Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-09-2013 Ran by SYSTEM on MININT-0ENLD4T on 07-09-2013 05:23:12 Running from F:\ WIN_7 Service Pack 1 (X64) OS Language: English(US) Boot Mode: Recovery Attention: Could not load system hive. ==================== Registry (Whitelisted) ================== HKLM\...\Winlogon: [Userinit] HKLM-x32\...\Winlogon: [Userinit] [x] HKLM\...\Winlogon: [Shell] [0 ] () <=== ATTENTION HKLM-x32\...\Winlogon: [Shell] [0 ] () <=== ATTENTION HKLM-x32\...\Winlogon: [Shell] [0 ] () <=== ATTENTION HKLM\...\InprocServer32: [Default-wbemess] ATTENTION! ====> ZeroAccess? HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] ATTENTION! ====> ZeroAccess? HKU\Cunningham\...\Run: [AutoStartNPSAgent] - C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe [95576 2010-07-04] (Samsung Electronics Co., Ltd.) HKU\Cunningham\...\Run: [GarminExpressTrayApp] - C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1098072 2013-03-27] (Garmin Ltd or its subsidiaries) HKU\Cunningham\...\Run: [Google Update] - [x] ==================== Services (Whitelisted) ================= ==================== Drivers (Whitelisted) ==================== ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-09-07 05:18 - 2013-09-07 05:20 - 00000000 ____D C:\FRST 2013-09-07 00:09 - 2013-09-07 00:13 - 00417513 _____ C:\Windows\System32\Drivers\vsconfig.xml 2013-09-07 00:09 - 2013-09-07 00:09 - 00000762 _____ C:\Users\Public\Desktop\ZoneAlarm Security.lnk 2013-09-07 00:09 - 2013-08-03 23:02 - 00613720 _____ (Kaspersky Lab) C:\Windows\System32\Drivers\klif.sys 2013-09-07 00:09 - 2013-08-03 23:02 - 00458584 _____ (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\kl1.sys 2013-09-07 00:09 - 2013-08-03 23:02 - 00089944 _____ (Kaspersky Lab) C:\Windows\System32\Drivers\klflt.sys 2013-09-07 00:05 - 2013-09-07 00:09 - 00000000 ____D C:\Program Files (x86)\CheckPoint 2013-09-07 00:05 - 2013-09-07 00:05 - 00000000 ____D C:\Program Files (x86)\Check Point Software Technologies LTD 2013-09-06 23:29 - 2013-09-07 00:15 - 00229030 _____ C:\Windows\PFRO.log 2013-09-06 23:29 - 2013-09-06 23:33 - 00000168 _____ C:\Windows\setupact.log 2013-09-06 23:29 - 2013-09-06 23:29 - 00000000 _____ C:\Windows\setuperr.log 2013-09-06 23:28 - 2013-09-06 23:28 - 00000000 _____ C:\asc_rdflag 2013-09-06 23:23 - 2013-09-06 23:23 - 00001232 _____ C:\Users\Cunningham\Desktop\Registry Repair.lnk 2013-09-06 23:23 - 2013-09-06 23:23 - 00000000 ____D C:\Program Files (x86)\Glarysoft 2013-09-06 23:21 - 2013-09-06 23:57 - 00000000 ____D C:\Users\Cunningham\AppData\Roaming\GlarySoft 2013-09-06 23:21 - 2013-09-06 23:56 - 00000075 _____ C:\DiskDefrag.log 2013-09-06 23:18 - 2013-09-06 23:18 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2013-09-06 23:18 - 2013-09-06 23:18 - 00366592 _____ (Microsoft Corporation) C:\Windows\System32\qdvd.dll 2013-09-06 23:17 - 2013-04-17 19:20 - 00026432 _____ (IObit) C:\Windows\System32\RegistryDefragBootTime.exe 2013-09-06 23:13 - 2013-05-22 17:49 - 00017720 _____ C:\Windows\System32\Drivers\SmartDefragDriver.sys 2013-09-06 23:05 - 2013-09-06 23:13 - 00001181 _____ C:\Users\Public\Desktop\IObit Malware Fighter.lnk 2013-09-06 23:05 - 2013-09-06 23:13 - 00001178 _____ C:\Users\Public\Desktop\Smart Defrag 2.lnk 2013-09-06 23:04 - 2013-09-06 23:44 - 00000000 ____D C:\Users\Cunningham\AppData\Roaming\IObit 2013-09-06 23:04 - 2013-09-06 23:13 - 00000000 ____D C:\ProgramData\IObit 2013-09-06 23:04 - 2013-09-06 23:04 - 00001280 _____ C:\Users\Public\Desktop\Uninstaller.lnk 2013-09-06 23:04 - 2013-09-06 23:04 - 00001229 _____ C:\Users\Public\Desktop\Advanced SystemCare 6.lnk 2013-09-06 23:04 - 2013-09-06 23:04 - 00000000 ____D C:\ProgramData\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A} 2013-09-06 23:03 - 2013-09-06 23:55 - 00000000 ____D C:\Program Files (x86)\IObit 2013-09-06 21:35 - 2013-09-06 21:35 - 00000000 ____D C:\ProgramData\Sophos 2013-09-06 20:28 - 2013-09-06 21:23 - 00000000 ____D C:\Users\Cunningham\AppData\Local\CrashDumps 2013-09-06 20:27 - 2013-09-06 20:27 - 00000000 ____D C:\ProgramData\CheckPoint 2013-09-06 20:13 - 2013-09-06 20:13 - 02474392 _____ (Check Point Software Technologies LTD) C:\Users\Cunningham\Downloads\zaSetupWeb_110_780_000.exe 2013-09-06 19:57 - 2013-09-06 19:57 - 00001117 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-09-06 19:57 - 2013-09-06 19:57 - 00000000 ____D C:\Users\Cunningham\AppData\Roaming\Malwarebytes 2013-09-06 19:57 - 2013-09-06 19:57 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-09-06 19:57 - 2013-09-06 19:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-09-06 19:57 - 2013-04-04 13:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2013-09-06 19:51 - 2013-09-06 19:51 - 00033283 _____ C:\Windows\SysWOW64\hs_err_pid1468.log 2013-09-06 19:48 - 2013-09-06 19:48 - 00000338 _____ C:\Users\Cunningham\Desktop\Result.txt 2013-09-06 19:47 - 2013-09-06 19:48 - 00000000 ____D C:\Users\Cunningham\Desktop\TrendMicro AntiThreat Toolkit 2013-09-06 19:47 - 2013-09-06 19:47 - 00173504 _____ (Trend Micro Inc.) C:\Windows\System32\Drivers\tmcomm.sys 2013-09-06 19:46 - 2013-09-06 19:46 - 00111672 _____ C:\Users\Cunningham\AppData\Local\GDIPFONTCACHEV1.DAT 2013-09-06 19:46 - 2013-09-06 19:46 - 00000000 ____D C:\Users\Cunningham\AppData\Local\{935402F4-7AED-4B98-BDAC-7C838ED29651} 2013-09-06 19:41 - 2013-09-06 19:43 - 00234544 _____ C:\Windows\RegBootClean64.exe 2013-09-06 19:40 - 2013-09-06 19:40 - 00000036 _____ C:\Users\Cunningham\AppData\Local\housecall.guid.cache 2013-09-05 19:24 - 2013-09-05 19:24 - 00000000 ____D C:\ProgramData\SUPERSetup 2013-09-05 18:46 - 2013-09-05 18:46 - 00000000 ____D C:\Users\Cunningham\AppData\Local\Google 2013-09-05 18:45 - 2013-09-05 18:45 - 00000000 ____D C:\Users\Cunningham\AppData\Local\{6789E919-DD9C-44F8-BEBE-149A8B28DCC8} 2013-09-01 11:42 - 2013-09-01 11:42 - 00000000 ____D C:\Users\Cunningham\Documents\09-01-2013 2013-08-29 18:51 - 2013-08-29 18:52 - 00000000 ____D C:\Users\Cunningham\AppData\Local\{5B8BAB56-FDAC-4A38-9604-C879A7111FBD} 2013-08-29 18:03 - 2013-08-29 18:03 - 00000000 ____D C:\ProgramData\qllb 2013-08-29 00:33 - 2013-08-29 18:03 - 00000004 _____ C:\Users\Cunningham\AppData\Roaming\cache.ini 2013-08-29 00:29 - 2013-08-29 00:45 - 00000000 ____D C:\ProgramData\odt 2013-08-29 00:28 - 2013-08-29 00:28 - 00000000 ____D C:\Program Files (x86)\Google 2013-08-28 18:56 - 2013-08-28 18:56 - 00000000 ____D C:\Users\Cunningham\Documents\08-28-2013 2013-08-23 19:16 - 2013-08-24 07:17 - 00000000 ____D C:\Users\Cunningham\AppData\Local\{B9C0119F-6FC9-4490-87D8-CF126101B024} 2013-08-22 19:42 - 2013-08-22 19:37 - 00009216 _____ C:\Users\Cunningham\Documents\macaylas health history - Copy.wps 2013-08-22 19:37 - 2013-08-22 19:37 - 00009216 _____ C:\Users\Cunningham\Documents\macaylas health history.wps 2013-08-16 12:33 - 2013-08-16 12:34 - 00000000 ____D C:\Users\Cunningham\AppData\Local\{66DBD374-036D-453C-85DE-C9FEE90A3156} 2013-08-14 17:55 - 2013-08-15 17:56 - 00000000 ____D C:\Users\Cunningham\AppData\Local\{E1140D0D-21F2-4509-8892-1CA1E3166659} 2013-08-14 02:07 - 2013-07-25 21:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-08-14 02:07 - 2013-07-25 21:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-08-14 02:07 - 2013-07-25 21:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-08-14 02:07 - 2013-07-25 21:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-08-14 02:07 - 2013-07-25 21:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-08-14 02:07 - 2013-07-25 21:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-08-14 02:07 - 2013-07-25 21:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-08-14 02:07 - 2013-07-25 21:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-08-14 02:07 - 2013-07-25 21:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-08-14 02:07 - 2013-07-25 21:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-08-14 02:07 - 2013-07-25 21:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2013-08-14 02:07 - 2013-07-25 21:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-08-14 02:07 - 2013-07-25 21:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-08-14 02:07 - 2013-07-25 21:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-08-14 02:07 - 2013-07-25 19:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-08-14 02:07 - 2013-07-25 19:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-08-14 02:07 - 2013-07-25 19:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-08-14 02:07 - 2013-07-25 19:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-08-14 02:07 - 2013-07-25 19:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-08-14 02:07 - 2013-07-25 19:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-08-14 02:07 - 2013-07-25 19:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-08-14 02:07 - 2013-07-25 19:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-08-14 02:07 - 2013-07-25 19:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-08-14 02:07 - 2013-07-25 19:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-08-14 02:07 - 2013-07-25 19:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-08-14 02:07 - 2013-07-25 19:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-08-14 02:07 - 2013-07-25 19:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-08-14 02:07 - 2013-07-25 19:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-08-14 02:07 - 2013-07-25 18:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-08-14 02:07 - 2013-07-25 18:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe 2013-08-14 02:07 - 2013-07-25 17:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-08-13 23:16 - 2013-07-25 01:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL 2013-08-13 23:16 - 2013-07-25 00:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2013-08-13 23:16 - 2013-07-18 17:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll 2013-08-13 23:16 - 2013-07-18 17:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2013-08-13 23:16 - 2013-07-08 22:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2013-08-13 23:16 - 2013-07-08 21:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll 2013-08-13 23:16 - 2013-07-08 21:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll 2013-08-13 23:16 - 2013-07-08 21:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\System32\wintrust.dll 2013-08-13 23:16 - 2013-07-08 21:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll 2013-08-13 23:16 - 2013-07-08 21:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2013-08-13 23:16 - 2013-07-08 21:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2013-08-13 23:16 - 2013-07-08 21:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2013-08-13 23:16 - 2013-07-08 21:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2013-08-13 23:16 - 2013-07-08 21:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2013-08-13 23:16 - 2013-07-08 20:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2013-08-13 23:16 - 2013-07-08 20:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2013-08-13 23:16 - 2013-07-08 20:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2013-08-13 23:16 - 2013-07-08 20:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2013-08-13 23:16 - 2013-07-08 20:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-08-13 23:16 - 2013-07-08 20:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2013-08-13 23:16 - 2013-07-08 20:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-08-13 23:16 - 2013-07-08 18:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2013-08-13 23:16 - 2013-07-08 18:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2013-08-13 23:16 - 2013-07-08 18:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2013-08-13 23:16 - 2013-07-08 18:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2013-08-13 23:16 - 2013-07-05 22:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2013-08-13 23:16 - 2013-06-14 20:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tssecsrv.sys 2013-08-11 07:25 - 2013-08-11 07:25 - 00000000 ____D C:\Users\Cunningham\AppData\Local\{339C310D-C920-4D18-8B4A-223380750893} ==================== One Month Modified Files and Folders ======= 2013-09-07 05:20 - 2013-09-07 05:18 - 00000000 ____D C:\FRST 2013-09-07 00:15 - 2013-09-06 23:29 - 00229030 _____ C:\Windows\PFRO.log 2013-09-07 00:13 - 2013-09-07 00:09 - 00417513 _____ C:\Windows\System32\Drivers\vsconfig.xml 2013-09-07 00:09 - 2013-09-07 00:09 - 00000762 _____ C:\Users\Public\Desktop\ZoneAlarm Security.lnk 2013-09-07 00:09 - 2013-09-07 00:05 - 00000000 ____D C:\Program Files (x86)\CheckPoint 2013-09-07 00:05 - 2013-09-07 00:05 - 00000000 ____D C:\Program Files (x86)\Check Point Software Technologies LTD 2013-09-07 00:01 - 2012-01-08 15:42 - 00000948 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1714311701-3293082534-2677891347-1001UA.job 2013-09-06 23:57 - 2013-09-06 23:21 - 00000000 ____D C:\Users\Cunningham\AppData\Roaming\GlarySoft 2013-09-06 23:56 - 2013-09-06 23:21 - 00000075 _____ C:\DiskDefrag.log 2013-09-06 23:55 - 2013-09-06 23:03 - 00000000 ____D C:\Program Files (x86)\IObit 2013-09-06 23:44 - 2013-09-06 23:04 - 00000000 ____D C:\Users\Cunningham\AppData\Roaming\IObit 2013-09-06 23:43 - 2010-07-06 06:48 - 00266752 ___SH C:\Users\Cunningham\Downloads\Thumbs.db 2013-09-06 23:41 - 2009-07-13 20:45 - 00009920 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-09-06 23:41 - 2009-07-13 20:45 - 00009920 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-09-06 23:40 - 2011-02-13 07:03 - 00000000 ____D C:\Program Files\Microsoft Security Client 2013-09-06 23:36 - 2012-06-04 11:55 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-09-06 23:33 - 2013-09-06 23:29 - 00000168 _____ C:\Windows\setupact.log 2013-09-06 23:33 - 2010-01-30 18:57 - 00000000 ____D C:\ProgramData\Kodak 2013-09-06 23:33 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-09-06 23:29 - 2013-09-06 23:29 - 00000000 _____ C:\Windows\setuperr.log 2013-09-06 23:28 - 2013-09-06 23:28 - 00000000 _____ C:\asc_rdflag 2013-09-06 23:28 - 2010-01-23 14:21 - 00000000 ____D C:\users\Cunningham 2013-09-06 23:27 - 2010-01-23 17:16 - 01907470 _____ C:\Windows\WindowsUpdate.log 2013-09-06 23:27 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions 2013-09-06 23:23 - 2013-09-06 23:23 - 00001232 _____ C:\Users\Cunningham\Desktop\Registry Repair.lnk 2013-09-06 23:23 - 2013-09-06 23:23 - 00000000 ____D C:\Program Files (x86)\Glarysoft 2013-09-06 23:19 - 2011-02-13 07:04 - 00002008 _____ C:\Windows\epplauncher.mif 2013-09-06 23:18 - 2013-09-06 23:18 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2013-09-06 23:18 - 2013-09-06 23:18 - 00366592 _____ (Microsoft Corporation) C:\Windows\System32\qdvd.dll 2013-09-06 23:17 - 2011-12-04 12:27 - 00000000 ____D C:\Users\Cunningham\AppData\Roaming\Azureus 2013-09-06 23:17 - 2010-11-26 11:17 - 00000000 ____D C:\Users\Cunningham\AppData\Roaming\FrostWire 2013-09-06 23:17 - 2010-01-25 06:23 - 00000000 ____D C:\Users\Cunningham\Tracing 2013-09-06 23:17 - 2009-08-05 10:14 - 00000000 ____D C:\Windows\Panther 2013-09-06 23:13 - 2013-09-06 23:05 - 00001181 _____ C:\Users\Public\Desktop\IObit Malware Fighter.lnk 2013-09-06 23:13 - 2013-09-06 23:05 - 00001178 _____ C:\Users\Public\Desktop\Smart Defrag 2.lnk 2013-09-06 23:13 - 2013-09-06 23:04 - 00000000 ____D C:\ProgramData\IObit 2013-09-06 23:04 - 2013-09-06 23:04 - 00001280 _____ C:\Users\Public\Desktop\Uninstaller.lnk 2013-09-06 23:04 - 2013-09-06 23:04 - 00001229 _____ C:\Users\Public\Desktop\Advanced SystemCare 6.lnk 2013-09-06 23:04 - 2013-09-06 23:04 - 00000000 ____D C:\ProgramData\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A} 2013-09-06 23:04 - 2010-01-24 17:23 - 00000000 ____D C:\Users\Cunningham\AppData\Roaming\Apple Computer 2013-09-06 22:16 - 2012-11-17 15:37 - 00000000 ____D C:\Users\Cunningham\AppData\Local\dealcabby 2013-09-06 21:35 - 2013-09-06 21:35 - 00000000 ____D C:\ProgramData\Sophos 2013-09-06 21:34 - 2013-04-11 17:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-09-06 21:23 - 2013-09-06 20:28 - 00000000 ____D C:\Users\Cunningham\AppData\Local\CrashDumps 2013-09-06 21:21 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF 2013-09-06 21:19 - 2009-07-13 21:13 - 00739600 _____ C:\Windows\System32\PerfStringBackup.INI 2013-09-06 20:27 - 2013-09-06 20:27 - 00000000 ____D C:\ProgramData\CheckPoint 2013-09-06 20:13 - 2013-09-06 20:13 - 02474392 _____ (Check Point Software Technologies LTD) C:\Users\Cunningham\Downloads\zaSetupWeb_110_780_000.exe 2013-09-06 20:05 - 2013-03-02 18:42 - 00000000 ____D C:\Users\Cunningham\AppData\Roaming\PerformerSoft 2013-09-06 19:57 - 2013-09-06 19:57 - 00001117 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-09-06 19:57 - 2013-09-06 19:57 - 00000000 ____D C:\Users\Cunningham\AppData\Roaming\Malwarebytes 2013-09-06 19:57 - 2013-09-06 19:57 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-09-06 19:57 - 2013-09-06 19:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-09-06 19:51 - 2013-09-06 19:51 - 00033283 _____ C:\Windows\SysWOW64\hs_err_pid1468.log 2013-09-06 19:48 - 2013-09-06 19:48 - 00000338 _____ C:\Users\Cunningham\Desktop\Result.txt 2013-09-06 19:48 - 2013-09-06 19:47 - 00000000 ____D C:\Users\Cunningham\Desktop\TrendMicro AntiThreat Toolkit 2013-09-06 19:47 - 2013-09-06 19:47 - 00173504 _____ (Trend Micro Inc.) C:\Windows\System32\Drivers\tmcomm.sys 2013-09-06 19:46 - 2013-09-06 19:46 - 00111672 _____ C:\Users\Cunningham\AppData\Local\GDIPFONTCACHEV1.DAT 2013-09-06 19:46 - 2013-09-06 19:46 - 00000000 ____D C:\Users\Cunningham\AppData\Local\{935402F4-7AED-4B98-BDAC-7C838ED29651} 2013-09-06 19:43 - 2013-09-06 19:41 - 00234544 _____ C:\Windows\RegBootClean64.exe 2013-09-06 19:40 - 2013-09-06 19:40 - 00000036 _____ C:\Users\Cunningham\AppData\Local\housecall.guid.cache 2013-09-05 19:24 - 2013-09-05 19:24 - 00000000 ____D C:\ProgramData\SUPERSetup 2013-09-05 18:46 - 2013-09-05 18:46 - 00000000 ____D C:\Users\Cunningham\AppData\Local\Google 2013-09-05 18:45 - 2013-09-05 18:45 - 00000000 ____D C:\Users\Cunningham\AppData\Local\{6789E919-DD9C-44F8-BEBE-149A8B28DCC8} 2013-09-05 15:01 - 2012-01-08 15:42 - 00000926 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1714311701-3293082534-2677891347-1001Core.job 2013-09-05 01:52 - 2012-11-17 15:37 - 00000000 ____D C:\ProgramData\Sendori 2013-09-02 17:47 - 2010-01-30 20:39 - 00000410 _____ C:\Windows\Tasks\EasyShare Registration Task.job 2013-09-01 11:42 - 2013-09-01 11:42 - 00000000 ____D C:\Users\Cunningham\Documents\09-01-2013 2013-08-29 18:52 - 2013-08-29 18:51 - 00000000 ____D C:\Users\Cunningham\AppData\Local\{5B8BAB56-FDAC-4A38-9604-C879A7111FBD} 2013-08-29 18:03 - 2013-08-29 18:03 - 00000000 ____D C:\ProgramData\qllb 2013-08-29 18:03 - 2013-08-29 00:33 - 00000004 _____ C:\Users\Cunningham\AppData\Roaming\cache.ini 2013-08-29 00:45 - 2013-08-29 00:29 - 00000000 ____D C:\ProgramData\odt 2013-08-29 00:28 - 2013-08-29 00:28 - 00000000 ____D C:\Program Files (x86)\Google 2013-08-28 18:56 - 2013-08-28 18:56 - 00000000 ____D C:\Users\Cunningham\Documents\08-28-2013 2013-08-28 11:53 - 2012-11-17 15:37 - 00000000 ____D C:\Program Files (x86)\Sendori 2013-08-27 17:45 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\FxsTmp 2013-08-24 07:17 - 2013-08-23 19:16 - 00000000 ____D C:\Users\Cunningham\AppData\Local\{B9C0119F-6FC9-4490-87D8-CF126101B024} 2013-08-22 20:45 - 2010-01-24 20:55 - 00010416 _____ C:\Users\Cunningham\AppData\Roaming\wklnhst.dat 2013-08-22 19:37 - 2013-08-22 19:42 - 00009216 _____ C:\Users\Cunningham\Documents\macaylas health history - Copy.wps 2013-08-22 19:37 - 2013-08-22 19:37 - 00009216 _____ C:\Users\Cunningham\Documents\macaylas health history.wps 2013-08-20 16:37 - 2012-06-04 11:55 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-08-20 16:37 - 2012-06-04 11:55 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-08-20 16:37 - 2011-12-04 12:06 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-08-20 16:36 - 2012-12-12 00:36 - 17139080 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2013-08-16 12:34 - 2013-08-16 12:33 - 00000000 ____D C:\Users\Cunningham\AppData\Local\{66DBD374-036D-453C-85DE-C9FEE90A3156} 2013-08-15 17:56 - 2013-08-14 17:55 - 00000000 ____D C:\Users\Cunningham\AppData\Local\{E1140D0D-21F2-4509-8892-1CA1E3166659} 2013-08-14 03:02 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache 2013-08-14 02:02 - 2013-07-24 02:00 - 00000000 ____D C:\Windows\System32\MRT 2013-08-14 02:00 - 2010-01-24 06:48 - 78161360 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-08-11 07:25 - 2013-08-11 07:25 - 00000000 ____D C:\Users\Cunningham\AppData\Local\{339C310D-C920-4D18-8B4A-223380750893} 2013-08-08 06:15 - 2013-08-01 18:12 - 00000000 ____D C:\Users\Cunningham\AppData\Local\{89A8A125-22B9-4F29-9A93-7D80AC86FFEF} Files to move or delete: ==================== ZeroAccess: C:\Users\Cunningham\AppData\Local\Google\Desktop\Install\{806c3a61-a563-2436-6e78-f28c5e7520e1} ZeroAccess: C:\Program Files (x86)\Google\Desktop\Install\{806c3a61-a563-2436-6e78-f28c5e7520e1} C:\Users\Cunningham\AppData\Roaming\cache.ini ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender C:\Program Files\Microsoft Security Client\Backup => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: <===== ATTENTION! HKLM\...\exefile\DefaultIcon: <===== ATTENTION! HKLM\...\exefile\open\command: <===== ATTENTION! ==================== Restore Points ========================= Restore point made on: 2013-08-17 13:02:17 Restore point made on: 2013-08-18 18:00:06 Restore point made on: 2013-08-21 13:02:23 Restore point made on: 2013-08-24 19:14:56 Restore point made on: 2013-08-25 18:00:06 Restore point made on: 2013-08-28 19:14:47 Restore point made on: 2013-08-29 00:29:18 Restore point made on: 2013-09-01 18:00:15 Restore point made on: 2013-09-06 21:34:38 Restore point made on: 2013-09-06 23:17:54 Restore point made on: 2013-09-06 23:18:23 Restore point made on: 2013-09-06 23:42:09 Restore point made on: 2013-09-06 23:46:32 ==================== Memory info =========================== Percentage of memory in use: 11% Total physical RAM: 5885.12 MB Available physical RAM: 5234.25 MB Total Pagefile: 5883.32 MB Available Pagefile: 5275.08 MB Total Virtual: 8192 MB Available Virtual: 8191.88 MB ==================== Drives ================================ Drive c: (WIN7) (Fixed) (Total:279.46 GB) (Free:205.28 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (DATA) (Fixed) (Total:411.17 GB) (Free:411.07 GB) NTFS Drive e: (GRMCULXFRER_EN_DVD) (CDROM) (Total:3.09 GB) (Free:0 GB) UDF Drive f: (NEW VOLUME) (Removable) (Total:7.43 GB) (Free:7.43 GB) FAT32 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 699 GB) (Disk ID: 30180648) Partition 1: (Not Active) - (Size=8 GB) - (Type=1B) Partition 2: (Active) - (Size=279 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=411 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 7 GB) (Disk ID: 000EF5BC) Partition 1: (Active) - (Size=7 GB) - (Type=0B) ==================== End Of Log ============================