Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-09-2013 Ran by SYSTEM on MININT-5P9MG24 on 13-09-2013 15:45:46 Running from F:\ Windows 7 Home Premium (X64) OS Language: English(US) Internet Explorer Version 10 Boot Mode: Recovery The current controlset is ControlSet001 [b]ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.[/b] ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6561384 2010-12-14] (Realtek Semiconductor) HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] () HKLM\...\Run: [NVHotkey] - rundll32.exe C:\Windows\system32\nvHotkey.dll,Start HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [592240 2011-01-05] (Alps Electric Co., Ltd.) HKLM\...\Run: [IntelWireless] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2010-12-17] (Intel(R) Corporation) HKLM\...\Run: [BTMTrayAgent] - rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp HKLM\...\Run: [QuickSet] - c:\Program Files\Dell\QuickSet\QuickSet.exe [4479648 2011-01-25] (Dell Inc.) HKLM\...\Run: [IntelTBRunOnce] - C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [4526 2010-11-29] () HKLM\...\Run: [DellStage] - C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj [207350 2011-01-25] () HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-20] (Adobe Systems Incorporated) HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [1486392 2011-05-05] (McAfee, Inc.) HKLM-x32\...\Run: [Dell Registration] - C:\Program Files (x86)\System Registration\prodreg.exe [4144448 2010-11-10] (Dell, Inc.) HKLM-x32\...\Run: [Dell Webcam Central] - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [487562 2010-08-19] (Creative Technology Ltd) HKLM-x32\...\Run: [RoxWatchTray] - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-09-03] (Sonic Solutions) HKLM-x32\...\Run: [Desktop Disc Tool] - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [518640 2010-09-02] () HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-02] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [Wondershare Helper Compact.exe] - C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1686528 2012-03-27] (Wondershare) HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated) HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-04-15] (DivX, LLC) HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-12] () HKU\gucio\...\Run: [Google Update] - C:\Users\gucio\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-06-02] (Google Inc.) HKU\gucio\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [18705664 2013-01-08] (Skype Technologies S.A.) HKU\gucio\...\Run: [AdobeBridge] - [x] HKU\gucio\...\Run: [syshost32] - C:\Users\gucio\AppData\Local\{3C1123B9-AD42-62DA-EA76-9AEDC8569CC7}\syshost.exe [71680 2013-09-01] (Peter Pawlowski) HKU\gucio\...\Winlogon: [Shell] explorer.exe,C:\Users\gucio\AppData\Roaming\data.dat [120320 2013-07-08] () <==== ATTENTION AppInit_DLLs: C:\Windows\system32\nvinitx.dll [226920 2010-11-29] (NVIDIA Corporation) AppInit_DLLs-x32: c:\progra~3\browse~1\261519~1.190\{c16c1~1\browse~1.dll [2691536 2013-07-26] () Startup: C:\Users\gucio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> (No File) Startup: C:\Users\gucio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () ==================== Services (Whitelisted) ================= S2 BrowserProtect; C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2847696 2013-07-26] () S3 McAWFwk; c:\PROGRA~1\mcafee\msc\mcawfwk.exe [220528 2010-08-30] (McAfee, Inc.) S2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.) S2 mcmscsvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.) S2 McNaiAnn; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.) S2 McNASvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.) S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [509416 2010-10-07] (McAfee, Inc.) S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.) S2 McProxy; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.) S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [200056 2011-04-14] (McAfee, Inc.) S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [245352 2011-04-14] (McAfee, Inc.) S2 mfevtp; C:\Windows\system32\mfevtps.exe [149032 2011-04-14] (McAfee, Inc.) S2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-12-17] () ==================== Drivers (Whitelisted) ==================== S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [63056 2011-04-14] (McAfee, Inc.) S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [121376 2011-04-14] (McAfee, Inc.) S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [190520 2011-04-14] (McAfee, Inc.) S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [441840 2011-04-14] (McAfee, Inc.) S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [530304 2011-04-14] (McAfee, Inc.) S1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [75160 2011-04-14] (McAfee, Inc.) S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [94992 2011-04-14] (McAfee, Inc.) S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [283744 2011-04-14] (McAfee, Inc.) S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-08-20] (Marvell Semiconductor, Inc.) S3 mfeavfk01; No ImagePath ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-09-13 15:45 - 2013-09-13 15:45 - 00000000 ____D C:\FRST 2013-09-03 10:28 - 2013-09-13 04:44 - 00003432 _____ C:\Windows\System32\Tasks\BrowserProtect 2013-09-03 10:06 - 2013-09-03 10:06 - 00000000 __SHD C:\found.001 2013-09-03 08:05 - 2013-09-03 08:05 - 00000074 _____ C:\Users\gucio\AppData\Roaming\WB.CFG 2013-09-03 05:28 - 2013-09-03 05:28 - 00000000 __SHD C:\found.000 2013-09-03 04:57 - 2013-09-03 04:57 - 00000000 ____D C:\Users\gucio\AppData\Roaming\Mozilla 2013-09-01 03:58 - 2013-09-13 04:47 - 00000004 _____ C:\Users\gucio\AppData\Roaming\settings.ini 2013-09-01 03:48 - 2013-09-03 07:05 - 00000000 ____D C:\Users\gucio\AppData\Local\{3C1123B9-AD42-62DA-EA76-9AEDC8569CC7} 2013-08-15 03:01 - 2013-07-25 21:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-08-15 03:01 - 2013-07-25 21:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-08-15 03:01 - 2013-07-25 21:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-08-15 03:01 - 2013-07-25 21:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-08-15 03:01 - 2013-07-25 21:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-08-15 03:01 - 2013-07-25 21:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-08-15 03:01 - 2013-07-25 21:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-08-15 03:01 - 2013-07-25 21:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-08-15 03:01 - 2013-07-25 21:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-08-15 03:01 - 2013-07-25 21:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-08-15 03:01 - 2013-07-25 21:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2013-08-15 03:01 - 2013-07-25 21:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-08-15 03:01 - 2013-07-25 21:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-08-15 03:01 - 2013-07-25 21:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-08-15 03:01 - 2013-07-25 19:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-08-15 03:01 - 2013-07-25 19:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-08-15 03:01 - 2013-07-25 19:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-08-15 03:01 - 2013-07-25 19:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-08-15 03:01 - 2013-07-25 19:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-08-15 03:01 - 2013-07-25 19:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-08-15 03:01 - 2013-07-25 19:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-08-15 03:01 - 2013-07-25 19:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-08-15 03:01 - 2013-07-25 19:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-08-15 03:01 - 2013-07-25 19:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-08-15 03:01 - 2013-07-25 19:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-08-15 03:01 - 2013-07-25 19:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-08-15 03:01 - 2013-07-25 19:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-08-15 03:01 - 2013-07-25 19:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-08-15 03:01 - 2013-07-25 18:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-08-15 03:01 - 2013-07-25 18:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe 2013-08-15 03:01 - 2013-07-25 17:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-08-15 01:25 - 2013-07-18 17:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll 2013-08-15 01:25 - 2013-07-18 17:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2013-08-15 01:25 - 2013-07-08 21:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\System32\wintrust.dll 2013-08-15 01:25 - 2013-07-08 21:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2013-08-15 01:25 - 2013-07-08 21:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2013-08-15 01:25 - 2013-07-08 21:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2013-08-15 01:25 - 2013-07-08 20:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2013-08-15 01:25 - 2013-07-08 20:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-08-15 01:25 - 2013-07-08 20:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2013-08-15 01:25 - 2013-07-08 20:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-08-15 01:24 - 2013-07-25 01:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL 2013-08-15 01:24 - 2013-07-25 00:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2013-08-15 01:24 - 2013-07-08 22:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2013-08-15 01:24 - 2013-07-08 21:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll 2013-08-15 01:24 - 2013-07-08 21:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll 2013-08-15 01:24 - 2013-07-08 21:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll 2013-08-15 01:24 - 2013-07-08 21:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2013-08-15 01:24 - 2013-07-08 21:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2013-08-15 01:24 - 2013-07-08 20:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2013-08-15 01:24 - 2013-07-08 20:53 - 00120320 _____ C:\Users\gucio\AppData\Roaming\data.dat 2013-08-15 01:24 - 2013-07-08 20:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2013-08-15 01:24 - 2013-07-08 20:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2013-08-15 01:24 - 2013-07-08 18:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2013-08-15 01:24 - 2013-07-08 18:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2013-08-15 01:24 - 2013-07-08 18:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2013-08-15 01:24 - 2013-07-08 18:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2013-08-15 01:24 - 2013-07-05 22:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2013-08-15 01:24 - 2013-06-14 20:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tssecsrv.sys ==================== One Month Modified Files and Folders ======= 2013-09-13 15:45 - 2013-09-13 15:45 - 00000000 ____D C:\FRST 2013-09-13 04:47 - 2013-09-01 03:58 - 00000004 _____ C:\Users\gucio\AppData\Roaming\settings.ini 2013-09-13 04:44 - 2013-09-03 10:28 - 00003432 _____ C:\Windows\System32\Tasks\BrowserProtect 2013-09-13 04:44 - 2011-03-29 07:49 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks 2013-09-13 04:44 - 2011-03-29 07:49 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks 2013-09-13 04:44 - 2011-03-29 07:18 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup 2013-09-13 04:44 - 2011-03-28 23:49 - 00000000 ____D C:\ProgramData\NVIDIA 2013-09-13 04:43 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-09-13 04:43 - 2009-07-13 20:51 - 00151658 _____ C:\Windows\setupact.log 2013-09-13 04:33 - 2011-06-05 06:35 - 00000000 ____D C:\Users\gucio\AppData\Local\Adobe 2013-09-13 04:29 - 2011-03-29 07:38 - 00000000 ____D C:\ProgramData\Sonic 2013-09-13 04:28 - 2012-01-26 14:56 - 00000000 ____D C:\Users\gucio\AppData\Roaming\Dropbox 2013-09-11 02:59 - 2011-06-02 09:03 - 00001058 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4081005151-2256250232-1143416610-1002UA.job 2013-09-11 02:38 - 2009-07-13 21:10 - 01741346 _____ C:\Windows\WindowsUpdate.log 2013-09-11 02:27 - 2009-07-13 20:45 - 00014240 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-09-11 02:27 - 2009-07-13 20:45 - 00014240 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-09-11 02:15 - 2011-06-02 09:05 - 00002378 _____ C:\Users\gucio\Desktop\Google Chrome.lnk 2013-09-11 02:13 - 2013-01-14 15:55 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-09-11 02:12 - 2013-05-22 13:07 - 00000286 _____ C:\Windows\Tasks\DSite.job 2013-09-05 21:00 - 2009-07-14 09:55 - 00698598 _____ C:\Windows\System32\perfh015.dat 2013-09-05 21:00 - 2009-07-14 09:55 - 00135418 _____ C:\Windows\System32\perfc015.dat 2013-09-05 21:00 - 2009-07-13 21:13 - 01551484 _____ C:\Windows\System32\PerfStringBackup.INI 2013-09-05 20:57 - 2012-01-17 12:09 - 00000000 ____D C:\Users\gucio\AppData\Roaming\Skype 2013-09-03 10:06 - 2013-09-03 10:06 - 00000000 __SHD C:\found.001 2013-09-03 08:05 - 2013-09-03 08:05 - 00000074 _____ C:\Users\gucio\AppData\Roaming\WB.CFG 2013-09-03 08:05 - 2013-06-16 03:05 - 00000005 _____ C:\Users\gucio\AppData\Roaming\WBPU-TTL.DAT 2013-09-03 07:05 - 2013-09-01 03:48 - 00000000 ____D C:\Users\gucio\AppData\Local\{3C1123B9-AD42-62DA-EA76-9AEDC8569CC7} 2013-09-03 07:05 - 2011-06-01 10:39 - 00000000 ____D C:\users\gucio 2013-09-03 07:05 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration 2013-09-03 06:53 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF 2013-09-03 06:53 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared 2013-09-03 05:28 - 2013-09-03 05:28 - 00000000 __SHD C:\found.000 2013-09-03 04:57 - 2013-09-03 04:57 - 00000000 ____D C:\Users\gucio\AppData\Roaming\Mozilla 2013-08-27 04:51 - 2009-07-13 21:08 - 00032604 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-08-27 01:03 - 2011-06-23 15:15 - 00000000 ____D C:\Users\gucio\AppData\Roaming\SoftGrid Client 2013-08-21 22:59 - 2011-06-02 09:03 - 00001006 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4081005151-2256250232-1143416610-1002Core.job 2013-08-15 02:43 - 2013-07-18 03:59 - 00000000 ____D C:\Windows\System32\MRT 2013-08-15 02:41 - 2012-06-01 10:56 - 78161360 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe Files to move or delete: ==================== C:\Users\gucio\AppData\Roaming\skype.dat C:\Users\gucio\AppData\Local\Temp\ApnStub.exe C:\Users\gucio\AppData\Local\Temp\jocmrsyvwbgpglatb.exe C:\Users\gucio\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe C:\Users\gucio\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe C:\Users\gucio\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe C:\Users\gucio\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe C:\Users\gucio\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe C:\Users\gucio\AppData\Local\Temp\MSN9DF5.exe C:\Users\gucio\AppData\Local\Temp\pity2010ngsetup_aktual.exe C:\Users\gucio\AppData\Local\Temp\setup.exe C:\Users\gucio\AppData\Local\Temp\setup_fsu_cid.exe C:\Users\gucio\AppData\Local\Temp\siinst.exe C:\Users\gucio\AppData\Local\Temp\SkypeSetup.exe C:\Users\gucio\AppData\Local\Temp\strings.dll C:\Users\gucio\AppData\Local\Temp\w3k4ivb4.dll ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= 6 Restore point made on: 2013-06-15 03:15:13 Restore point made on: 2013-06-17 01:21:34 Restore point made on: 2013-07-10 05:35:57 Restore point made on: 2013-07-18 03:53:18 Restore point made on: 2013-08-15 02:40:33 Restore point made on: 2013-08-17 10:00:35 ==================== Memory info =========================== Percentage of memory in use: 15% Total physical RAM: 4010.17 MB Available physical RAM: 3379.29 MB Total Pagefile: 4008.32 MB Available Pagefile: 3368.58 MB Total Virtual: 8192 MB Available Virtual: 8191.88 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:451.01 GB) (Free:347.19 GB) NTFS Drive e: (Dysk naprawy Windows 7 64-bitowy) (CDROM) (Total:0.17 GB) (Free:0 GB) UDF Drive f: (USB DISK) (Removable) (Total:3.61 GB) (Free:3.6 GB) FAT32 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:6.8 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 07F2837E) Partition 1: (Not Active) - (Size=102 MB) - (Type=DE) Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=451 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 4 GB) (Disk ID: C3072E18) Partition 1: (Not Active) - (Size=4 GB) - (Type=0B) LastRegBack: 2013-09-11 02:50 ==================== End Of Log ============================