Scan result of Farbar Recovery Scan Tool (x64) Version: 08-09-2012 Ran by SYSTEM at 10-09-2012 23:10:49 Running from H:\ Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) The current controlset is ControlSet002 ==================== Registry (Whitelisted) =================== HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11660904 2010-11-30] (Realtek Semiconductor) HKLM\...\Run: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe [2581384 2010-08-30] (ELAN Microelectronics Corp.) HKLM-x32\...\Run: [Browsers Protector] C:\Program Files (x86)\Browsers Protector\regmon32.exe [147784 2012-02-15] () HKU\Marcin Misiorowski\...\Run: [Galileo] C:\Users\Marcin Misiorowski\AppData\Local\Galileo\galileo.exe silent [4044800 2012-08-14] () HKU\Marcin Misiorowski\...\Run: [hlgpvqx] C:\Users\Marcin Misiorowski\AppData\Roaming\pngjhyndv_S [x] HKU\Marcin Misiorowski\...\Policies\system: [DisableTaskMgr] 1 HKLM\...\Winlogon: [Shell] explorer.exe, C:\ProgramData\pngjhyndv_S [x ] () Tcpip\Parameters: [DhcpNameServer] 62.179.1.62 62.179.1.63 ==================== Services ==================== 2 ioloSystemService; "C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe" [1027792 2012-08-02] (iolo technologies, LLC) 2 NIS; "C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\diMaster.dll" /prefetch:1 [262584 2011-03-31] (Symantec Corporation) 4 NOBU; "C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe" SERVICE [2804568 2010-05-31] (Symantec Corporation) 4 RichVideo; "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [244904 2009-11-30] () 4 vToolbarUpdater12.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe [927840 2012-09-07] () ==================== Drivers ================================= 1 avgtp; \??\C:\windows\system32\drivers\avgtpx64.sys [31080 2012-09-07] (AVG Technologies) 1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110518.001\BHDrvx64.sys [1127032 2011-05-17] (Symantec Corporation) 1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [481912 2011-05-25] (Symantec Corporation) 1 ElRawDisk; \??\C:\windows\system32\drivers\ElRawDsk.sys [30752 2012-08-02] (EldoS Corporation) 1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110527.001\IDSvia64.sys [476792 2011-03-14] (Symantec Corporation) 3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110531.002\ENG64.SYS [117880 2011-05-25] (Symantec Corporation) 3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110531.002\EX64.SYS [2011768 2011-05-25] (Symantec Corporation) 3 rtport; C:\Windows\SysWow64\Drivers\rtport.sys [15144 2011-05-05] (Windows (R) 2003 DDK 3790 provider) 3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [744568 2011-03-30] (Symantec Corporation) 1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [40568 2011-03-30] (Symantec Corporation) 0 SymDS; C:\Windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS [450680 2011-01-26] (Symantec Corporation) 0 SymEFA; C:\Windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS [912504 2011-03-14] (Symantec Corporation) 3 SymEvent; \??\C:\windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-05-27] (Symantec Corporation) 1 SymIRON; C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [171128 2011-01-26] (Symantec Corporation) 1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [386168 2011-04-20] (Symantec Corporation) ==================== NetSvcs (Whitelisted) ================= ==================== One Month Created Files and Folders ====================== 2012-09-10 09:30 - 2010-11-20 19:25 - 00606208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstime.dll 2012-09-10 09:30 - 2010-11-20 19:24 - 01026560 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll 2012-09-10 09:30 - 2009-07-13 17:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\System32\corpol.dll 2012-09-10 09:30 - 2009-07-13 17:15 - 00018432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\corpol.dll 2012-09-10 06:31 - 2012-09-10 09:24 - 00000000 ___AD C:\Kaspersky Rescue Disk 10.0 2012-09-09 23:55 - 2012-09-09 23:55 - 01034216 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll 2012-09-09 23:55 - 2012-09-09 23:55 - 00916456 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll 2012-09-09 23:55 - 2012-09-09 23:55 - 00289768 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe 2012-09-09 23:55 - 2012-09-09 23:55 - 00189416 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe 2012-09-09 23:55 - 2012-09-09 23:55 - 00188904 ____A (Oracle Corporation) C:\Windows\System32\java.exe 2012-09-09 23:55 - 2012-09-09 23:55 - 00108008 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll 2012-09-09 23:55 - 2012-09-09 23:55 - 00000000 ____D C:\Program Files\Java 2012-09-07 23:35 - 2012-09-07 23:35 - 14097000 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll 2012-09-07 23:35 - 2012-09-07 23:35 - 12518248 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys 2012-09-07 23:35 - 2012-09-07 23:35 - 12485736 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll 2012-09-07 23:35 - 2012-09-07 23:35 - 09831016 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll 2012-09-07 23:35 - 2012-09-07 23:35 - 07004776 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll 2012-09-07 23:35 - 2012-09-07 23:35 - 05109864 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll 2012-09-07 23:35 - 2012-09-07 23:35 - 04554856 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2012-09-07 23:35 - 2012-09-07 23:35 - 03089512 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll 2012-09-07 23:35 - 2012-09-07 23:35 - 02893928 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2012-09-07 23:35 - 2012-09-07 23:35 - 02761832 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll 2012-09-07 23:35 - 2012-09-07 23:35 - 02506856 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll 2012-09-07 23:35 - 2012-09-07 23:35 - 00383080 ____A (NVIDIA Corporation) C:\Windows\System32\nvdecodemft.dll 2012-09-07 23:35 - 2012-09-07 23:35 - 00065128 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll 2012-09-07 23:35 - 2012-09-07 23:35 - 00056936 ____A (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll 2012-09-07 23:34 - 2012-09-07 23:35 - 06117992 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll 2012-09-07 23:34 - 2012-09-07 23:34 - 19118696 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll 2012-09-07 23:34 - 2012-09-07 23:34 - 14513768 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll 2012-09-07 23:34 - 2012-09-07 23:34 - 10267240 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll 2012-09-07 23:34 - 2012-09-07 23:34 - 02041960 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll 2012-09-07 23:34 - 2012-09-07 23:34 - 01628776 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll 2012-09-07 23:34 - 2012-09-07 23:34 - 00263272 ____A (NVIDIA Corporation) C:\Windows\System32\nvcod.dll 2012-09-07 23:34 - 2012-09-07 23:34 - 00011240 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvBridge.kmd 2012-09-07 13:31 - 2011-05-12 05:05 - 01614440 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco642090.dll 2012-09-07 13:31 - 2011-05-12 05:05 - 01359976 ____A (NVIDIA Corporation) C:\Windows\System32\nvgenco642040.dll 2012-09-07 12:49 - 2012-09-07 13:11 - 00000386 ____A C:\Windows\System32\ioloBootDefrag.cfg 2012-09-07 12:48 - 2012-09-07 12:48 - 00002223 ____A C:\Users\Marcin Misiorowski\Desktop\System Mechanic.lnk 2012-09-07 12:48 - 2012-09-07 12:48 - 00000000 ____D C:\Program Files (x86)\iolo 2012-09-07 12:48 - 2012-08-02 02:45 - 00056472 ____A (iolo technologies, LLC) C:\Windows\System32\iolobtdfg.exe 2012-09-07 12:48 - 2012-08-02 02:45 - 00025072 ____A (iolo technologies, LLC) C:\Windows\System32\smrgdf.exe 2012-09-07 12:48 - 2012-08-02 01:27 - 02154576 ____A (iolo technologies, LLC) C:\Windows\System32\Incinerator64.dll 2012-09-07 12:48 - 2012-08-02 01:27 - 02096360 ____A (iolo technologies, LLC) C:\Windows\SysWOW64\Incinerator32.dll 2012-09-07 12:48 - 2012-08-02 01:21 - 00082160 ____A (Raxco Software, Inc.) C:\Windows\System32\Drivers\PDFsFilter.sys 2012-09-07 12:48 - 2012-08-02 01:21 - 00069000 ____A (Microsoft Corporation) C:\Windows\System32\offreg.dll 2012-09-07 12:48 - 2012-08-02 01:21 - 00056200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\offreg.dll 2012-09-07 12:47 - 2012-09-10 00:19 - 00000000 ____D C:\Users\All Users\iolo 2012-09-07 12:47 - 2012-09-07 13:09 - 00000000 ____D C:\Users\Marcin Misiorowski\AppData\Roaming\iolo 2012-09-07 12:47 - 2012-09-07 12:47 - 00074703 ____A C:\Windows\SysWOW64\mfc45.dat 2012-09-07 12:47 - 2012-09-07 12:47 - 00031080 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys 2012-09-07 12:47 - 2012-09-07 12:47 - 00000000 ____D C:\Users\Marcin Misiorowski\AppData\Local\AVG Secure Search 2012-09-07 12:47 - 2012-09-07 12:47 - 00000000 ____D C:\Users\All Users\AVG Secure Search 2012-09-07 12:47 - 2012-09-07 12:47 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search 2012-09-07 12:47 - 2012-08-02 01:21 - 00030752 ____A (EldoS Corporation) C:\Windows\System32\Drivers\ElRawDsk.sys 2012-09-07 11:24 - 2012-09-07 11:20 - 00120320 ____A C:\Users\Marcin Misiorowski\AppData\Roaming\pngjhyndv_S.exe 2012-09-07 11:20 - 2012-09-07 11:20 - 00120320 ____A C:\Users\Marcin Misiorowski\AppData\Local\pngjhyndv_S.exe 2012-09-07 11:20 - 2012-09-07 11:20 - 00120320 ____A C:\Users\All Users\pngjhyndv_S.exe 2012-09-05 23:02 - 2012-09-07 11:16 - 00000000 ____D C:\Users\Marcin Misiorowski\AppData\Roaming\Skype 2012-09-05 23:01 - 2012-09-05 23:01 - 00000000 ___RD C:\Program Files (x86)\Skype 2012-08-20 11:05 - 2012-08-20 11:05 - 00002015 ____A C:\Users\Public\Desktop\MetaTrader - Teletrade.lnk 2012-08-20 11:05 - 2012-08-20 11:05 - 00000000 ____D C:\Users\All Users\MetaQuotes 2012-08-20 11:05 - 2012-08-20 11:05 - 00000000 ____D C:\Program Files (x86)\MetaTrader - Teletrade 2012-08-16 02:46 - 2012-07-06 12:07 - 00552960 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bthport.sys 2012-08-16 02:45 - 2012-06-28 20:55 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-08-16 02:45 - 2012-06-28 20:09 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-08-16 02:45 - 2012-06-28 19:56 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-08-16 02:45 - 2012-06-28 19:49 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-08-16 02:45 - 2012-06-28 19:49 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-08-16 02:45 - 2012-06-28 19:48 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-08-16 02:45 - 2012-06-28 19:47 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-08-16 02:45 - 2012-06-28 19:45 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-08-16 02:45 - 2012-06-28 19:44 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-08-16 02:45 - 2012-06-28 19:43 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-08-16 02:45 - 2012-06-28 19:42 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-08-16 02:45 - 2012-06-28 19:40 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-08-16 02:45 - 2012-06-28 19:39 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-08-16 02:45 - 2012-06-28 19:35 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-08-16 02:45 - 2012-06-28 16:52 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2012-08-16 02:45 - 2012-06-28 16:27 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2012-08-16 02:45 - 2012-06-28 16:16 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2012-08-16 02:45 - 2012-06-28 16:09 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-08-16 02:45 - 2012-06-28 16:09 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2012-08-16 02:45 - 2012-06-28 16:08 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2012-08-16 02:45 - 2012-06-28 16:07 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2012-08-16 02:45 - 2012-06-28 16:06 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-08-16 02:45 - 2012-06-28 16:04 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2012-08-16 02:45 - 2012-06-28 16:04 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2012-08-16 02:45 - 2012-06-28 16:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2012-08-16 02:45 - 2012-06-28 16:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2012-08-16 02:45 - 2012-06-28 16:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2012-08-16 02:45 - 2012-06-28 15:57 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2012-08-14 22:47 - 2012-07-18 10:15 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-08-14 22:47 - 2012-07-04 14:16 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll 2012-08-14 22:47 - 2012-07-04 14:13 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll 2012-08-14 22:47 - 2012-07-04 14:13 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll 2012-08-14 22:47 - 2012-07-04 13:16 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll 2012-08-14 22:47 - 2012-07-04 13:14 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll 2012-08-14 22:47 - 2012-05-13 21:26 - 00956928 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll 2012-08-14 22:47 - 2012-05-05 00:36 - 00503808 ____A (Microsoft Corporation) C:\Windows\System32\srcore.dll 2012-08-14 22:47 - 2012-05-04 23:46 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2012-08-14 22:47 - 2012-02-10 22:43 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll 2012-08-14 22:47 - 2012-02-10 22:36 - 00559104 ____A (Microsoft Corporation) C:\Windows\System32\spoolsv.exe 2012-08-14 22:47 - 2012-02-10 22:36 - 00067072 ____A (Microsoft Corporation) C:\Windows\splwow64.exe 2012-08-14 22:47 - 2012-02-10 21:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll 2012-08-14 11:34 - 2012-08-14 12:09 - 727472128 ____A C:\Users\Marcin Misiorowski\Desktop\19) ?1988 Wesoly domek Lektor Pl.avi 2012-08-14 11:26 - 2012-08-14 11:32 - 00000000 ____D C:\Users\Marcin Misiorowski\AppData\Local\Galileo 2012-08-14 11:20 - 2012-09-10 06:33 - 00001068 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2012-08-14 11:20 - 2012-09-10 06:30 - 00001072 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2012-08-14 11:20 - 2012-09-10 03:49 - 00000930 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2012-08-14 11:20 - 2012-08-14 11:49 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2012-08-14 11:20 - 2012-08-14 11:27 - 00000000 ____D C:\Users\Marcin Misiorowski\AppData\Local\Google 2012-08-14 11:20 - 2012-08-14 11:20 - 00000000 ____D C:\Program Files (x86)\Google 2012-08-14 11:19 - 2012-08-14 11:19 - 00000000 ____D C:\Windows\System32\Macromed ==================== 3 Months Modified Files ================================ 2012-09-10 13:05 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-09-10 13:05 - 2009-07-13 20:51 - 00062529 ____A C:\Windows\setupact.log 2012-09-10 06:33 - 2012-08-14 11:20 - 00001068 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2012-09-10 06:32 - 2011-04-12 18:45 - 00698146 ____A C:\Windows\System32\perfh015.dat 2012-09-10 06:32 - 2011-04-12 18:45 - 00135224 ____A C:\Windows\System32\perfc015.dat 2012-09-10 06:32 - 2009-07-13 21:13 - 01549932 ____A C:\Windows\System32\PerfStringBackup.INI 2012-09-10 06:30 - 2012-08-14 11:20 - 00001072 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2012-09-10 04:25 - 2011-04-13 08:49 - 02043041 ____A C:\Windows\WindowsUpdate.log 2012-09-10 04:25 - 2009-07-13 20:45 - 00021200 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-09-10 04:25 - 2009-07-13 20:45 - 00021200 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-09-10 03:49 - 2012-08-14 11:20 - 00000930 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2012-09-09 23:55 - 2012-09-09 23:55 - 01034216 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll 2012-09-09 23:55 - 2012-09-09 23:55 - 00916456 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll 2012-09-09 23:55 - 2012-09-09 23:55 - 00289768 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe 2012-09-09 23:55 - 2012-09-09 23:55 - 00189416 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe 2012-09-09 23:55 - 2012-09-09 23:55 - 00188904 ____A (Oracle Corporation) C:\Windows\System32\java.exe 2012-09-09 23:55 - 2012-09-09 23:55 - 00108008 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll 2012-09-09 03:45 - 2009-07-13 21:08 - 00032608 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2012-09-07 23:48 - 2010-11-20 19:47 - 00012046 ____A C:\Windows\PFRO.log 2012-09-07 23:36 - 2011-04-12 16:53 - 00000086 ____A C:\setup.log 2012-09-07 23:35 - 2012-09-07 23:35 - 14097000 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll 2012-09-07 23:35 - 2012-09-07 23:35 - 12518248 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys 2012-09-07 23:35 - 2012-09-07 23:35 - 12485736 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll 2012-09-07 23:35 - 2012-09-07 23:35 - 09831016 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll 2012-09-07 23:35 - 2012-09-07 23:35 - 07004776 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll 2012-09-07 23:35 - 2012-09-07 23:35 - 05109864 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll 2012-09-07 23:35 - 2012-09-07 23:35 - 04554856 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2012-09-07 23:35 - 2012-09-07 23:35 - 03089512 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll 2012-09-07 23:35 - 2012-09-07 23:35 - 02893928 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2012-09-07 23:35 - 2012-09-07 23:35 - 02761832 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll 2012-09-07 23:35 - 2012-09-07 23:35 - 02506856 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll 2012-09-07 23:35 - 2012-09-07 23:35 - 00383080 ____A (NVIDIA Corporation) C:\Windows\System32\nvdecodemft.dll 2012-09-07 23:35 - 2012-09-07 23:35 - 00065128 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll 2012-09-07 23:35 - 2012-09-07 23:35 - 00056936 ____A (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll 2012-09-07 23:35 - 2012-09-07 23:34 - 06117992 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll 2012-09-07 23:35 - 2011-04-12 18:24 - 00010932 ____A C:\Windows\System32\nvinfo.pb 2012-09-07 23:34 - 2012-09-07 23:34 - 19118696 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll 2012-09-07 23:34 - 2012-09-07 23:34 - 14513768 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll 2012-09-07 23:34 - 2012-09-07 23:34 - 10267240 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll 2012-09-07 23:34 - 2012-09-07 23:34 - 02041960 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll 2012-09-07 23:34 - 2012-09-07 23:34 - 01628776 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll 2012-09-07 23:34 - 2012-09-07 23:34 - 00263272 ____A (NVIDIA Corporation) C:\Windows\System32\nvcod.dll 2012-09-07 23:34 - 2012-09-07 23:34 - 00011240 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvBridge.kmd 2012-09-07 13:11 - 2012-09-07 12:49 - 00000386 ____A C:\Windows\System32\ioloBootDefrag.cfg 2012-09-07 12:48 - 2012-09-07 12:48 - 00002223 ____A C:\Users\Marcin Misiorowski\Desktop\System Mechanic.lnk 2012-09-07 12:47 - 2012-09-07 12:47 - 00074703 ____A C:\Windows\SysWOW64\mfc45.dat 2012-09-07 12:47 - 2012-09-07 12:47 - 00031080 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys 2012-09-07 12:42 - 2011-04-12 17:30 - 00002922 ____A C:\Windows\LCDStretchMode.log 2012-09-07 12:39 - 2011-04-12 17:26 - 00407040 ____A (Samsung Electronics) C:\Windows\HotfixChecker.exe 2012-09-07 12:39 - 2011-04-12 17:25 - 00000496 ____A C:\Windows\HotFixList.ini 2012-09-07 12:38 - 2011-04-12 17:25 - 00345600 ____A (Samsung Electronics Co., Ltd.) C:\Windows\SetLCDStretchMode.exe 2012-09-07 11:20 - 2012-09-07 11:24 - 00120320 ____A C:\Users\Marcin Misiorowski\AppData\Roaming\pngjhyndv_S.exe 2012-09-07 11:20 - 2012-09-07 11:20 - 00120320 ____A C:\Users\Marcin Misiorowski\AppData\Local\pngjhyndv_S.exe 2012-09-07 11:20 - 2012-09-07 11:20 - 00120320 ____A C:\Users\All Users\pngjhyndv_S.exe 2012-09-06 01:14 - 2011-05-27 06:43 - 00000099 ____A C:\Users\Public\LMDebug.log 2012-08-20 11:05 - 2012-08-20 11:05 - 00002015 ____A C:\Users\Public\Desktop\MetaTrader - Teletrade.lnk 2012-08-16 11:13 - 2009-07-13 20:45 - 00339336 ____A C:\Windows\System32\FNTCACHE.DAT 2012-08-14 12:09 - 2012-08-14 11:34 - 727472128 ____A C:\Users\Marcin Misiorowski\Desktop\19) ?1988 Wesoly domek Lektor Pl.avi 2012-08-14 11:49 - 2012-08-14 11:20 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2012-08-14 11:49 - 2011-05-25 07:50 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2012-08-02 02:45 - 2012-09-07 12:48 - 00056472 ____A (iolo technologies, LLC) C:\Windows\System32\iolobtdfg.exe 2012-08-02 02:45 - 2012-09-07 12:48 - 00025072 ____A (iolo technologies, LLC) C:\Windows\System32\smrgdf.exe 2012-08-02 01:27 - 2012-09-07 12:48 - 02154576 ____A (iolo technologies, LLC) C:\Windows\System32\Incinerator64.dll 2012-08-02 01:27 - 2012-09-07 12:48 - 02096360 ____A (iolo technologies, LLC) C:\Windows\SysWOW64\Incinerator32.dll 2012-08-02 01:21 - 2012-09-07 12:48 - 00082160 ____A (Raxco Software, Inc.) C:\Windows\System32\Drivers\PDFsFilter.sys 2012-08-02 01:21 - 2012-09-07 12:48 - 00069000 ____A (Microsoft Corporation) C:\Windows\System32\offreg.dll 2012-08-02 01:21 - 2012-09-07 12:48 - 00056200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\offreg.dll 2012-08-02 01:21 - 2012-09-07 12:47 - 00030752 ____A (EldoS Corporation) C:\Windows\System32\Drivers\ElRawDsk.sys 2012-07-18 10:15 - 2012-08-14 22:47 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-07-06 12:07 - 2012-08-16 02:46 - 00552960 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bthport.sys 2012-07-04 14:16 - 2012-08-14 22:47 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll 2012-07-04 14:13 - 2012-08-14 22:47 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll 2012-07-04 14:13 - 2012-08-14 22:47 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll 2012-07-04 13:16 - 2012-08-14 22:47 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll 2012-07-04 13:14 - 2012-08-14 22:47 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll 2012-06-28 20:55 - 2012-08-16 02:45 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-06-28 20:09 - 2012-08-16 02:45 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-06-28 19:56 - 2012-08-16 02:45 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-06-28 19:49 - 2012-08-16 02:45 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-06-28 19:49 - 2012-08-16 02:45 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-06-28 19:48 - 2012-08-16 02:45 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-06-28 19:47 - 2012-08-16 02:45 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-06-28 19:45 - 2012-08-16 02:45 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-06-28 19:44 - 2012-08-16 02:45 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-06-28 19:43 - 2012-08-16 02:45 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-06-28 19:42 - 2012-08-16 02:45 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-06-28 19:40 - 2012-08-16 02:45 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-06-28 19:39 - 2012-08-16 02:45 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-06-28 19:35 - 2012-08-16 02:45 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-06-28 16:52 - 2012-08-16 02:45 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2012-06-28 16:27 - 2012-08-16 02:45 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2012-06-28 16:16 - 2012-08-16 02:45 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2012-06-28 16:09 - 2012-08-16 02:45 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-06-28 16:09 - 2012-08-16 02:45 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2012-06-28 16:08 - 2012-08-16 02:45 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2012-06-28 16:07 - 2012-08-16 02:45 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2012-06-28 16:06 - 2012-08-16 02:45 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-06-28 16:04 - 2012-08-16 02:45 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2012-06-28 16:04 - 2012-08-16 02:45 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2012-06-28 16:01 - 2012-08-16 02:45 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2012-06-28 16:01 - 2012-08-16 02:45 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2012-06-28 16:00 - 2012-08-16 02:45 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2012-06-28 15:57 - 2012-08-16 02:45 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2012-06-27 12:44 - 2012-06-27 12:44 - 00010435 ____A C:\Users\Marcin Misiorowski\Desktop\wpisy wakacje.xlsx 2012-06-15 07:15 - 2012-06-15 07:15 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2012-08-28 00:40:21 Restore point made on: 2012-09-04 00:16:42 Restore point made on: 2012-09-05 23:01:13 Restore point made on: 2012-09-09 23:55:16 ==================== Memory info =========================== Percentage of memory in use: 19% Total physical RAM: 2996.56 MB Available physical RAM: 2421.79 MB Total Pagefile: 2994.76 MB Available Pagefile: 2409.98 MB Total Virtual: 8192 MB Available Virtual: 8191.91 MB ==================== Partitions ============================ 1 Drive c: () (Fixed) (Total:111 GB) (Free:58.96 GB) NTFS 2 Drive d: () (Fixed) (Total:165.38 GB) (Free:162.83 GB) NTFS 3 Drive f: (SAMSUNG_REC) (Fixed) (Total:21.6 GB) (Free:0.94 GB) NTFS ==>[System with boot components (obtained from reading drive)] 4 Drive g: (Rentier) (CDROM) (Total:0.09 GB) (Free:0 GB) CDFS 5 Drive h: (WRZOSIU) (Removable) (Total:1.87 GB) (Free:1.87 GB) FAT 6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS 7 Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)] Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 298 GB 1024 KB Disk 1 Online 1912 MB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 100 MB 1024 KB Partition 2 Primary 111 GB 101 MB Partition 0 Extended 165 GB 111 GB Partition 4 Logical 165 GB 111 GB Partition 3 Recovery 21 GB 276 GB ================================================================================== Disk: 0 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 Y SYSTEM NTFS Partition 100 MB Healthy ================================================================================== Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C NTFS Partition 111 GB Healthy ================================================================================== Disk: 0 Partition 4 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 D NTFS Partition 165 GB Healthy ================================================================================== Disk: 0 Partition 3 Type : 27 Hidden: Yes Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 F SAMSUNG_REC NTFS Partition 21 GB Healthy Hidden ================================================================================== Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 1911 MB 16 KB ================================================================================== Disk: 1 Partition 1 Type : 06 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 5 H WRZOSIU FAT Removable 1911 MB Healthy ================================================================================== Last Boot: 2012-09-10 00:13 ==================== End Of Log =============================