Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-09-2012 Ran by SYSTEM at 24-09-2012 20:51:20 Running from G:\ (X64) OS Language: English(US) Attention: Could not load system hive.ERROR: The process cannot access the file because it is being used by another process. ==================== Registry (Whitelisted) =================== HKU\Default\...\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe [6203296 2009-08-12] (TOSHIBA) HKU\Default User\...\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe [6203296 2009-08-12] (TOSHIBA) HKU\Stav\...\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe [6203296 2009-08-12] (TOSHIBA) HKLM\...\Winlogon: [Userinit] HKLM-x32\...\Winlogon: [Userinit] [x] HKLM\...\Winlogon: [Shell] [x ] () HKLM-x32\...\Winlogon: [Shell] [x ] () HKLM\...\InprocServer32: [Default-wbemess] ATTENTION! ====> ZeroAccess HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] ATTENTION! ====> ZeroAccess Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.) Startup: C:\Users\Default\Start Menu\Programs\Startup\TRDCReminder.lnk ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) Startup: C:\Users\Default User\Start Menu\Programs\Startup\TRDCReminder.lnk ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) ==================== Services (Whitelisted) =================== ==================== Drivers (Whitelisted) ===================== ==================== NetSvcs (Whitelisted) ==================== ==================== One Month Created Files and Folders ======== 2012-09-24 20:44 - 2012-09-24 20:51 - 00000000 ____D C:\FRST 2012-09-22 05:17 - 2012-09-22 05:17 - 00049872 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\pvvwrhfk.sys 2012-09-22 03:50 - 2012-09-22 03:50 - 00049872 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\kvkiqtew.sys 2012-09-22 03:28 - 2012-09-22 03:28 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client 2012-09-22 03:27 - 2012-09-22 03:28 - 00000000 ____D C:\Program Files\Microsoft Security Client 2012-09-22 03:26 - 2012-09-22 03:28 - 00001945 ____A C:\Windows\epplauncher.mif 2012-09-22 03:26 - 2012-09-22 03:15 - 12621696 ____A (Microsoft Corporation) C:\Users\Stav\Desktop\mseinstall.exe 2012-09-19 01:08 - 2012-09-19 01:08 - 00001116 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-09-18 05:18 - 2012-09-18 05:20 - 00000000 ____D C:\Users\All Users\0C1CFB13074C31540043E7CF4F147CE7 2012-09-07 08:36 - 2012-09-07 08:36 - 00000000 ____D C:\Windows\pss 2012-09-07 08:33 - 2012-09-07 08:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2012-09-07 08:24 - 2012-09-07 09:18 - 00000000 ____D C:\Program Files (x86)\TeamViewer 2012-09-07 08:22 - 2012-09-19 01:08 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-09-07 08:22 - 2012-09-07 08:22 - 00000000 ____D C:\Users\All Users\Malwarebytes 2012-09-07 08:22 - 2012-09-07 06:04 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-09-04 01:31 - 2012-09-07 08:31 - 00000000 ____D C:\Users\All Users\blekko toolbars 2012-09-04 01:31 - 2012-09-04 01:31 - 00001204 ____A C:\Users\Stav\Desktop\WinUtilities Startup Cleaner.lnk 2012-09-04 01:31 - 2012-09-04 01:31 - 00000000 ____D C:\Program Files (x86)\WinUtilities Startup Cleaner 2012-09-04 01:30 - 2012-09-04 01:30 - 00000000 ____D C:\Users\All Users\Anti-phishing Domain Advisor 2012-09-02 03:45 - 2012-07-14 10:51 - 00093918 ____A C:\Users\Stav\Desktop\The Raven BDRip.srt 2012-09-02 03:44 - 2012-08-25 10:10 - 734212096 ____A C:\Users\Stav\Desktop\The Raven BDRip.avi 2012-08-28 11:23 - 2012-08-28 11:23 - 00111224 ____A C:\Windows\System32\GDIPFONTCACHEV1.DAT ==================== 3 Months Modified Files ================== 2012-09-22 10:17 - 2010-01-03 10:26 - 00001184 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2012-09-22 05:17 - 2012-09-22 05:17 - 00049872 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\pvvwrhfk.sys 2012-09-22 03:52 - 2010-01-03 10:26 - 00001180 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2012-09-22 03:50 - 2012-09-22 03:50 - 00049872 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\kvkiqtew.sys 2012-09-22 03:50 - 2012-05-30 09:35 - 00078792 ____A C:\Windows\System32\Drivers\5a123ba2b4731264.sys 2012-09-22 03:34 - 2009-07-13 20:45 - 00016080 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-09-22 03:34 - 2009-07-13 20:45 - 00016080 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-09-22 03:29 - 2009-11-21 19:58 - 01393870 ____A C:\Windows\WindowsUpdate.log 2012-09-22 03:28 - 2012-09-22 03:26 - 00001945 ____A C:\Windows\epplauncher.mif 2012-09-22 03:28 - 2010-02-08 11:24 - 01398716 ____A C:\Windows\SysWOW64\PerfStringBackup.INI 2012-09-22 03:28 - 2009-07-14 01:13 - 00565396 ____A C:\Windows\System32\perfh008.dat 2012-09-22 03:28 - 2009-07-14 01:13 - 00091760 ____A C:\Windows\System32\perfc008.dat 2012-09-22 03:27 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-09-22 03:27 - 2009-07-13 20:51 - 00102491 ____A C:\Windows\setupact.log 2012-09-22 03:15 - 2012-09-22 03:26 - 12621696 ____A (Microsoft Corporation) C:\Users\Stav\Desktop\mseinstall.exe 2012-09-19 01:08 - 2012-09-19 01:08 - 00001116 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-09-07 10:04 - 2009-09-18 00:40 - 00624034 ____A C:\Windows\PFRO.log 2012-09-07 06:04 - 2012-09-07 08:22 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-09-07 03:06 - 2012-02-23 10:39 - 00000069 ____A C:\Windows\NeroDigital.ini 2012-09-04 01:31 - 2012-09-04 01:31 - 00001204 ____A C:\Users\Stav\Desktop\WinUtilities Startup Cleaner.lnk 2012-09-03 23:46 - 2009-07-13 21:13 - 01372730 ____A C:\Windows\System32\PerfStringBackup.INI 2012-08-28 11:23 - 2012-08-28 11:23 - 00111224 ____A C:\Windows\System32\GDIPFONTCACHEV1.DAT 2012-08-28 11:23 - 2012-05-19 10:32 - 00008224 ____A C:\Users\Stav\AppData\Local\GDIPFONTCACHEV1.DAT 2012-08-27 12:50 - 2009-07-13 21:08 - 00032472 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2012-08-25 10:10 - 2012-09-02 03:44 - 734212096 ____A C:\Users\Stav\Desktop\The Raven BDRip.avi 2012-08-17 03:57 - 2009-07-13 20:45 - 00426512 ____A C:\Windows\System32\FNTCACHE.DAT 2012-08-15 11:28 - 2012-08-15 11:28 - 04178468 ____A C:\Users\Stav\Downloads\peripheral_driver_tv_u8000_v2_vista64.exe 2012-08-15 11:28 - 2012-08-15 11:28 - 04164783 ____A C:\Users\Stav\Downloads\peripheral_driver_tv_u8000_v2_xp32.exe 2012-08-15 11:19 - 2012-08-15 11:19 - 00001028 ____A C:\Users\Stav\Desktop\ChrisTV PVR Professional.lnk 2012-08-15 11:18 - 2012-08-15 11:17 - 05141893 ____A (Chris P.C. srl ) C:\Users\Stav\Downloads\setup_christv_5_65_pro.exe 2012-07-23 11:12 - 2012-05-19 12:03 - 00000248 ____A C:\Windows\emug3.ini 2012-07-14 10:51 - 2012-09-02 03:45 - 00093918 ____A C:\Users\Stav\Desktop\The Raven BDRip.srt ZeroAccess: C:\Windows\Installer\{69eb9fdf-c436-9a1a-f332-aa1765417e7b} C:\Windows\Installer\{69eb9fdf-c436-9a1a-f332-aa1765417e7b}\@ C:\Windows\Installer\{69eb9fdf-c436-9a1a-f332-aa1765417e7b}\L C:\Windows\Installer\{69eb9fdf-c436-9a1a-f332-aa1765417e7b}\U C:\Windows\Installer\{69eb9fdf-c436-9a1a-f332-aa1765417e7b}\U\00000001.@ C:\Windows\Installer\{69eb9fdf-c436-9a1a-f332-aa1765417e7b}\U\800000cb.@ ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION! ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: <===== ATTENTION! HKLM\...\exefile\DefaultIcon: <===== ATTENTION! HKLM\...\exefile\open\command: <===== ATTENTION! ==================== Restore Points ========================= Restore point made on: 2012-09-06 00:10:35 Restore point made on: 2012-09-07 08:30:19 Restore point made on: 2012-09-17 23:33:16 Restore point made on: 2012-09-17 23:34:42 Restore point made on: 2012-09-22 07:26:58 ==================== Memory info =========================== Percentage of memory in use: 17% Total physical RAM: 4060.88 MB Available physical RAM: 3335.39 MB Total Pagefile: 4059.02 MB Available Pagefile: 3350.11 MB Total Virtual: 8192 MB Available Virtual: 8191.9 MB ==================== Partitions ============================= 1 Drive c: (WINDOWS) (Fixed) (Total:149.04 GB) (Free:18.61 GB) NTFS 2 Drive d: (Data) (Fixed) (Total:148.65 GB) (Free:88.88 GB) NTFS 3 Drive e: (SYSTEM) (Fixed) (Total:0.39 GB) (Free:0.17 GB) NTFS ==>[System with boot components (obtained from reading drive)] 4 Drive f: (HBCD 15.1) (CDROM) (Total:0.49 GB) (Free:0 GB) CDFS 5 Drive g: () (Removable) (Total:7.55 GB) (Free:7.32 GB) NTFS 6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 298 GB 0 B Disk 1 Online 7728 MB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Recovery 400 MB 1024 KB Partition 2 Primary 149 GB 401 MB Partition 3 Primary 148 GB 149 GB ================================================================================== Disk: 0 Partition 1 Type : 27 Hidden: Yes Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 E SYSTEM NTFS Partition 400 MB Healthy Hidden ========================================================= Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 C WINDOWS NTFS Partition 149 GB Healthy ========================================================= Disk: 0 Partition 3 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 D Data NTFS Partition 148 GB Healthy ========================================================= Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 7727 MB 1024 KB ================================================================================== Disk: 1 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 G NTFS Removable 7727 MB Healthy ========================================================= Last Boot: 2012-09-17 02:05 ==================== End Of Log =============================