Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-04-2014
Ran by SYSTEM on MININT-7SIC6QH on 15-04-2014 18:47:59
Running from F:\
Windows 7 Home Premium (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet002
[b]ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.[/b]


ATTENTION!:=====> THE OPERATING SYSTEM IS A X64 SYSTEM BUT THE BOOT DISK THAT IS USED TO BOOT TO RECOVERY ENVIRONMENT IS A X86 SYSTEM DISK.

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2097960 2010-04-22] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-01-20] (IDT, Inc.)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3216544 2010-06-09] (Dell Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5470208 2009-12-16] (Dell Inc.)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2327952 2010-07-21] (Microsoft Corporation)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$80948820d896dd88bc1b3760593e9f22\n. ATTENTION! ====> ZeroAccess?
HKU\Brad\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation)
HKU\Brad\...\Run: [Sidebar] => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [1173504 2009-07-13] (Microsoft Corporation)
HKU\Brad\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1631144 2013-03-29] (Valve Corporation)
HKU\Brad\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [18705664 2013-01-08] (Skype Technologies S.A.)
HKU\Brad\...\Run: [ctfmon.exe] => C:\PROGRA~3\rundll32.exe C:\PROGRA~3\hitt.dat,FG00 <===== ATTENTION
HKU\Default\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1475072 2009-07-13] (Microsoft Corporation)
HKU\Default User\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1475072 2009-07-13] (Microsoft Corporation)
Lsa: [Notification Packages] scecli FAPassSync
Startup: C:\Users\alyssa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Brad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Brad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk
ShortcutTarget: msconfig.lnk -> C:\ProgramData\hitt.dat ()
Startup: C:\Users\Brad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe (No File)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

========================== Services (Whitelisted) =================

S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [253656 2013-03-13] (Adobe Systems Incorporated)
S2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
S2 CLKMSVC10_1628BCEA; C:\Program Files (x86)\CyberLink\PowerDVD DX\Kernel\BD\NavFilter\kmsvc.exe [240360 2011-03-01] (CyberLink)
S4 clr_optimization_v2.0.50727_64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [89920 2009-06-10] (Microsoft Corporation)
S2 clr_optimization_v4.0.30319_64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [138576 2010-03-18] (Microsoft Corporation)
S2 cvhsvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [822624 2012-01-04] (Microsoft Corporation)
S2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation)
S2 F-Secure Gatekeeper Handler Starter; C:\Program Files (x86)\Shaw Secure\Anti-Virus\fsgk32st.exe [215648 2009-08-05] (F-Secure Corporation)
S2 FAService; c:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe [2409800 2010-02-22] (Sensible Vision )
S3 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [42840 2009-06-10] (Microsoft Corporation)
S3 FSDFWD; C:\Program Files (x86)\Shaw Secure\FWES\Program\fsdfwd.exe [844384 2011-02-17] (F-Secure Corporation)
S2 FSMA; C:\Program Files (x86)\Shaw Secure\Common\FSMA32.EXE [186976 2009-08-05] (F-Secure Corporation)
S3 FSORSPClient; C:\Program Files (x86)\Shaw Secure\ORSP Client\fsorsp.exe [63992 2011-02-17] (F-Secure Corporation)
S3 fsssvc; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [1492840 2012-03-08] (Microsoft Corporation)
S3 GamesAppService; C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [206072 2010-10-12] (WildTangent, Inc.)
S2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [13336 2010-03-03] (Intel Corporation)
S3 idsvc; C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe [856384 2009-06-10] (Microsoft Corporation)
S4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe [116560 2009-06-10] (Microsoft Corporation)
S3 ose; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [149352 2010-01-09] (Microsoft Corporation)
S3 PerfHost; C:\Windows\SysWow64\perfhost.exe [20992 2009-07-13] (Microsoft Corporation)
S2 SeaPort; C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [249136 2010-09-22] (Microsoft Corporation)
S2 sftlist; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [508776 2011-10-01] (Microsoft Corporation)
S2 SftService; C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE [689472 2010-08-20] (SoftThinks SAS)
S3 sftvsa; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [219496 2011-10-01] (Microsoft Corporation)
S2 SkypeUpdate; C:\Program Files (x86)\Skype\Updater\Updater.exe [161536 2013-01-08] (Skype Technologies)
S2 sprtsvc_DellSupportCenter; C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe [206064 2009-05-21] (SupportSoft, Inc.)
S2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe [244736 2010-01-20] (IDT, Inc.)
S3 Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [543656 2013-03-29] (Valve Corporation)
S2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [4950016 2009-12-16] (Dell Inc.)
S3 npggsvc; C:\Windows\system32\GameMon.des -service [X]
S2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [X]
S4 RoxLiveShare10; "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe" [X]
S2 SessionLauncher; C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [X]

==================== Drivers (Whitelisted) ====================

S3 amdkmdag; C:\Windows\System32\DRIVERS\atipmdag.sys [6233088 2010-01-21] (ATI Technologies Inc.)
S3 b06bdrv; C:\Windows\system32\DRIVERS\bxvbda.sys [468480 2009-06-10] (Broadcom Corporation)
S3 b57nd60a; C:\Windows\System32\DRIVERS\b57nd60a.sys [270848 2009-06-10] (Broadcom Corporation)
S3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [22520 2009-12-16] (Broadcom Corporation)
S3 BCM43XX; C:\Windows\System32\DRIVERS\bcmwl664.sys [3053560 2009-12-16] (Broadcom Corporation)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S4 F-Secure Filter; C:\Program Files (x86)\Shaw Secure\Anti-Virus\Win2K\FSfilter.sys [39776 2009-08-05] ()
S3 F-Secure Gatekeeper; C:\Program Files (x86)\Shaw Secure\Anti-Virus\minifilter\fsgk.sys [194728 2011-02-17] ()
S1 F-Secure HIPS; C:\Program Files (x86)\Shaw Secure\HIPS\drivers\fshs.sys [57920 2009-08-05] (F-Secure Corporation)
S4 F-Secure Recognizer; C:\Program Files (x86)\Shaw Secure\Anti-Virus\Win2K\FSrec.sys [25184 2009-08-05] ()
S3 FACAP; C:\Windows\System32\DRIVERS\facap.sys [238848 2008-09-24] (Sensible Vision )
S1 FSES; C:\Windows\System32\drivers\fses.sys [45624 2011-02-17] (F-Secure Corporation)
S1 FSFW; C:\Windows\System32\drivers\fsdfw.sys [94280 2011-02-17] (F-Secure Corporation)
S1 fsvista; C:\Program Files (x86)\Shaw Secure\Anti-Virus\minifilter\fsvista.sys [14904 2009-08-05] ()
S3 itecir; C:\Windows\System32\DRIVERS\itecir.sys [60416 2009-03-09] (ITE Tech. Inc. )
S3 k57nd60a; C:\Windows\System32\DRIVERS\k57nd60a.sys [321064 2009-11-19] (Broadcom Corporation)
S3 ksthunk; C:\Windows\system32\drivers\ksthunk.sys [20992 2009-07-13] (Microsoft Corporation)
S3 Point64; C:\Windows\System32\DRIVERS\point64.sys [45456 2010-07-21] (Microsoft Corporation)
S2 rimspci; C:\Windows\System32\DRIVERS\rimspe64.sys [60416 2009-07-01] (REDC)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S2 risdpcie; C:\Windows\System32\DRIVERS\risdpe64.sys [80896 2009-07-01] (REDC)
S2 rixdpcie; C:\Windows\System32\DRIVERS\rixdpe64.sys [55808 2009-07-04] (REDC)
S3 STHDA; C:\Windows\System32\DRIVERS\stwrt64.sys [505856 2010-01-20] (IDT, Inc.)
S2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
S2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}; C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl [146928 2009-12-29] (CyberLink Corp.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-15 18:33 - 2014-04-15 18:47 - 00000000 ____D () C:\FRST
2014-04-15 17:10 - 2014-04-15 17:10 - 00000000 ____D () C:\Users\Brad\AppData\Local\{76B5929F-FA58-453F-8CB6-5FAB87EE169B}

==================== One Month Modified Files and Folders =======

2014-04-15 18:47 - 2014-04-15 18:33 - 00000000 ____D () C:\FRST
2014-04-15 17:43 - 2009-07-13 20:51 - 00105868 _____ () C:\Windows\setupact.log
2014-04-15 17:17 - 2013-04-02 20:19 - 95023320 ____T () C:\ProgramData\ttih.pad
2014-04-15 17:17 - 2010-10-15 10:31 - 00000000 ____D () C:\Users\Brad\Tracing
2014-04-15 17:11 - 2011-02-21 14:09 - 00000000 ____D () C:\Users\Brad\AppData\Roaming\Skype
2014-04-15 17:11 - 2010-10-21 21:33 - 00000000 ____D () C:\Users\Brad\AppData\Local\Windows Live
2014-04-15 17:10 - 2014-04-15 17:10 - 00000000 ____D () C:\Users\Brad\AppData\Local\{76B5929F-FA58-453F-8CB6-5FAB87EE169B}

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-2430918288-738339497-1570114297-1000\$80948820d896dd88bc1b3760593e9f22

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$80948820d896dd88bc1b3760593e9f22

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

Files to move or delete:
====================
C:\ProgramData\coiwr.dat
C:\ProgramData\coorto.dat
C:\ProgramData\hash.dat
C:\ProgramData\hitt.dat
C:\ProgramData\nialto.dat
C:\ProgramData\rundll32.exe
C:\ProgramData\ttih.bat
C:\ProgramData\ttih.js
C:\ProgramData\ttih.pad
C:\ProgramData\ttih.reg
C:\Users\Brad\2724111.dll
C:\Users\Brad\3076608.dll
C:\Users\Brad\6667774.dll
C:\Users\Brad\8261390.dll
C:\Users\Brad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk


Some content of TEMP:
====================
C:\Users\Brad\AppData\Local\Temp\0.5799210575322084.exe
C:\Users\Brad\AppData\Local\Temp\2jfuweif.exe
C:\Users\Brad\AppData\Local\Temp\3BE7.exe
C:\Users\Brad\AppData\Local\Temp\7E53.exe
C:\Users\Brad\AppData\Local\Temp\burnsetup.exe
C:\Users\Brad\AppData\Local\Temp\C6E.exe
C:\Users\Brad\AppData\Local\Temp\detectionapi_rd.dll
C:\Users\Brad\AppData\Local\Temp\detectionui_r.exe
C:\Users\Brad\AppData\Local\Temp\directx9tests_rd.dll
C:\Users\Brad\AppData\Local\Temp\DivXInstaller.exe
C:\Users\Brad\AppData\Local\Temp\DivXSetup.exe
C:\Users\Brad\AppData\Local\Temp\doxillionsetup.exe
C:\Users\Brad\AppData\Local\Temp\farmanager.exe
C:\Users\Brad\AppData\Local\Temp\fsprod.dll
C:\Users\Brad\AppData\Local\Temp\fssfm.dll
C:\Users\Brad\AppData\Local\Temp\generka.exe
C:\Users\Brad\AppData\Local\Temp\GLFAC4C.tmp.ConduitEngineSetup.exe
C:\Users\Brad\AppData\Local\Temp\installerdll4569908.dll
C:\Users\Brad\AppData\Local\Temp\installerdll4583668.dll
C:\Users\Brad\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Brad\AppData\Local\Temp\install_flashplayer11x32au_gtba_chra_dy_aih.exe
C:\Users\Brad\AppData\Local\Temp\IPx64_1033.exe
C:\Users\Brad\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe
C:\Users\Brad\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe
C:\Users\Brad\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\Brad\AppData\Local\Temp\local.dll
C:\Users\Brad\AppData\Local\Temp\mfc80.dll
C:\Users\Brad\AppData\Local\Temp\mfc80u.dll
C:\Users\Brad\AppData\Local\Temp\mpsetup.exe
C:\Users\Brad\AppData\Local\Temp\msvcp80.dll
C:\Users\Brad\AppData\Local\Temp\msvcr80.dll
C:\Users\Brad\AppData\Local\Temp\preconfig.exe
C:\Users\Brad\AppData\Local\Temp\prismsetup.exe
C:\Users\Brad\AppData\Local\Temp\ripsetup.exe
C:\Users\Brad\AppData\Local\Temp\rootsupd.exe
C:\Users\Brad\AppData\Local\Temp\Setup.exe
C:\Users\Brad\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Brad\AppData\Local\Temp\tbNCH.dll
C:\Users\Brad\AppData\Local\Temp\uninst.exe
C:\Users\Brad\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Brad\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Brad\AppData\Local\Temp\_is1332.exe
C:\Users\Brad\AppData\Local\Temp\_is160F.exe
C:\Users\Brad\AppData\Local\Temp\_is25F7.exe
C:\Users\Brad\AppData\Local\Temp\_is4FF3.exe


==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2011-04-26 14:29] - [2011-02-25 22:23] - 2870272 ____A (Microsoft Corporation) 0862495E0C825893DB75EF44FAEA8E93

C:\Windows\System32\winlogon.exe
[2010-10-06 11:04] - [2010-10-06 11:04] - 0389632 ____A (Microsoft Corporation) DA3E2A6FA9660CC75B471530CE88453A

C:\Windows\System32\wininit.exe
[2009-07-13 15:52] - [2009-07-13 17:39] - 0129024 ____A (Microsoft Corporation) 94355C28C1970635A31B3FE52EB7CEBA

C:\Windows\System32\svchost.exe
[2009-07-13 15:31] - [2009-07-13 17:39] - 0027136 ____A (Microsoft Corporation) C78655BC80301D76ED4FEF1C1EA40A7D

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\User32.dll
[2009-07-13 15:38] - [2009-07-13 17:41] - 1008640 ____A (Microsoft Corporation) 72D7B3EA16946E8F0CF7458150031CC6

C:\Windows\System32\userinit.exe
[2009-07-13 15:50] - [2009-07-13 17:39] - 0030208 ____A (Microsoft Corporation) 6F8F1376A13114CC10C0E69274F5A4DE

C:\Windows\System32\rpcss.dll
[2009-07-13 16:00] - [2009-07-13 17:41] - 0509440 ____A (Microsoft Corporation) 7266972E86890E2B30C0C322E906B027

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys
[2012-12-11 22:08] - [2012-09-06 09:38] - 0295792 ____A (Microsoft Corporation) 9E425AC5C9A5A973273D169F43B4F5E1


==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-03-19 17:43:08
Restore point made on: 2013-03-23 10:28:28
Restore point made on: 2013-03-23 10:54:38
Restore point made on: 2013-03-27 14:48:17

==================== Memory info =========================== 

Percentage of memory in use: 7%
Total physical RAM: 8180.5 MB
Available physical RAM: 7577.2 MB
Total Pagefile: 8178.78 MB
Available Pagefile: 7588.64 MB
Total Virtual: 2047.88 MB
Available Virtual: 1956.59 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:448.14 GB) (Free:260.92 GB) NTFS
Drive e: (GRMCHPFRER_EN_DVD) (CDROM) (Total:2.33 GB) (Free:0 GB) UDF
Drive f: (Lexar) (Removable) (Total:29.8 GB) (Free:6.2 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (RECOVERY) (Fixed) (Total:17.58 GB) (Free:10.03 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 78DBB486)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=18 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=448 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 30 GB) (Disk ID: C3072E18)

Partition: GPT Partition Type.


LastRegBack: 2013-03-27 19:56

==================== End Of Log ============================