Need help removing this. Following is FRST.txt and Search.txt for services.exe
FRST.TXT
Scan result of Farbar Recovery Scan Tool Version: 14-08-2012
Ran by SYSTEM at 13-08-2012 18:36:06
Running from E:\
Windows 7 Professional (X64) OS Language: English(US)
The current controlset is ControlSet001
========================== Registry (Whitelisted) =============
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [165912 2009-09-23] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [385560 2009-09-23] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [363544 2009-09-23] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2283816 2010-08-12] (Synaptics Incorporated)
HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice [4035152 2011-09-22] (ESET)
HKLM\...\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h [9569096 2012-03-11] (COMODO)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SageAutoUpdate] C:\Program Files (x86)\Sage\Advisor\Update\Sage.NA.AT_AU.SysTray.exe [1079624 2012-04-26] (Microsoft)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKU\harold.BGFM\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17148552 2012-02-29] (Skype Technologies S.A.)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 12.127.16.68
AppInit_DLLs: C:\Windows\System32\guard64.dll
Tcpip\..\Interfaces\{0F8C8D98-E80A-4F95-AF2F-317FF97943DB}: [NameServer]192.168.1.20
Startup: C:\Users\harold.BGFM\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)
==================== Services (Whitelisted) ======
2 cmdAgent; "C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe" [2815496 2012-03-11] (COMODO)
2 ekrn; "C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe" [974944 2011-09-22] (ESET)
2 Sage.NA.AT_AU.Service; "C:\Program Files (x86)\Sage\Advisor\Update\Sage.NA.AT_AU.Service.exe" [37192 2012-04-26] (Sage Software)
========================== Drivers (Whitelisted) =============
3 bcm44amd64; C:\Windows\System32\DRIVERS\b44amd64.sys [87552 2009-06-10] (Broadcom Corporation)
1 cmderd; C:\Windows\System32\Drivers\cmderd.sys [22696 2012-03-11] (COMODO)
1 cmdGuard; C:\Windows\System32\Drivers\cmdGuard.sys [577824 2012-03-11] (COMODO)
2 eamonm; C:\Windows\System32\Drivers\eamonm.sys [202576 2011-08-09] (ESET)
1 ehdrv; C:\Windows\System32\Drivers\ehdrv.sys [146432 2011-08-04] (ESET)
2 epfw; C:\Windows\System32\Drivers\epfw.sys [187632 2011-08-04] (ESET)
1 EpfwLWF; C:\Windows\System32\Drivers\EpfwLWF.sys [38288 2011-08-04] (ESET)
0 epfwwfp; C:\Windows\System32\Drivers\epfwwfp.sys [62496 2011-08-04] (ESET)
3 catchme; \??\C:\ComboFix\catchme.sys [x]
========================== NetSvcs (Whitelisted) ===========
============ One Month Created Files and Folders ==============
2012-08-13 15:25 - 2012-08-13 18:36 - 00000000 ____D C:\FRST
2012-08-13 15:07 - 2009-07-13 17:14 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe
2012-08-13 15:06 - 2012-08-13 15:06 - 00277008 ____A C:\Windows\Minidump\081312-21777-01.dmp
2012-08-11 20:06 - 2012-08-11 20:07 - 07051425 ____A C:\dir.txt
2012-08-11 18:15 - 2012-08-11 18:15 - 00021192 ____A C:\ComboFix.txt
2012-08-11 17:39 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-08-11 17:39 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-08-11 17:39 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-08-11 17:39 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-08-11 17:39 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-08-11 17:39 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-08-11 17:39 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-08-11 17:39 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-08-11 17:35 - 2012-08-10 10:08 - 01439703 ____A (Farbar) C:\FRST64.exe
2012-08-11 17:32 - 2012-08-11 18:15 - 00000000 ____D C:\Qoobox
2012-08-11 17:30 - 2012-08-11 17:30 - 00000000 ____D C:\Users\All Users\CPA_VA
2012-08-11 17:29 - 2012-08-11 17:29 - 00000000 ____D C:\Users\Public\Documents\COMODO
2012-08-11 17:26 - 2012-08-11 17:26 - 00277072 ____A C:\Windows\Minidump\081112-50279-01.dmp
2012-08-11 17:24 - 2012-08-11 18:10 - 00000000 ____D C:\Windows\erdnt
2012-08-11 17:22 - 2012-08-11 17:22 - 00000272 ____A C:\Windows\System32\Drivers\sfi.dat
2012-08-11 17:20 - 2012-08-13 15:15 - 00000000 ____D C:\Program Files\COMODO
2012-08-11 17:20 - 2012-08-11 17:22 - 00000000 ____D C:\Users\All Users\Comodo
2012-08-11 17:20 - 2012-08-11 17:20 - 01700352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gdiplus.dll
2012-08-11 17:20 - 2012-08-11 17:20 - 01060864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc71.dll
2012-08-11 17:20 - 2012-08-11 17:20 - 00348160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2012-08-11 17:20 - 2012-08-11 17:20 - 00001846 ____A C:\Users\Public\Desktop\COMODO Antivirus.lnk
2012-08-11 17:15 - 2012-08-11 17:15 - 00027256 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixZeroAccess.sys
2012-08-11 17:01 - 2012-08-11 17:01 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2012-08-10 10:07 - 2012-08-10 10:08 - 01439703 ____A (Farbar) C:\Users\harold.BGFM\Downloads\FRST64.exe
2012-08-10 10:06 - 2012-08-10 10:06 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2012-08-10 10:06 - 2012-08-10 10:06 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-08-10 10:00 - 2012-08-10 10:02 - 67987984 ____A (COMODO) C:\Users\harold.BGFM\Downloads\cavse_so_30day_installer_1726_5b.exe
2012-08-10 09:59 - 2012-08-10 09:59 - 00001205 ____A C:\Users\harold.BGFM\Downloads\FixNCR.reg
2012-08-09 09:19 - 2012-08-09 09:19 - 00268744 ____A C:\Windows\Minidump\080912-18361-01.dmp
2012-08-09 09:13 - 2012-08-09 09:13 - 00000000 ____D C:\found.000
2012-08-08 11:34 - 2012-08-08 11:34 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-08-07 17:39 - 2012-08-07 17:39 - 00000000 ____D C:\Program Files (x86)\ESET
2012-08-07 17:21 - 2012-08-07 17:21 - 00000000 ____D C:\Users\harold.BGFM\AppData\Local\VirtualStore
2012-08-07 17:19 - 2012-08-07 17:19 - 00000000 ____D C:\Users\Public\Desktop\CC Support
2012-08-07 14:21 - 2012-08-07 14:21 - 00005602 ____A C:\Users\harold.BGFM\Downloads\exe-fix.bat
2012-08-06 16:04 - 2012-08-06 16:04 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-07-16 07:34 - 2012-07-16 07:35 - 00277016 ____A C:\Windows\Minidump\071612-19078-01.dmp
2012-07-14 07:39 - 2012-07-14 07:39 - 00277008 ____A C:\Windows\Minidump\071412-35365-01.dmp
============ 3 Months Modified Files ========================
2012-08-13 15:33 - 2011-10-19 13:22 - 01194120 ____A C:\Windows\WindowsUpdate.log
2012-08-13 15:25 - 2009-07-13 21:13 - 00659764 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-13 15:22 - 2009-07-13 20:51 - 00057874 ____A C:\Windows\setupact.log
2012-08-13 15:20 - 2009-07-13 20:45 - 00019520 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-13 15:20 - 2009-07-13 20:45 - 00019520 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-13 15:08 - 2011-10-24 07:41 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-08-13 15:07 - 2012-04-03 11:00 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-13 15:06 - 2012-08-13 15:06 - 00277008 ____A C:\Windows\Minidump\081312-21777-01.dmp
2012-08-13 15:06 - 2011-11-08 14:52 - 443591861 ____A C:\Windows\MEMORY.DMP
2012-08-13 15:06 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-11 20:07 - 2012-08-11 20:06 - 07051425 ____A C:\dir.txt
2012-08-11 18:15 - 2012-08-11 18:15 - 00021192 ____A C:\ComboFix.txt
2012-08-11 18:02 - 2011-10-24 07:41 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-08-11 18:02 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2012-08-11 17:57 - 2011-10-19 11:55 - 00144862 ____A C:\Windows\PFRO.log
2012-08-11 17:26 - 2012-08-11 17:26 - 00277072 ____A C:\Windows\Minidump\081112-50279-01.dmp
2012-08-11 17:22 - 2012-08-11 17:22 - 00000272 ____A C:\Windows\System32\Drivers\sfi.dat
2012-08-11 17:20 - 2012-08-11 17:20 - 01700352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gdiplus.dll
2012-08-11 17:20 - 2012-08-11 17:20 - 01060864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc71.dll
2012-08-11 17:20 - 2012-08-11 17:20 - 00348160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2012-08-11 17:20 - 2012-08-11 17:20 - 00001846 ____A C:\Users\Public\Desktop\COMODO Antivirus.lnk
2012-08-11 17:15 - 2012-08-11 17:15 - 00027256 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixZeroAccess.sys
2012-08-11 17:01 - 2012-08-11 17:01 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2012-08-10 10:08 - 2012-08-11 17:35 - 01439703 ____A (Farbar) C:\FRST64.exe
2012-08-10 10:08 - 2012-08-10 10:07 - 01439703 ____A (Farbar) C:\Users\harold.BGFM\Downloads\FRST64.exe
2012-08-10 10:02 - 2012-08-10 10:00 - 67987984 ____A (COMODO) C:\Users\harold.BGFM\Downloads\cavse_so_30day_installer_1726_5b.exe
2012-08-10 09:59 - 2012-08-10 09:59 - 00001205 ____A C:\Users\harold.BGFM\Downloads\FixNCR.reg
2012-08-10 08:56 - 2011-10-20 09:06 - 00000112 ____A C:\Windows\System32\config\netlogon.ftl
2012-08-09 09:19 - 2012-08-09 09:19 - 00268744 ____A C:\Windows\Minidump\080912-18361-01.dmp
2012-08-07 14:21 - 2012-08-07 14:21 - 00005602 ____A C:\Users\harold.BGFM\Downloads\exe-fix.bat
2012-08-03 13:33 - 2009-07-13 21:08 - 00032594 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-08-03 05:07 - 2012-04-03 11:00 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-03 05:07 - 2011-10-20 09:02 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-16 07:35 - 2012-07-16 07:34 - 00277016 ____A C:\Windows\Minidump\071612-19078-01.dmp
2012-07-14 07:39 - 2012-07-14 07:39 - 00277008 ____A C:\Windows\Minidump\071412-35365-01.dmp
2012-07-11 09:02 - 2011-10-19 13:26 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-18 12:00 - 2011-10-20 10:10 - 00116656 ____A C:\Users\harold.BGFM\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-15 05:18 - 2009-07-13 20:45 - 00422928 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-13 18:30 - 2012-06-13 18:30 - 00002018 ____A C:\Users\Public\Desktop\Administration.lnk
2012-06-13 18:30 - 2012-06-13 18:30 - 00002011 ____A C:\Users\Public\Desktop\Scheduler.lnk
2012-06-13 18:30 - 2012-06-13 18:30 - 00002011 ____A C:\Users\Public\Desktop\Payroll.lnk
2012-06-13 18:30 - 2012-06-13 18:30 - 00002011 ____A C:\Users\Public\Desktop\Electronic Requisitions.lnk
2012-06-13 18:30 - 2012-06-13 18:30 - 00002011 ____A C:\Users\Public\Desktop\Accounting.lnk
2012-06-12 12:51 - 2012-06-12 12:51 - 00277016 ____A C:\Windows\Minidump\061212-19141-01.dmp
2012-06-12 10:20 - 2012-06-12 10:20 - 00277016 ____A C:\Windows\Minidump\061212-34538-01.dmp
2012-06-02 14:19 - 2012-06-24 16:56 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-24 16:56 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-24 16:56 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-24 16:55 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-24 16:55 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 14:19 - 2012-06-24 16:55 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-24 16:56 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-24 16:55 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 14:15 - 2012-06-24 16:55 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-01 21:27 - 2012-07-11 05:24 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 20:47 - 2012-07-11 05:24 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-05-31 09:25 - 2011-10-19 12:13 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-05-17 18:47 - 2012-06-13 09:00 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-17 18:16 - 2012-06-13 09:00 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-17 18:06 - 2012-06-13 09:00 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-17 17:59 - 2012-06-13 09:00 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-17 17:59 - 2012-06-13 09:00 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-17 17:58 - 2012-06-13 09:00 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-17 17:58 - 2012-06-13 09:00 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-17 17:56 - 2012-06-13 09:00 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-17 17:55 - 2012-06-13 09:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-17 17:55 - 2012-06-13 09:00 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-17 17:54 - 2012-06-13 09:00 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-17 17:51 - 2012-06-13 09:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-17 17:51 - 2012-06-13 09:00 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-17 17:47 - 2012-06-13 09:00 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-17 15:11 - 2012-06-13 09:00 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-05-17 14:48 - 2012-06-13 09:00 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-05-17 14:45 - 2012-06-13 09:00 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-05-17 14:36 - 2012-06-13 09:00 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-05-17 14:35 - 2012-06-13 09:00 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-05-17 14:35 - 2012-06-13 09:00 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-17 14:33 - 2012-06-13 09:00 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-05-17 14:31 - 2012-06-13 09:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-17 14:29 - 2012-06-13 09:00 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-05-17 14:29 - 2012-06-13 09:00 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-05-17 14:27 - 2012-06-13 09:00 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-05-17 14:25 - 2012-06-13 09:00 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-05-17 14:24 - 2012-06-13 09:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-05-17 14:20 - 2012-06-13 09:00 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-05-17 14:09 - 2012-05-17 14:09 - 01773839 ____A C:\Users\harold.BGFM\Downloads\SK109 (1)
2012-05-17 12:11 - 2012-05-17 12:10 - 01773839 ____A C:\Users\harold.BGFM\Downloads\SK109
ZeroAccess:
C:\Windows\Installer\{53d59bbf-94ef-0e42-d790-fce88ea5afa0}
C:\Windows\Installer\{53d59bbf-94ef-0e42-d790-fce88ea5afa0}\L
C:\Windows\Installer\{53d59bbf-94ef-0e42-d790-fce88ea5afa0}\U
ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini
ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini
Type 00 partition infection:
C:\Windows\svchost.exe
========================= Known DLLs (Whitelisted) ============
========================= Bamital & volsnap Check ============
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
========================= Memory info ======================
Percentage of memory in use: 13%
Total physical RAM: 4598.04 MB
Available physical RAM: 3995.84 MB
Total Pagefile: 4596.19 MB
Available Pagefile: 3991.27 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB
======================= Partitions =========================
1 Drive c: () (Fixed) (Total:146.46 GB) (Free:105.13 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
3 Drive e: (UBCD411) (Removable) (Total:0.47 GB) (Free:0.02 GB) FAT
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 149 GB 7168 KB
Disk 1 Online 481 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 86 MB 31 KB
Partition 2 Primary 146 GB 86 MB
Partition 0 Extended 2557 MB 146 GB
Partition 3 Logical 2557 MB 146 GB
==================================================================================
Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 FAT Partition 86 MB Healthy Hidden
==================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 146 GB Healthy
==================================================================================
Disk: 0
Partition 3
Type : DD
Hidden: Yes
Active: No
There is no volume associated with this partition.
==================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 480 MB 16 KB
==================================================================================
Disk: 1
Partition 1
Type : 06
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E UBCD411 FAT Removable 480 MB Healthy
==================================================================================
Last Boot: 2012-08-09 12:18
======================= End Of Log ==========================
Search.txt
Farbar Recovery Scan Tool Version: 14-08-2012
Ran by SYSTEM at 2012-08-13 18:38:05
Running from E:\
================== Search: "services.exe" ===================
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06
====== End Of Search ======
FRST.TXT
Scan result of Farbar Recovery Scan Tool Version: 14-08-2012
Ran by SYSTEM at 13-08-2012 18:36:06
Running from E:\
Windows 7 Professional (X64) OS Language: English(US)
The current controlset is ControlSet001
========================== Registry (Whitelisted) =============
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [165912 2009-09-23] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [385560 2009-09-23] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [363544 2009-09-23] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2283816 2010-08-12] (Synaptics Incorporated)
HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice [4035152 2011-09-22] (ESET)
HKLM\...\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h [9569096 2012-03-11] (COMODO)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SageAutoUpdate] C:\Program Files (x86)\Sage\Advisor\Update\Sage.NA.AT_AU.SysTray.exe [1079624 2012-04-26] (Microsoft)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKU\harold.BGFM\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17148552 2012-02-29] (Skype Technologies S.A.)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 12.127.16.68
AppInit_DLLs: C:\Windows\System32\guard64.dll
Tcpip\..\Interfaces\{0F8C8D98-E80A-4F95-AF2F-317FF97943DB}: [NameServer]192.168.1.20
Startup: C:\Users\harold.BGFM\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)
==================== Services (Whitelisted) ======
2 cmdAgent; "C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe" [2815496 2012-03-11] (COMODO)
2 ekrn; "C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe" [974944 2011-09-22] (ESET)
2 Sage.NA.AT_AU.Service; "C:\Program Files (x86)\Sage\Advisor\Update\Sage.NA.AT_AU.Service.exe" [37192 2012-04-26] (Sage Software)
========================== Drivers (Whitelisted) =============
3 bcm44amd64; C:\Windows\System32\DRIVERS\b44amd64.sys [87552 2009-06-10] (Broadcom Corporation)
1 cmderd; C:\Windows\System32\Drivers\cmderd.sys [22696 2012-03-11] (COMODO)
1 cmdGuard; C:\Windows\System32\Drivers\cmdGuard.sys [577824 2012-03-11] (COMODO)
2 eamonm; C:\Windows\System32\Drivers\eamonm.sys [202576 2011-08-09] (ESET)
1 ehdrv; C:\Windows\System32\Drivers\ehdrv.sys [146432 2011-08-04] (ESET)
2 epfw; C:\Windows\System32\Drivers\epfw.sys [187632 2011-08-04] (ESET)
1 EpfwLWF; C:\Windows\System32\Drivers\EpfwLWF.sys [38288 2011-08-04] (ESET)
0 epfwwfp; C:\Windows\System32\Drivers\epfwwfp.sys [62496 2011-08-04] (ESET)
3 catchme; \??\C:\ComboFix\catchme.sys [x]
========================== NetSvcs (Whitelisted) ===========
============ One Month Created Files and Folders ==============
2012-08-13 15:25 - 2012-08-13 18:36 - 00000000 ____D C:\FRST
2012-08-13 15:07 - 2009-07-13 17:14 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe
2012-08-13 15:06 - 2012-08-13 15:06 - 00277008 ____A C:\Windows\Minidump\081312-21777-01.dmp
2012-08-11 20:06 - 2012-08-11 20:07 - 07051425 ____A C:\dir.txt
2012-08-11 18:15 - 2012-08-11 18:15 - 00021192 ____A C:\ComboFix.txt
2012-08-11 17:39 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-08-11 17:39 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-08-11 17:39 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-08-11 17:39 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-08-11 17:39 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-08-11 17:39 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-08-11 17:39 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-08-11 17:39 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-08-11 17:35 - 2012-08-10 10:08 - 01439703 ____A (Farbar) C:\FRST64.exe
2012-08-11 17:32 - 2012-08-11 18:15 - 00000000 ____D C:\Qoobox
2012-08-11 17:30 - 2012-08-11 17:30 - 00000000 ____D C:\Users\All Users\CPA_VA
2012-08-11 17:29 - 2012-08-11 17:29 - 00000000 ____D C:\Users\Public\Documents\COMODO
2012-08-11 17:26 - 2012-08-11 17:26 - 00277072 ____A C:\Windows\Minidump\081112-50279-01.dmp
2012-08-11 17:24 - 2012-08-11 18:10 - 00000000 ____D C:\Windows\erdnt
2012-08-11 17:22 - 2012-08-11 17:22 - 00000272 ____A C:\Windows\System32\Drivers\sfi.dat
2012-08-11 17:20 - 2012-08-13 15:15 - 00000000 ____D C:\Program Files\COMODO
2012-08-11 17:20 - 2012-08-11 17:22 - 00000000 ____D C:\Users\All Users\Comodo
2012-08-11 17:20 - 2012-08-11 17:20 - 01700352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gdiplus.dll
2012-08-11 17:20 - 2012-08-11 17:20 - 01060864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc71.dll
2012-08-11 17:20 - 2012-08-11 17:20 - 00348160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2012-08-11 17:20 - 2012-08-11 17:20 - 00001846 ____A C:\Users\Public\Desktop\COMODO Antivirus.lnk
2012-08-11 17:15 - 2012-08-11 17:15 - 00027256 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixZeroAccess.sys
2012-08-11 17:01 - 2012-08-11 17:01 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2012-08-10 10:07 - 2012-08-10 10:08 - 01439703 ____A (Farbar) C:\Users\harold.BGFM\Downloads\FRST64.exe
2012-08-10 10:06 - 2012-08-10 10:06 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2012-08-10 10:06 - 2012-08-10 10:06 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-08-10 10:00 - 2012-08-10 10:02 - 67987984 ____A (COMODO) C:\Users\harold.BGFM\Downloads\cavse_so_30day_installer_1726_5b.exe
2012-08-10 09:59 - 2012-08-10 09:59 - 00001205 ____A C:\Users\harold.BGFM\Downloads\FixNCR.reg
2012-08-09 09:19 - 2012-08-09 09:19 - 00268744 ____A C:\Windows\Minidump\080912-18361-01.dmp
2012-08-09 09:13 - 2012-08-09 09:13 - 00000000 ____D C:\found.000
2012-08-08 11:34 - 2012-08-08 11:34 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-08-07 17:39 - 2012-08-07 17:39 - 00000000 ____D C:\Program Files (x86)\ESET
2012-08-07 17:21 - 2012-08-07 17:21 - 00000000 ____D C:\Users\harold.BGFM\AppData\Local\VirtualStore
2012-08-07 17:19 - 2012-08-07 17:19 - 00000000 ____D C:\Users\Public\Desktop\CC Support
2012-08-07 14:21 - 2012-08-07 14:21 - 00005602 ____A C:\Users\harold.BGFM\Downloads\exe-fix.bat
2012-08-06 16:04 - 2012-08-06 16:04 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-07-16 07:34 - 2012-07-16 07:35 - 00277016 ____A C:\Windows\Minidump\071612-19078-01.dmp
2012-07-14 07:39 - 2012-07-14 07:39 - 00277008 ____A C:\Windows\Minidump\071412-35365-01.dmp
============ 3 Months Modified Files ========================
2012-08-13 15:33 - 2011-10-19 13:22 - 01194120 ____A C:\Windows\WindowsUpdate.log
2012-08-13 15:25 - 2009-07-13 21:13 - 00659764 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-13 15:22 - 2009-07-13 20:51 - 00057874 ____A C:\Windows\setupact.log
2012-08-13 15:20 - 2009-07-13 20:45 - 00019520 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-13 15:20 - 2009-07-13 20:45 - 00019520 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-13 15:08 - 2011-10-24 07:41 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-08-13 15:07 - 2012-04-03 11:00 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-13 15:06 - 2012-08-13 15:06 - 00277008 ____A C:\Windows\Minidump\081312-21777-01.dmp
2012-08-13 15:06 - 2011-11-08 14:52 - 443591861 ____A C:\Windows\MEMORY.DMP
2012-08-13 15:06 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-11 20:07 - 2012-08-11 20:06 - 07051425 ____A C:\dir.txt
2012-08-11 18:15 - 2012-08-11 18:15 - 00021192 ____A C:\ComboFix.txt
2012-08-11 18:02 - 2011-10-24 07:41 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-08-11 18:02 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2012-08-11 17:57 - 2011-10-19 11:55 - 00144862 ____A C:\Windows\PFRO.log
2012-08-11 17:26 - 2012-08-11 17:26 - 00277072 ____A C:\Windows\Minidump\081112-50279-01.dmp
2012-08-11 17:22 - 2012-08-11 17:22 - 00000272 ____A C:\Windows\System32\Drivers\sfi.dat
2012-08-11 17:20 - 2012-08-11 17:20 - 01700352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gdiplus.dll
2012-08-11 17:20 - 2012-08-11 17:20 - 01060864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc71.dll
2012-08-11 17:20 - 2012-08-11 17:20 - 00348160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2012-08-11 17:20 - 2012-08-11 17:20 - 00001846 ____A C:\Users\Public\Desktop\COMODO Antivirus.lnk
2012-08-11 17:15 - 2012-08-11 17:15 - 00027256 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixZeroAccess.sys
2012-08-11 17:01 - 2012-08-11 17:01 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2012-08-10 10:08 - 2012-08-11 17:35 - 01439703 ____A (Farbar) C:\FRST64.exe
2012-08-10 10:08 - 2012-08-10 10:07 - 01439703 ____A (Farbar) C:\Users\harold.BGFM\Downloads\FRST64.exe
2012-08-10 10:02 - 2012-08-10 10:00 - 67987984 ____A (COMODO) C:\Users\harold.BGFM\Downloads\cavse_so_30day_installer_1726_5b.exe
2012-08-10 09:59 - 2012-08-10 09:59 - 00001205 ____A C:\Users\harold.BGFM\Downloads\FixNCR.reg
2012-08-10 08:56 - 2011-10-20 09:06 - 00000112 ____A C:\Windows\System32\config\netlogon.ftl
2012-08-09 09:19 - 2012-08-09 09:19 - 00268744 ____A C:\Windows\Minidump\080912-18361-01.dmp
2012-08-07 14:21 - 2012-08-07 14:21 - 00005602 ____A C:\Users\harold.BGFM\Downloads\exe-fix.bat
2012-08-03 13:33 - 2009-07-13 21:08 - 00032594 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-08-03 05:07 - 2012-04-03 11:00 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-03 05:07 - 2011-10-20 09:02 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-16 07:35 - 2012-07-16 07:34 - 00277016 ____A C:\Windows\Minidump\071612-19078-01.dmp
2012-07-14 07:39 - 2012-07-14 07:39 - 00277008 ____A C:\Windows\Minidump\071412-35365-01.dmp
2012-07-11 09:02 - 2011-10-19 13:26 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-18 12:00 - 2011-10-20 10:10 - 00116656 ____A C:\Users\harold.BGFM\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-15 05:18 - 2009-07-13 20:45 - 00422928 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-13 18:30 - 2012-06-13 18:30 - 00002018 ____A C:\Users\Public\Desktop\Administration.lnk
2012-06-13 18:30 - 2012-06-13 18:30 - 00002011 ____A C:\Users\Public\Desktop\Scheduler.lnk
2012-06-13 18:30 - 2012-06-13 18:30 - 00002011 ____A C:\Users\Public\Desktop\Payroll.lnk
2012-06-13 18:30 - 2012-06-13 18:30 - 00002011 ____A C:\Users\Public\Desktop\Electronic Requisitions.lnk
2012-06-13 18:30 - 2012-06-13 18:30 - 00002011 ____A C:\Users\Public\Desktop\Accounting.lnk
2012-06-12 12:51 - 2012-06-12 12:51 - 00277016 ____A C:\Windows\Minidump\061212-19141-01.dmp
2012-06-12 10:20 - 2012-06-12 10:20 - 00277016 ____A C:\Windows\Minidump\061212-34538-01.dmp
2012-06-02 14:19 - 2012-06-24 16:56 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-24 16:56 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-24 16:56 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-24 16:55 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-24 16:55 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 14:19 - 2012-06-24 16:55 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-24 16:56 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-24 16:55 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 14:15 - 2012-06-24 16:55 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-01 21:27 - 2012-07-11 05:24 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 20:47 - 2012-07-11 05:24 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-05-31 09:25 - 2011-10-19 12:13 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-05-17 18:47 - 2012-06-13 09:00 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-17 18:16 - 2012-06-13 09:00 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-17 18:06 - 2012-06-13 09:00 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-17 17:59 - 2012-06-13 09:00 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-17 17:59 - 2012-06-13 09:00 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-17 17:58 - 2012-06-13 09:00 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-17 17:58 - 2012-06-13 09:00 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-17 17:56 - 2012-06-13 09:00 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-17 17:55 - 2012-06-13 09:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-17 17:55 - 2012-06-13 09:00 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-17 17:54 - 2012-06-13 09:00 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-17 17:51 - 2012-06-13 09:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-17 17:51 - 2012-06-13 09:00 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-17 17:47 - 2012-06-13 09:00 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-17 15:11 - 2012-06-13 09:00 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-05-17 14:48 - 2012-06-13 09:00 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-05-17 14:45 - 2012-06-13 09:00 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-05-17 14:36 - 2012-06-13 09:00 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-05-17 14:35 - 2012-06-13 09:00 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-05-17 14:35 - 2012-06-13 09:00 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-17 14:33 - 2012-06-13 09:00 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-05-17 14:31 - 2012-06-13 09:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-17 14:29 - 2012-06-13 09:00 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-05-17 14:29 - 2012-06-13 09:00 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-05-17 14:27 - 2012-06-13 09:00 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-05-17 14:25 - 2012-06-13 09:00 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-05-17 14:24 - 2012-06-13 09:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-05-17 14:20 - 2012-06-13 09:00 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-05-17 14:09 - 2012-05-17 14:09 - 01773839 ____A C:\Users\harold.BGFM\Downloads\SK109 (1)
2012-05-17 12:11 - 2012-05-17 12:10 - 01773839 ____A C:\Users\harold.BGFM\Downloads\SK109
ZeroAccess:
C:\Windows\Installer\{53d59bbf-94ef-0e42-d790-fce88ea5afa0}
C:\Windows\Installer\{53d59bbf-94ef-0e42-d790-fce88ea5afa0}\L
C:\Windows\Installer\{53d59bbf-94ef-0e42-d790-fce88ea5afa0}\U
ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini
ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini
Type 00 partition infection:
C:\Windows\svchost.exe
========================= Known DLLs (Whitelisted) ============
========================= Bamital & volsnap Check ============
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
========================= Memory info ======================
Percentage of memory in use: 13%
Total physical RAM: 4598.04 MB
Available physical RAM: 3995.84 MB
Total Pagefile: 4596.19 MB
Available Pagefile: 3991.27 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB
======================= Partitions =========================
1 Drive c: () (Fixed) (Total:146.46 GB) (Free:105.13 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
3 Drive e: (UBCD411) (Removable) (Total:0.47 GB) (Free:0.02 GB) FAT
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 149 GB 7168 KB
Disk 1 Online 481 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 86 MB 31 KB
Partition 2 Primary 146 GB 86 MB
Partition 0 Extended 2557 MB 146 GB
Partition 3 Logical 2557 MB 146 GB
==================================================================================
Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 FAT Partition 86 MB Healthy Hidden
==================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 146 GB Healthy
==================================================================================
Disk: 0
Partition 3
Type : DD
Hidden: Yes
Active: No
There is no volume associated with this partition.
==================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 480 MB 16 KB
==================================================================================
Disk: 1
Partition 1
Type : 06
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E UBCD411 FAT Removable 480 MB Healthy
==================================================================================
Last Boot: 2012-08-09 12:18
======================= End Of Log ==========================
Search.txt
Farbar Recovery Scan Tool Version: 14-08-2012
Ran by SYSTEM at 2012-08-13 18:38:05
Running from E:\
================== Search: "services.exe" ===================
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06
====== End Of Search ======