misterpine
Posts: 13 +0
I got this virus today somehow and it keeps restarting my computer every minute. I saw others with the same problem here. I ran that FRST program and here is the log it created:
Scan result of Farbar Recovery Scan Tool Version: 03-07-2012 01
Ran by SYSTEM at 03-07-2012 19:41:46
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001
========================== Registry (Whitelisted) =============
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [1424896 2011-09-08] (IDT, Inc.)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKU\Anthony\...\Run: [Audiogalaxy] "C:\Users\Anthony\AppData\Local\Audiogalaxy\Audiogalaxy.exe" /startup [2959488 2012-05-29] (AG Entertainment Inc)
HKU\Anthony\...\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED [880496 2012-05-11] (BitTorrent, Inc.)
HKU\Anthony\...\Policies\system: [DisableLockWorkstation] 0
HKU\Anthony\...\Policies\system: [DisableChangePassword] 0
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
==================== Services (Whitelisted) ======
4 HPAuto; "C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe" [682040 2011-02-16] (Hewlett-Packard)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
2 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [177704 2007-06-05] ()
2 UNS; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [2320920 2010-07-23] (Intel Corporation)
========================== Drivers (Whitelisted) =============
3 AESTAud; C:\Windows\System32\drivers\AESTAu64.sys [146048 2011-06-07] (Andrea Electronics Corporation)
3 cpudrv64; \??\C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2009-12-18] ()
3 easytether; C:\Windows\System32\DRIVERS\easytthr.sys [20752 2011-05-22] (Mobile Stream)
3 NVENETFD; C:\Windows\System32\DRIVERS\nvm62x64.sys [408960 2009-06-10] (NVIDIA Corporation)
3 RT80x86; C:\Windows\System32\DRIVERS\RT2860.sys [2930240 2011-06-28] (Ralink Technology, Corp.)
========================== NetSvcs (Whitelisted) ===========
============ One Month Created Files and Folders ==============
2012-07-03 19:41 - 2012-07-03 19:41 - 00000000 ____D C:\FRST
2012-07-03 16:22 - 2012-07-03 16:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B5A8F677EFCCB925
2012-07-03 16:19 - 2012-07-03 16:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.909A4D262CA336DA
2012-07-03 16:15 - 2012-07-03 16:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.28D56997C38EE79B
2012-07-03 16:07 - 2012-07-03 16:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8B70ABA3F6303576
2012-07-03 16:03 - 2012-07-03 16:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A602FF4889E5C090
2012-07-03 15:59 - 2012-07-03 15:59 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3ED700E45FE1D3CC
2012-07-03 15:57 - 2012-07-03 15:57 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FC749B5639A3885E
2012-07-03 15:53 - 2012-07-03 15:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D937D46F77C8FE16
2012-07-03 15:50 - 2012-07-03 15:50 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F31031258CA9967A
2012-07-03 15:47 - 2012-07-03 15:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.02736999A29ACCBD
2012-07-03 15:44 - 2012-07-03 15:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FC8973CAA3EAB23F
2012-07-03 15:41 - 2012-07-03 15:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.573D55BF4E058DA1
2012-07-03 15:34 - 2012-07-03 15:34 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-07-03 15:34 - 2012-07-03 15:34 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-07-03 14:55 - 2012-07-03 14:55 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-07-03 14:54 - 2012-07-03 14:54 - 12621696 ____A (Microsoft Corporation) C:\Users\Anthony\Desktop\mseinstall.exe
2012-07-03 14:48 - 2012-07-03 14:48 - 00000000 ____D C:\Users\Anthony\AppData\Local\{34100C83-C561-11E1-8270-B8AC6F996F26}
2012-07-03 14:48 - 2012-07-03 14:48 - 00000000 ____D C:\Users\Anthony\AppData\Local\{340FDB65-C561-11E1-8270-B8AC6F996F26}
2012-07-03 14:47 - 2012-07-03 14:48 - 00000000 ____D C:\Users\Anthony\AppData\Roaming\Ywtom
2012-07-03 14:47 - 2012-07-03 14:47 - 00145920 __ASH (DT Soft Ltd) C:\Users\Anthony\AppData\Roaming\upracd.dll
2012-07-03 14:47 - 2012-07-03 14:47 - 00000000 ____D C:\Users\Anthony\AppData\Roaming\Ihoti
2012-06-24 19:07 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-24 19:07 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-24 19:07 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-24 19:07 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-24 19:06 - 2012-06-02 12:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-24 19:06 - 2012-06-02 12:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-24 19:02 - 2012-06-24 19:02 - 00000402 ____A C:\Windows\PFRO.log
2012-06-21 13:03 - 2012-06-21 13:03 - 00000000 ____D C:\Users\Anthony\AppData\Local\Macromedia
2012-06-16 22:00 - 2012-07-03 16:37 - 00001008 ____A C:\Windows\setupact.log
2012-06-16 22:00 - 2012-06-16 22:00 - 00000000 ____A C:\Windows\setuperr.log
2012-06-13 21:05 - 2012-06-13 21:06 - 00000000 ____D C:\Program Files\iTunes
2012-06-13 21:05 - 2012-06-13 21:05 - 00000000 ____D C:\Program Files\iPod
2012-06-13 14:51 - 2012-05-17 18:47 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-13 14:51 - 2012-05-17 18:16 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-13 14:51 - 2012-05-17 18:06 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-13 14:51 - 2012-05-17 17:59 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-13 14:51 - 2012-05-17 17:59 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-13 14:51 - 2012-05-17 17:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-13 14:51 - 2012-05-17 17:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-13 14:51 - 2012-05-17 17:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-13 14:51 - 2012-05-17 17:55 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-13 14:51 - 2012-05-17 17:55 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-13 14:51 - 2012-05-17 17:54 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-13 14:51 - 2012-05-17 17:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-13 14:51 - 2012-05-17 17:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-13 14:51 - 2012-05-17 17:47 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-13 14:51 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-13 14:51 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-13 14:51 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-13 14:51 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-13 14:51 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-13 14:51 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-13 14:51 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-13 14:51 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-13 14:51 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-13 14:51 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-13 14:51 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-13 14:51 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-13 14:51 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-13 14:51 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-13 14:51 - 2012-05-04 03:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-06-13 14:51 - 2012-05-04 03:00 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-06-13 14:51 - 2012-05-04 02:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-06-13 14:51 - 2012-05-04 02:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-06-13 14:51 - 2012-05-04 01:59 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2012-06-13 14:50 - 2012-05-14 17:32 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-13 14:50 - 2012-04-30 21:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-06-13 14:50 - 2012-04-27 19:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-13 14:50 - 2012-04-25 21:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-13 14:50 - 2012-04-25 21:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-13 14:50 - 2012-04-25 21:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-13 14:50 - 2012-04-23 21:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-06-13 14:50 - 2012-04-23 21:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-13 14:50 - 2012-04-23 21:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-06-13 14:50 - 2012-04-23 20:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-06-13 14:50 - 2012-04-23 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-06-13 14:50 - 2012-04-23 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-06-13 14:50 - 2012-04-07 04:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-06-13 14:50 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
============ 3 Months Modified Files ========================
2012-07-03 16:37 - 2012-06-16 22:00 - 00001008 ____A C:\Windows\setupact.log
2012-07-03 16:37 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-03 16:22 - 2012-07-03 16:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B5A8F677EFCCB925
2012-07-03 16:19 - 2012-07-03 16:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.909A4D262CA336DA
2012-07-03 16:15 - 2012-07-03 16:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.28D56997C38EE79B
2012-07-03 16:07 - 2012-07-03 16:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8B70ABA3F6303576
2012-07-03 16:03 - 2012-07-03 16:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A602FF4889E5C090
2012-07-03 16:03 - 2012-02-04 02:13 - 01275278 ____A C:\Windows\WindowsUpdate.log
2012-07-03 15:59 - 2012-07-03 15:59 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3ED700E45FE1D3CC
2012-07-03 15:57 - 2012-07-03 15:57 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FC749B5639A3885E
2012-07-03 15:53 - 2012-07-03 15:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D937D46F77C8FE16
2012-07-03 15:50 - 2012-07-03 15:50 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F31031258CA9967A
2012-07-03 15:47 - 2012-07-03 15:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.02736999A29ACCBD
2012-07-03 15:44 - 2012-07-03 15:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FC8973CAA3EAB23F
2012-07-03 15:41 - 2012-07-03 15:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.573D55BF4E058DA1
2012-07-03 15:34 - 2011-10-08 18:50 - 00757140 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-07-03 15:34 - 2011-10-08 18:50 - 00001945 ____A C:\Windows\epplauncher.mif
2012-07-03 14:54 - 2012-07-03 14:54 - 12621696 ____A (Microsoft Corporation) C:\Users\Anthony\Desktop\mseinstall.exe
2012-07-03 14:47 - 2012-07-03 14:47 - 00145920 __ASH (DT Soft Ltd) C:\Users\Anthony\AppData\Roaming\upracd.dll
2012-07-03 14:31 - 2011-12-14 13:26 - 08456704 __ASH C:\Users\Anthony\Desktop\Thumbs.db
2012-07-03 12:31 - 2009-07-13 20:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-03 12:31 - 2009-07-13 20:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-03 12:28 - 2009-07-13 21:13 - 00743164 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-30 15:11 - 2011-10-09 20:10 - 00001004 __ASH C:\Windows\SysWOW64\KGyGaAvL.sys
2012-06-24 19:02 - 2012-06-24 19:02 - 00000402 ____A C:\Windows\PFRO.log
2012-06-24 19:02 - 2012-04-12 19:55 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-21 13:00 - 2012-04-12 19:55 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-21 13:00 - 2011-10-08 19:42 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-16 22:00 - 2012-06-16 22:00 - 00000000 ____A C:\Windows\setuperr.log
2012-06-13 15:13 - 2009-07-13 20:45 - 04853376 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-13 14:58 - 2011-10-08 13:54 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-04 15:55 - 2011-10-08 15:55 - 00000340 ____A C:\Windows\Tasks\HPCeeScheduleForAnthony.job
2012-06-02 14:19 - 2012-06-24 19:07 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-24 19:07 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-24 19:07 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:15 - 2012-06-24 19:07 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 12:19 - 2012-06-24 19:06 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 12:15 - 2012-06-24 19:06 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-05-26 09:36 - 2012-05-31 01:09 - 00204800 ____A C:\Windows\System32\unrar64.dll
2012-05-17 18:47 - 2012-06-13 14:51 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-17 18:16 - 2012-06-13 14:51 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-17 18:06 - 2012-06-13 14:51 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-17 17:59 - 2012-06-13 14:51 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-17 17:59 - 2012-06-13 14:51 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-17 17:58 - 2012-06-13 14:51 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-17 17:58 - 2012-06-13 14:51 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-17 17:56 - 2012-06-13 14:51 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-17 17:55 - 2012-06-13 14:51 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-17 17:55 - 2012-06-13 14:51 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-17 17:54 - 2012-06-13 14:51 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-17 17:51 - 2012-06-13 14:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-17 17:51 - 2012-06-13 14:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-17 17:47 - 2012-06-13 14:51 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-17 15:11 - 2012-06-13 14:51 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-05-17 14:48 - 2012-06-13 14:51 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-05-17 14:45 - 2012-06-13 14:51 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-05-17 14:36 - 2012-06-13 14:51 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-05-17 14:35 - 2012-06-13 14:51 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-05-17 14:35 - 2012-06-13 14:51 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-17 14:33 - 2012-06-13 14:51 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-05-17 14:31 - 2012-06-13 14:51 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-17 14:29 - 2012-06-13 14:51 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-05-17 14:29 - 2012-06-13 14:51 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-05-17 14:27 - 2012-06-13 14:51 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-05-17 14:25 - 2012-06-13 14:51 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-05-17 14:24 - 2012-06-13 14:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-05-17 14:20 - 2012-06-13 14:51 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-05-14 17:32 - 2012-06-13 14:50 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-07 15:53 - 2012-05-07 15:53 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-05-07 15:53 - 2012-05-07 15:53 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-05-04 03:06 - 2012-06-13 14:51 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 03:00 - 2012-06-13 14:51 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-05-04 02:03 - 2012-06-13 14:51 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:03 - 2012-06-13 14:51 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-04 01:59 - 2012-06-13 14:51 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2012-05-01 16:42 - 2011-10-08 12:57 - 00064032 ____A C:\Users\Anthony\AppData\Local\GDIPFONTCACHEV1.DAT
2012-04-30 21:40 - 2012-06-13 14:50 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-27 19:55 - 2012-06-13 14:50 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-25 21:41 - 2012-06-13 14:50 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 21:41 - 2012-06-13 14:50 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 21:34 - 2012-06-13 14:50 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-23 21:37 - 2012-06-13 14:50 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 21:37 - 2012-06-13 14:50 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 21:37 - 2012-06-13 14:50 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-23 20:36 - 2012-06-13 14:50 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-23 20:36 - 2012-06-13 14:50 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-23 20:36 - 2012-06-13 14:50 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-04-18 17:56 - 2012-04-18 17:56 - 00094208 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTimeVR.qtx
2012-04-18 17:56 - 2012-04-18 17:56 - 00069632 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTime.qts
2012-04-07 04:31 - 2012-06-13 14:50 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-04-07 03:26 - 2012-06-13 14:50 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
ZeroAccess:
C:\Windows\Installer\{4a0e3c40-3084-9458-1df4-52c1f828f33e}
C:\Windows\Installer\{4a0e3c40-3084-9458-1df4-52c1f828f33e}\@
C:\Windows\Installer\{4a0e3c40-3084-9458-1df4-52c1f828f33e}\L
C:\Windows\Installer\{4a0e3c40-3084-9458-1df4-52c1f828f33e}\n
C:\Windows\Installer\{4a0e3c40-3084-9458-1df4-52c1f828f33e}\U
C:\Windows\Installer\{4a0e3c40-3084-9458-1df4-52c1f828f33e}\U\00000001.@
C:\Windows\Installer\{4a0e3c40-3084-9458-1df4-52c1f828f33e}\U\80000000.@
C:\Windows\Installer\{4a0e3c40-3084-9458-1df4-52c1f828f33e}\U\800000cb.@
ZeroAccess:
C:\Users\Anthony\AppData\Local\{4a0e3c40-3084-9458-1df4-52c1f828f33e}
C:\Users\Anthony\AppData\Local\{4a0e3c40-3084-9458-1df4-52c1f828f33e}\@
C:\Users\Anthony\AppData\Local\{4a0e3c40-3084-9458-1df4-52c1f828f33e}\L
C:\Users\Anthony\AppData\Local\{4a0e3c40-3084-9458-1df4-52c1f828f33e}\U
========================= Known DLLs (Whitelisted) ============
========================= Bamital & volsnap Check ============
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
========================= Memory info ======================
Percentage of memory in use: 18%
Total physical RAM: 3893.86 MB
Available physical RAM: 3154.23 MB
Total Pagefile: 3892.01 MB
Available Pagefile: 3150.58 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
======================= Partitions =========================
1 Drive c: () (Fixed) (Total:581.99 GB) (Free:53.55 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (RECOVERY) (Fixed) (Total:13.88 GB) (Free:1.55 GB) NTFS
4 Drive g: (9016284126) (Removable) (Total:3.72 GB) (Free:3.72 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.25 GB) (Free:0.25 GB) NTFS
6 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 596 GB 103 MB
Disk 1 Online 3820 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 581 GB 200 MB
Partition 3 Primary 13 GB 582 GB
==================================================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy
==================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 581 GB Healthy
==================================================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E RECOVERY NTFS Partition 13 GB Healthy
==================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3816 MB 4032 KB
==================================================================================
Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G 9016284126 FAT32 Removable 3816 MB Healthy
==================================================================================
==========================================================
Last Boot: 2012-06-27 21:09
======================= End Of Log ==========================
And here is what the search gave me:
Farbar Recovery Scan Tool Version: 03-07-2012 01
Ran by SYSTEM at 2012-07-03 19:46:00
Running from G:\
================== Search: "services.exe" ===================
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06
====== End Of Search ======
Scan result of Farbar Recovery Scan Tool Version: 03-07-2012 01
Ran by SYSTEM at 03-07-2012 19:41:46
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001
========================== Registry (Whitelisted) =============
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [1424896 2011-09-08] (IDT, Inc.)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKU\Anthony\...\Run: [Audiogalaxy] "C:\Users\Anthony\AppData\Local\Audiogalaxy\Audiogalaxy.exe" /startup [2959488 2012-05-29] (AG Entertainment Inc)
HKU\Anthony\...\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED [880496 2012-05-11] (BitTorrent, Inc.)
HKU\Anthony\...\Policies\system: [DisableLockWorkstation] 0
HKU\Anthony\...\Policies\system: [DisableChangePassword] 0
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
==================== Services (Whitelisted) ======
4 HPAuto; "C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe" [682040 2011-02-16] (Hewlett-Packard)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
2 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [177704 2007-06-05] ()
2 UNS; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [2320920 2010-07-23] (Intel Corporation)
========================== Drivers (Whitelisted) =============
3 AESTAud; C:\Windows\System32\drivers\AESTAu64.sys [146048 2011-06-07] (Andrea Electronics Corporation)
3 cpudrv64; \??\C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2009-12-18] ()
3 easytether; C:\Windows\System32\DRIVERS\easytthr.sys [20752 2011-05-22] (Mobile Stream)
3 NVENETFD; C:\Windows\System32\DRIVERS\nvm62x64.sys [408960 2009-06-10] (NVIDIA Corporation)
3 RT80x86; C:\Windows\System32\DRIVERS\RT2860.sys [2930240 2011-06-28] (Ralink Technology, Corp.)
========================== NetSvcs (Whitelisted) ===========
============ One Month Created Files and Folders ==============
2012-07-03 19:41 - 2012-07-03 19:41 - 00000000 ____D C:\FRST
2012-07-03 16:22 - 2012-07-03 16:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B5A8F677EFCCB925
2012-07-03 16:19 - 2012-07-03 16:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.909A4D262CA336DA
2012-07-03 16:15 - 2012-07-03 16:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.28D56997C38EE79B
2012-07-03 16:07 - 2012-07-03 16:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8B70ABA3F6303576
2012-07-03 16:03 - 2012-07-03 16:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A602FF4889E5C090
2012-07-03 15:59 - 2012-07-03 15:59 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3ED700E45FE1D3CC
2012-07-03 15:57 - 2012-07-03 15:57 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FC749B5639A3885E
2012-07-03 15:53 - 2012-07-03 15:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D937D46F77C8FE16
2012-07-03 15:50 - 2012-07-03 15:50 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F31031258CA9967A
2012-07-03 15:47 - 2012-07-03 15:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.02736999A29ACCBD
2012-07-03 15:44 - 2012-07-03 15:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FC8973CAA3EAB23F
2012-07-03 15:41 - 2012-07-03 15:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.573D55BF4E058DA1
2012-07-03 15:34 - 2012-07-03 15:34 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-07-03 15:34 - 2012-07-03 15:34 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-07-03 14:55 - 2012-07-03 14:55 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-07-03 14:54 - 2012-07-03 14:54 - 12621696 ____A (Microsoft Corporation) C:\Users\Anthony\Desktop\mseinstall.exe
2012-07-03 14:48 - 2012-07-03 14:48 - 00000000 ____D C:\Users\Anthony\AppData\Local\{34100C83-C561-11E1-8270-B8AC6F996F26}
2012-07-03 14:48 - 2012-07-03 14:48 - 00000000 ____D C:\Users\Anthony\AppData\Local\{340FDB65-C561-11E1-8270-B8AC6F996F26}
2012-07-03 14:47 - 2012-07-03 14:48 - 00000000 ____D C:\Users\Anthony\AppData\Roaming\Ywtom
2012-07-03 14:47 - 2012-07-03 14:47 - 00145920 __ASH (DT Soft Ltd) C:\Users\Anthony\AppData\Roaming\upracd.dll
2012-07-03 14:47 - 2012-07-03 14:47 - 00000000 ____D C:\Users\Anthony\AppData\Roaming\Ihoti
2012-06-24 19:07 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-24 19:07 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-24 19:07 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-24 19:07 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-24 19:06 - 2012-06-02 12:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-24 19:06 - 2012-06-02 12:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-24 19:02 - 2012-06-24 19:02 - 00000402 ____A C:\Windows\PFRO.log
2012-06-21 13:03 - 2012-06-21 13:03 - 00000000 ____D C:\Users\Anthony\AppData\Local\Macromedia
2012-06-16 22:00 - 2012-07-03 16:37 - 00001008 ____A C:\Windows\setupact.log
2012-06-16 22:00 - 2012-06-16 22:00 - 00000000 ____A C:\Windows\setuperr.log
2012-06-13 21:05 - 2012-06-13 21:06 - 00000000 ____D C:\Program Files\iTunes
2012-06-13 21:05 - 2012-06-13 21:05 - 00000000 ____D C:\Program Files\iPod
2012-06-13 14:51 - 2012-05-17 18:47 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-13 14:51 - 2012-05-17 18:16 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-13 14:51 - 2012-05-17 18:06 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-13 14:51 - 2012-05-17 17:59 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-13 14:51 - 2012-05-17 17:59 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-13 14:51 - 2012-05-17 17:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-13 14:51 - 2012-05-17 17:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-13 14:51 - 2012-05-17 17:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-13 14:51 - 2012-05-17 17:55 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-13 14:51 - 2012-05-17 17:55 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-13 14:51 - 2012-05-17 17:54 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-13 14:51 - 2012-05-17 17:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-13 14:51 - 2012-05-17 17:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-13 14:51 - 2012-05-17 17:47 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-13 14:51 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-13 14:51 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-13 14:51 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-13 14:51 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-13 14:51 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-13 14:51 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-13 14:51 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-13 14:51 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-13 14:51 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-13 14:51 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-13 14:51 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-13 14:51 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-13 14:51 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-13 14:51 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-13 14:51 - 2012-05-04 03:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-06-13 14:51 - 2012-05-04 03:00 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-06-13 14:51 - 2012-05-04 02:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-06-13 14:51 - 2012-05-04 02:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-06-13 14:51 - 2012-05-04 01:59 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2012-06-13 14:50 - 2012-05-14 17:32 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-13 14:50 - 2012-04-30 21:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-06-13 14:50 - 2012-04-27 19:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-13 14:50 - 2012-04-25 21:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-13 14:50 - 2012-04-25 21:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-13 14:50 - 2012-04-25 21:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-13 14:50 - 2012-04-23 21:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-06-13 14:50 - 2012-04-23 21:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-13 14:50 - 2012-04-23 21:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-06-13 14:50 - 2012-04-23 20:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-06-13 14:50 - 2012-04-23 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-06-13 14:50 - 2012-04-23 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-06-13 14:50 - 2012-04-07 04:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-06-13 14:50 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
============ 3 Months Modified Files ========================
2012-07-03 16:37 - 2012-06-16 22:00 - 00001008 ____A C:\Windows\setupact.log
2012-07-03 16:37 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-03 16:22 - 2012-07-03 16:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B5A8F677EFCCB925
2012-07-03 16:19 - 2012-07-03 16:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.909A4D262CA336DA
2012-07-03 16:15 - 2012-07-03 16:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.28D56997C38EE79B
2012-07-03 16:07 - 2012-07-03 16:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8B70ABA3F6303576
2012-07-03 16:03 - 2012-07-03 16:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A602FF4889E5C090
2012-07-03 16:03 - 2012-02-04 02:13 - 01275278 ____A C:\Windows\WindowsUpdate.log
2012-07-03 15:59 - 2012-07-03 15:59 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3ED700E45FE1D3CC
2012-07-03 15:57 - 2012-07-03 15:57 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FC749B5639A3885E
2012-07-03 15:53 - 2012-07-03 15:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D937D46F77C8FE16
2012-07-03 15:50 - 2012-07-03 15:50 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F31031258CA9967A
2012-07-03 15:47 - 2012-07-03 15:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.02736999A29ACCBD
2012-07-03 15:44 - 2012-07-03 15:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FC8973CAA3EAB23F
2012-07-03 15:41 - 2012-07-03 15:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.573D55BF4E058DA1
2012-07-03 15:34 - 2011-10-08 18:50 - 00757140 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-07-03 15:34 - 2011-10-08 18:50 - 00001945 ____A C:\Windows\epplauncher.mif
2012-07-03 14:54 - 2012-07-03 14:54 - 12621696 ____A (Microsoft Corporation) C:\Users\Anthony\Desktop\mseinstall.exe
2012-07-03 14:47 - 2012-07-03 14:47 - 00145920 __ASH (DT Soft Ltd) C:\Users\Anthony\AppData\Roaming\upracd.dll
2012-07-03 14:31 - 2011-12-14 13:26 - 08456704 __ASH C:\Users\Anthony\Desktop\Thumbs.db
2012-07-03 12:31 - 2009-07-13 20:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-03 12:31 - 2009-07-13 20:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-03 12:28 - 2009-07-13 21:13 - 00743164 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-30 15:11 - 2011-10-09 20:10 - 00001004 __ASH C:\Windows\SysWOW64\KGyGaAvL.sys
2012-06-24 19:02 - 2012-06-24 19:02 - 00000402 ____A C:\Windows\PFRO.log
2012-06-24 19:02 - 2012-04-12 19:55 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-21 13:00 - 2012-04-12 19:55 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-21 13:00 - 2011-10-08 19:42 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-16 22:00 - 2012-06-16 22:00 - 00000000 ____A C:\Windows\setuperr.log
2012-06-13 15:13 - 2009-07-13 20:45 - 04853376 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-13 14:58 - 2011-10-08 13:54 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-04 15:55 - 2011-10-08 15:55 - 00000340 ____A C:\Windows\Tasks\HPCeeScheduleForAnthony.job
2012-06-02 14:19 - 2012-06-24 19:07 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-24 19:07 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-24 19:07 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:15 - 2012-06-24 19:07 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 12:19 - 2012-06-24 19:06 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 12:15 - 2012-06-24 19:06 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-05-26 09:36 - 2012-05-31 01:09 - 00204800 ____A C:\Windows\System32\unrar64.dll
2012-05-17 18:47 - 2012-06-13 14:51 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-17 18:16 - 2012-06-13 14:51 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-17 18:06 - 2012-06-13 14:51 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-17 17:59 - 2012-06-13 14:51 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-17 17:59 - 2012-06-13 14:51 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-17 17:58 - 2012-06-13 14:51 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-17 17:58 - 2012-06-13 14:51 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-17 17:56 - 2012-06-13 14:51 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-17 17:55 - 2012-06-13 14:51 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-17 17:55 - 2012-06-13 14:51 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-17 17:54 - 2012-06-13 14:51 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-17 17:51 - 2012-06-13 14:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-17 17:51 - 2012-06-13 14:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-17 17:47 - 2012-06-13 14:51 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-17 15:11 - 2012-06-13 14:51 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-05-17 14:48 - 2012-06-13 14:51 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-05-17 14:45 - 2012-06-13 14:51 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-05-17 14:36 - 2012-06-13 14:51 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-05-17 14:35 - 2012-06-13 14:51 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-05-17 14:35 - 2012-06-13 14:51 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-17 14:33 - 2012-06-13 14:51 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-05-17 14:31 - 2012-06-13 14:51 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-17 14:29 - 2012-06-13 14:51 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-05-17 14:29 - 2012-06-13 14:51 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-05-17 14:27 - 2012-06-13 14:51 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-05-17 14:25 - 2012-06-13 14:51 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-05-17 14:24 - 2012-06-13 14:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-05-17 14:20 - 2012-06-13 14:51 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-05-14 17:32 - 2012-06-13 14:50 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-07 15:53 - 2012-05-07 15:53 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-05-07 15:53 - 2012-05-07 15:53 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-05-04 03:06 - 2012-06-13 14:51 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 03:00 - 2012-06-13 14:51 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-05-04 02:03 - 2012-06-13 14:51 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:03 - 2012-06-13 14:51 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-04 01:59 - 2012-06-13 14:51 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2012-05-01 16:42 - 2011-10-08 12:57 - 00064032 ____A C:\Users\Anthony\AppData\Local\GDIPFONTCACHEV1.DAT
2012-04-30 21:40 - 2012-06-13 14:50 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-27 19:55 - 2012-06-13 14:50 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-25 21:41 - 2012-06-13 14:50 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 21:41 - 2012-06-13 14:50 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 21:34 - 2012-06-13 14:50 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-23 21:37 - 2012-06-13 14:50 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 21:37 - 2012-06-13 14:50 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 21:37 - 2012-06-13 14:50 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-23 20:36 - 2012-06-13 14:50 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-23 20:36 - 2012-06-13 14:50 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-23 20:36 - 2012-06-13 14:50 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-04-18 17:56 - 2012-04-18 17:56 - 00094208 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTimeVR.qtx
2012-04-18 17:56 - 2012-04-18 17:56 - 00069632 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTime.qts
2012-04-07 04:31 - 2012-06-13 14:50 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-04-07 03:26 - 2012-06-13 14:50 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
ZeroAccess:
C:\Windows\Installer\{4a0e3c40-3084-9458-1df4-52c1f828f33e}
C:\Windows\Installer\{4a0e3c40-3084-9458-1df4-52c1f828f33e}\@
C:\Windows\Installer\{4a0e3c40-3084-9458-1df4-52c1f828f33e}\L
C:\Windows\Installer\{4a0e3c40-3084-9458-1df4-52c1f828f33e}\n
C:\Windows\Installer\{4a0e3c40-3084-9458-1df4-52c1f828f33e}\U
C:\Windows\Installer\{4a0e3c40-3084-9458-1df4-52c1f828f33e}\U\00000001.@
C:\Windows\Installer\{4a0e3c40-3084-9458-1df4-52c1f828f33e}\U\80000000.@
C:\Windows\Installer\{4a0e3c40-3084-9458-1df4-52c1f828f33e}\U\800000cb.@
ZeroAccess:
C:\Users\Anthony\AppData\Local\{4a0e3c40-3084-9458-1df4-52c1f828f33e}
C:\Users\Anthony\AppData\Local\{4a0e3c40-3084-9458-1df4-52c1f828f33e}\@
C:\Users\Anthony\AppData\Local\{4a0e3c40-3084-9458-1df4-52c1f828f33e}\L
C:\Users\Anthony\AppData\Local\{4a0e3c40-3084-9458-1df4-52c1f828f33e}\U
========================= Known DLLs (Whitelisted) ============
========================= Bamital & volsnap Check ============
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
========================= Memory info ======================
Percentage of memory in use: 18%
Total physical RAM: 3893.86 MB
Available physical RAM: 3154.23 MB
Total Pagefile: 3892.01 MB
Available Pagefile: 3150.58 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
======================= Partitions =========================
1 Drive c: () (Fixed) (Total:581.99 GB) (Free:53.55 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (RECOVERY) (Fixed) (Total:13.88 GB) (Free:1.55 GB) NTFS
4 Drive g: (9016284126) (Removable) (Total:3.72 GB) (Free:3.72 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.25 GB) (Free:0.25 GB) NTFS
6 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 596 GB 103 MB
Disk 1 Online 3820 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 581 GB 200 MB
Partition 3 Primary 13 GB 582 GB
==================================================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy
==================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 581 GB Healthy
==================================================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E RECOVERY NTFS Partition 13 GB Healthy
==================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3816 MB 4032 KB
==================================================================================
Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G 9016284126 FAT32 Removable 3816 MB Healthy
==================================================================================
==========================================================
Last Boot: 2012-06-27 21:09
======================= End Of Log ==========================
And here is what the search gave me:
Farbar Recovery Scan Tool Version: 03-07-2012 01
Ran by SYSTEM at 2012-07-03 19:46:00
Running from G:\
================== Search: "services.exe" ===================
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06
====== End Of Search ======