Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-08-2013 02 Ran by SYSTEM on 23-08-2013 23:29:20 Running from H:\ Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 10 Boot Mode: Recovery The current controlset is ControlSet002 [b]ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.[/b] ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11613288 2010-11-16] (Realtek Semiconductor) HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2581384 2010-08-30] (ELAN Microelectronics Corp.) HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation) HKLM-x32\...\Run: [AllShareAgent] - C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe [285072 2012-01-19] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG Secure Search\vprot.exe [2314416 2013-08-21] () HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.) HKU\mookie\...\Run: [KiesPDLR] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844144 2013-01-10] (Samsung) HKU\mookie\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1475952 2013-01-10] (Samsung) HKU\mookie\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844144 2013-01-10] (Samsung) HKU\mookie\...\Run: [PC Suite Tray] - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [1516632 2012-06-26] (Nokia) HKU\UpdatusUser\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] - C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe [1266712 2013-06-04] (AVG Secure Search) AppInit_DLLs: C:\windows\system32\nvinitx.dll [226920 2011-01-17] (NVIDIA Corporation) AppInit_DLLs-x32: C:\windows\SysWOW64\nvinit.dll [192616 2011-01-17] (NVIDIA Corporation) ==================== Services (Whitelisted) ================= S2 MSSQL$INSERTGT; C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [61913952 2010-04-03] (Microsoft Corporation) S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [130008 2011-04-16] (Symantec Corporation) S2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-05-31] (Symantec Corporation) S2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-11-30] () S4 SQLAgent$INSERTGT; C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\SQLAGENT.EXE [428384 2010-04-03] (Microsoft Corporation) S2 vToolbarUpdater15.5.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [1643184 2013-08-21] (AVG Secure Search) ==================== Drivers (Whitelisted) ==================== S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [29184 2012-03-05] (LG Electronics Inc.) S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [36352 2012-03-05] (LG Electronics Inc.) S1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [45856 2013-08-21] (AVG Technologies) S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120207.003\BHDrvx64.sys [1157240 2011-11-30] (Symantec Corporation) S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120207.003\BHDrvx64.sys [1157240 2011-11-30] (Symantec Corporation) S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [482936 2012-02-06] (Symantec Corporation) S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [482936 2012-02-06] (Symantec Corporation) S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120210.002\IDSvia64.sys [488568 2012-01-25] (Symantec Corporation) S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120210.002\IDSvia64.sys [488568 2012-01-25] (Symantec Corporation) S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120211.006\ENG64.SYS [117880 2012-01-26] (Symantec Corporation) S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120211.006\ENG64.SYS [117880 2012-01-26] (Symantec Corporation) S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120211.006\EX64.SYS [2048632 2012-01-26] (Symantec Corporation) S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120211.006\EX64.SYS [2048632 2012-01-26] (Symantec Corporation) S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2011-07-28] (Windows (R) 2003 DDK 3790 provider) S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2011-07-28] (Windows (R) 2003 DDK 3790 provider) S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [744568 2011-03-30] (Symantec Corporation) S1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [40568 2011-03-30] (Symantec Corporation) S0 SymDS; C:\Windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS [450680 2011-01-26] (Symantec Corporation) S0 SymEFA; C:\Windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS [912504 2011-03-14] (Symantec Corporation) S3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-12-15] (Symantec Corporation) S1 SymIRON; C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [171128 2011-01-26] (Symantec Corporation) S1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [386168 2011-04-20] (Symantec Corporation) S1 vBszKyhV2; C:\Windows\system32\drivers\vBszKyhV2.sys [46528 2013-08-08] () S3 dgderdrv; System32\drivers\dgderdrv.sys [x] S3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-08-22 19:48 - 2013-08-22 19:48 - 00088068 _____ C:\OTL.Txt 2013-08-20 08:17 - 2013-08-20 08:17 - 00000000 __SHD C:\found.001 2013-08-13 11:03 - 2013-08-13 11:03 - 00006832 ____N C:\bootsqm.dat 2013-08-13 11:03 - 2013-08-13 11:03 - 00000000 __SHD C:\found.000 2013-08-10 00:54 - 2010-11-20 19:25 - 00606208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstime.dll 2013-08-10 00:54 - 2010-11-20 19:25 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe 2013-08-10 00:54 - 2010-11-20 19:24 - 01026560 _____ (Microsoft Corporation) C:\Windows\System32\mstime.dll 2013-08-10 00:54 - 2009-07-13 17:41 - 00267776 _____ (Microsoft Corporation) C:\Windows\System32\ieaksie.dll 2013-08-10 00:54 - 2009-07-13 17:41 - 00156160 _____ (Microsoft Corporation) C:\Windows\System32\ieakeng.dll 2013-08-10 00:54 - 2009-07-13 17:40 - 00090112 _____ (Microsoft Corporation) C:\Windows\System32\admparse.dll 2013-08-10 00:54 - 2009-07-13 17:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\System32\corpol.dll 2013-08-10 00:54 - 2009-07-13 17:27 - 00163840 _____ (Microsoft Corporation) C:\Windows\System32\ieakui.dll 2013-08-10 00:54 - 2009-07-13 17:15 - 00229376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll 2013-08-10 00:54 - 2009-07-13 17:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll 2013-08-10 00:54 - 2009-07-13 17:15 - 00018432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\corpol.dll 2013-08-10 00:54 - 2009-07-13 17:14 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll 2013-08-10 00:54 - 2009-07-13 17:05 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll 2013-08-10 00:54 - 2009-06-10 12:45 - 00000003 _____ C:\Windows\System32\Drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf 2013-08-09 23:23 - 2013-08-22 10:28 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0 2013-08-08 11:20 - 2013-06-11 15:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-08-08 11:20 - 2013-06-11 15:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-08-08 11:20 - 2013-06-11 15:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-08-08 11:20 - 2013-06-11 15:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-08-08 11:20 - 2013-06-11 15:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-08-08 11:20 - 2013-06-11 15:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-08-08 11:20 - 2013-06-11 15:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-08-08 11:20 - 2013-06-11 15:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-08-08 11:20 - 2013-06-11 15:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-08-08 11:20 - 2013-06-11 15:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-08-08 11:20 - 2013-06-11 15:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-08-08 11:20 - 2013-06-11 15:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-08-08 11:20 - 2013-06-11 15:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-08-08 11:20 - 2013-06-11 15:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-08-08 11:20 - 2013-06-11 15:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-08-08 11:20 - 2013-06-11 15:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-08-08 11:20 - 2013-06-11 15:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-08-08 11:20 - 2013-06-11 15:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-08-08 11:20 - 2013-06-11 15:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-08-08 11:20 - 2013-06-11 15:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-08-08 11:20 - 2013-06-11 15:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-08-08 11:20 - 2013-06-11 15:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-08-08 11:20 - 2013-06-11 15:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-08-08 11:20 - 2013-06-11 15:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2013-08-08 11:20 - 2013-06-11 15:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-08-08 11:20 - 2013-06-11 15:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-08-08 11:20 - 2013-06-11 15:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-08-08 11:20 - 2013-06-11 14:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-08-08 11:20 - 2013-06-11 14:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe 2013-08-08 11:20 - 2013-06-06 19:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-08-08 11:20 - 2013-06-06 18:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-08-08 11:18 - 2013-08-08 11:18 - 04320056 _____ C:\Windows\System32\vBszKyhV.bmp 2013-08-08 11:18 - 2013-08-08 11:18 - 00702464 _____ C:\Windows\System32\vBszKyhV2.exe 2013-08-08 11:18 - 2013-08-08 11:18 - 00680448 _____ C:\Windows\System32\vBszKyhV1.exe 2013-08-08 11:18 - 2013-08-08 11:18 - 00046528 _____ C:\Windows\System32\Drivers\vBszKyhV2.sys 2013-08-08 11:18 - 2013-08-08 11:18 - 00004096 _____ C:\Windows\System32\vBszKyhV.dll 2013-08-08 11:17 - 2013-08-08 11:17 - 00031232 _____ C:\Windows\System32\vBszKyhVp.dll 2013-07-25 12:45 - 2013-06-04 19:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys 2013-07-25 12:45 - 2013-06-03 22:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll 2013-07-25 12:45 - 2013-06-03 20:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2013-07-25 12:45 - 2013-05-05 22:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL 2013-07-25 12:45 - 2013-05-05 20:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2013-07-25 12:44 - 2013-04-09 15:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2013-07-25 12:44 - 2013-04-02 14:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll ==================== One Month Modified Files and Folders ======= 2013-08-23 23:28 - 2013-08-23 23:28 - 00000000 ____D C:\FRST 2013-08-22 19:48 - 2013-08-22 19:48 - 00088068 _____ C:\OTL.Txt 2013-08-22 19:40 - 2011-12-14 06:51 - 00000000 ____D C:\users\mookie 2013-08-22 11:23 - 2012-08-12 11:32 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-08-22 11:23 - 2012-04-01 05:40 - 00001048 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-08-22 11:23 - 2011-04-19 21:48 - 01450389 _____ C:\Windows\WindowsUpdate.log 2013-08-22 10:28 - 2013-08-09 23:23 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0 2013-08-22 08:57 - 2012-08-12 11:32 - 00003868 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-08-22 08:57 - 2012-03-31 11:37 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-08-22 08:57 - 2011-12-15 02:28 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-08-22 08:42 - 2009-07-13 20:45 - 00021200 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-08-22 08:42 - 2009-07-13 20:45 - 00021200 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-08-22 08:33 - 2012-04-01 05:40 - 00001044 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-08-22 08:32 - 2013-06-04 20:31 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job 2013-08-22 08:31 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-08-22 08:31 - 2009-07-13 20:51 - 00103369 _____ C:\Windows\setupact.log 2013-08-21 10:50 - 2013-01-20 03:13 - 00045856 _____ (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys 2013-08-21 10:50 - 2013-01-20 03:13 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search 2013-08-20 08:17 - 2013-08-20 08:17 - 00000000 __SHD C:\found.001 2013-08-13 12:13 - 2010-11-20 19:24 - 00000000 __SHD C:\Users\mookie\AppData\Roaming\ecahgwue 2013-08-13 11:03 - 2013-08-13 11:03 - 00006832 ____N C:\bootsqm.dat 2013-08-13 11:03 - 2013-08-13 11:03 - 00000000 __SHD C:\found.000 2013-08-13 10:44 - 2012-03-27 11:57 - 00000000 ____D C:\Users\mookie\AppData\Local\CrashDumps 2013-08-10 00:55 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\com 2013-08-10 00:55 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\oobe 2013-08-10 00:55 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\com 2013-08-10 00:55 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\IME 2013-08-09 14:57 - 2009-07-13 21:08 - 00032604 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-08-09 12:39 - 2012-04-01 05:40 - 00000000 ____D C:\Program Files (x86)\Google 2013-08-09 12:32 - 2011-04-19 06:38 - 00000000 ____D C:\Windows\SysWOW64\NV 2013-08-09 12:32 - 2011-04-19 06:38 - 00000000 ____D C:\Windows\System32\NV 2013-08-09 12:32 - 2011-04-19 05:55 - 00000000 ____D C:\ProgramData\NVIDIA 2013-08-09 12:31 - 2009-07-13 20:45 - 00322640 _____ C:\Windows\System32\FNTCACHE.DAT 2013-08-09 12:30 - 2011-04-19 21:12 - 00000000 ____D C:\Program Files\Windows Journal 2013-08-09 12:30 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender 2013-08-09 12:30 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender 2013-08-09 12:29 - 2010-11-20 19:47 - 01800882 _____ C:\Windows\PFRO.log 2013-08-08 11:39 - 2011-04-19 06:24 - 00000000 ____D C:\ProgramData\SAMSUNG 2013-08-08 11:29 - 2013-01-17 07:26 - 00000000 ____D C:\ProgramData\LGMOBILEAX 2013-08-08 11:27 - 2011-04-19 06:02 - 00000000 ____D C:\ProgramData\CyberLink 2013-08-08 11:26 - 2011-04-19 21:41 - 00804824 _____ C:\Windows\System32\perfh015.dat 2013-08-08 11:26 - 2011-04-19 21:41 - 00180152 _____ C:\Windows\System32\perfc015.dat 2013-08-08 11:26 - 2009-07-13 21:13 - 01871560 _____ C:\Windows\System32\PerfStringBackup.INI 2013-08-08 11:20 - 2012-03-12 11:24 - 01827532 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2013-08-08 11:18 - 2013-08-08 11:18 - 04320056 _____ C:\Windows\System32\vBszKyhV.bmp 2013-08-08 11:18 - 2013-08-08 11:18 - 00702464 _____ C:\Windows\System32\vBszKyhV2.exe 2013-08-08 11:18 - 2013-08-08 11:18 - 00680448 _____ C:\Windows\System32\vBszKyhV1.exe 2013-08-08 11:18 - 2013-08-08 11:18 - 00046528 _____ C:\Windows\System32\Drivers\vBszKyhV2.sys 2013-08-08 11:18 - 2013-08-08 11:18 - 00004096 _____ C:\Windows\System32\vBszKyhV.dll 2013-08-08 11:18 - 2013-01-13 04:01 - 00000000 ____D C:\Archiwum GT 2013-08-08 11:17 - 2013-08-08 11:17 - 00031232 _____ C:\Windows\System32\vBszKyhVp.dll 2013-08-08 11:17 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\sysprep 2013-08-08 08:05 - 2011-12-19 12:13 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-08-08 07:46 - 2013-03-20 08:32 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-08-08 07:46 - 2013-03-20 08:32 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2013-07-25 12:34 - 2012-04-01 05:40 - 00004044 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2013-07-25 12:34 - 2012-04-01 05:40 - 00003792 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2013-07-25 12:31 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION! ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-08-22 08:43:41 ==================== Memory info =========================== Percentage of memory in use: 10% Total physical RAM: 8103.12 MB Available physical RAM: 7276.02 MB Total Pagefile: 8101.32 MB Available Pagefile: 7272.95 MB Total Virtual: 8192 MB Available Virtual: 8191.86 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:125 GB) (Free:40.51 GB) NTFS Drive d: () (Fixed) (Total:448.71 GB) (Free:253.51 GB) NTFS Drive f: (SAMSUNG_REC) (Fixed) (Total:22.36 GB) (Free:0.94 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive g: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS Drive h: (KASPERSKY) (Removable) (Total:3.73 GB) (Free:3.24 GB) FAT32 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 596 GB) (Disk ID: FF87823F) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=125 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=449 GB) - (Type=OF Extended) Partition 4: (Not Active) - (Size=22 GB) - (Type=27) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 4 GB) (Disk ID: 23167BC7) Partition 1: (Not Active) - (Size=4 GB) - (Type=0B) LastRegBack: 2013-08-09 12:50 ==================== End Of Log ============================