Apparently another Sirefef infection. Running NOD32 and it keeps warning of this infection. Ran scans with both NOD32 and Malwarebytes, but it's still there. Thanks in advance!
Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 10-07-2012
Ran by SYSTEM at 11-07-2012 13:07:27
Running from F:\
Windows 7 Professional (X86) OS Language: English(US)
The current controlset is ControlSet001
========================== Registry (Whitelisted) =============
HKLM\...\Run: [] [x]
HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [167936 2007-10-25] (Alps Electric Co., Ltd.)
HKLM\...\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s [118784 2007-07-27] (Creative Technology Ltd.)
HKLM\...\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe [36864 2007-05-09] (Creative Technology Ltd.)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [141848 2009-09-23] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [173592 2009-09-23] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [150552 2009-09-23] (Intel Corporation)
HKLM\...\Run: [Freecorder FLV Service] "C:\Program Files\Freecorder\FLVSrvc.exe" /run [167936 2011-03-23] (Applian Technologies, Inc.)
HKLM\...\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1230704 2011-03-21] ()
HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice [2215064 2010-08-12] (ESET)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKU\Larry\...\Run: [Desktop Software] "C:\Program Files\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden [x]
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\ImageMixer 3 SE Camera Monitor Ver.5.lnk
ShortcutTarget: ImageMixer 3 SE Camera Monitor Ver.5.lnk -> C:\Program Files\PIXELA\ImageMixer 3 SE Ver.5\Transfer Utility\CameraMonitor.exe (PIXELA CORPORATION)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
================================ Services (Whitelisted) ==================
2 CrossLoopService; "C:\Users\Larry\AppData\Local\CrossLoop\CrossLoopService.exe" --service [560792 2010-03-15] (CrossLoop Inc)
3 EhttpSrv; "C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe" [33584 2010-08-12] (ESET)
2 ekrn; "C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe" [810144 2010-08-12] (ESET)
2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
2 MsDepSvc; "C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe" -runService:MsDepSvc [67400 2011-04-01] (Microsoft Corporation)
2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [75064 2010-04-19] ()
4 QBCFMonitorService; "C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe" [20480 2009-09-16] (Intuit)
3 QBFCService; "C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe" [65536 2006-11-09] (Intuit Inc.)
3 Samsung UPD Service; "C:\Windows\System32\SUPDSvc.exe" [131888 2010-08-08] (Samsung Electronics CO., LTD.)
2 Secunia PSI Agent; "C:\Program Files\Secunia\PSI\PSIA.exe" --start-service [1326176 2012-06-26] (Secunia)
2 Secunia Update Agent; "C:\Program Files\Secunia\PSI\sua.exe" --start-service [681056 2012-06-26] (Secunia)
3 uvnc_service; "C:\Users\Larry\AppData\Local\CrossLoop\winvnc.exe" -service [1590216 2009-12-06] (UltraVNC)
2 MSSQL$SQLEXPRESS; "c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS [x]
4 MSSQLServerADHelper100; "c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE" [x]
4 NetMsmqActivator; "c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator [x]
4 NetPipeActivator; c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [x]
4 NetTcpActivator; c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [x]
4 NetTcpPortSharing; c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [x]
4 SQLAgent$SQLEXPRESS; "c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE" -I SQLEXPRESS [x]
4 SQLBrowser; "c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe" [x]
2 SQLWriter; "c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [x]
========================== Drivers (Whitelisted) =============
2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [136632 2010-07-29] (ESET)
1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [115008 2010-07-29] (ESET)
2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [96920 2010-07-29] (ESET)
3 IntcHdmiAddService; C:\Windows\System32\drivers\IntcHdmi.sys [122880 2009-07-10] (Intel(R) Corporation)
3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-08] (Microsoft Corporation)
3 PSI; C:\Windows\System32\DRIVERS\psi_mf.sys [15544 2011-12-16] (Secunia)
4 RsFx0102; C:\Windows\System32\DRIVERS\RsFx0102.sys [242712 2008-07-09] (Microsoft Corporation)
3 WsAudio_DeviceS(1); C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys [16640 2009-09-03] (Wondershare)
3 NSNDIS5; \??\C:\Windows\system32\NSNDIS5.SYS [x]
3 RimUsb; C:\Windows\System32\Drivers\RimUsb.sys [x]
========================== NetSvcs (Whitelisted) ===========
============ One Month Created Files and Folders ==============
2012-07-11 13:07 - 2012-07-11 13:07 - 00000000 ____D C:\FRST
2012-07-11 08:45 - 2012-07-11 08:46 - 00890230 ____A (Farbar) C:\Users\Larry\Desktop\FRST.exe
2012-07-11 08:34 - 2012-07-11 08:34 - 00000000 ____D C:\Users\Larry\AppData\Local\Secunia PSI
2012-07-11 08:33 - 2012-07-11 08:33 - 03281592 ____A (Secunia) C:\Users\Larry\Downloads\PSISetup.exe
2012-07-11 08:33 - 2012-07-11 08:33 - 00000000 ____D C:\Program Files\Secunia
2012-07-10 17:48 - 2012-07-10 17:48 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-07-09 15:55 - 2012-07-11 09:00 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-09 15:55 - 2012-07-09 15:55 - 00000000 ____D C:\Users\Larry\AppData\Local\Macromedia
2012-07-09 15:47 - 2012-07-09 15:47 - 00040536 ____A C:\Users\Larry\Documents\bookmark.htm
2012-07-05 17:52 - 2012-07-08 19:06 - 00000000 ____D C:\Users\Larry\Desktop\4th of July 2012
2012-07-05 13:24 - 2012-07-05 13:31 - 00769765 ____A C:\Users\Larry\Desktop\ram_banner.psd
2012-07-01 14:20 - 2012-07-01 14:21 - 92414437 ____A C:\Users\Larry\Downloads\PokemonInstaller.msi.part
2012-06-28 13:56 - 2012-06-28 13:56 - 00000000 ____D C:\Program Files\FileZilla FTP Client
2012-06-28 07:53 - 2012-07-02 11:26 - 00000000 ____D C:\Users\Larry\AppData\Roaming\Pokémon Trading Card Game Online
2012-06-28 07:53 - 2012-06-28 07:53 - 00001291 ____A C:\Users\Larry\Desktop\Pokémon Trading Card Game Online.lnk
2012-06-27 06:46 - 2012-06-27 07:08 - 00872945 ____A C:\Users\Larry\Desktop\chris_s_banner.psd
2012-06-27 06:39 - 2012-06-27 07:10 - 00000531 ____A C:\Users\Larry\Desktop\New Text Document (3).txt
2012-06-26 09:19 - 2012-06-26 09:32 - 00000000 ____D C:\Users\Larry\AppData\Roaming\NCH Software
2012-06-26 09:19 - 2012-06-26 09:19 - 03941464 ____A (NCH Software) C:\Users\Larry\Downloads\vpsetup.exe
2012-06-26 09:19 - 2012-06-26 09:19 - 00001104 ____A C:\Users\Public\Desktop\VideoPad Video Editor.lnk
2012-06-26 09:19 - 2012-06-26 09:19 - 00000000 ____D C:\Users\All Users\NCH Software
2012-06-26 09:19 - 2012-06-26 09:19 - 00000000 ____D C:\Program Files\NCH Software
2012-06-24 18:40 - 2012-06-25 08:29 - 00000000 ____D C:\Users\Larry\Desktop\Airplane 062412
2012-06-20 08:31 - 2012-06-20 08:31 - 00000000 ____D C:\usr
2012-06-20 08:31 - 2012-06-20 08:31 - 00000000 ____D C:\Users\All Users\Paessler
2012-06-20 08:30 - 2012-06-20 09:18 - 00000000 ____D C:\Program Files\PRTG Network Monitor
2012-06-20 08:30 - 2012-06-20 08:30 - 00000000 ____D C:\Users\All Users\Licenses
2012-06-20 08:08 - 2012-06-20 08:08 - 00000000 ____D C:\Users\Larry\AppData\Roaming\SolarWinds
2012-06-20 08:07 - 2012-06-20 08:07 - 00000000 ____D C:\Users\Larry\AppData\Local\Downloaded Installations
2012-06-20 07:02 - 2012-06-20 07:05 - 266433120 ____A (Microsoft Corporation) C:\Users\Larry\Desktop\SharePointDesigner.exe
2012-06-19 19:06 - 2012-06-19 19:06 - 00145824 ____A C:\Windows\Minidump\061912-17768-01.dmp
2012-06-14 08:29 - 2012-06-14 08:29 - 00001753 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-06-14 08:28 - 2012-06-14 08:29 - 00000000 ____D C:\Program Files\iTunes
2012-06-14 08:28 - 2012-06-14 08:28 - 00000000 ____D C:\Program Files\iPod
============ 3 Months Modified Files ========================
2012-07-11 09:00 - 2012-07-09 15:55 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-11 09:00 - 2010-04-06 19:08 - 01737091 ____A C:\Windows\WindowsUpdate.log
2012-07-11 09:00 - 2009-07-13 20:34 - 00019696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-11 09:00 - 2009-07-13 20:34 - 00019696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-11 08:56 - 2012-03-14 16:25 - 00006474 ____A C:\Windows\PFRO.log
2012-07-11 08:56 - 2012-03-08 16:21 - 00023802 ____A C:\Windows\setupact.log
2012-07-11 08:56 - 2010-06-14 18:14 - 00000880 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-11 08:56 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-11 08:46 - 2012-07-11 08:45 - 00890230 ____A (Farbar) C:\Users\Larry\Desktop\FRST.exe
2012-07-11 08:33 - 2012-07-11 08:33 - 03281592 ____A (Secunia) C:\Users\Larry\Downloads\PSISetup.exe
2012-07-11 08:24 - 2010-04-06 19:12 - 00883270 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-11 08:17 - 2010-06-14 18:14 - 00000884 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-09 15:55 - 2012-04-22 14:22 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-07-09 15:55 - 2011-06-01 05:00 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-07-09 15:47 - 2012-07-09 15:47 - 00040536 ____A C:\Users\Larry\Documents\bookmark.htm
2012-07-08 17:27 - 2012-03-29 06:58 - 00063488 ____A C:\Users\Larry\Desktop\flight_deck_productions_v2.xls
2012-07-05 13:31 - 2012-07-05 13:24 - 00769765 ____A C:\Users\Larry\Desktop\ram_banner.psd
2012-07-04 06:55 - 2009-07-13 20:53 - 00032606 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-01 14:21 - 2012-07-01 14:20 - 92414437 ____A C:\Users\Larry\Downloads\PokemonInstaller.msi.part
2012-06-28 13:56 - 2010-04-07 05:10 - 00001946 ____A C:\Users\Public\Desktop\FileZilla Client.lnk
2012-06-28 07:53 - 2012-06-28 07:53 - 00001291 ____A C:\Users\Larry\Desktop\Pokémon Trading Card Game Online.lnk
2012-06-27 07:10 - 2012-06-27 06:39 - 00000531 ____A C:\Users\Larry\Desktop\New Text Document (3).txt
2012-06-27 07:08 - 2012-06-27 06:46 - 00872945 ____A C:\Users\Larry\Desktop\chris_s_banner.psd
2012-06-26 09:19 - 2012-06-26 09:19 - 03941464 ____A (NCH Software) C:\Users\Larry\Downloads\vpsetup.exe
2012-06-26 09:19 - 2012-06-26 09:19 - 00001104 ____A C:\Users\Public\Desktop\VideoPad Video Editor.lnk
2012-06-25 17:58 - 2012-02-29 10:13 - 00601088 ____A C:\Users\Larry\AppData\Roaming\SharedSettings.ccs
2012-06-20 07:05 - 2012-06-20 07:02 - 266433120 ____A (Microsoft Corporation) C:\Users\Larry\Desktop\SharePointDesigner.exe
2012-06-19 19:06 - 2012-06-19 19:06 - 00145824 ____A C:\Windows\Minidump\061912-17768-01.dmp
2012-06-15 05:16 - 2010-04-07 05:09 - 00000600 ____A C:\Users\Larry\AppData\Roaming\winscp.rnd
2012-06-14 08:29 - 2012-06-14 08:29 - 00001753 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-06-06 17:24 - 2012-06-06 17:24 - 00001119 ____A C:\Users\Public\Desktop\Youda Fisherman.lnk
2012-05-31 07:21 - 2012-05-31 07:21 - 00002135 ____A C:\Users\Public\Desktop\CoffeeCup Web Form Builder.lnk
2012-05-30 16:43 - 2011-04-25 11:47 - 00710614 ____A C:\Users\Larry\.spyglass.properties
2012-05-03 16:08 - 2012-05-03 16:09 - 00476960 ____A (Sun Microsystems, Inc.) C:\Windows\System32\npdeployJava1.dll
2012-05-03 16:08 - 2012-05-03 16:09 - 00157472 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaws.exe
2012-05-03 16:08 - 2012-05-03 16:09 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaw.exe
2012-05-03 16:08 - 2012-05-03 16:09 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\System32\java.exe
2012-05-03 16:08 - 2010-07-23 19:36 - 00472864 ____A (Sun Microsystems, Inc.) C:\Windows\System32\deployJava1.dll
2012-04-20 07:20 - 2012-04-20 07:20 - 05336524 ____A C:\Users\Larry\Desktop\zen-cart-v150-full-release-12302011.zip
2012-04-17 14:41 - 2012-04-17 16:36 - 620404512 ____A C:\Users\Larry\Desktop\Movie_00_(lc_trailer_041712).m2t
2012-04-17 06:20 - 2012-04-17 16:59 - 00768848 ____A (Microsoft Corporation) C:\Windows\system32msvcr100.dll
ZeroAccess:
C:\Windows\Installer\{6d140813-27e3-a1dd-a8ac-2515ee19e2fb}
C:\Windows\Installer\{6d140813-27e3-a1dd-a8ac-2515ee19e2fb}\@
C:\Windows\Installer\{6d140813-27e3-a1dd-a8ac-2515ee19e2fb}\L
C:\Windows\Installer\{6d140813-27e3-a1dd-a8ac-2515ee19e2fb}\U
C:\Windows\Installer\{6d140813-27e3-a1dd-a8ac-2515ee19e2fb}\L\00000004.@
C:\Windows\Installer\{6d140813-27e3-a1dd-a8ac-2515ee19e2fb}\L\1afb2d56
C:\Windows\Installer\{6d140813-27e3-a1dd-a8ac-2515ee19e2fb}\L\201d3dde
C:\Windows\Installer\{6d140813-27e3-a1dd-a8ac-2515ee19e2fb}\U\00000004.@
C:\Windows\Installer\{6d140813-27e3-a1dd-a8ac-2515ee19e2fb}\U\00000008.@
C:\Windows\Installer\{6d140813-27e3-a1dd-a8ac-2515ee19e2fb}\U\000000cb.@
C:\Windows\Installer\{6d140813-27e3-a1dd-a8ac-2515ee19e2fb}\U\80000000.@
C:\Windows\Installer\{6d140813-27e3-a1dd-a8ac-2515ee19e2fb}\U\80000032.@
ZeroAccess:
C:\Users\Larry\AppData\Local\{6d140813-27e3-a1dd-a8ac-2515ee19e2fb}
C:\Users\Larry\AppData\Local\{6d140813-27e3-a1dd-a8ac-2515ee19e2fb}\@
C:\Users\Larry\AppData\Local\{6d140813-27e3-a1dd-a8ac-2515ee19e2fb}\L
C:\Users\Larry\AppData\Local\{6d140813-27e3-a1dd-a8ac-2515ee19e2fb}\U
ZeroAccess:
C:\Windows\assembly\GAC\Desktop.ini
========================= Known DLLs (Whitelisted) ============
========================= Bamital & volsnap Check ============
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe A302BBFF2A7278C0E239EE5D471D86A9 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
========================= Memory info ======================
Percentage of memory in use: 18%
Total physical RAM: 4086.04 MB
Available physical RAM: 3323.21 MB
Total Pagefile: 4084.32 MB
Available Pagefile: 3327.22 MB
Total Virtual: 2047.88 MB
Available Virtual: 1968.7 MB
======================= Partitions =========================
1 Drive c: () (Fixed) (Total:297.99 GB) (Free:6.64 GB) NTFS
3 Drive f: () (Removable) (Total:7.52 GB) (Free:1.53 GB) FAT32
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 7712 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 297 GB 101 MB
==================================================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy
==================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 297 GB Healthy
==================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7711 MB 31 KB
==================================================================================
Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FAT32 Removable 7711 MB Healthy
==================================================================================
==========================================================
Last Boot: 2012-07-09 09:17
======================= End Of Log ==========================
Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 10-07-2012
Ran by SYSTEM at 11-07-2012 13:07:27
Running from F:\
Windows 7 Professional (X86) OS Language: English(US)
The current controlset is ControlSet001
========================== Registry (Whitelisted) =============
HKLM\...\Run: [] [x]
HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [167936 2007-10-25] (Alps Electric Co., Ltd.)
HKLM\...\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s [118784 2007-07-27] (Creative Technology Ltd.)
HKLM\...\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe [36864 2007-05-09] (Creative Technology Ltd.)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [141848 2009-09-23] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [173592 2009-09-23] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [150552 2009-09-23] (Intel Corporation)
HKLM\...\Run: [Freecorder FLV Service] "C:\Program Files\Freecorder\FLVSrvc.exe" /run [167936 2011-03-23] (Applian Technologies, Inc.)
HKLM\...\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1230704 2011-03-21] ()
HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice [2215064 2010-08-12] (ESET)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKU\Larry\...\Run: [Desktop Software] "C:\Program Files\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden [x]
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\ImageMixer 3 SE Camera Monitor Ver.5.lnk
ShortcutTarget: ImageMixer 3 SE Camera Monitor Ver.5.lnk -> C:\Program Files\PIXELA\ImageMixer 3 SE Ver.5\Transfer Utility\CameraMonitor.exe (PIXELA CORPORATION)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
================================ Services (Whitelisted) ==================
2 CrossLoopService; "C:\Users\Larry\AppData\Local\CrossLoop\CrossLoopService.exe" --service [560792 2010-03-15] (CrossLoop Inc)
3 EhttpSrv; "C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe" [33584 2010-08-12] (ESET)
2 ekrn; "C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe" [810144 2010-08-12] (ESET)
2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
2 MsDepSvc; "C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe" -runService:MsDepSvc [67400 2011-04-01] (Microsoft Corporation)
2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [75064 2010-04-19] ()
4 QBCFMonitorService; "C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe" [20480 2009-09-16] (Intuit)
3 QBFCService; "C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe" [65536 2006-11-09] (Intuit Inc.)
3 Samsung UPD Service; "C:\Windows\System32\SUPDSvc.exe" [131888 2010-08-08] (Samsung Electronics CO., LTD.)
2 Secunia PSI Agent; "C:\Program Files\Secunia\PSI\PSIA.exe" --start-service [1326176 2012-06-26] (Secunia)
2 Secunia Update Agent; "C:\Program Files\Secunia\PSI\sua.exe" --start-service [681056 2012-06-26] (Secunia)
3 uvnc_service; "C:\Users\Larry\AppData\Local\CrossLoop\winvnc.exe" -service [1590216 2009-12-06] (UltraVNC)
2 MSSQL$SQLEXPRESS; "c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS [x]
4 MSSQLServerADHelper100; "c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE" [x]
4 NetMsmqActivator; "c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator [x]
4 NetPipeActivator; c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [x]
4 NetTcpActivator; c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [x]
4 NetTcpPortSharing; c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [x]
4 SQLAgent$SQLEXPRESS; "c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE" -I SQLEXPRESS [x]
4 SQLBrowser; "c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe" [x]
2 SQLWriter; "c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [x]
========================== Drivers (Whitelisted) =============
2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [136632 2010-07-29] (ESET)
1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [115008 2010-07-29] (ESET)
2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [96920 2010-07-29] (ESET)
3 IntcHdmiAddService; C:\Windows\System32\drivers\IntcHdmi.sys [122880 2009-07-10] (Intel(R) Corporation)
3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-08] (Microsoft Corporation)
3 PSI; C:\Windows\System32\DRIVERS\psi_mf.sys [15544 2011-12-16] (Secunia)
4 RsFx0102; C:\Windows\System32\DRIVERS\RsFx0102.sys [242712 2008-07-09] (Microsoft Corporation)
3 WsAudio_DeviceS(1); C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys [16640 2009-09-03] (Wondershare)
3 NSNDIS5; \??\C:\Windows\system32\NSNDIS5.SYS [x]
3 RimUsb; C:\Windows\System32\Drivers\RimUsb.sys [x]
========================== NetSvcs (Whitelisted) ===========
============ One Month Created Files and Folders ==============
2012-07-11 13:07 - 2012-07-11 13:07 - 00000000 ____D C:\FRST
2012-07-11 08:45 - 2012-07-11 08:46 - 00890230 ____A (Farbar) C:\Users\Larry\Desktop\FRST.exe
2012-07-11 08:34 - 2012-07-11 08:34 - 00000000 ____D C:\Users\Larry\AppData\Local\Secunia PSI
2012-07-11 08:33 - 2012-07-11 08:33 - 03281592 ____A (Secunia) C:\Users\Larry\Downloads\PSISetup.exe
2012-07-11 08:33 - 2012-07-11 08:33 - 00000000 ____D C:\Program Files\Secunia
2012-07-10 17:48 - 2012-07-10 17:48 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-07-09 15:55 - 2012-07-11 09:00 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-09 15:55 - 2012-07-09 15:55 - 00000000 ____D C:\Users\Larry\AppData\Local\Macromedia
2012-07-09 15:47 - 2012-07-09 15:47 - 00040536 ____A C:\Users\Larry\Documents\bookmark.htm
2012-07-05 17:52 - 2012-07-08 19:06 - 00000000 ____D C:\Users\Larry\Desktop\4th of July 2012
2012-07-05 13:24 - 2012-07-05 13:31 - 00769765 ____A C:\Users\Larry\Desktop\ram_banner.psd
2012-07-01 14:20 - 2012-07-01 14:21 - 92414437 ____A C:\Users\Larry\Downloads\PokemonInstaller.msi.part
2012-06-28 13:56 - 2012-06-28 13:56 - 00000000 ____D C:\Program Files\FileZilla FTP Client
2012-06-28 07:53 - 2012-07-02 11:26 - 00000000 ____D C:\Users\Larry\AppData\Roaming\Pokémon Trading Card Game Online
2012-06-28 07:53 - 2012-06-28 07:53 - 00001291 ____A C:\Users\Larry\Desktop\Pokémon Trading Card Game Online.lnk
2012-06-27 06:46 - 2012-06-27 07:08 - 00872945 ____A C:\Users\Larry\Desktop\chris_s_banner.psd
2012-06-27 06:39 - 2012-06-27 07:10 - 00000531 ____A C:\Users\Larry\Desktop\New Text Document (3).txt
2012-06-26 09:19 - 2012-06-26 09:32 - 00000000 ____D C:\Users\Larry\AppData\Roaming\NCH Software
2012-06-26 09:19 - 2012-06-26 09:19 - 03941464 ____A (NCH Software) C:\Users\Larry\Downloads\vpsetup.exe
2012-06-26 09:19 - 2012-06-26 09:19 - 00001104 ____A C:\Users\Public\Desktop\VideoPad Video Editor.lnk
2012-06-26 09:19 - 2012-06-26 09:19 - 00000000 ____D C:\Users\All Users\NCH Software
2012-06-26 09:19 - 2012-06-26 09:19 - 00000000 ____D C:\Program Files\NCH Software
2012-06-24 18:40 - 2012-06-25 08:29 - 00000000 ____D C:\Users\Larry\Desktop\Airplane 062412
2012-06-20 08:31 - 2012-06-20 08:31 - 00000000 ____D C:\usr
2012-06-20 08:31 - 2012-06-20 08:31 - 00000000 ____D C:\Users\All Users\Paessler
2012-06-20 08:30 - 2012-06-20 09:18 - 00000000 ____D C:\Program Files\PRTG Network Monitor
2012-06-20 08:30 - 2012-06-20 08:30 - 00000000 ____D C:\Users\All Users\Licenses
2012-06-20 08:08 - 2012-06-20 08:08 - 00000000 ____D C:\Users\Larry\AppData\Roaming\SolarWinds
2012-06-20 08:07 - 2012-06-20 08:07 - 00000000 ____D C:\Users\Larry\AppData\Local\Downloaded Installations
2012-06-20 07:02 - 2012-06-20 07:05 - 266433120 ____A (Microsoft Corporation) C:\Users\Larry\Desktop\SharePointDesigner.exe
2012-06-19 19:06 - 2012-06-19 19:06 - 00145824 ____A C:\Windows\Minidump\061912-17768-01.dmp
2012-06-14 08:29 - 2012-06-14 08:29 - 00001753 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-06-14 08:28 - 2012-06-14 08:29 - 00000000 ____D C:\Program Files\iTunes
2012-06-14 08:28 - 2012-06-14 08:28 - 00000000 ____D C:\Program Files\iPod
============ 3 Months Modified Files ========================
2012-07-11 09:00 - 2012-07-09 15:55 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-11 09:00 - 2010-04-06 19:08 - 01737091 ____A C:\Windows\WindowsUpdate.log
2012-07-11 09:00 - 2009-07-13 20:34 - 00019696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-11 09:00 - 2009-07-13 20:34 - 00019696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-11 08:56 - 2012-03-14 16:25 - 00006474 ____A C:\Windows\PFRO.log
2012-07-11 08:56 - 2012-03-08 16:21 - 00023802 ____A C:\Windows\setupact.log
2012-07-11 08:56 - 2010-06-14 18:14 - 00000880 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-11 08:56 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-11 08:46 - 2012-07-11 08:45 - 00890230 ____A (Farbar) C:\Users\Larry\Desktop\FRST.exe
2012-07-11 08:33 - 2012-07-11 08:33 - 03281592 ____A (Secunia) C:\Users\Larry\Downloads\PSISetup.exe
2012-07-11 08:24 - 2010-04-06 19:12 - 00883270 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-11 08:17 - 2010-06-14 18:14 - 00000884 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-09 15:55 - 2012-04-22 14:22 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-07-09 15:55 - 2011-06-01 05:00 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-07-09 15:47 - 2012-07-09 15:47 - 00040536 ____A C:\Users\Larry\Documents\bookmark.htm
2012-07-08 17:27 - 2012-03-29 06:58 - 00063488 ____A C:\Users\Larry\Desktop\flight_deck_productions_v2.xls
2012-07-05 13:31 - 2012-07-05 13:24 - 00769765 ____A C:\Users\Larry\Desktop\ram_banner.psd
2012-07-04 06:55 - 2009-07-13 20:53 - 00032606 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-01 14:21 - 2012-07-01 14:20 - 92414437 ____A C:\Users\Larry\Downloads\PokemonInstaller.msi.part
2012-06-28 13:56 - 2010-04-07 05:10 - 00001946 ____A C:\Users\Public\Desktop\FileZilla Client.lnk
2012-06-28 07:53 - 2012-06-28 07:53 - 00001291 ____A C:\Users\Larry\Desktop\Pokémon Trading Card Game Online.lnk
2012-06-27 07:10 - 2012-06-27 06:39 - 00000531 ____A C:\Users\Larry\Desktop\New Text Document (3).txt
2012-06-27 07:08 - 2012-06-27 06:46 - 00872945 ____A C:\Users\Larry\Desktop\chris_s_banner.psd
2012-06-26 09:19 - 2012-06-26 09:19 - 03941464 ____A (NCH Software) C:\Users\Larry\Downloads\vpsetup.exe
2012-06-26 09:19 - 2012-06-26 09:19 - 00001104 ____A C:\Users\Public\Desktop\VideoPad Video Editor.lnk
2012-06-25 17:58 - 2012-02-29 10:13 - 00601088 ____A C:\Users\Larry\AppData\Roaming\SharedSettings.ccs
2012-06-20 07:05 - 2012-06-20 07:02 - 266433120 ____A (Microsoft Corporation) C:\Users\Larry\Desktop\SharePointDesigner.exe
2012-06-19 19:06 - 2012-06-19 19:06 - 00145824 ____A C:\Windows\Minidump\061912-17768-01.dmp
2012-06-15 05:16 - 2010-04-07 05:09 - 00000600 ____A C:\Users\Larry\AppData\Roaming\winscp.rnd
2012-06-14 08:29 - 2012-06-14 08:29 - 00001753 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-06-06 17:24 - 2012-06-06 17:24 - 00001119 ____A C:\Users\Public\Desktop\Youda Fisherman.lnk
2012-05-31 07:21 - 2012-05-31 07:21 - 00002135 ____A C:\Users\Public\Desktop\CoffeeCup Web Form Builder.lnk
2012-05-30 16:43 - 2011-04-25 11:47 - 00710614 ____A C:\Users\Larry\.spyglass.properties
2012-05-03 16:08 - 2012-05-03 16:09 - 00476960 ____A (Sun Microsystems, Inc.) C:\Windows\System32\npdeployJava1.dll
2012-05-03 16:08 - 2012-05-03 16:09 - 00157472 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaws.exe
2012-05-03 16:08 - 2012-05-03 16:09 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaw.exe
2012-05-03 16:08 - 2012-05-03 16:09 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\System32\java.exe
2012-05-03 16:08 - 2010-07-23 19:36 - 00472864 ____A (Sun Microsystems, Inc.) C:\Windows\System32\deployJava1.dll
2012-04-20 07:20 - 2012-04-20 07:20 - 05336524 ____A C:\Users\Larry\Desktop\zen-cart-v150-full-release-12302011.zip
2012-04-17 14:41 - 2012-04-17 16:36 - 620404512 ____A C:\Users\Larry\Desktop\Movie_00_(lc_trailer_041712).m2t
2012-04-17 06:20 - 2012-04-17 16:59 - 00768848 ____A (Microsoft Corporation) C:\Windows\system32msvcr100.dll
ZeroAccess:
C:\Windows\Installer\{6d140813-27e3-a1dd-a8ac-2515ee19e2fb}
C:\Windows\Installer\{6d140813-27e3-a1dd-a8ac-2515ee19e2fb}\@
C:\Windows\Installer\{6d140813-27e3-a1dd-a8ac-2515ee19e2fb}\L
C:\Windows\Installer\{6d140813-27e3-a1dd-a8ac-2515ee19e2fb}\U
C:\Windows\Installer\{6d140813-27e3-a1dd-a8ac-2515ee19e2fb}\L\00000004.@
C:\Windows\Installer\{6d140813-27e3-a1dd-a8ac-2515ee19e2fb}\L\1afb2d56
C:\Windows\Installer\{6d140813-27e3-a1dd-a8ac-2515ee19e2fb}\L\201d3dde
C:\Windows\Installer\{6d140813-27e3-a1dd-a8ac-2515ee19e2fb}\U\00000004.@
C:\Windows\Installer\{6d140813-27e3-a1dd-a8ac-2515ee19e2fb}\U\00000008.@
C:\Windows\Installer\{6d140813-27e3-a1dd-a8ac-2515ee19e2fb}\U\000000cb.@
C:\Windows\Installer\{6d140813-27e3-a1dd-a8ac-2515ee19e2fb}\U\80000000.@
C:\Windows\Installer\{6d140813-27e3-a1dd-a8ac-2515ee19e2fb}\U\80000032.@
ZeroAccess:
C:\Users\Larry\AppData\Local\{6d140813-27e3-a1dd-a8ac-2515ee19e2fb}
C:\Users\Larry\AppData\Local\{6d140813-27e3-a1dd-a8ac-2515ee19e2fb}\@
C:\Users\Larry\AppData\Local\{6d140813-27e3-a1dd-a8ac-2515ee19e2fb}\L
C:\Users\Larry\AppData\Local\{6d140813-27e3-a1dd-a8ac-2515ee19e2fb}\U
ZeroAccess:
C:\Windows\assembly\GAC\Desktop.ini
========================= Known DLLs (Whitelisted) ============
========================= Bamital & volsnap Check ============
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe A302BBFF2A7278C0E239EE5D471D86A9 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
========================= Memory info ======================
Percentage of memory in use: 18%
Total physical RAM: 4086.04 MB
Available physical RAM: 3323.21 MB
Total Pagefile: 4084.32 MB
Available Pagefile: 3327.22 MB
Total Virtual: 2047.88 MB
Available Virtual: 1968.7 MB
======================= Partitions =========================
1 Drive c: () (Fixed) (Total:297.99 GB) (Free:6.64 GB) NTFS
3 Drive f: () (Removable) (Total:7.52 GB) (Free:1.53 GB) FAT32
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 7712 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 297 GB 101 MB
==================================================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy
==================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 297 GB Healthy
==================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7711 MB 31 KB
==================================================================================
Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FAT32 Removable 7711 MB Healthy
==================================================================================
==========================================================
Last Boot: 2012-07-09 09:17
======================= End Of Log ==========================