Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-02-2013 Ran by SYSTEM at 13-02-2013 14:19:48 Running from G:\ Windows 7 Professional (X64) OS Language: English(US) The current controlset is ControlSet001 ==================== Registry (Whitelisted) =================== HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-03-30] (Adobe Systems Incorporated) HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [112512 2010-03-13] (Microsoft Corporation) HKLM-x32\...\Run: [tvncontrol] "C:\Program Files (x86)\TightVNC\tvnserver.exe" -controlservice -slave [815704 2010-07-08] (GlavSoft LLC.) HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin [1523360 2011-01-12] (Adobe Systems Incorporated) HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.) HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe" [103536 2011-11-13] (VMware, Inc.) HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-09-09] (Apple Inc.) HKLM-x32\...\Run: [PSUAMain] "C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" /LaunchSysTray [32032 2012-11-14] (Panda Security, S.L.) HKLM-x32\...\Run: [Adobe] C:\ProgramData\Adobe\3F549D81.vbe [7300 2012-11-10] () HKU\bross\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [1305408 2011-01-20] (DT Soft Ltd) HKU\bross\...\Run: [Google Update] "C:\Users\bross\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-04-04] (Google Inc.) HKU\bross\...\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" [399736 2011-04-06] (BitTorrent, Inc.) HKU\bross\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1354736 2012-12-12] (Valve Corporation) HKU\bross\...\Run: [ComcastAntispyClient] "C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" /hide [1589208 2009-08-19] () HKU\bross\...\Run: [Gadwin PrintScreen] C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash [487424 2011-05-03] (Gadwin Systems, Inc) HKU\bross\...\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_Plugin.exe -update plugin [692152 2012-10-09] (Adobe Systems Incorporated) HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation) HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [462408 2012-04-04] (Malwarebytes Corporation) HKLM-x32\...\RunOnce: [InnoSetupRegFile.0000000001] "C:\Windows\is-L87GL.exe" /REG /REGSVRMODE [710504 2013-01-28] () HKLM-x32\...\Winlogon: [Userinit] c:\windows\syswow64\userinit.exe, [x] Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{AC155E66-C3F3-481E-B14B-058FA380482C}: [NameServer]194.168.0.92,10.41.1.10 SubSystems: [Windows] ATTENTION! ====> ZeroAccess Startup: C:\Users\All Users\Start Menu\Programs\Startup\UltraMon.lnk ShortcutTarget: UltraMon.lnk -> C:\Windows\Installer\{537056B7-32A4-4408-9B54-0341963C7C9C}\IcoUltraMon.ico () Startup: C:\Users\All Users\Start Menu\Programs\Startup\vpngui.exe.lnk ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe () Startup: C:\Users\bross\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> (No File) Startup: C:\Users\bross\Start Menu\Programs\Startup\EvernoteClipper.lnk ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) Startup: C:\Users\bross\Start Menu\Programs\Startup\VirtuaWin.lnk ShortcutTarget: VirtuaWin.lnk -> C:\Program Files (x86)\VirtuaWin\VirtuaWin.exe (VirtuaWin) ==================== Services (Whitelisted) =================== 2 AntiSpywareService; C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [616408 2009-06-17] () 2 ITMRTSVC; "C:\Program Files (x86)\CA\PPRT\bin\ITMRTSVC.exe" [283912 2007-09-26] (CA, Inc.) 2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation) 2 MsDtsServer100; "C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe" [210784 2011-04-23] (Microsoft Corporation) 2 MSSQLSERVER; "C:\Program Files\Microsoft SQL Server\MSSQL10_50.BLUESQL\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER [61916000 2011-04-23] (Microsoft Corporation) 2 NanoServiceMain; "C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe" [140064 2012-11-12] (Panda Security, S.L.) 2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2013-01-19] () 2 PSUAService; "C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe" [36640 2012-11-14] (Panda Security, S.L.) 2 ReportServer; "C:\Program Files\Microsoft SQL Server\MSRS10_50.BLUESQL\Reporting Services\ReportServer\bin\ReportingServicesService.exe" [2175328 2011-04-23] (Microsoft Corporation) 3 SQLSERVERAGENT; "C:\Program Files\Microsoft SQL Server\MSSQL10_50.BLUESQL\MSSQL\Binn\SQLAGENT.EXE" -i MSSQLSERVER [428384 2011-04-23] (Microsoft Corporation) 2 tvnserver; "C:\Program Files (x86)\TightVNC\tvnserver.exe" -service [815704 2010-07-08] (GlavSoft LLC.) 2 VMwareHostd; "C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe" -u "C:\ProgramData\VMware\hostd\config.xml" [31995 2012-08-09] () 3 MSSQLFDLauncher; "C:\Program Files\Microsoft SQL Server\MSSQL10_50.BLUESQL\MSSQL\Binn\fdlauncher.exe" -s MSSQL10_50.BLUESQL [x] 2 MSSQLServerOLAPService; "C:\Program Files\Microsoft SQL Server\MSAS10_50.BLUESQL\OLAP\bin\msmdsrv.exe" -s "C:\Program Files\Microsoft SQL Server\MSAS10_50.BLUESQL\OLAP\Config" [x] ==================== Drivers (Whitelisted) ===================== 3 CVPNDRVA; C:\Windows\System32\Drivers\CVPNDRVA.sys [304784 2010-03-23] () 1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [254528 2011-04-03] (DT Soft Ltd) 3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation) 3 ncplelhp; C:\Windows\System32\Drivers\ncplelhp.sys [151312 2010-07-06] (NCP Engineering GmbH) 1 NNSALPC; C:\Windows\System32\Drivers\NNSALPC.sys [127016 2012-11-09] (Panda Security, S.L.) 1 NNSHTTP; C:\Windows\System32\Drivers\NNSHTTP.sys [136232 2012-11-09] (Panda Security, S.L.) 1 NNSIDS; C:\Windows\System32\Drivers\NNSIDS.sys [154152 2012-11-09] (Panda Security, S.L.) 1 NNSNAHSL; C:\Windows\System32\Drivers\NNSNAHSL.sys [33320 2012-10-22] (Panda Security, S.L.) 1 NNSPICC; C:\Windows\System32\Drivers\NNSPICC.sys [134696 2012-11-09] (Panda Security, S.L.) 4 NNSPIHSW; C:\Windows\System32\Drivers\NNSPIHSW.sys [83496 2012-11-09] (Panda Security, S.L.) 1 NNSPOP3; C:\Windows\System32\Drivers\NNSPOP3.sys [139304 2012-11-09] (Panda Security, S.L.) 1 NNSPROT; C:\Windows\System32\Drivers\NNSPROT.sys [397864 2012-11-09] (Panda Security, S.L.) 1 NNSPRV; C:\Windows\System32\Drivers\NNSPRV.sys [150568 2012-11-09] (Panda Security, S.L.) 1 NNSSMTP; C:\Windows\System32\Drivers\NNSSMTP.sys [135208 2012-11-09] (Panda Security, S.L.) 1 NNSSTRM; C:\Windows\System32\Drivers\NNSSTRM.sys [291368 2012-11-09] (Panda Security, S.L.) 1 NNSTLSC; C:\Windows\System32\Drivers\NNSTLSC.sys [148520 2012-11-09] (Panda Security, S.L.) 2 npf; C:\Windows\System32\Drivers\npf.sys [35344 2012-11-29] (CACE Technologies, Inc.) 0 PsBoot; C:\Windows\System32\Drivers\PsBoot.sys [37248 2012-10-19] (Panda Security, S.L.) 2 PSINAflt; C:\Windows\System32\Drivers\PSINAflt.sys [167976 2012-11-09] (Panda Security, S.L.) 2 PSINFile; C:\Windows\System32\Drivers\PSINFile.sys [119848 2012-11-09] (Panda Security, S.L.) 1 PSINKNC; C:\Windows\System32\Drivers\PSINKNC.sys [204328 2012-11-09] (Panda Security, S.L.) 2 PSINProc; C:\Windows\System32\Drivers\PSINProc.sys [123944 2012-11-09] (Panda Security, S.L.) 2 PSINProt; C:\Windows\System32\Drivers\PSINProt.sys [133160 2012-11-09] (Panda Security, S.L.) 3 PSKMAD; C:\Windows\System32\Drivers\PSKMAD.sys [58360 2012-11-07] (Panda Security, S.L.) 3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [x] ==================== NetSvcs (Whitelisted) ==================== ==================== One Month Created Files and Folders ======== 2013-02-07 17:52 - 2013-02-13 13:29 - 00000000 ____D C:\Program Files (x86)\Microsoft Chart Controls 2013-02-06 01:55 - 2013-02-13 00:00 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2341011768-3352773198-1613087345-1001UA.job 2013-02-06 01:55 - 2013-02-12 02:00 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2341011768-3352773198-1613087345-1001Core.job 2013-01-31 19:52 - 2013-02-13 13:29 - 00000000 ____D C:\Users\bross\AppData\Local\Unity 2013-01-31 19:51 - 2013-01-31 19:51 - 00642352 ____A (Unity Technologies ApS) C:\Users\bross\Downloads\UnityWebPlayer.exe 2013-01-28 17:45 - 2013-01-28 17:45 - 00710504 ____A C:\Windows\is-L87GL.exe 2013-01-28 17:45 - 2013-01-28 17:45 - 00011277 ____A C:\Windows\is-L87GL.msg 2013-01-28 17:45 - 2013-01-28 17:45 - 00000392 ____A C:\Windows\is-L87GL.lst 2013-01-21 13:25 - 2013-01-21 13:40 - 00000000 ____D C:\Program Files (x86)\Call of Duty Black Ops 2 2013-01-19 13:26 - 2013-01-19 13:26 - 00000000 ____D C:\Users\All Users\Ubisoft 2013-01-19 08:38 - 2013-01-19 08:38 - 00000000 ____D C:\Users\bross\AppData\Roaming\PunkBuster 2013-01-18 18:21 - 2013-02-13 13:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-01-14 21:43 - 2013-01-04 07:53 - 09060864 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-01-14 21:43 - 2013-01-04 07:32 - 06029824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll ==================== One Month Modified Files and Folders ======= 2013-02-13 14:19 - 2013-02-13 14:19 - 00000000 ____D C:\FRST 2013-02-13 13:30 - 2011-04-17 16:33 - 00000000 ____D C:\users\SQL 2013-02-13 13:30 - 2011-04-03 08:41 - 00000000 ____D C:\users\bross 2013-02-13 13:29 - 2013-02-07 17:52 - 00000000 ____D C:\Program Files (x86)\Microsoft Chart Controls 2013-02-13 13:29 - 2013-01-31 19:52 - 00000000 ____D C:\Users\bross\AppData\Local\Unity 2013-02-13 13:29 - 2012-04-25 14:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-02-13 13:29 - 2012-01-07 10:44 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-02-13 13:29 - 2011-04-06 15:30 - 00000000 ____D C:\Users\bross\AppData\Roaming\uTorrent 2013-02-13 13:29 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration 2013-02-13 13:29 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat 2013-02-13 13:29 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared 2013-02-13 13:28 - 2013-01-18 18:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-02-13 10:35 - 2009-07-13 23:45 - 00000000 ___RD C:\Users\Public\Recorded TV 2013-02-13 00:00 - 2013-02-06 01:55 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2341011768-3352773198-1613087345-1001UA.job 2013-02-13 00:00 - 2011-04-03 08:41 - 02014964 ____A C:\Windows\WindowsUpdate.log 2013-02-12 23:22 - 2012-08-06 12:40 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-02-12 18:30 - 2011-04-03 19:09 - 00002054 ___AH C:\Users\bross\Documents\Default.rdp 2013-02-12 02:00 - 2013-02-06 01:55 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2341011768-3352773198-1613087345-1001Core.job 2013-02-08 19:08 - 2009-12-04 16:42 - 00000000 ____D C:\Movies 2013-02-07 17:52 - 2012-02-18 16:03 - 00143347 ____A C:\Windows\DirectX.log 2013-02-06 18:37 - 2011-07-14 15:49 - 00000000 ____D C:\Users\bross\foo-tmp 2013-02-01 20:00 - 2012-12-24 20:05 - 00000000 ____D C:\Users\bross\.zenmap 2013-01-31 19:51 - 2013-01-31 19:51 - 00642352 ____A (Unity Technologies ApS) C:\Users\bross\Downloads\UnityWebPlayer.exe 2013-01-28 17:45 - 2013-01-28 17:45 - 00710504 ____A C:\Windows\is-L87GL.exe 2013-01-28 17:45 - 2013-01-28 17:45 - 00011277 ____A C:\Windows\is-L87GL.msg 2013-01-28 17:45 - 2013-01-28 17:45 - 00000392 ____A C:\Windows\is-L87GL.lst 2013-01-26 15:36 - 2011-04-21 17:06 - 00000000 ____D C:\Users\bross\Documents\ted 2013-01-21 14:04 - 2011-04-29 19:24 - 00000000 ____D C:\Users\bross\AppData\Local\SKIDROW 2013-01-21 13:40 - 2013-01-21 13:25 - 00000000 ____D C:\Program Files (x86)\Call of Duty Black Ops 2 2013-01-21 13:40 - 2011-05-09 17:39 - 00000000 ___HD C:\Users\All Users\Adobe 2013-01-19 13:26 - 2013-01-19 13:26 - 00000000 ____D C:\Users\All Users\Ubisoft 2013-01-19 08:38 - 2013-01-19 08:38 - 00000000 ____D C:\Users\bross\AppData\Roaming\PunkBuster 2013-01-19 08:38 - 2013-01-13 15:41 - 00075136 ____A C:\Windows\SysWOW64\PnkBstrA.exe 2013-01-19 08:22 - 2012-12-12 19:32 - 00000000 ____D C:\Program Files (x86)\Ubisoft 2013-01-19 08:22 - 2011-04-03 19:26 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2013-01-17 14:40 - 2011-05-15 16:11 - 00000000 ____D C:\Program Files (x86)\Steam ZeroAccess: C:\Windows\assembly\GAC_32\Desktop.ini ZeroAccess: C:\Windows\assembly\GAC_64\Desktop.ini ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-01-26 16:04:41 Restore point made on: 2013-02-03 17:43:23 Restore point made on: 2013-02-07 17:52:04 Restore point made on: 2013-02-09 00:00:48 Restore point made on: 2013-02-12 18:31:30 Restore point made on: 2013-02-13 00:00:34 ==================== Memory info =========================== Percentage of memory in use: 10% Total physical RAM: 8190.49 MB Available physical RAM: 7325.68 MB Total Pagefile: 8188.64 MB Available Pagefile: 7326.55 MB Total Virtual: 8192 MB Available Virtual: 8191.87 MB ==================== Partitions ============================= 2 Drive c: () (Fixed) (Total:837.83 GB) (Free:23.64 GB) NTFS 3 Drive e: (Backups) (Fixed) (Total:186.3 GB) (Free:7.8 GB) NTFS 4 Drive f: (GRMCPRXFREO_EN_DVD) (CDROM) (Total:3 GB) (Free:0 GB) UDF 5 Drive g: (KINGSTON) (Removable) (Total:0.96 GB) (Free:0.61 GB) FAT 6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS 7 Drive y: (Data) (Fixed) (Total:931.51 GB) (Free:5.27 GB) NTFS ==>[System with boot components (obtained from reading drive)] Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 931 GB 0 B Disk 1 Online 931 GB 1024 KB Disk 2 Online 186 GB 9 MB Disk 3 Online 983 MB 0 B Partitions of Disk 0: =============== Disk ID: E3F1C1EF Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 931 GB 31 KB ================================================================================== Disk: 0 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 Y Data NTFS Partition 931 GB Healthy ========================================================= Partitions of Disk 1: =============== Disk ID: 54F5A3E0 Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 837 GB 1024 KB Partition 0 Extended 93 GB 837 GB Partition 2 Logical 89 GB 837 GB Partition 3 Logical 4093 MB 927 GB ================================================================================== Disk: 1 Partition 1 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C NTFS Partition 837 GB Healthy ========================================================= Disk: 1 Partition 2 Type : 83 Hidden: Yes Active: No There is no volume associated with this partition. ========================================================= Disk: 1 Partition 3 Type : 82 Hidden: Yes Active: No There is no volume associated with this partition. ========================================================= Partitions of Disk 2: =============== Disk ID: 0AE30AE2 Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 186 GB 31 KB ================================================================================== Disk: 2 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 E Backups NTFS Partition 186 GB Healthy ========================================================= Partitions of Disk 3: =============== Disk ID: 00000000 Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 983 MB 16 KB ================================================================================== Disk: 3 Partition 1 Type : 0E Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 G KINGSTON FAT Removable 983 MB Healthy ========================================================= Last Boot: 2013-02-03 17:36 ==================== End Of Log =============================