Scan result of Farbar Recovery Scan Tool Version: 16-07-2012 02 Ran by SYSTEM at 18-07-2012 02:25:33 Running from G:\ Windows 7 Home Premium (X64) OS Language: English(US) The current controlset is ControlSet001 ========================== Registry (Whitelisted) ============= HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10134560 2010-03-23] (Realtek Semiconductor) HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [165912 2010-03-14] (Intel Corporation) HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [387608 2010-03-14] (Intel Corporation) HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [365592 2010-03-14] (Intel Corporation) HKLM\...\Run: [Acer ePower Management] C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe [860192 2010-02-05] (Acer Incorporated) HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-12-23] (Intel Corporation) HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4273976 2012-06-28] (AVAST Software) HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2009-07-13] (Microsoft Corporation) Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Startup: C:\Users\Bobby\Start Menu\Programs\Startup\RocketDock.lnk ShortcutTarget: RocketDock.lnk -> C:\Program Files (x86)\RocketDock\RocketDock.exe () ==================== Services (Whitelisted) ====== 2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44808 2012-06-28] (AVAST Software) 2 DsiWMIService; C:\Program Files (x86)\Launch Manager\dsiwmis.exe [325200 2010-03-03] (Dritek System Inc.) 2 ePowerSvc; C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe [865824 2010-02-05] (Acer Incorporated) 3 GameConsoleService; "C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe" [238328 2009-10-09] (WildTangent, Inc.) 2 GREGService; C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated) 2 Lavasoft Ad-Aware Service; "C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe" [2152720 2012-05-28] (Lavasoft Limited) 2 Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [243232 2010-01-28] (Acer Group) 2 WinDefend; C:\Program Files (x86)\Windows Defender\mpsvc.dll [x] ========================== Drivers (Whitelisted) ============= 2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [25232 2012-06-28] (AVAST Software) 2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [71064 2012-06-28] (AVAST Software) 1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [54072 2012-06-28] (AVAST Software) 1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [958912 2012-06-28] (AVAST Software) 1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [355856 2012-06-28] (AVAST Software) 1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59728 2012-06-28] (AVAST Software) 3 epmntdrv; \??\C:\Windows\system32\epmntdrv.sys [16776 2011-07-29] () 3 EuGdiDrv; \??\C:\Windows\system32\EuGdiDrv.sys [9096 2011-07-29] () 3 Lavasoft Kernexplorer; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [17152 2012-01-16] () 0 Lbd; C:\Windows\System32\Drivers\Lbd.sys [69376 2011-11-03] (Lavasoft AB) 3 prwntdrv; \??\C:\Windows\system32\prwntdrv.sys [16776 2010-08-25] () 3 pwdrvio; \??\C:\Windows\system32\pwdrvio.sys [19936 2012-01-18] () 3 pwdspio; \??\C:\Windows\system32\pwdspio.sys [13280 2012-01-18] () 3 TS_AR5416; C:\Windows\System32\DRIVERS\ts_athwx.sys [2156968 2011-01-06] (TamoSoft) 3 catchme; \??\C:\ComboFix\catchme.sys [x] ========================== NetSvcs (Whitelisted) =========== ============ One Month Created Files and Folders ============== 2012-07-10 22:07 - 2012-07-13 15:26 - 00000000 ____D C:\Windows\Cursors 2012-07-10 18:45 - 2012-07-10 22:18 - 00000000 ____D C:\Users\All Users\HitmanPro 2012-07-10 18:44 - 2012-07-10 18:46 - 00135673 ____A C:\Users\Bobby\Downloads\HitmanPro36.exe.part 2012-07-08 10:21 - 2012-07-08 10:36 - 00000000 ____D C:\Users\Bobby\Desktop\dad stuff 2012-07-07 22:00 - 2012-07-08 09:10 - 00000258 ____A C:\Windows\setupact.log 2012-07-07 22:00 - 2012-07-07 22:00 - 00000000 ____A C:\Windows\setuperr.log 2012-07-07 20:57 - 2012-07-07 20:58 - 00078844 ____A C:\Users\Bobby\Documents\cc_20120707_235757.reg 2012-07-07 20:55 - 2012-07-07 20:56 - 00000000 ____D C:\Malwarebytes' Anti-Malware 2012-07-07 20:55 - 2012-07-07 20:55 - 00000717 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-07-07 20:54 - 2012-07-07 20:54 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Bobby\Downloads\mbam-setup-1.61.0.1400.exe 2012-07-07 20:51 - 2012-07-10 16:49 - 00010033 ____A C:\Users\Bobby\Desktop\Book1.xlsx 2012-07-06 09:49 - 2012-07-08 07:57 - 00000408 ____A C:\Windows\Tasks\Ad-Aware Update (Weekly).job 2012-07-04 21:26 - 2012-07-04 21:32 - 00000000 ____D C:\Users\Bobby\Downloads\500.Days.Of.Summer.BDRip.XviD-ARiGOLD 2012-07-04 09:58 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe 2012-07-04 09:58 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe 2012-07-04 09:58 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe 2012-07-04 09:58 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe 2012-07-04 09:58 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe 2012-07-04 09:58 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe 2012-07-04 09:58 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe 2012-07-04 09:58 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe 2012-07-04 09:57 - 2012-07-04 16:27 - 00000000 ___SD C:\ComboFix 2012-07-04 09:53 - 2012-07-04 09:57 - 00000000 ____D C:\Qoobox 2012-07-04 06:37 - 2012-07-04 11:40 - 00000000 ____D C:\Windows\erdnt 2012-07-03 21:54 - 2012-06-28 04:52 - 00355856 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys 2012-07-03 21:54 - 2012-06-28 04:52 - 00025232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys 2012-07-03 21:53 - 2012-07-03 21:53 - 00000000 ____A C:\Windows\SysWOW64\config.nt 2012-07-03 21:53 - 2012-06-28 04:52 - 00958912 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys 2012-07-03 21:53 - 2012-06-28 04:52 - 00071064 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys 2012-07-03 21:53 - 2012-06-28 04:52 - 00059728 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys 2012-07-03 21:53 - 2012-06-28 04:52 - 00054072 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys 2012-07-03 21:53 - 2012-06-28 04:51 - 00285328 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe 2012-07-03 21:52 - 2012-07-03 21:52 - 00000000 ____D C:\Users\All Users\AVAST Software 2012-07-03 21:52 - 2012-07-03 21:52 - 00000000 ____D C:\Program Files\AVAST Software 2012-07-03 21:52 - 2012-06-28 04:52 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr 2012-07-03 21:52 - 2012-06-28 04:51 - 00227648 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe 2012-06-29 02:33 - 2012-06-29 02:34 - 00000092 ____A C:\Users\Bobby\Desktop\realitysnap.txt 2012-06-28 23:06 - 2012-06-28 23:16 - 00000000 ____D C:\Users\Bobby\Downloads\Being.Flynn.2012.LiMiTED.DVDRip.XviD-DEPRiVED 2012-06-28 23:06 - 2012-06-28 23:12 - 00000000 ____D C:\Users\Bobby\Downloads\God.Bless.America.2011.LIMITED.DVDRip.XviD-AMIABLE 2012-06-28 22:38 - 2012-06-28 22:39 - 00000116 ____A C:\Users\Bobby\Desktop\bike.txt 2012-06-27 15:14 - 2012-07-10 17:26 - 00000319 ____A C:\Users\Bobby\Desktop\eating plan.txt 2012-06-26 22:19 - 2012-06-26 22:19 - 00000000 ____D C:\Users\Test\AppData\Roaming\Adobe 2012-06-25 00:19 - 2012-06-25 00:19 - 00000000 ____D C:\Users\Bobby\Downloads\CamStudioCodec-1.4-w32 2012-06-25 00:19 - 2010-10-23 21:56 - 00049664 ____A (CamStudio Group) C:\Windows\System32\CamCodec.dll 2012-06-25 00:18 - 2012-06-25 00:18 - 04472121 ____A (CamStudio Open Source Dev Team ) C:\Users\Bobby\Downloads\CamStudio_Setup_v2.6b_r294_(build_24Oct2010).exe 2012-06-25 00:18 - 2012-06-25 00:18 - 00034510 ____A C:\Users\Bobby\Downloads\CamStudioCodec-1.4-w32.zip 2012-06-25 00:17 - 2012-06-25 00:17 - 20786971 ____A (Audacity Team ) C:\Users\Bobby\Downloads\audacity-win-2.0.exe 2012-06-21 22:28 - 2012-06-21 22:28 - 00003690 ____A C:\Users\Bobby\.jmf-resource 2012-06-21 22:25 - 2012-06-21 22:25 - 00000000 ____D C:\Users\Bobby\Downloads\krut_full_windows_0_9_3 2012-06-21 22:24 - 2012-06-21 22:24 - 00000000 ____D C:\Windows\SysWOW64\CSIDL_PERSONAL 2012-06-21 22:23 - 2012-06-21 22:25 - 00000000 ____D C:\Users\Bobby\AppData\Local\uTIPu 2012-06-21 22:22 - 2012-06-21 22:41 - 00000000 ____D C:\Program Files (x86)\uTIPu 2012-06-21 22:18 - 2012-06-21 22:18 - 04994545 ____A C:\Users\Bobby\Downloads\krut_full_windows_0_9_3.zip 2012-06-21 22:17 - 2012-06-21 22:46 - 00000000 ____D C:\Program Files (x86)\UltraVNC Addons 2012-06-21 22:01 - 2012-06-25 00:19 - 00000000 ____D C:\Program Files (x86)\CamStudio 2.6b 2012-06-21 08:13 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll 2012-06-21 08:13 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll 2012-06-21 08:13 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe 2012-06-21 08:13 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll 2012-06-21 08:13 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll 2012-06-21 08:13 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll 2012-06-21 08:13 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll 2012-06-21 08:12 - 2012-06-02 12:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll 2012-06-21 08:12 - 2012-06-02 12:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe 2012-06-20 19:55 - 2012-06-20 19:55 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_dc3d_01009.Wdf 2012-06-19 15:06 - 2012-06-19 15:06 - 00000000 ____D C:\Users\Bobby\AppData\Roaming\Thunderbird 2012-06-19 15:06 - 2012-06-19 15:06 - 00000000 ____D C:\Users\Bobby\AppData\Local\Thunderbird 2012-06-19 15:04 - 2012-06-19 15:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2012-06-18 20:08 - 2012-06-21 22:46 - 00000000 ____D C:\Users\Bobby\Downloads\The Vow 2012 R5 LiNE XViD - INSPiRAL 2012-06-18 20:08 - 2012-06-18 20:09 - 733956096 ____A C:\Users\Bobby\Downloads\25th Hour (2002).avi 2012-06-18 15:48 - 2012-06-18 15:49 - 18506296 ____A (Mozilla) C:\Users\Test\Downloads\Thunderbird Setup 13.0.1.exe 2012-06-18 15:41 - 2012-06-18 15:41 - 00007864 ____A C:\Users\Test\Desktop\Book1.xlsx 2012-06-18 14:19 - 2012-06-18 14:19 - 00115936 ____A C:\Users\Test\AppData\Local\GDIPFONTCACHEV1.DAT 2012-06-18 14:19 - 2012-06-18 14:19 - 00000000 ____D C:\Users\Test\AppData\Roaming\Mozilla 2012-06-18 14:19 - 2012-06-18 14:19 - 00000000 ____D C:\Users\Test\AppData\Roaming\Intel Corporation 2012-06-18 14:19 - 2012-06-18 14:19 - 00000000 ____D C:\Users\Test\AppData\Local\Mozilla 2012-06-18 14:18 - 2012-06-27 00:19 - 00000000 ____D C:\Users\Test\AppData\Roaming\ExpressFiles 2012-06-18 14:18 - 2012-06-18 14:18 - 00000000 ____D C:\Users\Test\AppData\Roaming\Macromedia 2012-06-18 14:17 - 2012-07-13 15:26 - 00000000 ____D C:\users\Test 2012-06-18 14:17 - 2012-06-18 14:17 - 00000020 ___SH C:\Users\Test\ntuser.ini 2012-06-18 14:17 - 2010-08-26 00:03 - 00000000 ____D C:\Users\Test\AppData\Local\Microsoft Help 2012-06-18 13:57 - 2012-06-18 13:57 - 18506296 ____A (Mozilla) C:\Users\Bobby\Downloads\Thunderbird Setup 13.0.1.exe ============ 3 Months Modified Files ======================== 2012-07-10 18:46 - 2012-07-10 18:44 - 00135673 ____A C:\Users\Bobby\Downloads\HitmanPro36.exe.part 2012-07-10 17:58 - 2012-02-20 19:15 - 00007388 ____A C:\aaw7boot.log 2012-07-10 17:26 - 2012-06-27 15:14 - 00000319 ____A C:\Users\Bobby\Desktop\eating plan.txt 2012-07-10 16:49 - 2012-07-07 20:51 - 00010033 ____A C:\Users\Bobby\Desktop\Book1.xlsx 2012-07-08 10:16 - 2010-08-21 03:42 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2012-07-08 09:17 - 2010-05-13 14:01 - 01403628 ____A C:\Windows\WindowsUpdate.log 2012-07-08 09:10 - 2012-07-07 22:00 - 00000258 ____A C:\Windows\setupact.log 2012-07-08 08:22 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-07-08 08:22 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-07-08 07:58 - 2010-08-21 03:42 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2012-07-08 07:57 - 2012-07-06 09:49 - 00000408 ____A C:\Windows\Tasks\Ad-Aware Update (Weekly).job 2012-07-08 07:57 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-07-07 22:00 - 2012-07-07 22:00 - 00000000 ____A C:\Windows\setuperr.log 2012-07-07 20:58 - 2012-07-07 20:57 - 00078844 ____A C:\Users\Bobby\Documents\cc_20120707_235757.reg 2012-07-07 20:55 - 2012-07-07 20:55 - 00000717 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-07-07 20:54 - 2012-07-07 20:54 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Bobby\Downloads\mbam-setup-1.61.0.1400.exe 2012-07-07 19:58 - 2009-07-13 21:13 - 00792118 ____A C:\Windows\System32\PerfStringBackup.INI 2012-07-04 22:16 - 2012-01-19 23:08 - 00000064 ____A C:\Windows\SysWOW64\rp_stats.dat 2012-07-04 22:16 - 2012-01-19 23:08 - 00000044 ____A C:\Windows\SysWOW64\rp_rules.dat 2012-07-03 21:53 - 2012-07-03 21:53 - 00000000 ____A C:\Windows\SysWOW64\config.nt 2012-07-01 20:43 - 2012-06-14 00:06 - 00012047 ____A C:\Users\Bobby\Desktop\NOW.xlsx 2012-06-29 02:34 - 2012-06-29 02:33 - 00000092 ____A C:\Users\Bobby\Desktop\realitysnap.txt 2012-06-28 22:39 - 2012-06-28 22:38 - 00000116 ____A C:\Users\Bobby\Desktop\bike.txt 2012-06-28 04:52 - 2012-07-03 21:54 - 00355856 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys 2012-06-28 04:52 - 2012-07-03 21:54 - 00025232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys 2012-06-28 04:52 - 2012-07-03 21:53 - 00958912 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys 2012-06-28 04:52 - 2012-07-03 21:53 - 00071064 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys 2012-06-28 04:52 - 2012-07-03 21:53 - 00059728 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys 2012-06-28 04:52 - 2012-07-03 21:53 - 00054072 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys 2012-06-28 04:52 - 2012-07-03 21:52 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr 2012-06-28 04:51 - 2012-07-03 21:53 - 00285328 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe 2012-06-28 04:51 - 2012-07-03 21:52 - 00227648 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe 2012-06-25 00:18 - 2012-06-25 00:18 - 04472121 ____A (CamStudio Open Source Dev Team ) C:\Users\Bobby\Downloads\CamStudio_Setup_v2.6b_r294_(build_24Oct2010).exe 2012-06-25 00:18 - 2012-06-25 00:18 - 00034510 ____A C:\Users\Bobby\Downloads\CamStudioCodec-1.4-w32.zip 2012-06-25 00:17 - 2012-06-25 00:17 - 20786971 ____A (Audacity Team ) C:\Users\Bobby\Downloads\audacity-win-2.0.exe 2012-06-21 22:28 - 2012-06-21 22:28 - 00003690 ____A C:\Users\Bobby\.jmf-resource 2012-06-21 22:18 - 2012-06-21 22:18 - 04994545 ____A C:\Users\Bobby\Downloads\krut_full_windows_0_9_3.zip 2012-06-20 19:55 - 2012-06-20 19:55 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_dc3d_01009.Wdf 2012-06-18 20:09 - 2012-06-18 20:08 - 733956096 ____A C:\Users\Bobby\Downloads\25th Hour (2002).avi 2012-06-18 15:49 - 2012-06-18 15:48 - 18506296 ____A (Mozilla) C:\Users\Test\Downloads\Thunderbird Setup 13.0.1.exe 2012-06-18 15:41 - 2012-06-18 15:41 - 00007864 ____A C:\Users\Test\Desktop\Book1.xlsx 2012-06-18 14:19 - 2012-06-18 14:19 - 00115936 ____A C:\Users\Test\AppData\Local\GDIPFONTCACHEV1.DAT 2012-06-18 14:17 - 2012-06-18 14:17 - 00000020 ___SH C:\Users\Test\ntuser.ini 2012-06-18 13:57 - 2012-06-18 13:57 - 18506296 ____A (Mozilla) C:\Users\Bobby\Downloads\Thunderbird Setup 13.0.1.exe 2012-06-14 23:43 - 2012-06-14 23:19 - 1724041765 ____A C:\Users\Bobby\Downloads\Aziz Ansari - Dangerously Delicious.mov 2012-06-13 18:32 - 2009-07-13 20:45 - 00432056 ____A C:\Windows\System32\FNTCACHE.DAT 2012-06-06 22:29 - 2012-06-06 22:29 - 00011851 ____A C:\Users\Bobby\Documents\Copy of NOW.xlsx 2012-06-06 19:50 - 2011-03-22 23:17 - 00786334 ____A C:\Windows\SysWOW64\PerfStringBackup.INI 2012-06-06 19:29 - 2009-07-13 18:34 - 00000478 ____A C:\Windows\win.ini 2012-06-06 17:24 - 2012-06-06 17:22 - 41623552 ____A C:\Users\Bobby\Downloads\PC recovery iso.iso 2012-06-02 14:19 - 2012-06-21 08:13 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll 2012-06-02 14:19 - 2012-06-21 08:13 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll 2012-06-02 14:19 - 2012-06-21 08:13 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe 2012-06-02 14:19 - 2012-06-21 08:13 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll 2012-06-02 14:19 - 2012-06-21 08:13 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll 2012-06-02 14:15 - 2012-06-21 08:13 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll 2012-06-02 14:15 - 2012-06-21 08:13 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll 2012-06-02 12:19 - 2012-06-21 08:12 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll 2012-06-02 12:15 - 2012-06-21 08:12 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe 2012-05-28 22:11 - 2012-01-17 13:55 - 00016432 ____A C:\Windows\System32\lsdelete.exe 2012-05-17 14:36 - 2012-06-06 17:17 - 02468520 ____A C:\Windows\SysWOW64\BootMan.exe 2012-05-15 08:13 - 2012-06-06 17:17 - 03316736 ____A C:\Windows\System32\BootMan.exe 2012-04-26 17:03 - 2010-08-30 20:11 - 57848688 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe ZeroAccess: C:\Users\Bobby\AppData\Local\11e30dbc C:\Users\Bobby\AppData\Local\11e30dbc\@ C:\Users\Bobby\AppData\Local\11e30dbc\loader.tlb ========================= Known DLLs (Whitelisted) ============ ========================= Bamital & volsnap Check ============ C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ========================= Memory info ====================== Percentage of memory in use: 30% Total physical RAM: 1977.98 MB Available physical RAM: 1374.48 MB Total Pagefile: 1977.98 MB Available Pagefile: 1363.57 MB Total Virtual: 8192 MB Available Virtual: 8191.9 MB ======================= Partitions ========================= 1 Drive c: (eMachines) (Fixed) (Total:136.94 GB) (Free:18.78 GB) NTFS 2 Drive e: (PQSERVICE) (Fixed) (Total:12 GB) (Free:0.57 GB) NTFS 4 Drive g: (ADATA UFD) (Removable) (Total:7.52 GB) (Free:7.17 GB) FAT32 5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS 6 Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)] Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 149 GB 8 MB Disk 1 Online 7718 MB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Recovery 12 GB 31 KB Partition 2 Primary 101 MB 12 GB Partition 3 Primary 136 GB 12 GB ================================================================================== Disk: 0 Partition 1 Type : 27 Hidden: Yes Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 E PQSERVICE NTFS Partition 12 GB Healthy Hidden ================================================================================== Disk: 0 Partition 2 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 Y SYSTEM RESE NTFS Partition 101 MB Healthy ================================================================================== Disk: 0 Partition 3 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C eMachines NTFS Partition 136 GB Healthy ================================================================================== Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 7717 MB 31 KB ================================================================================== Disk: 1 Partition 1 Type : 0C Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 G ADATA UFD FAT32 Removable 7717 MB Healthy ================================================================================== ========================================================== TDL4: custom:26000022 <===== ATTENTION! ========================================================== Last Boot: 2012-07-07 21:27 ======================= End Of Log ==========================