Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 20-07-2012 01 Ran by SYSTEM at 24-07-2012 17:21:58 Running from F:\ Windows Vista (TM) Home Premium (X86) OS Language: English(US) The current controlset is ControlSet001 ========================== Registry (Whitelisted) ============= HKLM\...\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [161328 2007-03-26] (Nero AG) HKLM\...\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe [1057328 2007-03-26] (Nero AG) HKLM\...\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [174872 2007-02-12] (Intel Corporation) HKLM\...\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] () HKLM\...\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [630784 2006-11-22] (Motorola Inc.) HKLM\...\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE [61440 2006-11-02] (ASUSTeK Computer INC.) HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x] HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [857648 2007-03-01] (Synaptics, Inc.) HKLM\...\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exe [778240 2007-01-15] () HKLM\...\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe [37232 2007-10-04] () HKLM\...\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe [33136 2007-10-04] () HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.) HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation) HKU\NOMAR\...\Run: [Facebook Update] "C:\Users\NOMAR\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-23] (Facebook Inc.) HKU\NOMAR\...\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [17344176 2012-06-05] (Skype Technologies S.A.) HKU\NOMAR\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-18] (Microsoft Corporation) HKU\NOMAR\...\Run: [Regedit32] C:\Windows\system32\regedit.exe [x] Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 ================================ Services (Whitelisted) ================== 2 ADSMService; C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe [73728 2007-05-18] () 2 ASLDRService; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [94208 2007-02-05] () 2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-05-15] () 2 Eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [21504 2008-01-18] (Microsoft Corporation) 2 InCDsrv; C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe [864816 2007-03-26] (Nero AG) 3 McComponentHostService; "C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe" [227232 2010-01-15] (McAfee, Inc.) 2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [11552 2012-03-26] (Microsoft Corporation) 3 NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [779824 2007-03-26] (Nero AG) 3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [214952 2012-03-26] (Microsoft Corporation) 3 NMIndexingService; "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" [267824 2007-03-26] (Nero AG) 2 Skype C2C Service; "C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe" [3048136 2012-07-05] (Skype Technologies S.A.) 2 SkypeUpdate; "C:\Program Files\Skype\Updater\Updater.exe" [160944 2012-06-05] (Skype Technologies) 2 spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [123248 2006-12-28] () 2 CLTNetCnService; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [x] 2 McAfee SiteAdvisor Service; c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe [x] ========================== Drivers (Whitelisted) ============= 0 AsDsm; C:\Windows\System32\Drivers\AsDsm.sys [27504 2007-04-24] (Windows (R) Codename Longhorn DDK provider) 2 ASMMAP; \??\C:\Program Files\ATKGFNEX\ASMMAP.sys [11632 2007-02-05] () 2 ghaio; \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [15216 2006-11-15] () 4 InCDfs; C:\Windows\System32\drivers\InCDFs.sys [108592 2007-03-26] (Nero AG) 1 InCDPass; C:\Windows\System32\drivers\InCDPass.sys [37040 2007-03-26] (Nero AG) 1 InCDrec; C:\Windows\System32\Drivers\InCDrec.sys [16304 2007-03-26] (Nero AG) 1 incdrm; C:\Windows\System32\drivers\InCDRm.sys [39472 2007-03-26] (Nero AG) 3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [5632 2007-01-24] ( ) 0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation) 1 MpKsl78f409f5; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{54DF7C60-E098-4B43-B7E0-4E6E3F5A365C}\MpKsl78f409f5.sys [29904 2012-07-24] (Microsoft Corporation) 3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2006-12-13] (ATK0100) 3 SMSCIRDA; C:\Windows\System32\DRIVERS\SMSCirda.sys [31232 2006-10-17] (SMSC) 3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1743232 2007-05-24] () 4 blbdrive; C:\Windows\system32\drivers\blbdrive.sys [x] 3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x] 3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x] 3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x] ========================== NetSvcs (Whitelisted) =========== ============ One Month Created Files and Folders ============== 2012-07-24 17:21 - 2012-07-24 17:21 - 00000000 ____D C:\FRST 2012-07-23 22:47 - 2012-07-23 22:57 - 00000000 ____D C:\Users\NOMAR\Desktop\naprawy 2012-07-23 05:49 - 2012-07-23 05:50 - 16373192 ____A (Microsoft Corporation) C:\Users\NOMAR\Downloads\Windows-KB890830-V4.10.exe 2012-07-23 04:50 - 2012-07-23 04:51 - 00000000 ____D C:\Program Files\Microsoft Security Client 2012-07-23 04:49 - 2012-07-23 04:50 - 10299264 ____A (Microsoft Corporation) C:\Users\NOMAR\Downloads\mseinstall.exe 2012-07-23 04:28 - 2012-07-23 04:28 - 00000332 ____A C:\Start_.cmd 2012-07-23 04:28 - 2012-07-23 04:28 - 00000000 ____D C:\ComboFix 2012-07-23 04:27 - 2012-07-23 04:28 - 00000000 ____D C:\Windows\erdnt 2012-07-23 04:27 - 2012-07-23 04:27 - 04582474 ____R (Swearware) C:\Users\NOMAR\Downloads\ComboFix.exe 2012-07-23 04:03 - 2012-07-23 04:28 - 00000000 ____D C:\Qoobox 2012-07-23 04:00 - 2012-07-23 04:28 - 00000000 ___SD C:\32788R22FWJFW 2012-07-23 01:50 - 2012-07-23 01:50 - 00000000 ____D C:\Program Files\Microsoft Security Client(66) 2012-07-20 05:05 - 2012-07-20 05:05 - 00000000 ____D C:\Users\NOMAR\AppData\Roaming\TuneUp Software 2012-07-20 05:05 - 2012-07-20 05:05 - 00000000 ____D C:\Program Files\TuneUp Utilities 2012 2012-07-20 04:50 - 2012-07-20 04:50 - 00000000 ____D C:\Users\NOMAR\AppData\Roaming\pdfforge 2012-07-20 04:50 - 2012-07-20 04:50 - 00000000 ____D C:\Program Files\PDFCreator 2012-07-20 00:04 - 2012-07-20 03:39 - 00000000 ____D C:\Users\NOMAR\Downloads\Florence And The Machine - Lungs [2009][320kbps]MP3-MT 2012-07-20 00:00 - 2012-07-20 05:01 - 00000000 ____D C:\Users\NOMAR\Downloads\[UsaBit.com] -Snow.White.and.the.Huntsman.2012.TS.XViD.AC3-ADTRG 2012-07-19 23:25 - 2012-07-20 05:21 - 00000000 ____D C:\Users\NOMAR\Downloads\Florence + The Machine - Ceremonials (Deluxe Version)(2011) 2012-07-18 22:57 - 2012-07-18 22:57 - 00000000 ____A C:\Windows\System32\debug.log 2012-07-11 23:14 - 2012-07-12 23:14 - 00000000 ____D C:\Users\NOMAR\Downloads\Snow.White.and.the.Huntsman.2012.DVDRip.XViD-PLAYNOW 2012-06-28 05:01 - 2012-06-28 05:01 - 00263397 ____A C:\Users\NOMAR\Downloads\list.xps 2012-06-28 05:01 - 2012-06-28 05:01 - 00263397 ____A C:\Users\NOMAR\Desktop\list.xps 2012-06-24 00:23 - 2012-06-24 00:32 - 00000000 ____D C:\Users\NOMAR\Downloads\What to Expect When You're Expecting 2012 DVDRIP XVID AbSurdiTy[NL SUBS] 2012-06-24 00:05 - 2012-06-24 00:05 - 00000000 ____D C:\Users\NOMAR\Downloads\What to Expect When You're Expecting DVDRip.XViD.AC3-SCRON 2012-06-24 00:01 - 2012-06-24 00:01 - 00000000 ____D C:\Users\NOMAR\AppData\Local\Macromedia ============ 3 Months Modified Files ======================== 2012-07-24 07:08 - 2012-04-23 13:24 - 00001056 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3806916145-1304062726-144372481-1000Core.job 2012-07-24 06:23 - 2006-11-02 04:47 - 00003168 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2012-07-24 06:23 - 2006-11-02 04:47 - 00003168 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2012-07-24 06:19 - 2012-03-30 02:21 - 00000930 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2012-07-24 04:36 - 2012-04-23 13:24 - 00001078 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3806916145-1304062726-144372481-1000UA.job 2012-07-24 00:24 - 2012-04-10 00:04 - 00279552 ____A (Microsoft Corporation) C:\Windows\System32\services.exe 2012-07-24 00:23 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-07-23 10:55 - 2007-10-04 20:38 - 00045056 ____A C:\Windows\System32\acovcnt.exe 2012-07-23 09:45 - 2007-04-19 22:34 - 00000012 ____A C:\Windows\bthservsdp.dat 2012-07-23 09:45 - 2006-11-02 05:01 - 00024484 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2012-07-23 08:45 - 2006-11-02 04:52 - 00027460 ____A C:\Windows\setupact.log 2012-07-23 07:55 - 2012-04-22 22:39 - 00001356 ____A C:\Users\NOMAR\AppData\Local\d3d9caps.dat 2012-07-23 05:50 - 2012-07-23 05:49 - 16373192 ____A (Microsoft Corporation) C:\Users\NOMAR\Downloads\Windows-KB890830-V4.10.exe 2012-07-23 04:54 - 2012-03-30 00:53 - 00001912 ____A C:\Windows\epplauncher.mif 2012-07-23 04:52 - 2007-10-04 19:04 - 01471171 ____A C:\Windows\WindowsUpdate.log 2012-07-23 04:51 - 2007-04-19 23:29 - 00674240 ____A C:\Windows\System32\perfh015.dat 2012-07-23 04:51 - 2007-04-19 23:29 - 00131516 ____A C:\Windows\System32\perfc015.dat 2012-07-23 04:51 - 2006-11-02 02:33 - 01523086 ____A C:\Windows\System32\PerfStringBackup.INI 2012-07-23 04:50 - 2012-07-23 04:49 - 10299264 ____A (Microsoft Corporation) C:\Users\NOMAR\Downloads\mseinstall.exe 2012-07-23 04:28 - 2012-07-23 04:28 - 00000332 ____A C:\Start_.cmd 2012-07-23 04:27 - 2012-07-23 04:27 - 04582474 ____R (Swearware) C:\Users\NOMAR\Downloads\ComboFix.exe 2012-07-23 04:19 - 2012-03-30 02:21 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe 2012-07-23 04:19 - 2012-03-30 02:21 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl 2012-07-23 04:11 - 2006-11-02 02:22 - 45350912 ____A C:\Windows\System32\config\components_previous 2012-07-23 04:11 - 2006-11-02 02:22 - 38797312 ____A C:\Windows\System32\config\software_previous 2012-07-23 04:11 - 2006-11-02 02:22 - 16777216 ____A C:\Windows\System32\config\system_previous 2012-07-23 04:11 - 2006-11-02 02:22 - 00262144 ____A C:\Windows\System32\config\security_previous 2012-07-23 04:11 - 2006-11-02 02:22 - 00262144 ____A C:\Windows\System32\config\sam_previous 2012-07-23 04:11 - 2006-11-02 02:22 - 00262144 ____A C:\Windows\System32\config\default_previous 2012-07-23 03:38 - 2007-10-04 20:35 - 00051086 ____A C:\Windows\PFRO.log 2012-07-18 22:57 - 2012-07-18 22:57 - 00000000 ____A C:\Windows\System32\debug.log 2012-07-02 17:13 - 2006-11-02 02:24 - 57442464 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe 2012-06-28 05:01 - 2012-06-28 05:01 - 00263397 ____A C:\Users\NOMAR\Downloads\list.xps 2012-06-28 05:01 - 2012-06-28 05:01 - 00263397 ____A C:\Users\NOMAR\Desktop\list.xps 2012-06-13 02:29 - 2006-11-02 04:47 - 00379040 ____A C:\Windows\System32\FNTCACHE.DAT 2012-06-12 00:18 - 2012-06-12 00:18 - 00135750 ____A C:\Users\NOMAR\Downloads\CD2521954.rar 2012-06-03 02:59 - 2012-06-03 02:59 - 00139064 ____A C:\Windows\Minidump\Mini060312-01.dmp 2012-06-03 02:59 - 2012-05-05 03:30 - 294628273 ____A C:\Windows\MEMORY.DMP 2012-06-02 14:19 - 2012-06-22 03:49 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll 2012-06-02 14:19 - 2012-06-22 03:49 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe 2012-06-02 14:19 - 2012-06-22 03:49 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll 2012-06-02 14:19 - 2012-06-22 03:48 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll 2012-06-02 14:19 - 2012-06-22 03:48 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll 2012-06-02 14:12 - 2012-06-22 03:49 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll 2012-06-02 14:12 - 2012-06-22 03:48 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll 2012-06-02 05:19 - 2012-06-22 03:48 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll 2012-06-02 05:12 - 2012-06-22 03:48 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe 2012-05-31 02:59 - 2012-05-31 02:59 - 00000562 ____A C:\Users\Public\Desktop\VLC media player.lnk 2012-05-31 02:58 - 2012-05-31 02:57 - 22259528 ____A C:\Users\NOMAR\Downloads\vlc-2.0.1-win32(dobreprogramy.pl).exe 2012-05-28 14:18 - 2012-05-28 14:18 - 00139064 ____A C:\Windows\Minidump\Mini052912-01.dmp 2012-05-28 10:23 - 2012-05-28 10:23 - 00000723 ____A C:\Users\Public\Desktop\DivX Player.lnk 2012-05-28 10:23 - 2012-05-28 10:23 - 00000682 ____A C:\Users\Public\Desktop\DivX Movies.lnk 2012-05-28 10:19 - 2012-05-28 10:19 - 00003584 ____A C:\Users\NOMAR\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2012-05-27 23:28 - 2012-05-27 23:28 - 00000485 ____A C:\Users\Public\Desktop\BitTorrent.lnk 2012-05-27 23:24 - 2012-05-27 23:22 - 06379928 ____A (BitTorrent, Inc.) C:\Users\NOMAR\Downloads\BitTorrent.exe 2012-05-25 21:39 - 2012-05-25 21:39 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_07_00.Wdf 2012-05-24 03:50 - 2012-05-24 03:50 - 00000319 ____A C:\Users\NOMAR\Documents\NOMAR papier_firmowy 2011-03 txt.txt 2012-05-22 13:55 - 2012-05-22 13:55 - 00139064 ____A C:\Windows\Minidump\Mini052212-01.dmp 2012-05-19 13:36 - 2012-05-19 13:36 - 00000338 ____A C:\Users\NOMAR\Documents\loneliness.txt 2012-05-17 15:11 - 2012-06-13 02:00 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-05-17 14:48 - 2012-06-13 02:00 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-05-17 14:45 - 2012-06-13 02:00 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-05-17 14:36 - 2012-06-13 02:00 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-05-17 14:35 - 2012-06-13 02:00 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-05-17 14:35 - 2012-06-13 02:00 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-05-17 14:33 - 2012-06-13 02:00 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-05-17 14:31 - 2012-06-13 02:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-05-17 14:29 - 2012-06-13 02:00 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-05-17 14:29 - 2012-06-13 02:00 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-05-17 14:27 - 2012-06-13 02:00 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-05-17 14:25 - 2012-06-13 02:00 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-05-17 14:24 - 2012-06-13 02:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-05-17 14:20 - 2012-06-13 02:00 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-05-15 11:51 - 2012-06-12 23:06 - 02045440 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-05-08 01:20 - 2012-05-08 01:20 - 08379275 ____A C:\Users\NOMAR\Downloads\38f65938beab72960b6dbf254b88f419.rar 2012-05-05 03:31 - 2012-05-05 03:30 - 00139064 ____A C:\Windows\Minidump\Mini050512-01.dmp 2012-05-01 06:03 - 2012-06-12 23:06 - 00180736 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys 2012-04-27 05:04 - 2012-04-27 05:04 - 00001880 ____A C:\Users\Public\Desktop\Skype.lnk 2012-04-27 05:03 - 2012-04-27 05:03 - 00944264 ____A (Skype Technologies S.A.) C:\Users\NOMAR\Downloads\SkypeSetup.exe ZeroAccess: C:\Windows\Installer\{583f6673-dc5a-eb86-f4e3-8e76f875d07b} C:\Windows\Installer\{583f6673-dc5a-eb86-f4e3-8e76f875d07b}\L C:\Windows\Installer\{583f6673-dc5a-eb86-f4e3-8e76f875d07b}\U C:\Windows\Installer\{583f6673-dc5a-eb86-f4e3-8e76f875d07b}\U\00000001.@ C:\Windows\Installer\{583f6673-dc5a-eb86-f4e3-8e76f875d07b}\U\80000000.@ C:\Windows\Installer\{583f6673-dc5a-eb86-f4e3-8e76f875d07b}\U\800000cb.@ ZeroAccess: C:\Users\NOMAR\AppData\Local\{583f6673-dc5a-eb86-f4e3-8e76f875d07b} C:\Users\NOMAR\AppData\Local\{583f6673-dc5a-eb86-f4e3-8e76f875d07b}\@ C:\Users\NOMAR\AppData\Local\{583f6673-dc5a-eb86-f4e3-8e76f875d07b}\L C:\Users\NOMAR\AppData\Local\{583f6673-dc5a-eb86-f4e3-8e76f875d07b}\U C:\Users\NOMAR\AppData\Local\{583f6673-dc5a-eb86-f4e3-8e76f875d07b}\U\00000001.@ C:\Users\NOMAR\AppData\Local\{583f6673-dc5a-eb86-f4e3-8e76f875d07b}\U\80000000.@ C:\Users\NOMAR\AppData\Local\{583f6673-dc5a-eb86-f4e3-8e76f875d07b}\U\800000cb.@ ========================= Known DLLs (Whitelisted) ============ ========================= Bamital & volsnap Check ============ C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe 8737764F4FD36D6808EE80578409C843 ZeroAccess <==== ATTENTION!. C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ========================= Memory info ====================== Percentage of memory in use: 11% Total physical RAM: 4094.44 MB Available physical RAM: 3628.55 MB Total Pagefile: 3844.6 MB Available Pagefile: 3683.46 MB Total Virtual: 2047.88 MB Available Virtual: 1983.72 MB ======================= Partitions ========================= 1 Drive c: (VistaOS) (Fixed) (Total:89.43 GB) (Free:42.69 GB) NTFS ==>[Drive with boot components (obtained from BCD)] 2 Drive d: (DATA) (Fixed) (Total:52.78 GB) (Free:45.7 GB) NTFS 3 Drive e: (2007.11.03_2329) (CDROM) (Total:0.12 GB) (Free:0 GB) UDF 4 Drive f: () (Removable) (Total:3.73 GB) (Free:3.63 GB) NTFS 5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ---------- ------- ------- --- --- Disk 0 Online 149 GB 2017 KB Disk 1 Online 3817 MB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 7000 MB 1024 KB Partition 2 Primary 89 GB 7001 MB Partition 0 Extended 53 GB 96 GB Partition 3 Logical 53 GB 96 GB ================================================================================== Disk: 0 Partition 1 Type : 1C Hidden: Yes Active: No There is no volume associated with this partition. ================================================================================== Disk: 0 Partition 2 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 C VistaOS NTFS Partition 89 GB Healthy ================================================================================== Disk: 0 Partition 3 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 D DATA NTFS Partition 53 GB Healthy ================================================================================== Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 3817 MB 32 KB ================================================================================== Disk: 1 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 0 F NTFS Removable 3817 MB Healthy ================================================================================== ========================================================== Last Boot: 2012-07-23 04:23 ======================= End Of Log ==========================