00 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:19 - 2012-06-21 12:59 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 14:12 - 2012-06-21 13:00 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:12 - 2012-06-21 13:00 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 14:12 - 2012-06-21 12:59 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-05-31 07:14 - 2010-03-16 20:00 - 00000426 ____A C:\Windows\BRWMARK.INI
2012-05-18 09:38 - 2012-03-10 10:41 - 00002479 ____A C:\Users\Public\Desktop\Safari.lnk
2012-05-17 15:11 - 2012-06-12 22:20 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-17 14:48 - 2012-06-12 22:20 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-17 14:45 - 2012-06-12 22:20 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-17 14:36 - 2012-06-12 22:20 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-17 14:35 - 2012-06-12 22:20 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-17 14:35 - 2012-06-12 22:20 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-17 14:33 - 2012-06-12 22:20 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-17 14:31 - 2012-06-12 22:20 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-17 14:29 - 2012-06-12 22:20 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-17 14:29 - 2012-06-12 22:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-17 14:27 - 2012-06-12 22:20 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-17 14:25 - 2012-06-12 22:20 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-17 14:24 - 2012-06-12 22:20 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-17 14:20 - 2012-06-12 22:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-14 17:05 - 2012-06-12 13:26 - 02343936 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-10 16:31 - 2010-03-16 13:32 - 00048658 ____A C:\Windows\PFRO.log
2012-05-10 14:58 - 2011-03-13 18:56 - 00000039 ____A C:\Windows\vbaddin.ini
2012-04-30 20:44 - 2012-06-12 13:26 - 00164352 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-27 19:17 - 2012-06-12 13:26 - 00183808 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-25 20:45 - 2012-06-12 13:26 - 00129536 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 20:45 - 2012-06-12 13:26 - 00058880 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 20:41 - 2012-06-12 13:26 - 00008192 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-23 20:36 - 2012-06-12 13:26 - 01158656 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 20:36 - 2012-06-12 13:26 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 20:36 - 2012-06-12 13:26 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-23 06:47 - 2010-03-20 19:48 - 00190616 ____A C:\Users\Pamela\AppData\Local\GDIPFONTCACHEV1.DAT
2012-04-22 19:48 - 2010-03-16 19:19 - 00190616 ____A C:\Users\Mazi\AppData\Local\GDIPFONTCACHEV1.DAT
2012-04-21 15:57 - 2010-06-12 11:23 - 00381088 ____A C:\Windows\DirectX.log
2012-04-18 19:56 - 2012-04-18 19:56 - 00094208 ____A (Apple Inc.) C:\Windows\System32\QuickTimeVR.qtx
2012-04-18 19:56 - 2012-04-18 19:56 - 00069632 ____A (Apple Inc.) C:\Windows\System32\QuickTime.qts
2012-04-12 08:28 - 2012-04-12 08:28 - 00001984 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
2012-04-07 03:26 - 2012-06-12 13:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
ZeroAccess:
C:\Windows\Installer\{ab1b01e3-cf1a-74db-ef7f-a2ca816fb802}
C:\Windows\Installer\{ab1b01e3-cf1a-74db-ef7f-a2ca816fb802}\@
C:\Windows\Installer\{ab1b01e3-cf1a-74db-ef7f-a2ca816fb802}\L
C:\Windows\Installer\{ab1b01e3-cf1a-74db-ef7f-a2ca816fb802}\n
C:\Windows\Installer\{ab1b01e3-cf1a-74db-ef7f-a2ca816fb802}\U
C:\Windows\Installer\{ab1b01e3-cf1a-74db-ef7f-a2ca816fb802}\L\00000004.@
C:\Windows\Installer\{ab1b01e3-cf1a-74db-ef7f-a2ca816fb802}\L\201d3dde
C:\Windows\Installer\{ab1b01e3-cf1a-74db-ef7f-a2ca816fb802}\U\00000004.@
C:\Windows\Installer\{ab1b01e3-cf1a-74db-ef7f-a2ca816fb802}\U\00000008.@
C:\Windows\Installer\{ab1b01e3-cf1a-74db-ef7f-a2ca816fb802}\U\000000cb.@
C:\Windows\Installer\{ab1b01e3-cf1a-74db-ef7f-a2ca816fb802}\U\80000000.@
C:\Windows\Installer\{ab1b01e3-cf1a-74db-ef7f-a2ca816fb802}\U\80000032.@
ZeroAccess:
C:\Users\Mazi\AppData\Local\{ab1b01e3-cf1a-74db-ef7f-a2ca816fb802}
C:\Users\Mazi\AppData\Local\{ab1b01e3-cf1a-74db-ef7f-a2ca816fb802}\@
C:\Users\Mazi\AppData\Local\{ab1b01e3-cf1a-74db-ef7f-a2ca816fb802}\L
C:\Users\Mazi\AppData\Local\{ab1b01e3-cf1a-74db-ef7f-a2ca816fb802}\n
C:\Users\Mazi\AppData\Local\{ab1b01e3-cf1a-74db-ef7f-a2ca816fb802}\U
C:\Users\Mazi\AppData\Local\{ab1b01e3-cf1a-74db-ef7f-a2ca816fb802}\U\00000004.@
C:\Users\Mazi\AppData\Local\{ab1b01e3-cf1a-74db-ef7f-a2ca816fb802}\U\000000cb.@
C:\Users\Mazi\AppData\Local\{ab1b01e3-cf1a-74db-ef7f-a2ca816fb802}\U\80000000.@
========================= Known DLLs (Whitelisted) ============
========================= Bamital & volsnap Check ============
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe A302BBFF2A7278C0E239EE5D471D86A9 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
========================= Memory info ======================
Percentage of memory in use: 11%
Total physical RAM: 4095.12 MB
Available physical RAM: 3606.24 MB
Total Pagefile: 4093.39 MB
Available Pagefile: 3608.48 MB
Total Virtual: 2047.88 MB
Available Virtual: 1968.7 MB
======================= Partitions =========================
2 Drive c: () (Fixed) (Total:298.09 GB) (Free:138.86 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
3 Drive d: () (Fixed) (Total:698.63 GB) (Free:449.83 GB) NTFS
5 Drive f: () (Removable) (Total:0.24 GB) (Free:0.13 GB) FAT
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 2048 KB
Disk 1 Online 698 GB 0 B
Disk 2 Online 250 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 298 GB 1024 KB
==================================================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 298 GB Healthy
==================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 698 GB 1024 KB
==================================================================================
Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D NTFS Partition 698 GB Healthy
==================================================================================
Partitions of Disk 2:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 249 MB 16 KB
==================================================================================
Disk: 2
Partition 1
Type : 06
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FAT Removable 249 MB Healthy
==================================================================================
==========================================================
Last Boot: 2012-06-28 17:42
======================= End Of Log ==========================