Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-10-2012 Ran by SYSTEM at 30-10-2012 17:19:30 Running from G:\ Windows 7 Ultimate (X86) OS Language: English(US) The current controlset is ControlSet001 ==================== Registry (Whitelisted) =================== HKLM\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4297136 2012-10-23] (AVAST Software) HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x] HKU\Default User\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x] HKU\dom\...\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" [495616 2007-09-02] () ==================== Services (Whitelisted) =================== 2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44808 2012-10-23] (AVAST Software) 4 Hamachi2Svc; "C:\Program Files\LogMeIn Hamachi\hamachi-2.exe" -s [1385896 2012-08-29] (LogMeIn Inc.) ==================== Drivers (Whitelisted) ==================== 3 ALCXWDM; C:\Windows\System32\drivers\RTKVAC.SYS [4172832 2009-06-18] (Realtek Semiconductor Corp.) 2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [21256 2012-10-23] (AVAST Software) 2 aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [58680 2012-10-23] (AVAST Software) 1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [44784 2012-10-15] (AVAST Software) 1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [738504 2012-10-23] (AVAST Software) 1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [360392 2012-10-23] (AVAST Software) 1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [54232 2012-10-23] (AVAST Software) 3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2012-09-01] (DT Soft Ltd) 3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.) 0 sfsync04; C:\Windows\System32\drivers\sfsync04.sys [59520 2009-02-03] (Protection Technology (StarForce)) 0 sptd; C:\Windows\System32\Drivers\sptd.sys [477240 2012-04-13] (Duplex Secure Ltd.) 3 usbbus; C:\Windows\System32\DRIVERS\lgusbbus.sys [13056 2008-11-11] (LG Electronics Inc.) 3 UsbDiag; C:\Windows\System32\DRIVERS\lgusbdiag.sys [19968 2008-11-11] (LG Electronics Inc.) 3 USBModem; C:\Windows\System32\DRIVERS\lgusbmodem.sys [24832 2008-11-11] (LG Electronics Inc.) 2 adfs; [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2012-10-30 17:19 - 2012-10-30 17:19 - 00000000 ____D C:\FRST 2012-10-28 14:13 - 2010-10-19 21:00 - 01289536 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll 2012-10-28 14:11 - 2009-10-19 06:10 - 05958656 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-10-28 14:00 - 2012-10-28 14:00 - 00187877 ____A C:\Users\dom\Desktop\Windows6.1-KB2467659-x86.msu 2012-10-28 14:00 - 2012-10-28 14:00 - 00185736 ____A C:\Users\dom\Desktop\Windows6.1-KB2362765-x86.msu 2012-10-28 14:00 - 2012-10-28 14:00 - 00183771 ____A C:\Users\dom\Desktop\Windows6.1-KB2447568-x86.msu 2012-10-28 13:59 - 2012-10-28 14:00 - 00702721 ____A C:\Users\dom\Desktop\Windows6.1-KB2264107-v2-x86.msu 2012-10-28 13:55 - 2012-10-28 13:55 - 00196723 ____A C:\Users\dom\Desktop\Windows6.1-KB2598845-x86.msu 2012-10-28 13:52 - 2012-10-28 13:52 - 01673494 ____A C:\Users\dom\Desktop\Windows6.1-KB2661254-x86.msu 2012-10-28 13:51 - 2012-10-28 13:51 - 00517038 ____A C:\Users\dom\Desktop\Windows6.1-KB2732487-v2-x86.msu 2012-10-28 13:48 - 2012-10-28 13:48 - 00000000 ____A C:\Windows\setuperr.log 2012-10-28 13:48 - 2012-10-28 13:48 - 00000000 ____A C:\Windows\setupact.log 2012-10-28 12:54 - 2009-09-02 23:04 - 01320960 ____A (Microsoft Corporation) C:\Windows\System32\CertEnroll.dll 2012-10-28 12:54 - 2009-07-30 08:29 - 00108544 ____A (Microsoft Corporation) C:\Windows\System32\t2embed.dll 2012-10-28 12:54 - 2009-07-30 08:27 - 00071168 ____A (Microsoft Corporation) C:\Windows\System32\fontsub.dll 2012-10-28 12:54 - 2009-07-29 20:44 - 00293888 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll 2012-10-28 12:53 - 2009-08-28 22:59 - 11406336 ____A (Microsoft Corporation) C:\Windows\System32\wmp.dll 2012-10-28 12:53 - 2009-08-28 22:54 - 12625408 ____A (Microsoft Corporation) C:\Windows\System32\wmploc.DLL 2012-10-28 12:53 - 2009-08-18 23:20 - 00507568 ____A (Microsoft Corporation) C:\Windows\System32\winload.exe 2012-10-28 12:53 - 2009-08-18 23:20 - 00442920 ____A (Microsoft Corporation) C:\Windows\System32\winresume.exe 2012-10-28 12:53 - 2009-08-02 21:35 - 02613248 ____A (Microsoft Corporation) C:\Windows\explorer.exe 2012-10-28 11:45 - 2012-10-28 11:45 - 00000000 ____D C:\Program Files\Lame For Audacity 2012-10-28 10:14 - 2012-10-28 10:15 - 00000000 ____D C:\Users\dom\Desktop\pSX_1_13 2012-10-28 10:13 - 2012-10-28 10:13 - 00666176 ____A C:\Users\dom\Desktop\pSX_1_13.rar 2012-10-28 09:43 - 2011-05-29 01:38 - 65993068 ____A C:\Users\dom\Desktop\Driver2.exe 2012-10-28 00:29 - 2012-10-28 00:30 - 00602112 ____A (OldTimer Tools) C:\Users\dom\Desktop\OTL.exe 2012-10-28 00:29 - 2012-10-28 00:29 - 00214528 ____A C:\Users\dom\Desktop\net-log.exe 2012-10-27 09:43 - 2012-10-28 12:54 - 00000000 ____D C:\Windows\softwaredistribution.bak3 2012-10-27 09:41 - 2012-10-27 09:41 - 00000000 ____D C:\Windows\softwaredistribution.bak2 2012-10-27 08:33 - 2012-10-27 08:37 - 00000000 ____D C:\Windows\softwaredistribution.bak1 2012-10-27 06:19 - 2012-10-28 14:13 - 00422272 ____A C:\Windows\WindowsUpdate.log 2012-10-27 03:12 - 2012-10-27 03:27 - 00000448 _RASH C:\Users\dom\ntuser.pol 2012-10-26 22:06 - 2012-10-26 22:06 - 00000000 ____D C:\Windows\System32\Adobe 2012-10-26 06:22 - 2012-10-26 06:22 - 00000000 ____D C:\Program Files\LogMeIn Hamachi 2012-10-22 09:20 - 2012-10-22 09:21 - 00000000 ____D C:\Program Files\Mozilla Firefox 2012-10-17 11:47 - 2012-10-17 11:47 - 00246760 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe 2012-10-17 11:47 - 2012-10-17 11:47 - 00174056 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe 2012-10-17 11:47 - 2012-10-17 11:47 - 00174056 ____A (Oracle Corporation) C:\Windows\System32\java.exe 2012-10-17 11:47 - 2012-10-17 11:47 - 00093672 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll 2012-10-17 11:47 - 2012-10-17 11:47 - 00000000 ____D C:\Program Files\Java 2012-10-14 06:34 - 2012-10-26 05:54 - 00000000 ____D C:\Program Files\CCleaner 2012-10-09 07:48 - 2012-10-09 08:21 - 00000000 ____D C:\Users\dom\Documents\Empire Earth II 2012-10-09 07:48 - 2012-10-09 07:48 - 00000000 ____D C:\Users\dom\AppData\Roaming\Sierra 2012-10-09 07:25 - 2012-10-09 07:25 - 00000000 ____D C:\Program Files\Sierra 2012-10-05 11:36 - 2012-10-05 11:36 - 00000000 ____D C:\Users\dom\AppData\Roaming\com.adobe.DC3Module.AdobeADC 2012-10-05 11:10 - 2012-10-05 11:10 - 00000000 ____D C:\Users\dom\Application Data\Adobe 2012-10-05 04:35 - 2012-10-05 04:35 - 00000000 ____D C:\Users\dom\AppData\Local\Windows Live 2012-10-05 04:35 - 2012-10-05 04:35 - 00000000 ____D C:\Program Files\Common Files\Windows Live ==================== 3 Months Modified Files ================== 2012-10-28 14:13 - 2012-10-27 06:19 - 00422272 ____A C:\Windows\WindowsUpdate.log 2012-10-28 14:00 - 2012-10-28 14:00 - 00187877 ____A C:\Users\dom\Desktop\Windows6.1-KB2467659-x86.msu 2012-10-28 14:00 - 2012-10-28 14:00 - 00185736 ____A C:\Users\dom\Desktop\Windows6.1-KB2362765-x86.msu 2012-10-28 14:00 - 2012-10-28 14:00 - 00183771 ____A C:\Users\dom\Desktop\Windows6.1-KB2447568-x86.msu 2012-10-28 14:00 - 2012-10-28 13:59 - 00702721 ____A C:\Users\dom\Desktop\Windows6.1-KB2264107-v2-x86.msu 2012-10-28 13:55 - 2012-10-28 13:55 - 00196723 ____A C:\Users\dom\Desktop\Windows6.1-KB2598845-x86.msu 2012-10-28 13:52 - 2012-10-28 13:52 - 01673494 ____A C:\Users\dom\Desktop\Windows6.1-KB2661254-x86.msu 2012-10-28 13:51 - 2012-10-28 13:51 - 00517038 ____A C:\Users\dom\Desktop\Windows6.1-KB2732487-v2-x86.msu 2012-10-28 13:48 - 2012-10-28 13:48 - 00000000 ____A C:\Windows\setuperr.log 2012-10-28 13:48 - 2012-10-28 13:48 - 00000000 ____A C:\Windows\setupact.log 2012-10-28 13:15 - 2009-07-13 20:34 - 00016944 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-10-28 13:15 - 2009-07-13 20:34 - 00016944 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-10-28 13:01 - 2010-08-02 14:05 - 00687590 ____A C:\Windows\System32\perfh015.dat 2012-10-28 13:01 - 2010-08-02 14:05 - 00131176 ____A C:\Windows\System32\perfc015.dat 2012-10-28 13:01 - 2010-06-21 03:39 - 02317686 ____A C:\Windows\System32\PerfStringBackup.INI 2012-10-28 13:01 - 2009-07-14 00:41 - 00666534 ____A C:\Windows\System32\perfh019.dat 2012-10-28 13:01 - 2009-07-14 00:41 - 00128694 ____A C:\Windows\System32\perfc019.dat 2012-10-28 12:56 - 2011-04-18 10:20 - 03628744 ____A C:\Windows\System32\FNTCACHE.DAT 2012-10-28 12:56 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-10-28 10:13 - 2012-10-28 10:13 - 00666176 ____A C:\Users\dom\Desktop\pSX_1_13.rar 2012-10-28 00:30 - 2012-10-28 00:29 - 00602112 ____A (OldTimer Tools) C:\Users\dom\Desktop\OTL.exe 2012-10-28 00:29 - 2012-10-28 00:29 - 00214528 ____A C:\Users\dom\Desktop\net-log.exe 2012-10-27 05:31 - 2009-07-13 18:04 - 00000822 ____A C:\Windows\System32\Drivers\etc\hosts.bak 2012-10-27 03:27 - 2012-10-27 03:12 - 00000448 _RASH C:\Users\dom\ntuser.pol 2012-10-26 06:16 - 2011-05-08 07:38 - 00000348 ____A C:\Users\dom\AppData\Roaming\burnaware.ini 2012-10-24 12:23 - 2009-07-13 18:04 - 00002577 ____A C:\Windows\System32\config.nt 2012-10-23 02:18 - 2011-04-21 01:55 - 00738504 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys 2012-10-23 02:18 - 2011-04-21 01:55 - 00360392 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys 2012-10-23 02:18 - 2011-04-21 01:55 - 00058680 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys 2012-10-23 02:18 - 2011-04-21 01:55 - 00054232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys 2012-10-23 02:18 - 2011-04-21 01:55 - 00021256 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys 2012-10-23 02:17 - 2011-04-21 01:54 - 00227648 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe 2012-10-23 02:17 - 2011-04-21 01:54 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr 2012-10-17 11:47 - 2012-10-17 11:47 - 00246760 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe 2012-10-17 11:47 - 2012-10-17 11:47 - 00174056 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe 2012-10-17 11:47 - 2012-10-17 11:47 - 00174056 ____A (Oracle Corporation) C:\Windows\System32\java.exe 2012-10-17 11:47 - 2012-10-17 11:47 - 00093672 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll 2012-10-17 11:47 - 2011-12-13 13:14 - 00821736 ____A (Oracle Corporation) C:\Windows\System32\npdeployJava1.dll 2012-10-17 11:47 - 2011-04-18 10:31 - 00746984 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll 2012-10-15 08:59 - 2012-02-25 04:40 - 00044784 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys 2012-10-09 07:01 - 2012-04-01 12:15 - 00696760 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe 2012-10-09 07:01 - 2011-05-18 06:43 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl 2012-09-29 09:54 - 2012-04-06 06:16 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-09-29 00:26 - 2011-11-01 07:48 - 00007605 ____A C:\Users\dom\AppData\Local\resmon.resmoncfg 2012-09-26 11:26 - 2011-04-20 02:58 - 00056000 ____A C:\Users\dom\AppData\Local\GDIPFONTCACHEV1.DAT 2012-09-15 22:10 - 2009-07-13 20:53 - 00032608 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2012-09-01 23:15 - 2012-09-01 23:15 - 00242240 ____A (DT Soft Ltd) C:\Windows\System32\Drivers\dtsoftbus01.sys 2012-08-26 12:14 - 2012-08-26 12:14 - 00043520 ____A C:\Windows\System32\CmdLineExt03.dll ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe [2012-10-28 12:53] - [2009-08-02 21:35] - 2613248 ____A (Microsoft Corporation) B95EEB0F4E5EFBF1038A35B3351CF047 C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll [2009-07-13 15:24] - [2010-06-03 23:53] - 0808448 ____A (Microsoft Corporation) 3D7778DA786063D589EA56D928A39FB1 C:\Windows\System32\userinit.exe [2009-07-13 15:34] - [2010-06-03 23:51] - 0026624 ____A (Microsoft Corporation) A1C9C01C02AF6A2C81CAC34CD5E65F9B C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= ==================== Memory info =========================== Percentage of memory in use: 23% Total physical RAM: 1535.56 MB Available physical RAM: 1169.59 MB Total Pagefile: 1535.56 MB Available Pagefile: 1167.86 MB Total Virtual: 2047.88 MB Available Virtual: 1963.55 MB ==================== Partitions ============================= 2 Drive c: (SYSTEM-R7) (Fixed) (Total:114.4 GB) (Free:70.64 GB) NTFS 3 Drive e: (Repair disc Windows 7 32-bit) (CDROM) (Total:0.14 GB) (Free:0 GB) UDF 5 Drive g: (USB DISK) (Removable) (Total:7.45 GB) (Free:4.03 GB) FAT32 6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS 7 Drive y: (Zastrzezone przez system) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)] Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 114 GB 0 B Disk 1 Online 7634 MB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 100 MB 1024 KB Partition 2 Primary 114 GB 101 MB ========================================================= Disk: 0 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 Y Zastrzezone NTFS Partition 100 MB Healthy ========================================================= Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 C SYSTEM-R7 NTFS Partition 114 GB Healthy ========================================================= Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 7630 MB 4032 KB ========================================================= Disk: 1 Partition 1 Type : 0C Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 G USB DISK FAT32 Removable 7630 MB Healthy ========================================================= Last Boot: 2012-10-26 04:16 ==================== End Of Log ============================