Ma2Tmatt
Posts: 12 +0
Hey guys,
Same problem as everyone else, tried to run microsoft security essentials, now it restarts every 1 min.
SO glad I found this place. I've followed the instructions and have done as much as I can myself.
I have run FRST, and here are my FRST.txt and services search.txt log files. Thank you so much for the help!!
Scan result of Farbar Recovery Scan Tool Version: 25-07-2012 01
Ran by SYSTEM at 26-07-2012 12:54:04
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001
========================== Registry (Whitelisted) =============
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-03-05] (Adobe Systems Incorporated)
HKLM\...\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [1580368 2010-11-03] (Logitech, Inc.)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE [x]
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe [36864 2007-05-09] (Creative Technology Ltd.)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-08-09] (Apple Inc.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManager.lnk" [1306 2011-04-02] ()
HKLM-x32\...\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide [190808 2011-03-01] (Logitech Inc.)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [79192 2011-02-18] (Research In Motion Limited)
HKLM-x32\...\Run: [UrsaSpellChecker] C:\Program Files (x86)\UrsaSpelling\UrsaConsole.exe [218112 2011-01-16] ()
HKLM-x32\...\Run: [ColdTurkey_notify] C:\Program Files\ColdTurkey\ct_notify.exe [47616 2012-05-02] ()
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-03-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKU\Matt\...\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [247728 2011-04-22] (TomTom)
HKU\Matt\...\Run: [FeedDemon] "C:\Program Files (x86)\FeedDemon\FeedDemon.exe" /startminimized [7201280 2010-06-10] (NewsGator Technologies, Inc.)
HKU\Matt\...\Run: [AdobeBridge] [x]
HKU\Matt\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 [1840424 2008-06-24] (Nero AG)
HKU\Matt\...\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler [x]
HKU\Matt\...\Run: [Spotify Web Helper] "C:\Users\Matt\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1192664 2012-07-11] ()
HKU\Mcx1-MATT-LAPTOP\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-13] (Microsoft Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\CineForm Status.lnk
ShortcutTarget: CineForm Status.lnk -> C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe (GoPro)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\RescueTime.lnk
ShortcutTarget: RescueTime.lnk -> C:\Program Files (x86)\RescueTime\RescueTime.exe (RescueTime, Inc.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\UltraMon.lnk
ShortcutTarget: UltraMon.lnk -> C:\Windows\Installer\{B49673F8-7AB6-4A14-8213-C8A7BE370010}\IcoUltraMon.ico ()
Startup: C:\Users\Matt\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)
==================== Services (Whitelisted) ======
2 CCALib8; C:\Program Files (x86)\Canon\CAL\CALMAIN.exe [96341 2005-09-30] (Canon Inc.)
2 KCTRP; C:\Program Files\ColdTurkey\KCTRP_srv.exe [39936 2012-05-04] ()
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
3 NMIndexingService; "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe" [537896 2008-06-24] (Nero AG)
2 TomTomHOMEService; C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [92592 2011-04-22] (TomTom)
2 WeGameClientService; C:\Program Files (x86)\WeGame\WGClientService.exe [18472 2011-07-28] (WeGame.com, Inc.)
2 SupportSoft RemoteAssist; C:\Program Files (x86)\Common Files\supportsoft\bin\ssrc.exe [x]
========================== Drivers (Whitelisted) =============
3 CompFilter64; C:\Windows\System32\DRIVERS\lvbflt64.sys [23904 2011-03-31] (Logitech Inc.)
3 OEM02Dev; C:\Windows\System32\Drivers\OEM02Dev.sys [266624 2007-10-10] (Creative Technology Ltd.)
3 OEM02Vfx; C:\Windows\System32\Drivers\OEM02Vfx.sys [12288 2007-03-05] (EyePower Games Pte. Ltd.)
2 tifsfilter; C:\Windows\System32\DRIVERS\tifsfilt.sys [81952 2010-08-16] (Acronis)
0 timounter; C:\Windows\System32\DRIVERS\timntr.sys [711712 2010-08-16] (Acronis)
3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
3 cpuz135; \??\C:\Users\Matt\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [x]
========================== NetSvcs (Whitelisted) ===========
============ One Month Created Files and Folders ==============
2012-07-26 12:53 - 2012-07-26 12:54 - 00000000 ____D C:\FRST
2012-07-26 11:18 - 2012-07-26 11:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A3E936008144BD32
2012-07-26 11:18 - 2012-07-26 11:18 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ylyoqqeg.sys
2012-07-26 11:15 - 2012-07-26 11:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.58A6C5DC29CA6F09
2012-07-26 11:11 - 2012-07-26 11:11 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8F93EBB6EE8CE672
2012-07-26 11:08 - 2012-07-26 11:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9D132D533131DA9E
2012-07-26 11:00 - 2012-07-26 11:00 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.376782E8260F766A
2012-07-26 10:56 - 2012-07-26 10:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8DE8BEE647BCEE3B
2012-07-26 10:52 - 2012-07-26 10:52 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3E0AE33DB3E7A171
2012-07-26 10:48 - 2012-07-26 10:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.36DDC8B6183042B1
2012-07-26 10:45 - 2012-07-26 10:45 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A134ECE56CC52D54
2012-07-26 10:41 - 2012-07-26 10:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.55E341864621543F
2012-07-26 10:34 - 2012-07-26 11:07 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-07-26 10:34 - 2012-07-26 11:07 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-07-26 10:27 - 2012-07-26 10:27 - 00000000 ____D C:\Users\Matt\AppData\Local\GoPro
2012-07-25 16:41 - 2012-07-25 16:47 - 00000706 ____A C:\Users\Matt\Desktop\index.html
2012-07-24 22:37 - 2012-07-24 22:37 - 00000836 ____A C:\Users\Public\Desktop\ColdTurkey.lnk
2012-07-15 09:41 - 2012-07-15 09:45 - 00000000 ____D C:\Users\Matt\Desktop\Washing Ma
2012-07-15 09:31 - 2012-07-15 09:31 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk
2012-06-27 06:04 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-27 06:04 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-27 06:04 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-27 06:04 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-27 06:03 - 2012-06-02 06:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-27 06:03 - 2012-06-02 06:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
============ 3 Months Modified Files ========================
2012-07-26 11:18 - 2012-07-26 11:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A3E936008144BD32
2012-07-26 11:18 - 2012-07-26 11:18 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ylyoqqeg.sys
2012-07-26 11:17 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-26 11:17 - 2009-07-13 20:51 - 00074268 ____A C:\Windows\setupact.log
2012-07-26 11:15 - 2012-07-26 11:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.58A6C5DC29CA6F09
2012-07-26 11:14 - 2012-04-24 10:27 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-26 11:11 - 2012-07-26 11:11 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8F93EBB6EE8CE672
2012-07-26 11:08 - 2012-07-26 11:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9D132D533131DA9E
2012-07-26 11:02 - 2010-08-14 15:54 - 01281914 ____A C:\Windows\WindowsUpdate.log
2012-07-26 11:00 - 2012-07-26 11:00 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.376782E8260F766A
2012-07-26 10:56 - 2012-07-26 10:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8DE8BEE647BCEE3B
2012-07-26 10:56 - 2012-06-16 10:48 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-26 10:52 - 2012-07-26 10:52 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3E0AE33DB3E7A171
2012-07-26 10:48 - 2012-07-26 10:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.36DDC8B6183042B1
2012-07-26 10:45 - 2012-07-26 10:45 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A134ECE56CC52D54
2012-07-26 10:43 - 2012-03-28 19:37 - 00000258 _RASH C:\Users\All Users\ntuser.pol
2012-07-26 10:41 - 2012-07-26 10:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.55E341864621543F
2012-07-26 10:36 - 2009-07-13 20:45 - 00013632 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-26 10:36 - 2009-07-13 20:45 - 00013632 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-26 10:34 - 2011-02-14 08:39 - 00735552 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-07-26 10:34 - 2011-02-14 08:39 - 00001945 ____A C:\Windows\epplauncher.mif
2012-07-26 10:33 - 2009-07-13 21:13 - 00726270 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-26 10:29 - 2012-06-25 09:12 - 00009728 ____H C:\Users\Matt\AppData\Roaming\desktop.ini
2012-07-26 10:28 - 2010-08-14 16:29 - 00077964 ____A C:\Windows\PFRO.log
2012-07-26 10:25 - 2012-04-24 10:27 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-25 16:47 - 2012-07-25 16:41 - 00000706 ____A C:\Users\Matt\Desktop\index.html
2012-07-24 22:58 - 2011-11-09 17:08 - 00007644 ____A C:\Users\Matt\AppData\Local\Resmon.ResmonCfg
2012-07-24 22:37 - 2012-07-24 22:37 - 00000836 ____A C:\Users\Public\Desktop\ColdTurkey.lnk
2012-07-15 09:31 - 2012-07-15 09:31 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk
2012-07-15 09:30 - 2012-04-12 12:22 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-15 09:30 - 2011-06-10 12:18 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-25 10:17 - 2012-06-25 10:17 - 00008192 ____A C:\Users\Public\MyConvGraph.grf
2012-06-25 09:53 - 2012-06-25 09:53 - 00001157 ____A C:\Users\Matt\Desktop\GoPro CineForm Studio.lnk
2012-06-25 09:53 - 2010-08-14 17:45 - 00030940 ____A C:\Windows\DPINST.LOG
2012-06-23 12:44 - 2011-03-10 05:47 - 00075776 ____A C:\Users\Matt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-06-16 10:45 - 2009-07-13 20:45 - 04848872 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-16 10:23 - 2010-08-14 16:18 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-13 10:13 - 2011-07-26 08:56 - 00000600 ____A C:\Users\Matt\AppData\Local\PUTTY.RND
2012-06-02 14:19 - 2012-06-27 06:04 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-27 06:04 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-27 06:04 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:15 - 2012-06-27 06:04 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 12:43 - 2012-06-02 12:43 - 00000000 ____A C:\Users\Matt\Documents\AKF 2012
2012-06-02 06:19 - 2012-06-27 06:03 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 06:15 - 2012-06-27 06:03 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-01 13:35 - 2012-06-01 13:35 - 01420800 ____A (CineForm Inc.) C:\Windows\System32\CFHD.dll
2012-06-01 13:32 - 2012-06-01 13:32 - 01454080 ____A (CineForm Inc.) C:\Windows\SysWOW64\CFHD.dll
2012-05-25 12:20 - 2011-04-26 12:57 - 00001456 ____A C:\Users\Matt\AppData\Local\Adobe Save for Web 12.0 Prefs
2012-05-25 08:16 - 2011-12-28 08:49 - 00001017 ____A C:\Users\Matt\Desktop\Dropbox.lnk
2012-05-24 16:42 - 2012-05-24 16:42 - 00000169 ____A C:\Users\Matt\Desktop\hdtv-timing.txt
2012-05-18 08:01 - 2012-05-18 07:59 - 00008239 ____A C:\Users\Matt\Desktop\winmail.dat
2012-05-17 18:47 - 2012-06-16 10:17 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-17 18:16 - 2012-06-16 10:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-17 18:06 - 2012-06-16 10:17 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-17 17:59 - 2012-06-16 10:17 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-17 17:59 - 2012-06-16 10:17 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-17 17:58 - 2012-06-16 10:17 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-17 17:58 - 2012-06-16 10:17 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-17 17:56 - 2012-06-16 10:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-17 17:55 - 2012-06-16 10:17 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-17 17:55 - 2012-06-16 10:17 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-17 17:54 - 2012-06-16 10:17 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-17 17:51 - 2012-06-16 10:17 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-17 17:51 - 2012-06-16 10:17 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-17 17:47 - 2012-06-16 10:17 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-17 15:41 - 2012-05-17 15:41 - 00014769 ____A C:\Users\Matt\Documents\functions.php
2012-05-17 15:40 - 2012-05-17 15:40 - 00001119 ____A C:\Users\Matt\Documents\footer1.php
2012-05-17 15:11 - 2012-06-16 10:17 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-05-17 14:48 - 2012-06-16 10:17 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-05-17 14:45 - 2012-06-16 10:17 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-05-17 14:36 - 2012-06-16 10:17 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-05-17 14:35 - 2012-06-16 10:17 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-05-17 14:35 - 2012-06-16 10:17 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-17 14:33 - 2012-06-16 10:17 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-05-17 14:31 - 2012-06-16 10:17 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-17 14:29 - 2012-06-16 10:17 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-05-17 14:29 - 2012-06-16 10:17 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-05-17 14:27 - 2012-06-16 10:17 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-05-17 14:25 - 2012-06-16 10:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-05-17 14:24 - 2012-06-16 10:17 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-05-17 14:20 - 2012-06-16 10:17 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-05-14 17:32 - 2012-06-14 15:33 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-07 10:28 - 2012-05-07 10:28 - 00002188 ____A C:\Users\Matt\Documents\single.php
2012-05-04 03:06 - 2012-06-14 15:34 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 02:03 - 2012-06-14 15:33 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:03 - 2012-06-14 15:33 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-03 14:06 - 2012-05-03 14:03 - 29037586 ____A C:\Users\Matt\Desktop\mt woodson.mp4
2012-05-01 14:41 - 2012-05-01 14:41 - 00000562 ____A C:\Users\Matt\Desktop\Fraps.lnk
2012-05-01 14:39 - 2012-05-01 14:39 - 00000983 ____A C:\Users\Public\Desktop\WeGame.lnk
2012-04-30 21:40 - 2012-06-14 15:33 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-30 19:55 - 2012-01-11 13:39 - 00054272 __ASH C:\Users\Matt\Thumbs.db
2012-04-29 13:56 - 2012-04-29 13:51 - 286780316 ____A C:\Users\Matt\Desktop\20120429_1451_51.avi
2012-04-29 13:52 - 2012-04-29 13:51 - 00000067 ____A C:\Users\Matt\Desktop\20120429_1451_51.txt
ZeroAccess:
C:\Windows\Installer\{f030cf10-42d2-3b1d-b57a-cded07319eb0}
C:\Windows\Installer\{f030cf10-42d2-3b1d-b57a-cded07319eb0}\@
C:\Windows\Installer\{f030cf10-42d2-3b1d-b57a-cded07319eb0}\L
C:\Windows\Installer\{f030cf10-42d2-3b1d-b57a-cded07319eb0}\n
C:\Windows\Installer\{f030cf10-42d2-3b1d-b57a-cded07319eb0}\U
C:\Windows\Installer\{f030cf10-42d2-3b1d-b57a-cded07319eb0}\U\00000001.@
ZeroAccess:
C:\Users\Matt\AppData\Local\{f030cf10-42d2-3b1d-b57a-cded07319eb0}
C:\Users\Matt\AppData\Local\{f030cf10-42d2-3b1d-b57a-cded07319eb0}\@
C:\Users\Matt\AppData\Local\{f030cf10-42d2-3b1d-b57a-cded07319eb0}\L
C:\Users\Matt\AppData\Local\{f030cf10-42d2-3b1d-b57a-cded07319eb0}\U
========================= Known DLLs (Whitelisted) ============
========================= Bamital & volsnap Check ============
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
========================= Memory info ======================
Percentage of memory in use: 15%
Total physical RAM: 4094.06 MB
Available physical RAM: 3472.28 MB
Total Pagefile: 4092.21 MB
Available Pagefile: 3463.31 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB
======================= Partitions =========================
1 Drive c: () (Fixed) (Total:465.66 GB) (Free:127.28 GB) NTFS
3 Drive f: () (Removable) (Total:14.9 GB) (Free:6.87 GB) NTFS
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 14 GB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 465 GB 101 MB
==================================================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy
==================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 465 GB Healthy
==================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 14 GB 16 KB
==================================================================================
Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F NTFS Removable 14 GB Healthy
==================================================================================
==========================================================
Last Boot: 2012-07-23 12:59
======================= End Of Log ==========================
Farbar Recovery Scan Tool Version: 25-07-2012 01
Ran by SYSTEM at 2012-07-26 12:55:54
Running from F:\
================== Search: "services.exe" ===================
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06
====== End Of Search ======
Thanks again so much!
Same problem as everyone else, tried to run microsoft security essentials, now it restarts every 1 min.
SO glad I found this place. I've followed the instructions and have done as much as I can myself.
I have run FRST, and here are my FRST.txt and services search.txt log files. Thank you so much for the help!!
Scan result of Farbar Recovery Scan Tool Version: 25-07-2012 01
Ran by SYSTEM at 26-07-2012 12:54:04
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001
========================== Registry (Whitelisted) =============
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-03-05] (Adobe Systems Incorporated)
HKLM\...\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [1580368 2010-11-03] (Logitech, Inc.)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE [x]
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe [36864 2007-05-09] (Creative Technology Ltd.)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-08-09] (Apple Inc.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManager.lnk" [1306 2011-04-02] ()
HKLM-x32\...\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide [190808 2011-03-01] (Logitech Inc.)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [79192 2011-02-18] (Research In Motion Limited)
HKLM-x32\...\Run: [UrsaSpellChecker] C:\Program Files (x86)\UrsaSpelling\UrsaConsole.exe [218112 2011-01-16] ()
HKLM-x32\...\Run: [ColdTurkey_notify] C:\Program Files\ColdTurkey\ct_notify.exe [47616 2012-05-02] ()
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-03-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKU\Matt\...\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [247728 2011-04-22] (TomTom)
HKU\Matt\...\Run: [FeedDemon] "C:\Program Files (x86)\FeedDemon\FeedDemon.exe" /startminimized [7201280 2010-06-10] (NewsGator Technologies, Inc.)
HKU\Matt\...\Run: [AdobeBridge] [x]
HKU\Matt\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 [1840424 2008-06-24] (Nero AG)
HKU\Matt\...\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler [x]
HKU\Matt\...\Run: [Spotify Web Helper] "C:\Users\Matt\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1192664 2012-07-11] ()
HKU\Mcx1-MATT-LAPTOP\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-13] (Microsoft Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\CineForm Status.lnk
ShortcutTarget: CineForm Status.lnk -> C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe (GoPro)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\RescueTime.lnk
ShortcutTarget: RescueTime.lnk -> C:\Program Files (x86)\RescueTime\RescueTime.exe (RescueTime, Inc.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\UltraMon.lnk
ShortcutTarget: UltraMon.lnk -> C:\Windows\Installer\{B49673F8-7AB6-4A14-8213-C8A7BE370010}\IcoUltraMon.ico ()
Startup: C:\Users\Matt\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)
==================== Services (Whitelisted) ======
2 CCALib8; C:\Program Files (x86)\Canon\CAL\CALMAIN.exe [96341 2005-09-30] (Canon Inc.)
2 KCTRP; C:\Program Files\ColdTurkey\KCTRP_srv.exe [39936 2012-05-04] ()
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
3 NMIndexingService; "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe" [537896 2008-06-24] (Nero AG)
2 TomTomHOMEService; C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [92592 2011-04-22] (TomTom)
2 WeGameClientService; C:\Program Files (x86)\WeGame\WGClientService.exe [18472 2011-07-28] (WeGame.com, Inc.)
2 SupportSoft RemoteAssist; C:\Program Files (x86)\Common Files\supportsoft\bin\ssrc.exe [x]
========================== Drivers (Whitelisted) =============
3 CompFilter64; C:\Windows\System32\DRIVERS\lvbflt64.sys [23904 2011-03-31] (Logitech Inc.)
3 OEM02Dev; C:\Windows\System32\Drivers\OEM02Dev.sys [266624 2007-10-10] (Creative Technology Ltd.)
3 OEM02Vfx; C:\Windows\System32\Drivers\OEM02Vfx.sys [12288 2007-03-05] (EyePower Games Pte. Ltd.)
2 tifsfilter; C:\Windows\System32\DRIVERS\tifsfilt.sys [81952 2010-08-16] (Acronis)
0 timounter; C:\Windows\System32\DRIVERS\timntr.sys [711712 2010-08-16] (Acronis)
3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
3 cpuz135; \??\C:\Users\Matt\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [x]
========================== NetSvcs (Whitelisted) ===========
============ One Month Created Files and Folders ==============
2012-07-26 12:53 - 2012-07-26 12:54 - 00000000 ____D C:\FRST
2012-07-26 11:18 - 2012-07-26 11:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A3E936008144BD32
2012-07-26 11:18 - 2012-07-26 11:18 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ylyoqqeg.sys
2012-07-26 11:15 - 2012-07-26 11:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.58A6C5DC29CA6F09
2012-07-26 11:11 - 2012-07-26 11:11 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8F93EBB6EE8CE672
2012-07-26 11:08 - 2012-07-26 11:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9D132D533131DA9E
2012-07-26 11:00 - 2012-07-26 11:00 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.376782E8260F766A
2012-07-26 10:56 - 2012-07-26 10:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8DE8BEE647BCEE3B
2012-07-26 10:52 - 2012-07-26 10:52 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3E0AE33DB3E7A171
2012-07-26 10:48 - 2012-07-26 10:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.36DDC8B6183042B1
2012-07-26 10:45 - 2012-07-26 10:45 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A134ECE56CC52D54
2012-07-26 10:41 - 2012-07-26 10:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.55E341864621543F
2012-07-26 10:34 - 2012-07-26 11:07 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-07-26 10:34 - 2012-07-26 11:07 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-07-26 10:27 - 2012-07-26 10:27 - 00000000 ____D C:\Users\Matt\AppData\Local\GoPro
2012-07-25 16:41 - 2012-07-25 16:47 - 00000706 ____A C:\Users\Matt\Desktop\index.html
2012-07-24 22:37 - 2012-07-24 22:37 - 00000836 ____A C:\Users\Public\Desktop\ColdTurkey.lnk
2012-07-15 09:41 - 2012-07-15 09:45 - 00000000 ____D C:\Users\Matt\Desktop\Washing Ma
2012-07-15 09:31 - 2012-07-15 09:31 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk
2012-06-27 06:04 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-27 06:04 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-27 06:04 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-27 06:04 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-27 06:03 - 2012-06-02 06:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-27 06:03 - 2012-06-02 06:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
============ 3 Months Modified Files ========================
2012-07-26 11:18 - 2012-07-26 11:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A3E936008144BD32
2012-07-26 11:18 - 2012-07-26 11:18 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ylyoqqeg.sys
2012-07-26 11:17 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-26 11:17 - 2009-07-13 20:51 - 00074268 ____A C:\Windows\setupact.log
2012-07-26 11:15 - 2012-07-26 11:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.58A6C5DC29CA6F09
2012-07-26 11:14 - 2012-04-24 10:27 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-26 11:11 - 2012-07-26 11:11 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8F93EBB6EE8CE672
2012-07-26 11:08 - 2012-07-26 11:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9D132D533131DA9E
2012-07-26 11:02 - 2010-08-14 15:54 - 01281914 ____A C:\Windows\WindowsUpdate.log
2012-07-26 11:00 - 2012-07-26 11:00 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.376782E8260F766A
2012-07-26 10:56 - 2012-07-26 10:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8DE8BEE647BCEE3B
2012-07-26 10:56 - 2012-06-16 10:48 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-26 10:52 - 2012-07-26 10:52 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3E0AE33DB3E7A171
2012-07-26 10:48 - 2012-07-26 10:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.36DDC8B6183042B1
2012-07-26 10:45 - 2012-07-26 10:45 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A134ECE56CC52D54
2012-07-26 10:43 - 2012-03-28 19:37 - 00000258 _RASH C:\Users\All Users\ntuser.pol
2012-07-26 10:41 - 2012-07-26 10:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.55E341864621543F
2012-07-26 10:36 - 2009-07-13 20:45 - 00013632 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-26 10:36 - 2009-07-13 20:45 - 00013632 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-26 10:34 - 2011-02-14 08:39 - 00735552 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-07-26 10:34 - 2011-02-14 08:39 - 00001945 ____A C:\Windows\epplauncher.mif
2012-07-26 10:33 - 2009-07-13 21:13 - 00726270 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-26 10:29 - 2012-06-25 09:12 - 00009728 ____H C:\Users\Matt\AppData\Roaming\desktop.ini
2012-07-26 10:28 - 2010-08-14 16:29 - 00077964 ____A C:\Windows\PFRO.log
2012-07-26 10:25 - 2012-04-24 10:27 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-25 16:47 - 2012-07-25 16:41 - 00000706 ____A C:\Users\Matt\Desktop\index.html
2012-07-24 22:58 - 2011-11-09 17:08 - 00007644 ____A C:\Users\Matt\AppData\Local\Resmon.ResmonCfg
2012-07-24 22:37 - 2012-07-24 22:37 - 00000836 ____A C:\Users\Public\Desktop\ColdTurkey.lnk
2012-07-15 09:31 - 2012-07-15 09:31 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk
2012-07-15 09:30 - 2012-04-12 12:22 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-15 09:30 - 2011-06-10 12:18 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-25 10:17 - 2012-06-25 10:17 - 00008192 ____A C:\Users\Public\MyConvGraph.grf
2012-06-25 09:53 - 2012-06-25 09:53 - 00001157 ____A C:\Users\Matt\Desktop\GoPro CineForm Studio.lnk
2012-06-25 09:53 - 2010-08-14 17:45 - 00030940 ____A C:\Windows\DPINST.LOG
2012-06-23 12:44 - 2011-03-10 05:47 - 00075776 ____A C:\Users\Matt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-06-16 10:45 - 2009-07-13 20:45 - 04848872 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-16 10:23 - 2010-08-14 16:18 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-13 10:13 - 2011-07-26 08:56 - 00000600 ____A C:\Users\Matt\AppData\Local\PUTTY.RND
2012-06-02 14:19 - 2012-06-27 06:04 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-27 06:04 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-27 06:04 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:15 - 2012-06-27 06:04 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 12:43 - 2012-06-02 12:43 - 00000000 ____A C:\Users\Matt\Documents\AKF 2012
2012-06-02 06:19 - 2012-06-27 06:03 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 06:15 - 2012-06-27 06:03 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-01 13:35 - 2012-06-01 13:35 - 01420800 ____A (CineForm Inc.) C:\Windows\System32\CFHD.dll
2012-06-01 13:32 - 2012-06-01 13:32 - 01454080 ____A (CineForm Inc.) C:\Windows\SysWOW64\CFHD.dll
2012-05-25 12:20 - 2011-04-26 12:57 - 00001456 ____A C:\Users\Matt\AppData\Local\Adobe Save for Web 12.0 Prefs
2012-05-25 08:16 - 2011-12-28 08:49 - 00001017 ____A C:\Users\Matt\Desktop\Dropbox.lnk
2012-05-24 16:42 - 2012-05-24 16:42 - 00000169 ____A C:\Users\Matt\Desktop\hdtv-timing.txt
2012-05-18 08:01 - 2012-05-18 07:59 - 00008239 ____A C:\Users\Matt\Desktop\winmail.dat
2012-05-17 18:47 - 2012-06-16 10:17 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-17 18:16 - 2012-06-16 10:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-17 18:06 - 2012-06-16 10:17 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-17 17:59 - 2012-06-16 10:17 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-17 17:59 - 2012-06-16 10:17 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-17 17:58 - 2012-06-16 10:17 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-17 17:58 - 2012-06-16 10:17 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-17 17:56 - 2012-06-16 10:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-17 17:55 - 2012-06-16 10:17 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-17 17:55 - 2012-06-16 10:17 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-17 17:54 - 2012-06-16 10:17 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-17 17:51 - 2012-06-16 10:17 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-17 17:51 - 2012-06-16 10:17 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-17 17:47 - 2012-06-16 10:17 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-17 15:41 - 2012-05-17 15:41 - 00014769 ____A C:\Users\Matt\Documents\functions.php
2012-05-17 15:40 - 2012-05-17 15:40 - 00001119 ____A C:\Users\Matt\Documents\footer1.php
2012-05-17 15:11 - 2012-06-16 10:17 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-05-17 14:48 - 2012-06-16 10:17 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-05-17 14:45 - 2012-06-16 10:17 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-05-17 14:36 - 2012-06-16 10:17 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-05-17 14:35 - 2012-06-16 10:17 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-05-17 14:35 - 2012-06-16 10:17 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-17 14:33 - 2012-06-16 10:17 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-05-17 14:31 - 2012-06-16 10:17 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-17 14:29 - 2012-06-16 10:17 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-05-17 14:29 - 2012-06-16 10:17 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-05-17 14:27 - 2012-06-16 10:17 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-05-17 14:25 - 2012-06-16 10:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-05-17 14:24 - 2012-06-16 10:17 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-05-17 14:20 - 2012-06-16 10:17 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-05-14 17:32 - 2012-06-14 15:33 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-07 10:28 - 2012-05-07 10:28 - 00002188 ____A C:\Users\Matt\Documents\single.php
2012-05-04 03:06 - 2012-06-14 15:34 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 02:03 - 2012-06-14 15:33 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:03 - 2012-06-14 15:33 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-03 14:06 - 2012-05-03 14:03 - 29037586 ____A C:\Users\Matt\Desktop\mt woodson.mp4
2012-05-01 14:41 - 2012-05-01 14:41 - 00000562 ____A C:\Users\Matt\Desktop\Fraps.lnk
2012-05-01 14:39 - 2012-05-01 14:39 - 00000983 ____A C:\Users\Public\Desktop\WeGame.lnk
2012-04-30 21:40 - 2012-06-14 15:33 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-30 19:55 - 2012-01-11 13:39 - 00054272 __ASH C:\Users\Matt\Thumbs.db
2012-04-29 13:56 - 2012-04-29 13:51 - 286780316 ____A C:\Users\Matt\Desktop\20120429_1451_51.avi
2012-04-29 13:52 - 2012-04-29 13:51 - 00000067 ____A C:\Users\Matt\Desktop\20120429_1451_51.txt
ZeroAccess:
C:\Windows\Installer\{f030cf10-42d2-3b1d-b57a-cded07319eb0}
C:\Windows\Installer\{f030cf10-42d2-3b1d-b57a-cded07319eb0}\@
C:\Windows\Installer\{f030cf10-42d2-3b1d-b57a-cded07319eb0}\L
C:\Windows\Installer\{f030cf10-42d2-3b1d-b57a-cded07319eb0}\n
C:\Windows\Installer\{f030cf10-42d2-3b1d-b57a-cded07319eb0}\U
C:\Windows\Installer\{f030cf10-42d2-3b1d-b57a-cded07319eb0}\U\00000001.@
ZeroAccess:
C:\Users\Matt\AppData\Local\{f030cf10-42d2-3b1d-b57a-cded07319eb0}
C:\Users\Matt\AppData\Local\{f030cf10-42d2-3b1d-b57a-cded07319eb0}\@
C:\Users\Matt\AppData\Local\{f030cf10-42d2-3b1d-b57a-cded07319eb0}\L
C:\Users\Matt\AppData\Local\{f030cf10-42d2-3b1d-b57a-cded07319eb0}\U
========================= Known DLLs (Whitelisted) ============
========================= Bamital & volsnap Check ============
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
========================= Memory info ======================
Percentage of memory in use: 15%
Total physical RAM: 4094.06 MB
Available physical RAM: 3472.28 MB
Total Pagefile: 4092.21 MB
Available Pagefile: 3463.31 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB
======================= Partitions =========================
1 Drive c: () (Fixed) (Total:465.66 GB) (Free:127.28 GB) NTFS
3 Drive f: () (Removable) (Total:14.9 GB) (Free:6.87 GB) NTFS
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 14 GB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 465 GB 101 MB
==================================================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy
==================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 465 GB Healthy
==================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 14 GB 16 KB
==================================================================================
Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F NTFS Removable 14 GB Healthy
==================================================================================
==========================================================
Last Boot: 2012-07-23 12:59
======================= End Of Log ==========================
Farbar Recovery Scan Tool Version: 25-07-2012 01
Ran by SYSTEM at 2012-07-26 12:55:54
Running from F:\
================== Search: "services.exe" ===================
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06
====== End Of Search ======
Thanks again so much!