Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-11-2014
Ran by SYSTEM on MININT-490EN4L on 11-11-2014 10:30:47
Running from F:\
Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Recovery

The current controlset is ControlSet001
[b]ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.[/b]

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [635784 2010-01-13] (ELAN Microelectronic Corp.)
HKLM\...\Run: [EeeStorageBackup] => C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [1732608 2009-11-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-18] ()
HKLM\...\Run: [ACPW06EN] => C:\Program Files\ACD Systems\ACDSee Pro\6.0\ACDSeePro6InTouch2.exe [1231992 2012-11-14] (ACD Systems)
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-01-22] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [7350912 2010-02-04] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-01-05] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Setwallpaper] => c:\programdata\SetWallpaper.cmd
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [85160 2009-06-17] (Elaborate Bytes AG)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-26] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [vProt] => "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-11] (Oracle Corporation)
HKLM-x32\...\Run: [AVG_UI] => "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
HKLM-x32\...\Run: [Family Tree Builder Update] => C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe [2534400 2014-05-14] (MyHeritage)
HKU\Gregor\...\Run: [AdobeBridge] => [X]
HKU\Gregor\...\Run: [Urenqaagny] => C:\Users\Gregor\AppData\Roaming\Ucef\doyhz.exe
SubSystems: [Windows] ATTENTION! ====> ZeroAccess
Startup: C:\Users\Gregor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\Gregor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk
ShortcutTarget: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2010-09-09] (Adobe Systems)
S2 hasplms; C:\Windows\system32\hasplms.exe [4180576 2010-09-26] (SafeNet Inc.)
S2 MSSQL$OPTIMA; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.OPTIMA\MSSQL\Binn\sqlservr.exe [43129288 2012-06-28] (Microsoft Corporation)
S3 MSSQL$SONY_MEDIAMGR; C:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [7520337 2002-12-17] (Microsoft Corporation)
S3 MSSQLServerADHelper; C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [66112 2002-12-17] (Microsoft Corporation)
S2 OberonGameConsoleService; C:\Program Files (x86)\Asus\Game Park\GameConsole\OberonGameConsoleService.exe [44312 2009-09-14] ()
S4 SQLAgent$OPTIMA; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.OPTIMA\MSSQL\Binn\SQLAGENT.EXE [379848 2012-06-28] (Microsoft Corporation)
S3 SQLAgent$SONY_MEDIAMGR; C:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [311872 2002-12-17] (Microsoft Corporation)
S2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-12] (AVG Secure Search)
S2 avgfws; "C:\Program Files (x86)\AVG\AVG2013\avgfws.exe" [X]
S2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe" [X]
S2 avgwd; "C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 adiusbaw; C:\Windows\System32\DRIVERS\adiusbawx64.sys [169496 2007-02-07] (Analog Devices Inc.)
S3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1800192 2009-08-19] ()
S2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-08-06] ()
S1 Avgfwfd; system32\DRIVERS\avgfwd6a.sys [X]
S1 AVGIDSDriver; system32\DRIVERS\avgidsdrivera.sys [X]
S0 AVGIDSHA; system32\DRIVERS\avgidsha.sys [X]
S1 Avgldx64; system32\DRIVERS\avgldx64.sys [X]
S0 Avgloga; system32\DRIVERS\avgloga.sys [X]
S0 Avgmfx64; system32\DRIVERS\avgmfx64.sys [X]
S0 Avgrkx64; system32\DRIVERS\avgrkx64.sys [X]
S1 Avgtdia; system32\DRIVERS\avgtdia.sys [X]
S1 avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [X]
S2 TMAgent; No ImagePath
S3 tmlwf; No ImagePath
S3 tmwfp; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-11 10:29 - 2014-11-11 10:30 - 00000000 ____D () C:\FRST
2014-11-09 12:55 - 2014-11-09 12:55 - 00003878 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1415566538
2014-11-09 12:55 - 2014-11-09 12:55 - 00001141 _____ () C:\Users\Public\Desktop\Opera.lnk
2014-11-09 12:55 - 2014-11-09 12:55 - 00000000 ____D () C:\Users\Gregor\AppData\Roaming\Opera Software
2014-11-09 12:55 - 2014-11-09 12:55 - 00000000 ____D () C:\Users\Gregor\AppData\Local\Opera Software
2014-11-09 12:55 - 2014-11-09 12:55 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-11-09 12:54 - 2014-11-09 12:54 - 06825694 _____ () C:\Users\Gregor\Downloads\SopCast.zip
2014-11-09 12:54 - 2014-11-09 12:54 - 00003090 _____ () C:\Windows\System32\Tasks\RegClean Pro
2014-11-09 12:54 - 2014-11-09 12:54 - 00003026 _____ () C:\Windows\System32\Tasks\RegClean Pro_UPDATES
2014-11-09 12:54 - 2014-11-09 12:54 - 00002870 _____ () C:\Windows\System32\Tasks\RegClean Pro_DEFAULT
2014-11-09 12:54 - 2014-11-09 12:54 - 00000987 _____ () C:\Users\Public\Desktop\RegClean Pro.lnk
2014-11-09 12:54 - 2014-11-09 12:54 - 00000268 _____ () C:\Windows\Tasks\RegClean Pro_UPDATES.job
2014-11-09 12:54 - 2014-11-09 12:54 - 00000260 _____ () C:\Windows\Tasks\RegClean Pro_DEFAULT.job
2014-11-09 12:54 - 2014-11-09 12:54 - 00000000 ____D () C:\Users\Gregor\AppData\Roaming\Systweak
2014-11-09 12:54 - 2014-11-09 12:54 - 00000000 ____D () C:\Program Files (x86)\RCP
2014-11-09 12:54 - 2014-10-06 07:36 - 00020296 _____ () C:\Windows\System32\roboot64.exe
2014-11-09 12:53 - 2014-11-09 12:53 - 00777088 _____ ( ) C:\Users\Gregor\Downloads\SopCast(12954)-dp.exe
2014-11-07 08:37 - 2014-11-07 09:38 - 367013895 _____ () C:\Users\Gregor\Downloads\tp103-medieval.avi
2014-11-07 08:03 - 2014-11-07 08:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-06 12:56 - 2014-11-06 13:12 - 367017991 _____ () C:\Users\Gregor\Downloads\tp102-medieval.avi
2014-11-04 22:50 - 2014-11-04 22:50 - 00179712 _____ () C:\Users\Gregor\Downloads\archiwum_tab_a_2014(3).xls
2014-11-04 22:49 - 2014-11-04 22:49 - 00073018 _____ () C:\Users\Gregor\Downloads\pliki_darex.zip
2014-11-03 08:58 - 2014-11-03 10:11 - 366592000 _____ () C:\Users\Gregor\Downloads\Czas.Honoru.S07E10.PL.WEB-DL.XviD-CAMBiO.avi
2014-10-31 10:52 - 2014-10-31 11:13 - 366995463 _____ () C:\Users\Gregor\Downloads\tp101-medieval.avi
2014-10-29 11:15 - 2014-10-29 12:17 - 366757888 _____ () C:\Users\Gregor\Downloads\Czas.Honoru.S07E09.PL.WEB-DL.XviD-CAMBiO(1).avi
2014-10-28 12:48 - 2014-10-28 12:48 - 00000000 ____D () C:\Users\Public\Desktop\Radio Koszalin - www.radio.koszalin.pl
2014-10-28 12:48 - 2014-10-28 12:48 - 00000000 ____D () C:\Users\Gregor\AppData\Roaming\streamripper
2014-10-28 12:48 - 2014-10-28 12:48 - 00000000 ____D () C:\Program Files (x86)\Streamripper
2014-10-28 12:47 - 2014-10-28 12:47 - 02633439 _____ () C:\Users\Gregor\Downloads\streamripper-windows-installer-1.64.6.exe
2014-10-28 12:08 - 2014-10-28 12:08 - 20578448 _____ () C:\Users\Gregor\Documents\ff.wma.sfap0
2014-10-28 12:08 - 2014-10-28 12:08 - 00160832 _____ () C:\Users\Gregor\Documents\ff.wma.sfk
2014-10-28 11:49 - 2014-10-28 11:49 - 00485403 _____ () C:\Users\Gregor\Documents\Bez_nazwyxx.wma
2014-10-28 11:01 - 2014-10-28 11:03 - 01419323 _____ () C:\Users\Gregor\Documents\ff.wma
2014-10-27 09:01 - 2014-10-27 09:01 - 00000000 _____ () C:\Users\Gregor\Downloads\Czas.Honoru.S07E09.PL.WEB-DL.XviD-CAMBiO.avi
2014-10-27 09:00 - 2014-10-27 09:25 - 312063008 _____ () C:\Users\Gregor\Downloads\Czas.Honoru.S07E09.PL.WEB-DL.XviD-CAMBiO.avi.part
2014-10-27 08:23 - 2014-10-27 09:25 - 366999826 _____ () C:\Users\Gregor\Downloads\The.Walking.Dead.S05E03.HDTV.XviD-AFG.rar.part
2014-10-27 08:23 - 2014-10-27 08:23 - 00000000 _____ () C:\Users\Gregor\Downloads\The.Walking.Dead.S05E03.HDTV.XviD-AFG.rar
2014-10-25 08:31 - 2014-10-25 08:31 - 00011052 _____ () C:\Users\Gregor\Downloads\Samsung-Avila_4_.jpeg
2014-10-22 12:03 - 2014-10-25 14:30 - 00000488 _____ () C:\Windows\Viewer.INI
2014-10-21 07:41 - 2014-10-21 09:21 - 367130126 _____ () C:\Users\Gregor\Downloads\Czas.Honoru.S07E08.PL.WEB-DL.XviD-CAMBiO.avi
2014-10-16 14:25 - 2014-10-16 14:25 - 00611536 _____ () C:\Users\Gregor\Desktop\022.djvu
2014-10-13 07:21 - 2014-10-13 07:46 - 366843904 _____ () C:\Users\Gregor\Downloads\Czas.Honoru.S07E07.PL.WEB-DL.XviD-CAMBiO.avi

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2060-08-18 09:02 - 2012-09-24 09:32 - 02023424 ____N (Inprise Corporation) C:\Windows\SysWOW64\VCL50.BPL
2060-08-18 09:02 - 2012-09-24 09:32 - 01496064 ____N (Inprise Corporation) C:\Windows\SysWOW64\CC3250MT.DLL
2060-08-18 09:02 - 2012-09-24 09:32 - 00248832 ____N (Inprise Corporation) C:\Windows\SysWOW64\VCLX50.BPL
2060-08-18 08:40 - 2012-09-24 09:32 - 00909824 ____N (Inprise Corporation) C:\Windows\SysWOW64\CP3245MT.DLL
2060-08-18 08:40 - 2012-09-24 09:32 - 00024064 ____N (Inprise Corporation) C:\Windows\SysWOW64\BORLNDMM.DLL
2014-11-10 14:01 - 2013-04-20 05:48 - 00000000 ____D () C:\Program Files (x86)\garbage
2014-11-09 14:03 - 2010-02-24 23:54 - 01542379 _____ () C:\Windows\WindowsUpdate.log
2014-11-09 13:27 - 2010-06-25 06:27 - 00001048 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-09 12:52 - 2011-05-17 09:57 - 00000173 _____ () C:\Windows\YdpDict.INI
2014-11-09 12:26 - 2010-06-25 06:27 - 00001044 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-09 07:44 - 2009-07-13 20:45 - 00010240 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-09 07:44 - 2009-07-13 20:45 - 00010240 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-09 07:36 - 2013-06-07 10:45 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
2014-11-09 07:36 - 2013-06-03 12:23 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2014-11-09 07:35 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-09 07:35 - 2009-07-13 20:51 - 00292564 _____ () C:\Windows\setupact.log
2014-11-09 02:49 - 2013-04-20 05:30 - 00000000 ____D () C:\ProgramData\MFAData
2014-11-08 02:50 - 2012-02-21 10:14 - 00045056 _____ () C:\Windows\System32\acovcnt.exe
2014-11-08 02:49 - 2012-04-30 00:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-05 12:32 - 2009-08-03 11:55 - 00832034 _____ () C:\Windows\System32\perfh015.dat
2014-11-05 12:32 - 2009-08-03 11:55 - 00189654 _____ () C:\Windows\System32\perfc015.dat
2014-11-05 12:32 - 2009-07-13 21:13 - 01926950 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-11-04 22:45 - 2010-05-09 08:14 - 00117888 _____ () C:\Users\Gregor\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-04 22:43 - 2009-07-13 20:45 - 03043440 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-11-04 14:50 - 2010-02-25 00:07 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-01 11:36 - 2011-11-11 08:29 - 00000000 ____D () C:\Users\Gregor\Desktop\11.11
2014-11-01 00:16 - 2009-07-13 21:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-26 12:42 - 2012-10-28 12:20 - 00000000 ____D () C:\Users\Gregor\Desktop\ipn
2014-10-22 11:21 - 2010-06-25 06:27 - 00004044 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-22 11:21 - 2010-06-25 06:27 - 00003792 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-20 10:49 - 2010-09-10 04:16 - 00002891 ____H () C:\Users\Gregor\Downloads\.picasa.ini
2014-10-13 15:45 - 2014-07-01 14:17 - 00000000 ____D () C:\Users\Gregor\Downloads\druk

ZeroAccess:
C:\Windows\assembly\temp
C:\Windows\assembly\temp\@
C:\Windows\assembly\temp\cfg.ini

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

Files to move or delete:
====================
C:\Users\Gregor\AppData\Roaming\skype.ini


Some content of TEMP:
====================
C:\Users\Gregor\AppData\Local\Temp\atl80.dll
C:\Users\Gregor\AppData\Local\Temp\AVG.exe
C:\Users\Gregor\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\Gregor\AppData\Local\Temp\DSETUP.dll
C:\Users\Gregor\AppData\Local\Temp\dsetup32.dll
C:\Users\Gregor\AppData\Local\Temp\DXSETUP.exe
C:\Users\Gregor\AppData\Local\Temp\gg10.upgr.exe
C:\Users\Gregor\AppData\Local\Temp\gg10_upgr_to_11790_from_11119.exe
C:\Users\Gregor\AppData\Local\Temp\gg10_upgr_to_12096_from_11119.exe
C:\Users\Gregor\AppData\Local\Temp\install_flashplayer11x32au_mssd_aaa_aih.exe
C:\Users\Gregor\AppData\Local\Temp\install_flashplayer11x32_mssa_aaa_aih.exe
C:\Users\Gregor\AppData\Local\Temp\install_flashplayer11x32_mssa_aaa_aih_1.exe
C:\Users\Gregor\AppData\Local\Temp\install_flashplayer11x32_mssa_aaa_aih_2.exe
C:\Users\Gregor\AppData\Local\Temp\install_flashplayer11x32_mssd_aih.exe
C:\Users\Gregor\AppData\Local\Temp\install_flashplayer11x64_mssd_aih.exe
C:\Users\Gregor\AppData\Local\Temp\install_flashplayer11x64_mssd_aih_1.exe
C:\Users\Gregor\AppData\Local\Temp\install_flashplayer11x64_mssd_aih_2.exe
C:\Users\Gregor\AppData\Local\Temp\install_flashplayer13x32au_mssa_aaa_aih.exe
C:\Users\Gregor\AppData\Local\Temp\install_flashplayer13x32au_mssa_aaa_aih_1.exe
C:\Users\Gregor\AppData\Local\Temp\install_flashplayer13x32_mssa_aaa_aih.exe
C:\Users\Gregor\AppData\Local\Temp\install_reader11_en_mssa_aih.exe
C:\Users\Gregor\AppData\Local\Temp\jre-6u21-windows-i586-iftw-rv.exe
C:\Users\Gregor\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Gregor\AppData\Local\Temp\mfc80.dll
C:\Users\Gregor\AppData\Local\Temp\mfc80u.dll
C:\Users\Gregor\AppData\Local\Temp\mfcm80.dll
C:\Users\Gregor\AppData\Local\Temp\mfcm80u.dll
C:\Users\Gregor\AppData\Local\Temp\msvcm80.dll
C:\Users\Gregor\AppData\Local\Temp\msvcp80.dll
C:\Users\Gregor\AppData\Local\Temp\msvcr80.dll
C:\Users\Gregor\AppData\Local\Temp\ose00001.exe
C:\Users\Gregor\AppData\Local\Temp\ResetDevice.exe
C:\Users\Gregor\AppData\Local\Temp\SIntf16.dll
C:\Users\Gregor\AppData\Local\Temp\SIntf32.dll
C:\Users\Gregor\AppData\Local\Temp\SIntfNT.dll
C:\Users\Gregor\AppData\Local\Temp\TmDbg32.dll
C:\Users\Gregor\AppData\Local\Temp\TmDbg64.dll
C:\Users\Gregor\AppData\Local\Temp\_is2CCA.exe


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Windows\system64

==================== Restore Points  =========================


==================== Memory info ===========================

Percentage of memory in use: 15%
Total physical RAM: 3948.54 MB
Available physical RAM: 3327.61 MB
Total Pagefile: 3946.69 MB
Available Pagefile: 3318.47 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:116.44 GB) (Free:1.4 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:334.67 GB) (Free:141.37 GB) NTFS
Drive f: (KINGSTON) (Removable) (Total:14.64 GB) (Free:0.06 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 76692CA8)
Partition 1: (Not Active) - (Size=14.6 GB) - (Type=1C)
Partition 2: (Active) - (Size=116.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=334.7 GB) - (Type=OF Extended)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 14.6 GB) (Disk ID: B3968423)
Partition 1: (Not Active) - (Size=14.6 GB) - (Type=07 NTFS)


LastRegBack: 2014-11-05 13:12

==================== End Of Log ============================