james25182
Posts: 14 +0
Hi,
I also seem to have contracted a nasty infection of both W and Y. MSE keeps rebooting. I'm running Windows 7 Home Premium x64. I've run FRST64 and done a search for services.exe as per previous posts. Here's my output:
Scan result of Farbar Recovery Scan Tool Version: 04-07-2012 01
Ran by SYSTEM at 05-07-2012 09:54:48
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001
========================== Registry (Whitelisted) =============
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [InputDirector] "C:\Program Files (x86)\Input Director\InputDirector.exe" /hide [475136 2010-02-01] ()
HKLM-x32\...\Run: [Bing Bar] "C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe" [243544 2010-03-24] (Microsoft Corp.)
HKLM-x32\...\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [288088 2009-11-11] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-26] (Apple Inc.)
HKLM-x32\...\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [206240 2010-08-23] (CANON INC.)
HKU\James\...\Run: [DriverMax_RESTART] [x]
HKU\James\...\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1242448 2012-04-17] (Valve Corporation)
HKU\James\...\Run: [Memopal] C:\Program Files\Memopal\Memopal.exe [x]
HKU\James\...\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe [x]
Tcpip\..\Interfaces\{37B856E9-8AD9-4525-81E9-53D6A694AFAA}: [NameServer]192.168.2.1
Startup: C:\Users\James\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)
Startup: C:\Users\Sam\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)
Startup: C:\Users\Sam\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (No File)
==================== Services (Whitelisted) ======
3 IDVistaService; C:\Program Files (x86)\Input Director\IDVistaService.exe [13824 2009-02-07] ()
2 InputDirector; C:\Program Files (x86)\Input Director\IDWinService.exe [36864 2010-02-01] ()
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
========================== Drivers (Whitelisted) =============
3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [32768 2010-04-28] (Google Inc)
3 dvdfab; C:\Windows\System32\Drivers\dvdfab.sys [79232 2011-08-15] (Fengtao Software Inc.)
3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-28] ()
3 NVENETFD; C:\Windows\System32\DRIVERS\nvm62x64.sys [408960 2009-06-10] (NVIDIA Corporation)
3 SaiH0461; C:\Windows\System32\Drivers\SaiH0461.sys [178432 2008-03-26] (Saitek)
3 SaiH0763; C:\Windows\System32\Drivers\SaiH0763.sys [178304 2008-02-15] (Saitek)
========================== NetSvcs (Whitelisted) ===========
============ One Month Created Files and Folders ==============
2012-07-05 09:54 - 2012-07-05 09:54 - 00000000 ____D C:\FRST
2012-07-05 00:37 - 2012-07-05 00:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.07089B0F65EEA6F1
2012-07-05 00:37 - 2012-07-05 00:37 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\elmqitxm.sys
2012-07-05 00:33 - 2012-07-05 00:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4A5EBC26060A3C1A
2012-07-05 00:30 - 2012-07-05 00:30 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FA525A543429CF4D
2012-07-05 00:09 - 2012-07-05 00:09 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-07-05 00:09 - 2012-07-05 00:09 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-07-04 05:58 - 2012-07-04 05:58 - 00000000 ____D C:\Windows\SysWOW64\directx
2012-07-04 05:58 - 2010-06-01 19:55 - 00527192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2012-07-04 05:58 - 2010-06-01 19:55 - 00518488 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_7.dll
2012-07-04 05:58 - 2010-06-01 19:55 - 00239960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2012-07-04 05:58 - 2010-06-01 19:55 - 00176984 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_7.dll
2012-07-04 05:58 - 2010-06-01 19:55 - 00077656 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_5.dll
2012-07-04 05:58 - 2010-06-01 19:55 - 00074072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2012-07-04 05:58 - 2010-05-26 02:41 - 02526056 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_43.dll
2012-07-04 05:58 - 2010-05-26 02:41 - 02401112 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_43.dll
2012-07-04 05:58 - 2010-05-26 02:41 - 01907552 ____A (Microsoft Corporation) C:\Windows\System32\d3dcsx_43.dll
2012-07-04 05:58 - 2010-05-26 02:41 - 01868128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2012-07-04 05:58 - 2010-05-26 02:41 - 00511328 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_43.dll
2012-07-04 05:58 - 2010-05-26 02:41 - 00470880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2012-07-04 05:58 - 2010-05-26 02:41 - 00276832 ____A (Microsoft Corporation) C:\Windows\System32\d3dx11_43.dll
2012-07-04 05:58 - 2010-05-26 02:41 - 00248672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2012-07-04 05:58 - 2010-02-04 01:01 - 00530776 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_6.dll
2012-07-04 05:58 - 2010-02-04 01:01 - 00528216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2012-07-04 05:58 - 2010-02-04 01:01 - 00238936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2012-07-04 05:58 - 2010-02-04 01:01 - 00176984 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_6.dll
2012-07-04 05:58 - 2010-02-04 01:01 - 00078680 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_4.dll
2012-07-04 05:58 - 2010-02-04 01:01 - 00074072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2012-07-04 05:58 - 2010-02-04 01:01 - 00024920 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_7.dll
2012-07-04 05:58 - 2010-02-04 01:01 - 00022360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2012-07-04 05:58 - 2009-09-04 08:44 - 00517960 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_5.dll
2012-07-04 05:58 - 2009-09-04 08:44 - 00238936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2012-07-04 05:58 - 2009-09-04 08:44 - 00176968 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_5.dll
2012-07-04 05:58 - 2009-09-04 08:44 - 00073544 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_3.dll
2012-07-04 05:58 - 2009-09-04 08:29 - 05554512 ____A (Microsoft Corporation) C:\Windows\System32\d3dcsx_42.dll
2012-07-04 05:58 - 2009-09-04 08:29 - 05501792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2012-07-04 05:58 - 2009-09-04 08:29 - 02582888 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_42.dll
2012-07-04 05:58 - 2009-09-04 08:29 - 02475352 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_42.dll
2012-07-04 05:58 - 2009-09-04 08:29 - 01974616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2012-07-04 05:58 - 2009-09-04 08:29 - 01892184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2012-07-04 05:58 - 2009-09-04 08:29 - 00285024 ____A (Microsoft Corporation) C:\Windows\System32\d3dx11_42.dll
2012-07-04 05:58 - 2009-09-04 08:29 - 00235344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2012-07-04 05:58 - 2008-10-27 01:04 - 00518480 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_3.dll
2012-07-04 05:58 - 2008-10-27 01:04 - 00514384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2012-07-04 05:58 - 2008-10-27 01:04 - 00235856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2012-07-04 05:58 - 2008-10-27 01:04 - 00175440 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_3.dll
2012-07-04 05:58 - 2008-10-27 01:04 - 00074576 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_2.dll
2012-07-04 05:58 - 2008-10-27 01:04 - 00070992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2012-07-04 05:58 - 2008-10-27 01:04 - 00025936 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_5.dll
2012-07-04 05:58 - 2008-10-27 01:04 - 00023376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2012-07-04 05:58 - 2008-07-31 01:41 - 00238088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2012-07-04 05:58 - 2008-07-31 01:41 - 00177672 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_2.dll
2012-07-04 05:58 - 2008-07-31 01:41 - 00072200 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_1.dll
2012-07-04 05:58 - 2008-07-31 01:41 - 00068616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2012-07-04 05:58 - 2008-07-31 01:40 - 00513544 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_2.dll
2012-07-04 05:58 - 2008-07-31 01:40 - 00509448 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2012-06-29 06:52 - 2012-06-29 06:52 - 00000000 ___HD C:\Users\All Users\CanonIJScan
2012-06-29 03:25 - 2012-06-29 03:25 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-28 01:18 - 2012-06-29 06:51 - 00000000 ____D C:\Program Files (x86)\Canon
2012-06-28 01:18 - 2009-04-03 06:57 - 00106496 ____A (CANON INC.) C:\Windows\SysWOW64\CNC560U.dll
2012-06-28 01:18 - 2009-03-19 05:38 - 00303104 ____A (CANON INC.) C:\Windows\SysWOW64\CNC560L.dll
2012-06-28 01:18 - 2009-02-16 03:19 - 00012800 ____A C:\Windows\SysWOW64\CNC173ED.TBL
2012-06-28 01:18 - 2008-08-25 09:02 - 00015872 ____A (CANON INC.) C:\Windows\SysWOW64\CNHMCA.dll
2012-06-28 01:17 - 2012-06-28 01:17 - 00000000 ___HD C:\Program Files\CanonBJ
2012-06-28 01:17 - 2012-06-28 01:17 - 00000000 ____D C:\Windows\System32\STRING
2012-06-28 01:17 - 2012-06-28 01:17 - 00000000 ____D C:\Windows\System32\CHM
2012-06-28 01:17 - 2009-04-03 07:51 - 00353792 ____A (CANON INC.) C:\Windows\SysWOW64\CNMNPPM.DLL
2012-06-28 01:17 - 2009-04-03 07:51 - 00336896 ____A (CANON INC.) C:\Windows\System32\CNMN6PPM.DLL
2012-06-28 01:17 - 2009-04-03 07:51 - 00144384 ____A (CANON INC.) C:\Windows\System32\CNMN6UI.DLL
2012-06-21 02:42 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-21 02:42 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-21 02:42 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-21 02:42 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-21 02:42 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-21 02:42 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-21 02:42 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-21 02:42 - 2012-06-02 06:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-21 02:42 - 2012-06-02 06:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-15 03:46 - 2012-06-15 03:46 - 00000000 ____D C:\Program Files (x86)\Amazon
2012-06-11 07:27 - 2012-06-11 07:27 - 00000000 ____D C:\Program Files (x86)\MakeMKV
2012-06-11 07:09 - 2012-06-11 07:09 - 00000000 ____D C:\Program Files (x86)\AviSynth 2.5
2012-06-11 07:08 - 2011-01-03 01:07 - 00490496 ____A (www.madshi.net) C:\Windows\SysWOW64\madFlac.ax
2012-06-11 07:08 - 2009-04-28 05:44 - 00417792 ____A (Gabest) C:\Windows\SysWOW64\FLVSplitter.ax
2012-06-11 07:08 - 2009-03-26 12:33 - 00536652 ____A (ArcSoft Inc.) C:\Windows\SysWOW64\ASAudioHD.ax
2012-06-11 07:08 - 2008-11-28 06:36 - 00285184 ____A (ArcSoft Inc.) C:\Windows\SysWOW64\MagUIEngine.dll
2012-06-11 07:08 - 2008-11-28 06:36 - 00092672 ____A (ArcSoft Inc.) C:\Windows\SysWOW64\MagUIInter.dll
2012-06-11 07:08 - 2008-11-28 06:36 - 00055808 ____A (ArcSoft Inc.) C:\Windows\SysWOW64\MagPCMac.dll
2012-06-11 07:08 - 2008-11-28 06:36 - 00035328 ____A (ArcSoft Inc.) C:\Windows\SysWOW64\MagCore.dll
2012-06-11 07:08 - 2008-04-24 23:50 - 00917504 ____A C:\Windows\SysWOW64\dtsdecoderdll.dll
2012-06-11 07:08 - 2008-04-15 08:40 - 00106496 ____A (ArcSoft Inc.) C:\Windows\SysWOW64\checkactivate.dll
2012-06-11 07:08 - 2007-10-07 04:36 - 00258048 ____A C:\Windows\SysWOW64\libFLAC.dll
2012-06-11 07:08 - 2004-01-25 08:18 - 00070656 ____A (www.helixcommunity.org) C:\Windows\SysWOW64\yv12vfw.dll
2012-06-11 01:16 - 2012-06-11 01:16 - 00000000 ____D C:\Program Files (x86)\Foxit Software
2012-06-07 06:53 - 2012-06-07 06:53 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_androidusb_01009.Wdf
2012-06-06 01:04 - 2012-06-06 01:04 - 00000000 ____D C:\Program Files (x86)\DVDFab Passkey
2012-06-06 01:04 - 2011-08-15 05:51 - 00079232 ____A (Fengtao Software Inc.) C:\Windows\System32\Drivers\dvdfab.sys
============ 3 Months Modified Files ========================
2012-07-05 00:37 - 2012-07-05 00:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.07089B0F65EEA6F1
2012-07-05 00:37 - 2012-07-05 00:37 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\elmqitxm.sys
2012-07-05 00:35 - 2012-04-18 00:23 - 00000000 ____A C:\Windows\System32\Drivers\lvuvc.hs
2012-07-05 00:35 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-05 00:35 - 2009-07-13 20:51 - 00031399 ____A C:\Windows\setupact.log
2012-07-05 00:33 - 2012-07-05 00:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4A5EBC26060A3C1A
2012-07-05 00:30 - 2012-07-05 00:30 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FA525A543429CF4D
2012-07-05 00:15 - 2012-04-17 05:05 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1848183946-4224764909-1401710521-1001UA.job
2012-07-05 00:14 - 2009-07-13 20:45 - 00013632 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-05 00:14 - 2009-07-13 20:45 - 00013632 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-05 00:13 - 2009-07-13 21:13 - 00781348 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-05 00:10 - 2012-04-17 02:27 - 01464648 ____A C:\Windows\WindowsUpdate.log
2012-07-05 00:09 - 2012-04-17 05:16 - 00786470 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-07-05 00:09 - 2012-04-17 05:16 - 00001945 ____A C:\Windows\epplauncher.mif
2012-07-04 23:59 - 2012-04-17 05:05 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1848183946-4224764909-1401710521-1001Core.job
2012-07-04 07:09 - 2012-04-17 07:25 - 00062908 ____A C:\Windows\DirectX.log
2012-06-29 03:22 - 2012-04-17 05:05 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-29 03:22 - 2012-04-17 05:05 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-07 06:53 - 2012-06-07 06:53 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_androidusb_01009.Wdf
2012-06-02 14:19 - 2012-06-21 02:42 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-21 02:42 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-21 02:42 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-21 02:42 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-21 02:42 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-21 02:42 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-21 02:42 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 06:19 - 2012-06-21 02:42 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 06:15 - 2012-06-21 02:42 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-05-22 06:59 - 2012-05-22 06:59 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2012-05-02 11:06 - 2009-07-13 20:45 - 00464768 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-02 11:01 - 2012-05-02 11:01 - 00000020 ____A C:\Windows\ìô»
2012-04-25 05:02 - 2012-04-17 05:28 - 00001184 ____A C:\Windows\PFRO.log
2012-04-18 00:40 - 2012-04-18 00:23 - 00008962 ____A C:\Windows\System32\lvcoinst.log
2012-04-18 00:36 - 2012-04-18 00:36 - 17790464 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 12282368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 10887168 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 09705472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 03695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-04-18 00:36 - 2012-04-18 00:36 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-04-18 00:36 - 2012-04-18 00:36 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-04-18 00:36 - 2012-04-18 00:36 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-04-18 00:36 - 2012-04-18 00:36 - 02308096 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 02144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 01798656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 01792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 01493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-04-18 00:36 - 2012-04-18 00:36 - 01427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-04-18 00:36 - 2012-04-18 00:36 - 01390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 01345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 01127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 01103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-04-18 00:36 - 2012-04-18 00:36 - 00434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-04-18 00:36 - 2012-04-18 00:36 - 00353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-04-18 00:36 - 2012-04-18 00:36 - 00165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-04-18 00:36 - 2012-04-18 00:36 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-04-18 00:36 - 2012-04-18 00:36 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2012-04-18 00:36 - 2012-04-18 00:36 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2012-04-18 00:36 - 2012-04-18 00:36 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-04-18 00:36 - 2012-04-18 00:36 - 00135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-04-18 00:36 - 2012-04-18 00:36 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-04-18 00:36 - 2012-04-18 00:36 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-04-18 00:36 - 2012-04-18 00:36 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-04-18 00:36 - 2012-04-18 00:36 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-04-18 00:36 - 2012-04-18 00:36 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2012-04-18 00:36 - 2012-04-18 00:36 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-04-18 00:36 - 2012-04-18 00:36 - 00072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-04-18 00:36 - 2012-04-18 00:36 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-04-18 00:36 - 2012-04-18 00:36 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-04-18 00:36 - 2012-04-18 00:36 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-04-18 00:36 - 2012-04-18 00:36 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-04-18 00:36 - 2012-04-18 00:34 - 00003733 ____A C:\Windows\IE9_main.log
2012-04-17 11:20 - 2012-04-17 11:20 - 00008192 _RASH C:\BOOTSECT.BAK
2012-04-17 11:20 - 2009-07-13 21:38 - 00025600 __ASH C:\Windows\System32\config\BCD-Template.LOG
2012-04-17 11:20 - 2009-07-13 21:32 - 00028672 ____A C:\Windows\System32\config\BCD-Template
2012-04-17 05:19 - 2012-04-17 05:19 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_xusb21_01009.Wdf
2012-04-17 05:06 - 2012-04-17 05:06 - 00472808 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2012-04-17 05:06 - 2012-04-17 05:06 - 00157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-04-17 05:06 - 2012-04-17 05:06 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-04-17 05:06 - 2012-04-17 05:06 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-04-17 02:23 - 2009-07-13 21:01 - 00041962 ____A C:\Windows\SysWOW64\license.rtf
2012-04-17 02:23 - 2009-07-13 21:01 - 00041962 ____A C:\Windows\System32\license.rtf
2012-04-17 02:22 - 2012-04-17 02:22 - 00001313 ____A C:\Windows\TSSysprep.log
2012-04-17 02:22 - 2009-07-13 20:46 - 00001774 ____A C:\Windows\DtcInstall.log
2012-04-17 02:21 - 2012-04-17 02:21 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2012-04-17 01:31 - 2009-10-28 09:33 - 00000600 ____A C:\Users\James\AppData\Local\PUTTY.RND
2012-04-15 03:27 - 2012-04-15 03:27 - 00000959 ____A C:\Users\James\Desktop\join.me.lnk
2012-04-15 02:56 - 2011-01-18 08:24 - 00001012 ____A C:\Users\James\Desktop\Dropbox.lnk
2012-04-11 01:11 - 2012-04-11 01:11 - 00002227 ____A C:\Users\James\Desktop\RT 7 Lite (64-Bit).lnk
2012-04-10 11:31 - 2012-04-10 11:31 - 01075200 ____A C:\Windows\SysWOW64\ac3filter.acm
ZeroAccess:
C:\Windows\Installer\{973b70e0-5b87-2d8c-e45c-db0f685bd887}
C:\Windows\Installer\{973b70e0-5b87-2d8c-e45c-db0f685bd887}\@
C:\Windows\Installer\{973b70e0-5b87-2d8c-e45c-db0f685bd887}\L
C:\Windows\Installer\{973b70e0-5b87-2d8c-e45c-db0f685bd887}\n
C:\Windows\Installer\{973b70e0-5b87-2d8c-e45c-db0f685bd887}\U
C:\Windows\Installer\{973b70e0-5b87-2d8c-e45c-db0f685bd887}\U\00000001.@
C:\Windows\Installer\{973b70e0-5b87-2d8c-e45c-db0f685bd887}\U\800000cb.@
========================= Known DLLs (Whitelisted) ============
========================= Bamital & volsnap Check ============
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
========================= Memory info ======================
Percentage of memory in use: 14%
Total physical RAM: 4094.55 MB
Available physical RAM: 3517.86 MB
Total Pagefile: 4092.7 MB
Available Pagefile: 3509.4 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
======================= Partitions =========================
2 Drive c: (Win7HP_SSD) (Fixed) (Total:223.57 GB) (Free:49.78 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
3 Drive d: (Win7Ultimate) (Fixed) (Total:298.09 GB) (Free:55.91 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive e: (Data2) (Fixed) (Total:232.88 GB) (Free:139.22 GB) NTFS
7 Drive h: () (Removable) (Total:0.17 GB) (Free:0.17 GB) FAT32
12 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 223 GB 0 B
Disk 1 Online 298 GB 1024 KB
Disk 2 Online 232 GB 1024 KB
Disk 3 Online 491 MB 16 MB
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B
Disk 6 No Media 0 B 0 B
Disk 7 No Media 0 B 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 223 GB 1024 KB
==================================================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C Win7HP_SSD NTFS Partition 223 GB Healthy
==================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 298 GB 31 KB
==================================================================================
Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D Win7Ultimat NTFS Partition 298 GB Healthy
==================================================================================
Partitions of Disk 2:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 232 GB 31 KB
==================================================================================
Disk: 2
Partition 1
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 E Data2 NTFS Partition 232 GB Healthy
==================================================================================
Partitions of Disk 3:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 179 MB 1024 KB
Partition 0 Primary 296 MB 180 MB
==================================================================================
Disk: 3
Partition 1
Type : 0B
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H FAT32 Removable 179 MB Healthy
==================================================================================
==========================================================
Last Boot: 2012-06-28 03:16
======================= End Of Log ==========================
Farbar Recovery Scan Tool Version: 04-07-2012 01
Ran by SYSTEM at 2012-07-05 10:00:48
Running from H:\
================== Search: "services.exe" ===================
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06
====== End Of Search ======
Any help much appreciated!
I also seem to have contracted a nasty infection of both W and Y. MSE keeps rebooting. I'm running Windows 7 Home Premium x64. I've run FRST64 and done a search for services.exe as per previous posts. Here's my output:
Scan result of Farbar Recovery Scan Tool Version: 04-07-2012 01
Ran by SYSTEM at 05-07-2012 09:54:48
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001
========================== Registry (Whitelisted) =============
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [InputDirector] "C:\Program Files (x86)\Input Director\InputDirector.exe" /hide [475136 2010-02-01] ()
HKLM-x32\...\Run: [Bing Bar] "C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe" [243544 2010-03-24] (Microsoft Corp.)
HKLM-x32\...\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [288088 2009-11-11] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-26] (Apple Inc.)
HKLM-x32\...\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [206240 2010-08-23] (CANON INC.)
HKU\James\...\Run: [DriverMax_RESTART] [x]
HKU\James\...\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1242448 2012-04-17] (Valve Corporation)
HKU\James\...\Run: [Memopal] C:\Program Files\Memopal\Memopal.exe [x]
HKU\James\...\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe [x]
Tcpip\..\Interfaces\{37B856E9-8AD9-4525-81E9-53D6A694AFAA}: [NameServer]192.168.2.1
Startup: C:\Users\James\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)
Startup: C:\Users\Sam\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)
Startup: C:\Users\Sam\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (No File)
==================== Services (Whitelisted) ======
3 IDVistaService; C:\Program Files (x86)\Input Director\IDVistaService.exe [13824 2009-02-07] ()
2 InputDirector; C:\Program Files (x86)\Input Director\IDWinService.exe [36864 2010-02-01] ()
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
========================== Drivers (Whitelisted) =============
3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [32768 2010-04-28] (Google Inc)
3 dvdfab; C:\Windows\System32\Drivers\dvdfab.sys [79232 2011-08-15] (Fengtao Software Inc.)
3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-28] ()
3 NVENETFD; C:\Windows\System32\DRIVERS\nvm62x64.sys [408960 2009-06-10] (NVIDIA Corporation)
3 SaiH0461; C:\Windows\System32\Drivers\SaiH0461.sys [178432 2008-03-26] (Saitek)
3 SaiH0763; C:\Windows\System32\Drivers\SaiH0763.sys [178304 2008-02-15] (Saitek)
========================== NetSvcs (Whitelisted) ===========
============ One Month Created Files and Folders ==============
2012-07-05 09:54 - 2012-07-05 09:54 - 00000000 ____D C:\FRST
2012-07-05 00:37 - 2012-07-05 00:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.07089B0F65EEA6F1
2012-07-05 00:37 - 2012-07-05 00:37 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\elmqitxm.sys
2012-07-05 00:33 - 2012-07-05 00:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4A5EBC26060A3C1A
2012-07-05 00:30 - 2012-07-05 00:30 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FA525A543429CF4D
2012-07-05 00:09 - 2012-07-05 00:09 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-07-05 00:09 - 2012-07-05 00:09 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-07-04 05:58 - 2012-07-04 05:58 - 00000000 ____D C:\Windows\SysWOW64\directx
2012-07-04 05:58 - 2010-06-01 19:55 - 00527192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2012-07-04 05:58 - 2010-06-01 19:55 - 00518488 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_7.dll
2012-07-04 05:58 - 2010-06-01 19:55 - 00239960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2012-07-04 05:58 - 2010-06-01 19:55 - 00176984 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_7.dll
2012-07-04 05:58 - 2010-06-01 19:55 - 00077656 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_5.dll
2012-07-04 05:58 - 2010-06-01 19:55 - 00074072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2012-07-04 05:58 - 2010-05-26 02:41 - 02526056 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_43.dll
2012-07-04 05:58 - 2010-05-26 02:41 - 02401112 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_43.dll
2012-07-04 05:58 - 2010-05-26 02:41 - 01907552 ____A (Microsoft Corporation) C:\Windows\System32\d3dcsx_43.dll
2012-07-04 05:58 - 2010-05-26 02:41 - 01868128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2012-07-04 05:58 - 2010-05-26 02:41 - 00511328 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_43.dll
2012-07-04 05:58 - 2010-05-26 02:41 - 00470880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2012-07-04 05:58 - 2010-05-26 02:41 - 00276832 ____A (Microsoft Corporation) C:\Windows\System32\d3dx11_43.dll
2012-07-04 05:58 - 2010-05-26 02:41 - 00248672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2012-07-04 05:58 - 2010-02-04 01:01 - 00530776 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_6.dll
2012-07-04 05:58 - 2010-02-04 01:01 - 00528216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2012-07-04 05:58 - 2010-02-04 01:01 - 00238936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2012-07-04 05:58 - 2010-02-04 01:01 - 00176984 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_6.dll
2012-07-04 05:58 - 2010-02-04 01:01 - 00078680 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_4.dll
2012-07-04 05:58 - 2010-02-04 01:01 - 00074072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2012-07-04 05:58 - 2010-02-04 01:01 - 00024920 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_7.dll
2012-07-04 05:58 - 2010-02-04 01:01 - 00022360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2012-07-04 05:58 - 2009-09-04 08:44 - 00517960 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_5.dll
2012-07-04 05:58 - 2009-09-04 08:44 - 00238936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2012-07-04 05:58 - 2009-09-04 08:44 - 00176968 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_5.dll
2012-07-04 05:58 - 2009-09-04 08:44 - 00073544 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_3.dll
2012-07-04 05:58 - 2009-09-04 08:29 - 05554512 ____A (Microsoft Corporation) C:\Windows\System32\d3dcsx_42.dll
2012-07-04 05:58 - 2009-09-04 08:29 - 05501792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2012-07-04 05:58 - 2009-09-04 08:29 - 02582888 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_42.dll
2012-07-04 05:58 - 2009-09-04 08:29 - 02475352 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_42.dll
2012-07-04 05:58 - 2009-09-04 08:29 - 01974616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2012-07-04 05:58 - 2009-09-04 08:29 - 01892184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2012-07-04 05:58 - 2009-09-04 08:29 - 00285024 ____A (Microsoft Corporation) C:\Windows\System32\d3dx11_42.dll
2012-07-04 05:58 - 2009-09-04 08:29 - 00235344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2012-07-04 05:58 - 2008-10-27 01:04 - 00518480 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_3.dll
2012-07-04 05:58 - 2008-10-27 01:04 - 00514384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2012-07-04 05:58 - 2008-10-27 01:04 - 00235856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2012-07-04 05:58 - 2008-10-27 01:04 - 00175440 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_3.dll
2012-07-04 05:58 - 2008-10-27 01:04 - 00074576 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_2.dll
2012-07-04 05:58 - 2008-10-27 01:04 - 00070992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2012-07-04 05:58 - 2008-10-27 01:04 - 00025936 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_5.dll
2012-07-04 05:58 - 2008-10-27 01:04 - 00023376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2012-07-04 05:58 - 2008-07-31 01:41 - 00238088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2012-07-04 05:58 - 2008-07-31 01:41 - 00177672 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_2.dll
2012-07-04 05:58 - 2008-07-31 01:41 - 00072200 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_1.dll
2012-07-04 05:58 - 2008-07-31 01:41 - 00068616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2012-07-04 05:58 - 2008-07-31 01:40 - 00513544 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_2.dll
2012-07-04 05:58 - 2008-07-31 01:40 - 00509448 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2012-06-29 06:52 - 2012-06-29 06:52 - 00000000 ___HD C:\Users\All Users\CanonIJScan
2012-06-29 03:25 - 2012-06-29 03:25 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-28 01:18 - 2012-06-29 06:51 - 00000000 ____D C:\Program Files (x86)\Canon
2012-06-28 01:18 - 2009-04-03 06:57 - 00106496 ____A (CANON INC.) C:\Windows\SysWOW64\CNC560U.dll
2012-06-28 01:18 - 2009-03-19 05:38 - 00303104 ____A (CANON INC.) C:\Windows\SysWOW64\CNC560L.dll
2012-06-28 01:18 - 2009-02-16 03:19 - 00012800 ____A C:\Windows\SysWOW64\CNC173ED.TBL
2012-06-28 01:18 - 2008-08-25 09:02 - 00015872 ____A (CANON INC.) C:\Windows\SysWOW64\CNHMCA.dll
2012-06-28 01:17 - 2012-06-28 01:17 - 00000000 ___HD C:\Program Files\CanonBJ
2012-06-28 01:17 - 2012-06-28 01:17 - 00000000 ____D C:\Windows\System32\STRING
2012-06-28 01:17 - 2012-06-28 01:17 - 00000000 ____D C:\Windows\System32\CHM
2012-06-28 01:17 - 2009-04-03 07:51 - 00353792 ____A (CANON INC.) C:\Windows\SysWOW64\CNMNPPM.DLL
2012-06-28 01:17 - 2009-04-03 07:51 - 00336896 ____A (CANON INC.) C:\Windows\System32\CNMN6PPM.DLL
2012-06-28 01:17 - 2009-04-03 07:51 - 00144384 ____A (CANON INC.) C:\Windows\System32\CNMN6UI.DLL
2012-06-21 02:42 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-21 02:42 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-21 02:42 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-21 02:42 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-21 02:42 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-21 02:42 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-21 02:42 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-21 02:42 - 2012-06-02 06:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-21 02:42 - 2012-06-02 06:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-15 03:46 - 2012-06-15 03:46 - 00000000 ____D C:\Program Files (x86)\Amazon
2012-06-11 07:27 - 2012-06-11 07:27 - 00000000 ____D C:\Program Files (x86)\MakeMKV
2012-06-11 07:09 - 2012-06-11 07:09 - 00000000 ____D C:\Program Files (x86)\AviSynth 2.5
2012-06-11 07:08 - 2011-01-03 01:07 - 00490496 ____A (www.madshi.net) C:\Windows\SysWOW64\madFlac.ax
2012-06-11 07:08 - 2009-04-28 05:44 - 00417792 ____A (Gabest) C:\Windows\SysWOW64\FLVSplitter.ax
2012-06-11 07:08 - 2009-03-26 12:33 - 00536652 ____A (ArcSoft Inc.) C:\Windows\SysWOW64\ASAudioHD.ax
2012-06-11 07:08 - 2008-11-28 06:36 - 00285184 ____A (ArcSoft Inc.) C:\Windows\SysWOW64\MagUIEngine.dll
2012-06-11 07:08 - 2008-11-28 06:36 - 00092672 ____A (ArcSoft Inc.) C:\Windows\SysWOW64\MagUIInter.dll
2012-06-11 07:08 - 2008-11-28 06:36 - 00055808 ____A (ArcSoft Inc.) C:\Windows\SysWOW64\MagPCMac.dll
2012-06-11 07:08 - 2008-11-28 06:36 - 00035328 ____A (ArcSoft Inc.) C:\Windows\SysWOW64\MagCore.dll
2012-06-11 07:08 - 2008-04-24 23:50 - 00917504 ____A C:\Windows\SysWOW64\dtsdecoderdll.dll
2012-06-11 07:08 - 2008-04-15 08:40 - 00106496 ____A (ArcSoft Inc.) C:\Windows\SysWOW64\checkactivate.dll
2012-06-11 07:08 - 2007-10-07 04:36 - 00258048 ____A C:\Windows\SysWOW64\libFLAC.dll
2012-06-11 07:08 - 2004-01-25 08:18 - 00070656 ____A (www.helixcommunity.org) C:\Windows\SysWOW64\yv12vfw.dll
2012-06-11 01:16 - 2012-06-11 01:16 - 00000000 ____D C:\Program Files (x86)\Foxit Software
2012-06-07 06:53 - 2012-06-07 06:53 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_androidusb_01009.Wdf
2012-06-06 01:04 - 2012-06-06 01:04 - 00000000 ____D C:\Program Files (x86)\DVDFab Passkey
2012-06-06 01:04 - 2011-08-15 05:51 - 00079232 ____A (Fengtao Software Inc.) C:\Windows\System32\Drivers\dvdfab.sys
============ 3 Months Modified Files ========================
2012-07-05 00:37 - 2012-07-05 00:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.07089B0F65EEA6F1
2012-07-05 00:37 - 2012-07-05 00:37 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\elmqitxm.sys
2012-07-05 00:35 - 2012-04-18 00:23 - 00000000 ____A C:\Windows\System32\Drivers\lvuvc.hs
2012-07-05 00:35 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-05 00:35 - 2009-07-13 20:51 - 00031399 ____A C:\Windows\setupact.log
2012-07-05 00:33 - 2012-07-05 00:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4A5EBC26060A3C1A
2012-07-05 00:30 - 2012-07-05 00:30 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FA525A543429CF4D
2012-07-05 00:15 - 2012-04-17 05:05 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1848183946-4224764909-1401710521-1001UA.job
2012-07-05 00:14 - 2009-07-13 20:45 - 00013632 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-05 00:14 - 2009-07-13 20:45 - 00013632 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-05 00:13 - 2009-07-13 21:13 - 00781348 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-05 00:10 - 2012-04-17 02:27 - 01464648 ____A C:\Windows\WindowsUpdate.log
2012-07-05 00:09 - 2012-04-17 05:16 - 00786470 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-07-05 00:09 - 2012-04-17 05:16 - 00001945 ____A C:\Windows\epplauncher.mif
2012-07-04 23:59 - 2012-04-17 05:05 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1848183946-4224764909-1401710521-1001Core.job
2012-07-04 07:09 - 2012-04-17 07:25 - 00062908 ____A C:\Windows\DirectX.log
2012-06-29 03:22 - 2012-04-17 05:05 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-29 03:22 - 2012-04-17 05:05 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-07 06:53 - 2012-06-07 06:53 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_androidusb_01009.Wdf
2012-06-02 14:19 - 2012-06-21 02:42 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-21 02:42 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-21 02:42 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-21 02:42 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-21 02:42 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-21 02:42 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-21 02:42 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 06:19 - 2012-06-21 02:42 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 06:15 - 2012-06-21 02:42 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-05-22 06:59 - 2012-05-22 06:59 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2012-05-02 11:06 - 2009-07-13 20:45 - 00464768 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-02 11:01 - 2012-05-02 11:01 - 00000020 ____A C:\Windows\ìô»
2012-04-25 05:02 - 2012-04-17 05:28 - 00001184 ____A C:\Windows\PFRO.log
2012-04-18 00:40 - 2012-04-18 00:23 - 00008962 ____A C:\Windows\System32\lvcoinst.log
2012-04-18 00:36 - 2012-04-18 00:36 - 17790464 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 12282368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 10887168 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 09705472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 03695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-04-18 00:36 - 2012-04-18 00:36 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-04-18 00:36 - 2012-04-18 00:36 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-04-18 00:36 - 2012-04-18 00:36 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-04-18 00:36 - 2012-04-18 00:36 - 02308096 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 02144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 01798656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 01792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 01493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-04-18 00:36 - 2012-04-18 00:36 - 01427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-04-18 00:36 - 2012-04-18 00:36 - 01390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 01345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 01127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 01103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-04-18 00:36 - 2012-04-18 00:36 - 00434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-04-18 00:36 - 2012-04-18 00:36 - 00353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-04-18 00:36 - 2012-04-18 00:36 - 00165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-04-18 00:36 - 2012-04-18 00:36 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-04-18 00:36 - 2012-04-18 00:36 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2012-04-18 00:36 - 2012-04-18 00:36 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2012-04-18 00:36 - 2012-04-18 00:36 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-04-18 00:36 - 2012-04-18 00:36 - 00135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-04-18 00:36 - 2012-04-18 00:36 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-04-18 00:36 - 2012-04-18 00:36 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-04-18 00:36 - 2012-04-18 00:36 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-04-18 00:36 - 2012-04-18 00:36 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-04-18 00:36 - 2012-04-18 00:36 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2012-04-18 00:36 - 2012-04-18 00:36 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-04-18 00:36 - 2012-04-18 00:36 - 00072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-04-18 00:36 - 2012-04-18 00:36 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-04-18 00:36 - 2012-04-18 00:36 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-04-18 00:36 - 2012-04-18 00:36 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-04-18 00:36 - 2012-04-18 00:36 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-04-18 00:36 - 2012-04-18 00:36 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-04-18 00:36 - 2012-04-18 00:34 - 00003733 ____A C:\Windows\IE9_main.log
2012-04-17 11:20 - 2012-04-17 11:20 - 00008192 _RASH C:\BOOTSECT.BAK
2012-04-17 11:20 - 2009-07-13 21:38 - 00025600 __ASH C:\Windows\System32\config\BCD-Template.LOG
2012-04-17 11:20 - 2009-07-13 21:32 - 00028672 ____A C:\Windows\System32\config\BCD-Template
2012-04-17 05:19 - 2012-04-17 05:19 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_xusb21_01009.Wdf
2012-04-17 05:06 - 2012-04-17 05:06 - 00472808 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2012-04-17 05:06 - 2012-04-17 05:06 - 00157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-04-17 05:06 - 2012-04-17 05:06 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-04-17 05:06 - 2012-04-17 05:06 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-04-17 02:23 - 2009-07-13 21:01 - 00041962 ____A C:\Windows\SysWOW64\license.rtf
2012-04-17 02:23 - 2009-07-13 21:01 - 00041962 ____A C:\Windows\System32\license.rtf
2012-04-17 02:22 - 2012-04-17 02:22 - 00001313 ____A C:\Windows\TSSysprep.log
2012-04-17 02:22 - 2009-07-13 20:46 - 00001774 ____A C:\Windows\DtcInstall.log
2012-04-17 02:21 - 2012-04-17 02:21 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2012-04-17 01:31 - 2009-10-28 09:33 - 00000600 ____A C:\Users\James\AppData\Local\PUTTY.RND
2012-04-15 03:27 - 2012-04-15 03:27 - 00000959 ____A C:\Users\James\Desktop\join.me.lnk
2012-04-15 02:56 - 2011-01-18 08:24 - 00001012 ____A C:\Users\James\Desktop\Dropbox.lnk
2012-04-11 01:11 - 2012-04-11 01:11 - 00002227 ____A C:\Users\James\Desktop\RT 7 Lite (64-Bit).lnk
2012-04-10 11:31 - 2012-04-10 11:31 - 01075200 ____A C:\Windows\SysWOW64\ac3filter.acm
ZeroAccess:
C:\Windows\Installer\{973b70e0-5b87-2d8c-e45c-db0f685bd887}
C:\Windows\Installer\{973b70e0-5b87-2d8c-e45c-db0f685bd887}\@
C:\Windows\Installer\{973b70e0-5b87-2d8c-e45c-db0f685bd887}\L
C:\Windows\Installer\{973b70e0-5b87-2d8c-e45c-db0f685bd887}\n
C:\Windows\Installer\{973b70e0-5b87-2d8c-e45c-db0f685bd887}\U
C:\Windows\Installer\{973b70e0-5b87-2d8c-e45c-db0f685bd887}\U\00000001.@
C:\Windows\Installer\{973b70e0-5b87-2d8c-e45c-db0f685bd887}\U\800000cb.@
========================= Known DLLs (Whitelisted) ============
========================= Bamital & volsnap Check ============
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
========================= Memory info ======================
Percentage of memory in use: 14%
Total physical RAM: 4094.55 MB
Available physical RAM: 3517.86 MB
Total Pagefile: 4092.7 MB
Available Pagefile: 3509.4 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
======================= Partitions =========================
2 Drive c: (Win7HP_SSD) (Fixed) (Total:223.57 GB) (Free:49.78 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
3 Drive d: (Win7Ultimate) (Fixed) (Total:298.09 GB) (Free:55.91 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive e: (Data2) (Fixed) (Total:232.88 GB) (Free:139.22 GB) NTFS
7 Drive h: () (Removable) (Total:0.17 GB) (Free:0.17 GB) FAT32
12 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 223 GB 0 B
Disk 1 Online 298 GB 1024 KB
Disk 2 Online 232 GB 1024 KB
Disk 3 Online 491 MB 16 MB
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B
Disk 6 No Media 0 B 0 B
Disk 7 No Media 0 B 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 223 GB 1024 KB
==================================================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C Win7HP_SSD NTFS Partition 223 GB Healthy
==================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 298 GB 31 KB
==================================================================================
Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D Win7Ultimat NTFS Partition 298 GB Healthy
==================================================================================
Partitions of Disk 2:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 232 GB 31 KB
==================================================================================
Disk: 2
Partition 1
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 E Data2 NTFS Partition 232 GB Healthy
==================================================================================
Partitions of Disk 3:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 179 MB 1024 KB
Partition 0 Primary 296 MB 180 MB
==================================================================================
Disk: 3
Partition 1
Type : 0B
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H FAT32 Removable 179 MB Healthy
==================================================================================
==========================================================
Last Boot: 2012-06-28 03:16
======================= End Of Log ==========================
Farbar Recovery Scan Tool Version: 04-07-2012 01
Ran by SYSTEM at 2012-07-05 10:00:48
Running from H:\
================== Search: "services.exe" ===================
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06
====== End Of Search ======
Any help much appreciated!