ZeroAccess:
C:\Windows\Installer{58ca1f4e-f92a-edc9-5f9d-982de9328946}
C:\Windows\Installer{58ca1f4e-f92a-edc9-5f9d-982de9328946}@
C:\Windows\Installer{58ca1f4e-f92a-edc9-5f9d-982de9328946}\L
C:\Windows\Installer{58ca1f4e-f92a-edc9-5f9d-982de9328946}\U
C:\Windows\Installer{58ca1f4e-f92a-edc9-5f9d-982de9328946}\U\00000001.@
C:\Windows\Installer{58ca1f4e-f92a-edc9-5f9d-982de9328946}\U\800000cb.@
ZeroAccess:
C:\Users\KWILLS\AppData\Local{58ca1f4e-f92a-edc9-5f9d-982de9328946}
C:\Users\KWILLS\AppData\Local{58ca1f4e-f92a-edc9-5f9d-982de9328946}@
C:\Users\KWILLS\AppData\Local{58ca1f4e-f92a-edc9-5f9d-982de9328946}\L
C:\Users\KWILLS\AppData\Local{58ca1f4e-f92a-edc9-5f9d-982de9328946}\U
========================= Known DLLs (Whitelisted) ============
========================= Bamital & volsnap Check ============
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM.….exe: exefile => OK
HKLM.…\exefile\DefaultIcon: %1 => OK
HKLM.…\exefile\open\command: “%1” %* => OK
========================= Memory info ======================
Percentage of memory in use: 16%
Total physical RAM: 3957.19 MB
Available physical RAM: 3311.96 MB
Total Pagefile: 3955.34 MB
Available Pagefile: 3295.68 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB
======================= Partitions =========================
1 Drive c: (OS) (Fixed) (Total:446.23 GB) (Free:353.07 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (120501_1114) (CDROM) (Total:0.11 GB) (Free:0 GB) CDFS
3 Drive e: () (Removable) (Total:3.8 GB) (Free:3.59 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Disk ### Status Size Free Dyn Gpt
Disk 0 Online 465 GB 0 B
Disk 1 Online 3894 MB 0 B
Partitions of Disk 0:
Partition ### Type Size Offset
Partition 1 Primary 19 GB 1024 KB
Partition 2 Primary 446 GB 19 GB
======================================================================================================
Disk: 0
Partition 1
Type : 1C
Hidden: Yes
Active: No
There is no volume associated with this partition.
======================================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
- Volume 1 C OS NTFS Partition 446 GB Healthy
======================================================================================================
Partitions of Disk 1:
Partition ### Type Size Offset
Partition 1 Primary 3894 MB 28 KB
======================================================================================================
Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
- Volume 2 E NTFS Removable 3894 MB Healthy
======================================================================================================
==========================================================
Last Boot: 2012-06-08 13:30
======================= End Of Log ==========================