Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 05-08-2012 01 Ran by SYSTEM at 06-08-2012 21:04:02 Running from G:\ Windows 7 Home Premium Service Pack 1 (X86) OS Language: English(US) The current controlset is ControlSet001 ========================== Registry (Whitelisted) ============= HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [521640 2011-03-02] (TOSHIBA Corporation) HKLM\...\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe [173432 2010-09-25] (TOSHIBA Corporation) HKLM\...\Run: [TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [844152 2010-12-15] (TOSHIBA Corporation) HKLM\...\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t [316032 2010-12-14] (Conexant systems, Inc.) HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2184488 2011-02-03] (Synaptics Incorporated) HKLM\...\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START [83336 2009-07-22] (TOSHIBA CORPORATION) HKLM\...\Run: [TSleepSrv] %ProgramFiles%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-04] (TOSHIBA) HKLM\...\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r [1349032 2011-03-02] (TOSHIBA Corporation) HKLM\...\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [611736 2010-12-08] (TOSHIBA Corporation) HKLM\...\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60 [1294712 2010-11-29] (TOSHIBA Corporation) HKLM\...\Run: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe [611736 2010-12-20] (TOSHIBA Corporation) HKLM\...\Run: [NortonOnlineBackup] C:\Program Files\Symantec\Norton Online Backup\NOBuClient.exe [923480 2010-05-03] (Symantec Corporation) HKLM\...\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [22840 2009-11-11] (TOSHIBA Corporation) HKLM\...\Run: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe [468904 2010-12-13] (TOSHIBA Corporation) HKLM\...\Run: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [31648 2010-12-14] (TOSHIBA Corporation) HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35760 2010-06-19] (Adobe Systems Incorporated) HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [976832 2010-06-09] (Adobe Systems Incorporated) HKLM\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4273976 2012-07-03] (AVAST Software) HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.) HKLM\...\Run: [iTunesHelper] "C:\ProgramDownloads\iTunes\iTunesHelper.exe" [421736 2012-01-15] (Apple Inc.) HKLM\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-02] (Malwarebytes Corporation) HKU\James\...\Run: [Spotify] "C:\Users\James\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart [7601880 2012-07-19] (Spotify Ltd) HKU\James\...\Run: [Spotify Web Helper] "C:\Users\James\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1193176 2012-07-19] () HKU\James\...\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe [354304 2009-07-13] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 10.0.0.138 Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.) ================================ Services (Whitelisted) ================== 2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44808 2012-07-03] (AVAST Software) 2 cfWiMAXService; "C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe" [185712 2010-01-28] (TOSHIBA CORPORATION) 2 ConfigFree Service; "C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe" [46448 2009-03-10] (TOSHIBA CORPORATION) 2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [21504 2011-03-01] (Microsoft Corporation) 2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-02] (Malwarebytes Corporation) 2 NOBU; C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe service [2044248 2010-05-03] (Symantec Corporation) 2 Norton PC Checkup Application Launcher; C:\Program Files\Norton PC Checkup\Engine\2.0.3.202\SymcPCCULaunchSvc.exe /s [103792 2010-02-02] (Symantec Corporation) 2 PCCUJobMgr; "C:\Program Files\Norton PC Checkup\Engine\2.0.3.202\ccSvcHst.exe" /s "PCCUJobMgr" /m "C:\Program Files\Norton PC Checkup\Engine\2.0.3.202\diMaster.dll" /prefetch:1 [132984 2009-08-29] (Symantec Corporation) 2 SkypeUpdate; "C:\Program Files\Skype\Updater\Updater.exe" [158856 2012-02-28] (Skype Technologies) 2 Stereo Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [378984 2011-01-16] (NVIDIA Corporation) 3 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [54136 2010-11-29] (TOSHIBA Corporation) 2 TosCoSrv; "C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe" [468392 2010-12-09] (TOSHIBA Corporation) 2 TOSHIBA eco Utility Service; "C:\Program Files\TOSHIBA\TECO\TecoService.exe" [189880 2011-03-02] (TOSHIBA Corporation) 3 TOSHIBA HDD SSD Alert Service; "C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe" [112032 2010-12-08] (TOSHIBA Corporation) 3 TPCHSrv; "C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe" [685488 2010-12-20] (TOSHIBA Corporation) ========================== Drivers (Whitelisted) ============= 2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [21256 2012-07-03] (AVAST Software) 2 aswMonFlt; \??\C:\windows\system32\drivers\aswMonFlt.sys [57656 2012-07-03] (AVAST Software) 1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [44784 2012-07-03] (AVAST Software) 1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [721000 2012-07-03] (AVAST Software) 1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [353688 2012-07-03] (AVAST Software) 1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [54232 2012-07-03] (AVAST Software) 3 BtFilter; C:\Windows\System32\DRIVERS\btfilter.sys [33640 2010-10-18] (Atheros) 3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [80824 2012-05-10] (DEVGURU Co., LTD.(www.devguru.co.kr)) 3 MBAMProtector; \??\C:\windows\system32\drivers\mbam.sys [22344 2012-07-02] (Malwarebytes Corporation) 3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-19] (Intel Corporation) 3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [62336 2010-12-10] (Renesas Electronics Corporation) 3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [141440 2010-12-10] (Renesas Electronics Corporation) 3 PGEffect; C:\Windows\System32\DRIVERS\pgeffect.sys [33616 2011-02-08] (TOSHIBA Corporation) 3 QIOMem; C:\Windows\System32\DRIVERS\QIOMem.sys [9216 2009-06-15] (TOSHIBA) 3 RSUSBVSTOR; C:\Windows\System32\Drivers\RTSUVSTOR.sys [226408 2010-11-30] (Realtek Semiconductor Corp.) 3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [181432 2012-05-10] (DEVGURU Co., LTD.(www.devguru.co.kr)) 2 TVALZFL; C:\Windows\System32\DRIVERS\TVALZFL.sys [12920 2009-06-19] (TOSHIBA Corporation) 3 catchme; \??\C:\Users\James\AppData\Local\Temp\catchme.sys [x] ========================== NetSvcs (Whitelisted) =========== ============ One Month Created Files and Folders ============== 2012-08-06 21:03 - 2012-08-06 21:04 - 00000000 ____D C:\FRST 2012-08-02 22:32 - 2012-08-02 22:32 - 00014576 ____A C:\ComboFix.txt 2012-08-02 22:22 - 2012-08-02 22:32 - 00000000 ___AD C:\Qoobox 2012-08-02 22:22 - 2012-08-02 22:31 - 00000000 ____D C:\Windows\erdnt 2012-08-02 22:22 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe 2012-08-02 22:22 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe 2012-08-02 22:22 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe 2012-08-02 22:22 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe 2012-08-02 22:22 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe 2012-08-02 22:22 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe 2012-08-02 22:22 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe 2012-08-02 22:22 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe 2012-08-02 22:15 - 2012-08-02 22:17 - 04724629 ____R (Swearware) C:\Users\James\Desktop\ComboFix.exe 2012-08-02 00:11 - 2012-08-02 00:11 - 00001946 ____A C:\Users\James\Desktop\aswMBR.txt 2012-08-02 00:11 - 2012-08-02 00:11 - 00000512 ____A C:\Users\James\Desktop\MBR.dat 2012-08-01 23:52 - 2012-08-01 23:54 - 04731392 ____A (AVAST Software) C:\Users\James\Desktop\aswMBR.exe 2012-08-01 23:47 - 2012-08-01 23:47 - 00023503 ____A C:\Users\James\Desktop\Extras2.txt 2012-08-01 23:44 - 2012-08-01 23:44 - 00044732 ____A C:\Users\James\Desktop\OTL2.Txt 2012-08-01 23:39 - 2012-08-01 23:39 - 00089466 ____A C:\Users\James\Desktop\OTL.Txt 2012-08-01 23:39 - 2012-08-01 23:39 - 00047008 ____A C:\Users\James\Desktop\Extras.Txt 2012-08-01 23:33 - 2012-08-01 23:33 - 00597504 ____A (OldTimer Tools) C:\Users\James\Desktop\OTL.exe 2012-08-01 22:40 - 2012-08-01 22:40 - 00001078 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-08-01 22:40 - 2012-08-01 22:40 - 00000000 ____D C:\Users\James\AppData\Roaming\Malwarebytes 2012-08-01 22:40 - 2012-08-01 22:40 - 00000000 ____D C:\Users\All Users\Malwarebytes 2012-08-01 22:40 - 2012-08-01 22:40 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2012-08-01 22:40 - 2012-07-02 19:46 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-08-01 22:38 - 2012-08-01 22:39 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\James\Downloads\mbam-setup-1.62.0.1300.exe 2012-08-01 09:55 - 2012-08-01 09:55 - 00000000 ____D C:\Users\James\Desktop\tdsskiller 2012-08-01 09:54 - 2012-08-01 09:55 - 02117108 ____A C:\Users\James\Desktop\tdsskiller.zip 2012-08-01 09:54 - 2012-07-03 08:21 - 00044784 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys 2012-07-25 06:21 - 2012-07-25 06:21 - 00000020 ____A C:\Users\James\Documents\bsb.txt 2012-07-12 09:00 - 2012-06-11 18:40 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-07-12 09:00 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-07-12 09:00 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-07-12 09:00 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-07-12 09:00 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-07-12 09:00 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-07-12 09:00 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-07-12 09:00 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-07-12 09:00 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-07-12 09:00 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-07-12 09:00 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-07-12 09:00 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-07-12 09:00 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-07-12 09:00 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-07-12 09:00 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-07-12 07:56 - 2012-07-12 07:56 - 00001187 ____A C:\Users\Public\Desktop\Paint.NET.lnk 2012-07-12 07:55 - 2012-07-12 08:22 - 00000000 ____D C:\Users\James\AppData\Local\Paint.NET 2012-07-12 07:55 - 2012-07-12 07:56 - 00000000 ____D C:\Program Files\Paint.NET 2012-07-12 07:02 - 2012-07-12 07:02 - 00000000 ____D C:\Users\James\AppData\Local\Microsoft Help 2012-07-12 07:02 - 2012-07-12 07:02 - 00000000 ____D C:\Users\All Users\Microsoft Help 2012-07-12 06:58 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2012-07-12 06:58 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll 2012-07-12 06:58 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll 2012-07-12 06:58 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll 2012-07-12 06:58 - 2012-06-01 20:45 - 00134000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys 2012-07-12 06:58 - 2012-06-01 20:45 - 00067440 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys 2012-07-12 06:58 - 2012-06-01 20:40 - 00369336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys 2012-07-12 06:58 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll 2012-07-12 06:58 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll 2012-07-12 06:58 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll 2012-07-11 04:38 - 2012-07-11 04:38 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_WinUsb_01007.Wdf ============ 3 Months Modified Files ======================== 2012-08-06 03:00 - 2009-07-13 20:34 - 00025120 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-08-06 03:00 - 2009-07-13 20:34 - 00025120 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-08-06 02:59 - 2011-10-07 17:06 - 01663545 ____A C:\Windows\WindowsUpdate.log 2012-08-06 02:55 - 2010-11-20 13:01 - 00727008 ____A C:\Windows\System32\PerfStringBackup.INI 2012-08-06 02:54 - 2009-07-13 20:39 - 00047495 ____A C:\Windows\setupact.log 2012-08-05 23:30 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-08-02 22:32 - 2012-08-02 22:32 - 00014576 ____A C:\ComboFix.txt 2012-08-02 22:30 - 2009-07-13 18:04 - 00000215 ____A C:\Windows\system.ini 2012-08-02 22:29 - 2010-11-20 13:48 - 00260274 ____A C:\Windows\PFRO.log 2012-08-02 22:17 - 2012-08-02 22:15 - 04724629 ____R (Swearware) C:\Users\James\Desktop\ComboFix.exe 2012-08-02 00:11 - 2012-08-02 00:11 - 00001946 ____A C:\Users\James\Desktop\aswMBR.txt 2012-08-02 00:11 - 2012-08-02 00:11 - 00000512 ____A C:\Users\James\Desktop\MBR.dat 2012-08-01 23:54 - 2012-08-01 23:52 - 04731392 ____A (AVAST Software) C:\Users\James\Desktop\aswMBR.exe 2012-08-01 23:47 - 2012-08-01 23:47 - 00023503 ____A C:\Users\James\Desktop\Extras2.txt 2012-08-01 23:44 - 2012-08-01 23:44 - 00044732 ____A C:\Users\James\Desktop\OTL2.Txt 2012-08-01 23:39 - 2012-08-01 23:39 - 00089466 ____A C:\Users\James\Desktop\OTL.Txt 2012-08-01 23:39 - 2012-08-01 23:39 - 00047008 ____A C:\Users\James\Desktop\Extras.Txt 2012-08-01 23:33 - 2012-08-01 23:33 - 00597504 ____A (OldTimer Tools) C:\Users\James\Desktop\OTL.exe 2012-08-01 22:40 - 2012-08-01 22:40 - 00001078 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-08-01 22:39 - 2012-08-01 22:38 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\James\Downloads\mbam-setup-1.62.0.1300.exe 2012-08-01 09:55 - 2012-08-01 09:54 - 02117108 ____A C:\Users\James\Desktop\tdsskiller.zip 2012-08-01 09:54 - 2009-07-13 18:04 - 00002577 ____A C:\Windows\System32\config.nt 2012-07-25 06:21 - 2012-07-25 06:21 - 00000020 ____A C:\Users\James\Documents\bsb.txt 2012-07-12 20:15 - 2009-07-13 20:33 - 00266808 ____A C:\Windows\System32\FNTCACHE.DAT 2012-07-12 07:56 - 2012-07-12 07:56 - 00001187 ____A C:\Users\Public\Desktop\Paint.NET.lnk 2012-07-11 04:38 - 2012-07-11 04:38 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_WinUsb_01007.Wdf 2012-07-03 08:21 - 2012-08-01 09:54 - 00044784 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys 2012-07-03 08:21 - 2012-02-12 22:49 - 00721000 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys 2012-07-03 08:21 - 2012-02-12 22:49 - 00353688 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys 2012-07-03 08:21 - 2012-02-12 22:49 - 00227648 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe 2012-07-03 08:21 - 2012-02-12 22:49 - 00057656 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys 2012-07-03 08:21 - 2012-02-12 22:49 - 00054232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys 2012-07-03 08:21 - 2012-02-12 22:49 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr 2012-07-03 08:21 - 2012-02-12 22:49 - 00021256 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys 2012-07-02 19:46 - 2012-08-01 22:40 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-06-11 18:40 - 2012-07-12 09:00 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-06-09 23:49 - 2012-06-09 23:49 - 00012696 ____A C:\Users\James\Desktop\Kaboom15shaqnotsobad.aup 2012-06-08 20:41 - 2012-07-12 06:58 - 12873728 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2012-06-05 21:05 - 2012-07-12 06:58 - 01390080 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll 2012-06-05 21:05 - 2012-07-12 06:58 - 01236992 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll 2012-06-05 21:03 - 2012-07-12 06:58 - 00805376 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll 2012-06-02 14:19 - 2012-06-24 03:18 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll 2012-06-02 14:19 - 2012-06-24 03:18 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll 2012-06-02 14:19 - 2012-06-24 03:18 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe 2012-06-02 14:19 - 2012-06-24 03:18 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll 2012-06-02 14:19 - 2012-06-24 03:18 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll 2012-06-02 14:12 - 2012-06-24 03:18 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll 2012-06-02 14:12 - 2012-06-24 03:18 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll 2012-06-02 01:07 - 2012-07-12 09:00 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-06-02 00:43 - 2012-07-12 09:00 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-06-02 00:33 - 2012-07-12 09:00 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-06-02 00:26 - 2012-07-12 09:00 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-06-02 00:25 - 2012-07-12 09:00 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-06-02 00:25 - 2012-07-12 09:00 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-06-02 00:23 - 2012-07-12 09:00 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-06-02 00:21 - 2012-07-12 09:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-06-02 00:20 - 2012-07-12 09:00 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-06-02 00:19 - 2012-07-12 09:00 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-06-02 00:19 - 2012-07-12 09:00 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-06-02 00:17 - 2012-07-12 09:00 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-06-02 00:16 - 2012-07-12 09:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-06-02 00:14 - 2012-07-12 09:00 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-06-01 21:19 - 2012-06-24 03:17 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll 2012-06-01 21:12 - 2012-06-24 03:17 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe 2012-06-01 20:45 - 2012-07-12 06:58 - 00134000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys 2012-06-01 20:45 - 2012-07-12 06:58 - 00067440 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys 2012-06-01 20:40 - 2012-07-12 06:58 - 00369336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys 2012-06-01 20:40 - 2012-07-12 06:58 - 00225280 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll 2012-06-01 20:39 - 2012-07-12 06:58 - 00219136 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll 2012-05-31 03:06 - 2012-05-31 03:06 - 00001001 ____A C:\Users\Public\Desktop\VLC media player.lnk 2012-05-31 03:05 - 2012-05-31 03:04 - 22259528 ____A C:\Users\James\Downloads\vlc-2.0.1-win32.exe 2012-05-31 02:48 - 2012-05-31 02:48 - 00000924 ____A C:\Users\Public\Desktop\µTorrent.lnk 2012-05-31 02:46 - 2012-05-31 02:46 - 00880496 ____A (BitTorrent, Inc.) C:\Users\James\Downloads\uTorrent.exe 2012-05-30 18:25 - 2012-02-12 22:57 - 00237072 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe 2012-05-24 05:50 - 2009-07-13 20:53 - 00030074 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2012-05-23 08:56 - 2012-05-23 08:56 - 00001778 ____A C:\Users\James\Desktop\Spotify.lnk 2012-05-21 05:22 - 2011-10-07 18:00 - 00002503 ____A C:\Users\Public\Desktop\Skype.lnk 2012-05-21 05:16 - 2012-05-21 03:44 - 368704597 ____A C:\Users\James\Downloads\Siriusmo_-_Pearls_Embarrassments.zip 2012-05-10 13:34 - 2012-05-10 13:34 - 00181432 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudmdm.sys 2012-05-10 13:34 - 2012-05-10 13:34 - 00080824 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudbus.sys ZeroAccess: C:\Users\James\AppData\Local\{3dca4766-b38c-dbc8-17bb-c2709fffe3d7} C:\Users\James\AppData\Local\{3dca4766-b38c-dbc8-17bb-c2709fffe3d7}\@ C:\Users\James\AppData\Local\{3dca4766-b38c-dbc8-17bb-c2709fffe3d7}\L C:\Users\James\AppData\Local\{3dca4766-b38c-dbc8-17bb-c2709fffe3d7}\U C:\Users\James\AppData\Local\{3dca4766-b38c-dbc8-17bb-c2709fffe3d7}\U\00000001.@ ========================= Known DLLs (Whitelisted) ============ ========================= Bamital & volsnap Check ============ C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe [2011-04-08 02:54] - [2011-03-01 00:05] - 0021504 ____A (Microsoft Corporation) ECDB182F885292145826C58252B53000 C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys [2011-04-08 02:53] - [2011-02-24 21:40] - 0246144 ____A (Microsoft Corporation) C37AEE5966EB5929E2051AC7409B5730 ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ========================= Memory info ====================== Percentage of memory in use: 6% Total physical RAM: 8173.86 MB Available physical RAM: 7644.24 MB Total Pagefile: 8172.14 MB Available Pagefile: 7644.98 MB Total Virtual: 2047.88 MB Available Virtual: 1968.72 MB ======================= Partitions ========================= 1 Drive c: (S3A4488D001) (Fixed) (Total:581.31 GB) (Free:514.75 GB) NTFS ==>[System with boot components (obtained from reading drive)] 2 Drive e: (System) (Fixed) (Total:1.46 GB) (Free:1.29 GB) NTFS ==>[System with boot components (obtained from reading drive)] 4 Drive g: () (Removable) (Total:7.45 GB) (Free:7.39 GB) FAT32 5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS 6 Drive y: (WD Passport) (Fixed) (Total:111.76 GB) (Free:8.66 GB) FAT32 Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 596 GB 0 B Disk 1 Online 111 GB 1024 KB Disk 2 Online 7633 MB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Recovery 1500 MB 1024 KB Partition 2 Primary 581 GB 1501 MB Partition 3 Primary 13 GB 582 GB ================================================================================== Disk: 0 Partition 1 Type : 27 Hidden: Yes Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 E System NTFS Partition 1500 MB Healthy Hidden ================================================================================== Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 C S3A4488D001 NTFS Partition 581 GB Healthy ================================================================================== Disk: 0 Partition 3 Type : 17 (Suspicious Type) Hidden: Yes Active: No There is no volume associated with this partition. ================================================================================== Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 111 GB 31 KB ================================================================================== Disk: 1 Partition 1 Type : 0C Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 Y WD Passport FAT32 Partition 111 GB Healthy ================================================================================== Partitions of Disk 2: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 7633 MB 16 KB ================================================================================== Disk: 2 Partition 1 Type : 0B Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 G FAT32 Removable 7633 MB Healthy ================================================================================== ========================================================== Last Boot: 2012-07-30 22:18 ======================= End Of Log ==========================