Using FRST Removal tool to get rid of Trojan.
So far, I see this...
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
Below is what I got from the txt file. Need help to proceed. I have no idea what do with this.
Thanks so much. Desperate.
------------------------------------------
Scan result of Farbar Recovery Scan Tool Version: 19-08-2012
Ran by SYSTEM at 20-08-2012 21:15:13
Running from I:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001
========================== Registry (Whitelisted) =============
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2281256 2010-09-13] (Synaptics Incorporated)
HKLM\...\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background [611896 2010-01-20] ()
HKLM\...\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [451072 2010-01-18] (Hewlett-Packard Company)
HKLM\...\Run: [HPToneControl] C:\Program Files\Hewlett-Packard\HPToneControl\HPTonectl.exe [107832 2009-08-19] (Hewlett-Packard )
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [172032 2010-05-04] (Sun Microsystems, Inc.)
HKLM\...\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden [363064 2010-01-27] (Hewlett-Packard)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [487424 2011-04-19] (IDT, Inc.)
HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKU\Default\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\Default\...\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe [1712184 2010-02-09] ()
HKU\robin\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2736128 2011-03-04] (Hewlett-Packard Company)
HKU\robin\...\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent [x]
HKU\robin\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-04-30] (Google Inc.)
HKU\robin\...\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler [210208 2008-10-20] (Acresso Corporation)
HKU\robin\...\Run: [Facebook Update] "C:\Users\robin\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-11] (Facebook Inc.)
HKU\robin\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe, [739664 2010-09-15] (DigitalPersona, Inc.)
Lsa: [Notification Packages] DPPassFilter
scecli
==================== Services (Whitelisted) ======
2 DpHost; C:\Program Files\DigitalPersona\Bin\DpHostW.exe [440144 2010-09-15] (DigitalPersona, Inc.)
2 DvmMDES; "C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe" [338168 2010-03-05] (DeviceVM, Inc.)
2 HPWMISVC; C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [20480 2010-01-18] ()
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
========================== Drivers (Whitelisted) =============
2 AODDriver4.01; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [55424 2011-06-24] (Advanced Micro Devices)
1 ctxusbm; C:\Windows\System32\Drivers\ctxusbm.sys [87600 2010-07-14] (Citrix Systems, Inc.)
1 DVMIO; C:\Windows\System32\Drivers\DVMIO.sys [20056 2009-11-11] (DeviceVM, Inc.)
3 hitmanpro36; C:\Windows\System32\Drivers\hitmanpro36.sys [30496 2012-08-16] ()
3 RT-USB; C:\Windows\System32\drivers\RT-USB64.SYS [70984 2010-06-16] (Ross-Tech LLC)
3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [16896 2007-07-11] (LG Electronics Inc.)
3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2007-07-11] (LG Electronics Inc.)
3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [29696 2007-07-11] (LG Electronics Inc.)
2 {55662437-DA8C-40c0-AADA-2C816A897A49}; \??\c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2010-02-22] (CyberLink Corp.)
========================== NetSvcs (Whitelisted) ===========
============ One Month Created Files and Folders ==============
2012-08-20 21:15 - 2012-08-20 21:15 - 00000000 ____D C:\FRST
2012-08-20 16:23 - 2012-08-20 16:23 - 00000012 ____H C:\dvmexp.idx
2012-08-20 16:23 - 2012-08-20 16:23 - 00000000 ___HD C:\dvmexp
2012-08-20 16:23 - 2012-08-20 16:23 - 00000000 ____D C:\Windows\SysWOW64\SeaPort
2012-08-20 16:23 - 2012-08-20 16:23 - 00000000 ____D C:\Windows\System32\%LOCALAPPDATA%
2012-08-15 07:01 - 2012-08-16 17:01 - 00030496 ____A C:\Windows\System32\Drivers\hitmanpro36.sys
2012-08-15 07:01 - 2012-08-16 16:59 - 00001895 ____A C:\Users\Public\Desktop\HitmanPro.lnk
2012-08-15 06:40 - 2012-08-15 07:01 - 00000000 ____D C:\Program Files\HitmanPro
2012-08-15 06:08 - 2012-08-15 06:08 - 00000000 ____D C:\Users\robin\AppData\Roaming\Malwarebytes
2012-08-15 06:06 - 2012-08-15 07:10 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-08-15 06:06 - 2012-08-15 06:06 - 00001071 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-15 06:06 - 2012-07-03 09:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-08-15 05:52 - 2012-08-15 05:52 - 09232584 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-08-14 15:58 - 2012-08-14 15:58 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.29439DE124AAB030
2012-08-14 15:52 - 2012-08-14 15:52 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EDC48A4E0DFC2AD0
2012-08-14 15:48 - 2012-08-14 15:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.19B93D87C5166A71
2012-08-14 15:45 - 2012-08-14 15:45 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CA615187188AA8C4
2012-08-14 15:38 - 2012-08-14 15:38 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-08-14 15:38 - 2012-08-14 15:38 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-08-14 05:43 - 2012-08-14 05:43 - 00002026 ____A C:\Users\robin\Desktop\Live Security Platinum.lnk
2012-08-14 05:43 - 2012-08-14 05:43 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-08-13 17:30 - 2012-08-13 17:30 - 00000000 ____D C:\Users\robin\Downloads\sister-frisky
2012-08-13 17:28 - 2012-08-13 17:28 - 00041116 ____A C:\Users\robin\Downloads\sister-frisky.zip
2012-07-31 16:31 - 2012-07-31 16:31 - 00000000 ____D C:\Users\robin\AppData\Local\{63073B68-E39B-4ECF-8883-53DD3F1759EC}
============ 3 Months Modified Files ========================
2012-08-20 17:10 - 2009-07-13 20:51 - 00126601 ____A C:\Windows\setupact.log
2012-08-20 17:10 - 2009-07-13 20:45 - 00037760 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-20 16:23 - 2012-08-20 16:23 - 00000012 ____H C:\dvmexp.idx
2012-08-20 16:23 - 2009-07-13 21:08 - 00032636 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-08-20 16:23 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-20 16:19 - 2011-04-30 07:20 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-08-20 16:13 - 2012-02-26 05:02 - 00000928 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-391809594-4175036034-412354412-1001UA.job
2012-08-20 16:13 - 2012-02-26 05:02 - 00000906 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-391809594-4175036034-412354412-1001Core.job
2012-08-16 17:01 - 2012-08-15 07:01 - 00030496 ____A C:\Windows\System32\Drivers\hitmanpro36.sys
2012-08-16 16:59 - 2012-08-15 07:01 - 00001895 ____A C:\Users\Public\Desktop\HitmanPro.lnk
2012-08-15 06:53 - 2012-04-26 17:06 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-15 06:23 - 2011-04-30 07:20 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-08-15 06:06 - 2012-08-15 06:06 - 00001071 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-15 05:52 - 2012-08-15 05:52 - 09232584 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-08-14 15:58 - 2012-08-14 15:58 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.29439DE124AAB030
2012-08-14 15:56 - 2010-06-25 17:46 - 01347370 ____A C:\Windows\WindowsUpdate.log
2012-08-14 15:52 - 2012-08-14 15:52 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EDC48A4E0DFC2AD0
2012-08-14 15:48 - 2012-08-14 15:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.19B93D87C5166A71
2012-08-14 15:45 - 2012-08-14 15:45 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CA615187188AA8C4
2012-08-14 15:39 - 2011-03-25 12:13 - 00001945 ____A C:\Windows\epplauncher.mif
2012-08-14 15:38 - 2011-03-25 12:18 - 00743856 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-08-14 15:32 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-14 15:32 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-14 05:43 - 2012-08-14 05:43 - 00002026 ____A C:\Users\robin\Desktop\Live Security Platinum.lnk
2012-08-14 04:35 - 2010-06-25 17:50 - 00618278 ____A C:\Windows\PFRO.log
2012-08-13 18:24 - 2011-06-26 04:30 - 00002302 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-08-13 17:37 - 2011-03-23 23:41 - 00131664 ____A C:\Users\robin\AppData\Local\GDIPFONTCACHEV1.DAT
2012-08-13 17:31 - 2012-02-21 18:26 - 00000312 ___AH C:\Users\robin\AppData\Roaming\b0aa5df4d755c86d155bd20c03c50c4194988cc2
2012-08-13 17:28 - 2012-08-13 17:28 - 00041116 ____A C:\Users\robin\Downloads\sister-frisky.zip
2012-08-07 17:27 - 2011-03-25 13:06 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
2012-08-07 17:20 - 2012-04-26 17:06 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-07 17:20 - 2011-06-21 11:36 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-08-07 06:07 - 2009-07-13 21:13 - 00729880 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-01 03:59 - 2011-05-31 08:15 - 00000332 ____A C:\Windows\Tasks\HPCeeScheduleForrobin.job
2012-07-24 17:29 - 2011-10-25 10:17 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
2012-07-10 19:28 - 2009-07-13 18:34 - 00000513 ____A C:\Windows\win.ini
2012-07-10 19:23 - 2011-03-24 06:11 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-07 17:53 - 2012-07-07 17:52 - 17514532 ____A C:\Users\robin\Downloads\TS101674551.potx
2012-07-07 17:53 - 2012-02-23 06:47 - 00005120 ____A C:\Users\robin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-07-03 09:46 - 2012-08-15 06:06 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-11 19:08 - 2012-07-10 19:29 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-08 21:43 - 2012-07-10 15:37 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:41 - 2012-07-10 15:37 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-05 22:06 - 2012-07-10 15:37 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 22:06 - 2012-07-10 15:37 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 22:02 - 2012-07-10 15:37 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-05 21:05 - 2012-07-10 15:37 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:05 - 2012-07-10 15:37 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-05 21:03 - 2012-07-10 15:37 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-04 17:31 - 2011-03-31 11:44 - 00001976 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
2012-06-02 20:55 - 2012-06-02 20:55 - 00001332 ____A C:\Users\robin\Desktop\PowerDirector.lnk
2012-06-02 14:19 - 2012-06-23 14:44 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-23 14:44 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-23 14:44 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-23 14:44 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-23 14:44 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-23 14:44 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-23 14:44 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 11:19 - 2012-06-23 14:43 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 11:15 - 2012-06-23 14:43 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 04:49 - 2012-07-10 19:21 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 04:17 - 2012-07-10 19:21 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 04:12 - 2012-07-10 19:22 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 04:05 - 2012-07-10 19:22 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 04:05 - 2012-07-10 19:22 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 04:04 - 2012-07-10 19:22 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 04:04 - 2012-07-10 19:22 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 04:03 - 2012-07-10 19:22 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 04:01 - 2012-07-10 19:22 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 04:00 - 2012-07-10 19:22 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 03:59 - 2012-07-10 19:22 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 03:57 - 2012-07-10 19:22 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 03:57 - 2012-07-10 19:22 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 03:54 - 2012-07-10 19:22 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 01:07 - 2012-07-10 19:21 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-02 00:43 - 2012-07-10 19:21 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-02 00:33 - 2012-07-10 19:22 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-02 00:26 - 2012-07-10 19:22 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-02 00:25 - 2012-07-10 19:22 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-02 00:25 - 2012-07-10 19:22 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-02 00:23 - 2012-07-10 19:22 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-02 00:21 - 2012-07-10 19:22 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-02 00:20 - 2012-07-10 19:22 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-02 00:19 - 2012-07-10 19:22 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-02 00:19 - 2012-07-10 19:22 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-02 00:17 - 2012-07-10 19:22 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-02 00:16 - 2012-07-10 19:22 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-02 00:14 - 2012-07-10 19:22 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-01 21:50 - 2012-07-10 15:37 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 21:48 - 2012-07-10 15:37 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 21:48 - 2012-07-10 15:37 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 21:45 - 2012-07-10 15:37 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 21:44 - 2012-07-10 15:37 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 20:40 - 2012-07-10 15:37 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 20:40 - 2012-07-10 15:37 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 20:39 - 2012-07-10 15:37 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 20:34 - 2012-07-10 15:37 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
ZeroAccess:
C:\Windows\Installer\{faba01f1-e0ec-39b0-03d2-71509bdc78f8}
C:\Windows\Installer\{faba01f1-e0ec-39b0-03d2-71509bdc78f8}\@
C:\Windows\Installer\{faba01f1-e0ec-39b0-03d2-71509bdc78f8}\L
C:\Windows\Installer\{faba01f1-e0ec-39b0-03d2-71509bdc78f8}\n
C:\Windows\Installer\{faba01f1-e0ec-39b0-03d2-71509bdc78f8}\U
C:\Windows\Installer\{faba01f1-e0ec-39b0-03d2-71509bdc78f8}\U\00000001.@
ZeroAccess:
C:\Users\robin\AppData\Local\{faba01f1-e0ec-39b0-03d2-71509bdc78f8}
C:\Users\robin\AppData\Local\{faba01f1-e0ec-39b0-03d2-71509bdc78f8}\@
C:\Users\robin\AppData\Local\{faba01f1-e0ec-39b0-03d2-71509bdc78f8}\L
C:\Users\robin\AppData\Local\{faba01f1-e0ec-39b0-03d2-71509bdc78f8}\U
========================= Known DLLs (Whitelisted) ============
========================= Bamital & volsnap Check ============
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
========================= Memory info ======================
Percentage of memory in use: 18%
Total physical RAM: 3834.9 MB
Available physical RAM: 3106.32 MB
Total Pagefile: 3833.05 MB
Available Pagefile: 3092.21 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
======================= Partitions =========================
1 Drive c: (OS) (Fixed) (Total:275.84 GB) (Free:174.46 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (HP_PAVILION) (Fixed) (Total:298.09 GB) (Free:70.48 GB) NTFS
3 Drive f: (RECOVERY) (Fixed) (Total:21.95 GB) (Free:2.89 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive g: (HP_TOOLS) (Fixed) (Total:0.09 GB) (Free:0.08 GB) FAT32
5 Drive h: (Aug 15 2012) (CDROM) (Total:4.38 GB) (Free:4.23 GB) UDF
6 Drive I: () (Removable) (Total:0.48 GB) (Free:0.45 GB) FAT
8 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
9 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.13 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 298 GB 1024 KB
Disk 2 Online 496 MB 0 B
Disk 3 No Media 0 B 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 275 GB 200 MB
Partition 3 Primary 21 GB 276 GB
Partition 4 Primary 101 MB 297 GB
==================================================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy
==================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 275 GB Healthy
==================================================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F RECOVERY NTFS Partition 21 GB Healthy
==================================================================================
Disk: 0
Partition 4
Type : 0C
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G HP_TOOLS FAT32 Partition 101 MB Healthy
==================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 298 GB 31 KB
==================================================================================
Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 D HP_PAVILION NTFS Partition 298 GB Healthy
==================================================================================
Partitions of Disk 2:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 495 MB 16 KB
==================================================================================
Disk: 2
Partition 1
Type : 06
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 I FAT Removable 495 MB Healthy
==================================================================================
Last Boot: 2012-08-08 15:19
======================= End Of Log ==========================
So far, I see this...
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
Below is what I got from the txt file. Need help to proceed. I have no idea what do with this.
Thanks so much. Desperate.
------------------------------------------
Scan result of Farbar Recovery Scan Tool Version: 19-08-2012
Ran by SYSTEM at 20-08-2012 21:15:13
Running from I:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001
========================== Registry (Whitelisted) =============
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2281256 2010-09-13] (Synaptics Incorporated)
HKLM\...\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background [611896 2010-01-20] ()
HKLM\...\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [451072 2010-01-18] (Hewlett-Packard Company)
HKLM\...\Run: [HPToneControl] C:\Program Files\Hewlett-Packard\HPToneControl\HPTonectl.exe [107832 2009-08-19] (Hewlett-Packard )
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [172032 2010-05-04] (Sun Microsystems, Inc.)
HKLM\...\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden [363064 2010-01-27] (Hewlett-Packard)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [487424 2011-04-19] (IDT, Inc.)
HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKU\Default\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\Default\...\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe [1712184 2010-02-09] ()
HKU\robin\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2736128 2011-03-04] (Hewlett-Packard Company)
HKU\robin\...\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent [x]
HKU\robin\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-04-30] (Google Inc.)
HKU\robin\...\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler [210208 2008-10-20] (Acresso Corporation)
HKU\robin\...\Run: [Facebook Update] "C:\Users\robin\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-11] (Facebook Inc.)
HKU\robin\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe, [739664 2010-09-15] (DigitalPersona, Inc.)
Lsa: [Notification Packages] DPPassFilter
scecli
==================== Services (Whitelisted) ======
2 DpHost; C:\Program Files\DigitalPersona\Bin\DpHostW.exe [440144 2010-09-15] (DigitalPersona, Inc.)
2 DvmMDES; "C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe" [338168 2010-03-05] (DeviceVM, Inc.)
2 HPWMISVC; C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [20480 2010-01-18] ()
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
========================== Drivers (Whitelisted) =============
2 AODDriver4.01; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [55424 2011-06-24] (Advanced Micro Devices)
1 ctxusbm; C:\Windows\System32\Drivers\ctxusbm.sys [87600 2010-07-14] (Citrix Systems, Inc.)
1 DVMIO; C:\Windows\System32\Drivers\DVMIO.sys [20056 2009-11-11] (DeviceVM, Inc.)
3 hitmanpro36; C:\Windows\System32\Drivers\hitmanpro36.sys [30496 2012-08-16] ()
3 RT-USB; C:\Windows\System32\drivers\RT-USB64.SYS [70984 2010-06-16] (Ross-Tech LLC)
3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [16896 2007-07-11] (LG Electronics Inc.)
3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2007-07-11] (LG Electronics Inc.)
3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [29696 2007-07-11] (LG Electronics Inc.)
2 {55662437-DA8C-40c0-AADA-2C816A897A49}; \??\c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2010-02-22] (CyberLink Corp.)
========================== NetSvcs (Whitelisted) ===========
============ One Month Created Files and Folders ==============
2012-08-20 21:15 - 2012-08-20 21:15 - 00000000 ____D C:\FRST
2012-08-20 16:23 - 2012-08-20 16:23 - 00000012 ____H C:\dvmexp.idx
2012-08-20 16:23 - 2012-08-20 16:23 - 00000000 ___HD C:\dvmexp
2012-08-20 16:23 - 2012-08-20 16:23 - 00000000 ____D C:\Windows\SysWOW64\SeaPort
2012-08-20 16:23 - 2012-08-20 16:23 - 00000000 ____D C:\Windows\System32\%LOCALAPPDATA%
2012-08-15 07:01 - 2012-08-16 17:01 - 00030496 ____A C:\Windows\System32\Drivers\hitmanpro36.sys
2012-08-15 07:01 - 2012-08-16 16:59 - 00001895 ____A C:\Users\Public\Desktop\HitmanPro.lnk
2012-08-15 06:40 - 2012-08-15 07:01 - 00000000 ____D C:\Program Files\HitmanPro
2012-08-15 06:08 - 2012-08-15 06:08 - 00000000 ____D C:\Users\robin\AppData\Roaming\Malwarebytes
2012-08-15 06:06 - 2012-08-15 07:10 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-08-15 06:06 - 2012-08-15 06:06 - 00001071 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-15 06:06 - 2012-07-03 09:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-08-15 05:52 - 2012-08-15 05:52 - 09232584 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-08-14 15:58 - 2012-08-14 15:58 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.29439DE124AAB030
2012-08-14 15:52 - 2012-08-14 15:52 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EDC48A4E0DFC2AD0
2012-08-14 15:48 - 2012-08-14 15:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.19B93D87C5166A71
2012-08-14 15:45 - 2012-08-14 15:45 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CA615187188AA8C4
2012-08-14 15:38 - 2012-08-14 15:38 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-08-14 15:38 - 2012-08-14 15:38 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-08-14 05:43 - 2012-08-14 05:43 - 00002026 ____A C:\Users\robin\Desktop\Live Security Platinum.lnk
2012-08-14 05:43 - 2012-08-14 05:43 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-08-13 17:30 - 2012-08-13 17:30 - 00000000 ____D C:\Users\robin\Downloads\sister-frisky
2012-08-13 17:28 - 2012-08-13 17:28 - 00041116 ____A C:\Users\robin\Downloads\sister-frisky.zip
2012-07-31 16:31 - 2012-07-31 16:31 - 00000000 ____D C:\Users\robin\AppData\Local\{63073B68-E39B-4ECF-8883-53DD3F1759EC}
============ 3 Months Modified Files ========================
2012-08-20 17:10 - 2009-07-13 20:51 - 00126601 ____A C:\Windows\setupact.log
2012-08-20 17:10 - 2009-07-13 20:45 - 00037760 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-20 16:23 - 2012-08-20 16:23 - 00000012 ____H C:\dvmexp.idx
2012-08-20 16:23 - 2009-07-13 21:08 - 00032636 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-08-20 16:23 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-20 16:19 - 2011-04-30 07:20 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-08-20 16:13 - 2012-02-26 05:02 - 00000928 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-391809594-4175036034-412354412-1001UA.job
2012-08-20 16:13 - 2012-02-26 05:02 - 00000906 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-391809594-4175036034-412354412-1001Core.job
2012-08-16 17:01 - 2012-08-15 07:01 - 00030496 ____A C:\Windows\System32\Drivers\hitmanpro36.sys
2012-08-16 16:59 - 2012-08-15 07:01 - 00001895 ____A C:\Users\Public\Desktop\HitmanPro.lnk
2012-08-15 06:53 - 2012-04-26 17:06 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-15 06:23 - 2011-04-30 07:20 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-08-15 06:06 - 2012-08-15 06:06 - 00001071 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-15 05:52 - 2012-08-15 05:52 - 09232584 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-08-14 15:58 - 2012-08-14 15:58 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.29439DE124AAB030
2012-08-14 15:56 - 2010-06-25 17:46 - 01347370 ____A C:\Windows\WindowsUpdate.log
2012-08-14 15:52 - 2012-08-14 15:52 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EDC48A4E0DFC2AD0
2012-08-14 15:48 - 2012-08-14 15:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.19B93D87C5166A71
2012-08-14 15:45 - 2012-08-14 15:45 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CA615187188AA8C4
2012-08-14 15:39 - 2011-03-25 12:13 - 00001945 ____A C:\Windows\epplauncher.mif
2012-08-14 15:38 - 2011-03-25 12:18 - 00743856 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-08-14 15:32 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-14 15:32 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-14 05:43 - 2012-08-14 05:43 - 00002026 ____A C:\Users\robin\Desktop\Live Security Platinum.lnk
2012-08-14 04:35 - 2010-06-25 17:50 - 00618278 ____A C:\Windows\PFRO.log
2012-08-13 18:24 - 2011-06-26 04:30 - 00002302 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-08-13 17:37 - 2011-03-23 23:41 - 00131664 ____A C:\Users\robin\AppData\Local\GDIPFONTCACHEV1.DAT
2012-08-13 17:31 - 2012-02-21 18:26 - 00000312 ___AH C:\Users\robin\AppData\Roaming\b0aa5df4d755c86d155bd20c03c50c4194988cc2
2012-08-13 17:28 - 2012-08-13 17:28 - 00041116 ____A C:\Users\robin\Downloads\sister-frisky.zip
2012-08-07 17:27 - 2011-03-25 13:06 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
2012-08-07 17:20 - 2012-04-26 17:06 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-07 17:20 - 2011-06-21 11:36 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-08-07 06:07 - 2009-07-13 21:13 - 00729880 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-01 03:59 - 2011-05-31 08:15 - 00000332 ____A C:\Windows\Tasks\HPCeeScheduleForrobin.job
2012-07-24 17:29 - 2011-10-25 10:17 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
2012-07-10 19:28 - 2009-07-13 18:34 - 00000513 ____A C:\Windows\win.ini
2012-07-10 19:23 - 2011-03-24 06:11 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-07 17:53 - 2012-07-07 17:52 - 17514532 ____A C:\Users\robin\Downloads\TS101674551.potx
2012-07-07 17:53 - 2012-02-23 06:47 - 00005120 ____A C:\Users\robin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-07-03 09:46 - 2012-08-15 06:06 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-11 19:08 - 2012-07-10 19:29 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-08 21:43 - 2012-07-10 15:37 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:41 - 2012-07-10 15:37 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-05 22:06 - 2012-07-10 15:37 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 22:06 - 2012-07-10 15:37 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 22:02 - 2012-07-10 15:37 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-05 21:05 - 2012-07-10 15:37 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:05 - 2012-07-10 15:37 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-05 21:03 - 2012-07-10 15:37 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-04 17:31 - 2011-03-31 11:44 - 00001976 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
2012-06-02 20:55 - 2012-06-02 20:55 - 00001332 ____A C:\Users\robin\Desktop\PowerDirector.lnk
2012-06-02 14:19 - 2012-06-23 14:44 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-23 14:44 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-23 14:44 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-23 14:44 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-23 14:44 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-23 14:44 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-23 14:44 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 11:19 - 2012-06-23 14:43 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 11:15 - 2012-06-23 14:43 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 04:49 - 2012-07-10 19:21 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 04:17 - 2012-07-10 19:21 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 04:12 - 2012-07-10 19:22 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 04:05 - 2012-07-10 19:22 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 04:05 - 2012-07-10 19:22 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 04:04 - 2012-07-10 19:22 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 04:04 - 2012-07-10 19:22 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 04:03 - 2012-07-10 19:22 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 04:01 - 2012-07-10 19:22 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 04:00 - 2012-07-10 19:22 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 03:59 - 2012-07-10 19:22 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 03:57 - 2012-07-10 19:22 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 03:57 - 2012-07-10 19:22 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 03:54 - 2012-07-10 19:22 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 01:07 - 2012-07-10 19:21 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-02 00:43 - 2012-07-10 19:21 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-02 00:33 - 2012-07-10 19:22 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-02 00:26 - 2012-07-10 19:22 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-02 00:25 - 2012-07-10 19:22 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-02 00:25 - 2012-07-10 19:22 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-02 00:23 - 2012-07-10 19:22 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-02 00:21 - 2012-07-10 19:22 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-02 00:20 - 2012-07-10 19:22 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-02 00:19 - 2012-07-10 19:22 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-02 00:19 - 2012-07-10 19:22 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-02 00:17 - 2012-07-10 19:22 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-02 00:16 - 2012-07-10 19:22 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-02 00:14 - 2012-07-10 19:22 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-01 21:50 - 2012-07-10 15:37 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 21:48 - 2012-07-10 15:37 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 21:48 - 2012-07-10 15:37 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 21:45 - 2012-07-10 15:37 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 21:44 - 2012-07-10 15:37 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 20:40 - 2012-07-10 15:37 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 20:40 - 2012-07-10 15:37 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 20:39 - 2012-07-10 15:37 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 20:34 - 2012-07-10 15:37 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
ZeroAccess:
C:\Windows\Installer\{faba01f1-e0ec-39b0-03d2-71509bdc78f8}
C:\Windows\Installer\{faba01f1-e0ec-39b0-03d2-71509bdc78f8}\@
C:\Windows\Installer\{faba01f1-e0ec-39b0-03d2-71509bdc78f8}\L
C:\Windows\Installer\{faba01f1-e0ec-39b0-03d2-71509bdc78f8}\n
C:\Windows\Installer\{faba01f1-e0ec-39b0-03d2-71509bdc78f8}\U
C:\Windows\Installer\{faba01f1-e0ec-39b0-03d2-71509bdc78f8}\U\00000001.@
ZeroAccess:
C:\Users\robin\AppData\Local\{faba01f1-e0ec-39b0-03d2-71509bdc78f8}
C:\Users\robin\AppData\Local\{faba01f1-e0ec-39b0-03d2-71509bdc78f8}\@
C:\Users\robin\AppData\Local\{faba01f1-e0ec-39b0-03d2-71509bdc78f8}\L
C:\Users\robin\AppData\Local\{faba01f1-e0ec-39b0-03d2-71509bdc78f8}\U
========================= Known DLLs (Whitelisted) ============
========================= Bamital & volsnap Check ============
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
========================= Memory info ======================
Percentage of memory in use: 18%
Total physical RAM: 3834.9 MB
Available physical RAM: 3106.32 MB
Total Pagefile: 3833.05 MB
Available Pagefile: 3092.21 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
======================= Partitions =========================
1 Drive c: (OS) (Fixed) (Total:275.84 GB) (Free:174.46 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (HP_PAVILION) (Fixed) (Total:298.09 GB) (Free:70.48 GB) NTFS
3 Drive f: (RECOVERY) (Fixed) (Total:21.95 GB) (Free:2.89 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive g: (HP_TOOLS) (Fixed) (Total:0.09 GB) (Free:0.08 GB) FAT32
5 Drive h: (Aug 15 2012) (CDROM) (Total:4.38 GB) (Free:4.23 GB) UDF
6 Drive I: () (Removable) (Total:0.48 GB) (Free:0.45 GB) FAT
8 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
9 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.13 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 298 GB 1024 KB
Disk 2 Online 496 MB 0 B
Disk 3 No Media 0 B 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 275 GB 200 MB
Partition 3 Primary 21 GB 276 GB
Partition 4 Primary 101 MB 297 GB
==================================================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy
==================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 275 GB Healthy
==================================================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F RECOVERY NTFS Partition 21 GB Healthy
==================================================================================
Disk: 0
Partition 4
Type : 0C
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G HP_TOOLS FAT32 Partition 101 MB Healthy
==================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 298 GB 31 KB
==================================================================================
Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 D HP_PAVILION NTFS Partition 298 GB Healthy
==================================================================================
Partitions of Disk 2:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 495 MB 16 KB
==================================================================================
Disk: 2
Partition 1
Type : 06
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 I FAT Removable 495 MB Healthy
==================================================================================
Last Boot: 2012-08-08 15:19
======================= End Of Log ==========================