Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-08-2013 02 Ran by mookie (administrator) on 24-08-2013 00:55:11 Running from F:\ Windows 7 Home Premium Service Pack 1 (X64) OS Language: Polish Internet Explorer Version 10 Boot Mode: Safe Mode (with Networking) ==================== Processes (Whitelisted) ================= (C. Ghisler & Co.) C:\Program Files\totalcmd\TOTALCMD.EXE ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11613288 2010-11-17] (Realtek Semiconductor) HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2581384 2010-08-31] (ELAN Microelectronics Corp.) HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation) HKCU\...\Run: [KiesPDLR] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844144 2013-01-10] (Samsung) HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1475952 2013-01-10] (Samsung) HKCU\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844144 2013-01-10] (Samsung) HKCU\...\Run: [PC Suite Tray] - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [1516632 2012-06-26] (Nokia) MountPoints2: {dc8acdd5-60b4-11e2-a53b-b4749ffb6fc6} - G:\LGAutoRun.exe HKLM-x32\...\Run: [AllShareAgent] - C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe [285072 2012-01-19] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG Secure Search\vprot.exe [2314416 2013-08-21] () HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.) HKU\UpdatusUser\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] - C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe [1266712 2013-06-05] (AVG Secure Search) AppInit_DLLs: C:\windows\system32\nvinitx.dll [226920 2011-01-17] (NVIDIA Corporation) AppInit_DLLs-x32: C:\windows\SysWOW64\nvinit.dll [192616 2011-01-17] (NVIDIA Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HD Writer.lnk ShortcutTarget: HD Writer.lnk -> C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe (Panasonic Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.com/?cid={66EA1C38-D5D4-4980-AD46-73F668F5DD28}&mid=a44397c154f147d0ab8a653dd91f8635-8da62b84657fd5cb7c318043098fd7c0f3a8dd60&lang=pl&ds=xn011&pr=sa&d=2013-01-20 12:13:46&v=13.3.0.17&sap=hp HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={66EA1C38-D5D4-4980-AD46-73F668F5DD28}&mid=a44397c154f147d0ab8a653dd91f8635-8da62b84657fd5cb7c318043098fd7c0f3a8dd60&lang=pl&ds=xn011&pr=sa&d=2013-01-20 12:13:46&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms} BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation) BHO-x32: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.5.0.2\AVG Secure Search_toolbar.dll (AVG Secure Search) BHO-x32: Samsung BHO Class - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll () BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.5.0.2\AVG Secure Search_toolbar.dll (AVG Secure Search) Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File DPF: HKLM-x32 {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab DPF: HKLM-x32 {92ECE6FA-AC2E-4042-BFAE-0C8608E52A41} https://www.pekaobiznes24.pl/sme/static/components/SignActivXPEKAO.cab DPF: HKLM-x32 {C3E3BB4F-269C-41A3-9F5F-A360E933CAD3} https://as.photoprintit.com/ips-opdata/activex/ImageUploader6.cab Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll (AVG Secure Search) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{17BDEAB7-A54A-4561-83D1-305372404C52}: [NameServer]212.2.96.51 212.2.96.52 Chrome: ======= CHR HomePage: hxxp://isearch.avg.com/?cid={66EA1C38-D5D4-4980-AD46-73F668F5DD28}&mid=a44397c154f147d0ab8a653dd91f8635-8da62b84657fd5cb7c318043098fd7c0f3a8dd60&lang=pl&ds=xn011&pr=sa&d=2013-01-20 12:13:46&v=15.2.0.5&pid=avg&sg=0&sap=hp CHR RestoreOnStartup: "hxxp://isearch.avg.com/?cid={66EA1C38-D5D4-4980-AD46-73F668F5DD28}&mid=a44397c154f147d0ab8a653dd91f8635-8da62b84657fd5cb7c318043098fd7c0f3a8dd60&lang=pl&ds=xn011&pr=sa&d=2013-01-20 12:13:46&v=15.2.0.5&pid=avg&sg=0&sap=hp"]},"tabs":{"use_vertical_tabs" CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\15.5.0.2\avg.crx ==================== Services (Whitelisted) ================= S2 MSSQL$INSERTGT; C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [61913952 2010-04-03] (Microsoft Corporation) S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [130008 2011-04-17] (Symantec Corporation) S2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation) S2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] () S4 SQLAgent$INSERTGT; C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\SQLAGENT.EXE [428384 2010-04-03] (Microsoft Corporation) S2 vToolbarUpdater15.5.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [1643184 2013-08-21] (AVG Secure Search) ==================== Drivers (Whitelisted) ==================== S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [29184 2012-03-06] (LG Electronics Inc.) S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [36352 2012-03-06] (LG Electronics Inc.) R1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [45856 2013-08-21] (AVG Technologies) S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120207.003\BHDrvx64.sys [1157240 2011-12-01] (Symantec Corporation) S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120207.003\BHDrvx64.sys [1157240 2011-12-01] (Symantec Corporation) S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [482936 2012-02-06] (Symantec Corporation) S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [482936 2012-02-06] (Symantec Corporation) S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120210.002\IDSvia64.sys [488568 2012-01-25] (Symantec Corporation) S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120210.002\IDSvia64.sys [488568 2012-01-25] (Symantec Corporation) S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120211.006\ENG64.SYS [117880 2012-01-26] (Symantec Corporation) S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120211.006\ENG64.SYS [117880 2012-01-26] (Symantec Corporation) S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120211.006\EX64.SYS [2048632 2012-01-26] (Symantec Corporation) S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120211.006\EX64.SYS [2048632 2012-01-26] (Symantec Corporation) S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2011-07-28] (Windows (R) 2003 DDK 3790 provider) S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2011-07-28] (Windows (R) 2003 DDK 3790 provider) S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [744568 2011-03-31] (Symantec Corporation) S1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [40568 2011-03-31] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS [450680 2011-01-27] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS [912504 2011-03-15] (Symantec Corporation) S3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-12-15] (Symantec Corporation) S1 SymIRON; C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [171128 2011-01-27] (Symantec Corporation) S1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [386168 2011-04-21] (Symantec Corporation) S3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-08-24 00:48 - 2013-08-24 00:48 - 00262144 _____ C:\windows\Minidump\082413-36566-01.dmp 2013-08-24 00:35 - 2013-08-24 00:36 - 00262144 _____ C:\windows\Minidump\082413-41480-01.dmp 2013-08-23 05:48 - 2013-08-23 05:48 - 00088068 _____ C:\OTL.Txt 2013-08-13 21:03 - 2013-08-13 21:03 - 00006832 ____N C:\bootsqm.dat 2013-08-10 10:54 - 2010-11-21 05:25 - 00606208 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstime.dll 2013-08-10 10:54 - 2010-11-21 05:25 - 00176128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ie4uinit.exe 2013-08-10 10:54 - 2010-11-21 05:24 - 01026560 _____ (Microsoft Corporation) C:\windows\system32\mstime.dll 2013-08-10 10:54 - 2009-07-14 03:41 - 00267776 _____ (Microsoft Corporation) C:\windows\system32\ieaksie.dll 2013-08-10 10:54 - 2009-07-14 03:41 - 00156160 _____ (Microsoft Corporation) C:\windows\system32\ieakeng.dll 2013-08-10 10:54 - 2009-07-14 03:40 - 00090112 _____ (Microsoft Corporation) C:\windows\system32\admparse.dll 2013-08-10 10:54 - 2009-07-14 03:40 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\corpol.dll 2013-08-10 10:54 - 2009-07-14 03:27 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\ieakui.dll 2013-08-10 10:54 - 2009-07-14 03:15 - 00229376 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieaksie.dll 2013-08-10 10:54 - 2009-07-14 03:15 - 00126976 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieakeng.dll 2013-08-10 10:54 - 2009-07-14 03:15 - 00018432 _____ (Microsoft Corporation) C:\windows\SysWOW64\corpol.dll 2013-08-10 10:54 - 2009-07-14 03:14 - 00073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\admparse.dll 2013-08-10 10:54 - 2009-07-14 03:05 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieakui.dll 2013-08-10 10:54 - 2009-06-10 22:45 - 00000003 _____ C:\windows\system32\Drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf 2013-08-10 09:23 - 2013-08-22 20:28 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0 2013-08-08 21:20 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2013-08-08 21:20 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2013-08-08 21:20 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2013-08-08 21:20 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2013-08-08 21:20 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll 2013-08-08 21:20 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2013-08-08 21:20 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll 2013-08-08 21:20 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2013-08-08 21:20 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2013-08-08 21:20 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll 2013-08-08 21:20 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll 2013-08-08 21:20 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll 2013-08-08 21:20 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll 2013-08-08 21:20 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2013-08-08 21:20 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2013-08-08 21:20 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2013-08-08 21:20 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2013-08-08 21:20 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2013-08-08 21:20 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2013-08-08 21:20 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2013-08-08 21:20 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll 2013-08-08 21:20 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2013-08-08 21:20 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2013-08-08 21:20 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll 2013-08-08 21:20 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2013-08-08 21:20 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2013-08-08 21:20 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2013-08-08 21:20 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe 2013-08-08 21:20 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe 2013-08-08 21:20 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2013-08-08 21:20 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2013-07-25 22:45 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2013-07-25 22:45 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll 2013-07-25 22:45 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll 2013-07-25 22:45 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL 2013-07-25 22:45 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL 2013-07-25 22:44 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll 2013-07-25 22:44 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll ==================== One Month Modified Files and Folders ======= 2013-08-24 09:28 - 2013-08-24 09:28 - 00000000 ____D C:\FRST 2013-08-24 00:54 - 2011-04-20 07:41 - 00804574 _____ C:\windows\system32\perfh015.dat 2013-08-24 00:54 - 2011-04-20 07:41 - 00179934 _____ C:\windows\system32\perfc015.dat 2013-08-24 00:54 - 2009-07-14 07:13 - 01851394 _____ C:\windows\system32\PerfStringBackup.INI 2013-08-24 00:48 - 2013-08-24 00:48 - 00262144 _____ C:\windows\Minidump\082413-36566-01.dmp 2013-08-24 00:48 - 2013-07-10 22:15 - 00000000 ____D C:\windows\Minidump 2013-08-24 00:47 - 2013-07-10 22:15 - 654303592 _____ C:\windows\MEMORY.DMP 2013-08-24 00:36 - 2013-08-24 00:35 - 00262144 _____ C:\windows\Minidump\082413-41480-01.dmp 2013-08-24 00:36 - 2013-06-05 06:31 - 00000350 _____ C:\windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job 2013-08-24 00:36 - 2012-04-01 15:40 - 00001044 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-08-24 00:36 - 2009-07-14 07:08 - 00000006 ____H C:\windows\Tasks\SA.DAT 2013-08-24 00:36 - 2009-07-14 06:51 - 00103481 _____ C:\windows\setupact.log 2013-08-23 05:48 - 2013-08-23 05:48 - 00088068 _____ C:\OTL.Txt 2013-08-23 05:40 - 2011-12-14 16:51 - 00000000 ____D C:\Users\mookie 2013-08-22 21:23 - 2012-08-12 21:32 - 00000930 _____ C:\windows\Tasks\Adobe Flash Player Updater.job 2013-08-22 21:23 - 2012-04-01 15:40 - 00001048 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-08-22 21:23 - 2011-04-20 07:48 - 01450389 _____ C:\windows\WindowsUpdate.log 2013-08-22 20:28 - 2013-08-10 09:23 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0 2013-08-22 18:57 - 2012-08-12 21:32 - 00003868 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater 2013-08-22 18:57 - 2012-03-31 21:37 - 00692104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2013-08-22 18:57 - 2011-12-15 12:28 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-08-22 18:42 - 2009-07-14 06:45 - 00021200 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-08-22 18:42 - 2009-07-14 06:45 - 00021200 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-08-21 20:50 - 2013-01-20 13:13 - 00045856 _____ (AVG Technologies) C:\windows\system32\Drivers\avgtpx64.sys 2013-08-21 20:50 - 2013-01-20 13:13 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search 2013-08-13 21:03 - 2013-08-13 21:03 - 00006832 ____N C:\bootsqm.dat 2013-08-13 20:44 - 2012-03-27 21:57 - 00000000 ____D C:\Users\mookie\AppData\Local\CrashDumps 2013-08-10 10:55 - 2009-07-14 05:20 - 00000000 ____D C:\windows\SysWOW64\com 2013-08-10 10:55 - 2009-07-14 05:20 - 00000000 ____D C:\windows\system32\oobe 2013-08-10 10:55 - 2009-07-14 05:20 - 00000000 ____D C:\windows\system32\com 2013-08-10 10:55 - 2009-07-14 05:20 - 00000000 ____D C:\windows\IME 2013-08-10 00:57 - 2009-07-14 07:08 - 00032604 _____ C:\windows\Tasks\SCHEDLGU.TXT 2013-08-09 22:39 - 2012-04-01 15:40 - 00000000 ____D C:\Program Files (x86)\Google 2013-08-09 22:32 - 2011-04-19 16:38 - 00000000 ____D C:\windows\SysWOW64\NV 2013-08-09 22:32 - 2011-04-19 16:38 - 00000000 ____D C:\windows\system32\NV 2013-08-09 22:32 - 2011-04-19 15:55 - 00000000 ____D C:\ProgramData\NVIDIA 2013-08-09 22:31 - 2009-07-14 06:45 - 00322640 _____ C:\windows\system32\FNTCACHE.DAT 2013-08-09 22:30 - 2011-04-20 07:12 - 00000000 ____D C:\Program Files\Windows Journal 2013-08-09 22:30 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender 2013-08-09 22:30 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender 2013-08-09 22:29 - 2010-11-21 05:47 - 01800882 _____ C:\windows\PFRO.log 2013-08-08 21:39 - 2011-04-19 16:24 - 00000000 ____D C:\ProgramData\SAMSUNG 2013-08-08 21:29 - 2013-01-17 17:26 - 00000000 ____D C:\ProgramData\LGMOBILEAX 2013-08-08 21:27 - 2011-04-19 16:02 - 00000000 ____D C:\ProgramData\CyberLink 2013-08-08 21:20 - 2012-03-12 21:24 - 01827532 _____ C:\windows\SysWOW64\PerfStringBackup.INI 2013-08-08 21:18 - 2013-01-13 14:01 - 00000000 ____D C:\Archiwum GT 2013-08-08 21:17 - 2009-07-14 05:20 - 00000000 ____D C:\windows\system32\sysprep 2013-08-08 18:05 - 2011-12-19 22:13 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-08-08 17:46 - 2013-03-20 18:32 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-08-08 17:46 - 2013-03-20 18:32 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2013-07-25 22:34 - 2012-04-01 15:40 - 00004044 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA 2013-07-25 22:34 - 2012-04-01 15:40 - 00003792 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore 2013-07-25 22:31 - 2009-07-14 05:20 - 00000000 ____D C:\windows\system32\NDF ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-08-09 22:50 ==================== End Of Log ============================