Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 10-07-2012 Ran by SYSTEM at 10-07-2012 21:28:43 Running from H:\ (X86) OS Language: Polish The current controlset is ControlSet001 ATTENTION!:=====> THE OPERATING SYSTEM IS A X64 SYSTEM BUT THE BOOT DISK THAT IS USED TO BOOT TO RECOVERY ENVIRONMENT IS A X86 SYSTEM DISK. ========================== Registry (Whitelisted) ============= HKU\Ewa Nakonieczna\...\Run: [HW_OPENEYE_OUC_blueconnect] "C:\Program Files (x86)\blueconnect\UpdateDog\ouc.exe" [116064 2011-03-26] (Huawei Technologies Co., Ltd.) HKU\Ewa Nakonieczna\...\Run: [Badoo Desktop] C:\ProgramData\Badoo\Badoo Desktop\1.6.48.1082\Badoo.Desktop.exe [x] HKU\Ewa Nakonieczna\...\Run: [msnmsgr] ~"C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation) HKLM\...\Winlogon: [Userinit] [x] HKLM\...\Winlogon: [Shell] [x ] () Tcpip\..\Interfaces\{6E2ADA41-CE83-49C2-9B94-1A4F31BD67B3}: [NameServer]84.241.226.9 84.241.226.140 Tcpip\..\Interfaces\{8FBD35AB-7F93-4CAF-921A-E45F4C415DE9}: [NameServer]84.241.226.140 84.241.226.9 Tcpip\..\Interfaces\{DEE06CA9-1472-4C8A-AEEA-FF9B60757168}: [NameServer]84.241.226.140 84.241.226.9 ================================ Services (Whitelisted) ================== 2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44768 2012-03-07] (AVAST Software) 2 btwdins; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [953632 2010-10-22] (Broadcom Corporation.) 4 clr_optimization_v2.0.50727_64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [89920 2009-06-10] (Microsoft Corporation) 2 clr_optimization_v4.0.30319_64; C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [138576 2010-03-18] (Microsoft Corporation) 2 cvhsvc; "C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE" [822624 2012-01-04] (Microsoft Corporation) 2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [27136 2009-07-14] (Microsoft Corporation) 3 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [42856 2010-11-21] (Microsoft Corporation) 3 GameConsoleService; "C:\Program Files (x86)\WildGames\Game Console - WildGames\GameConsoleService.exe" [246520 2010-06-03] (WildTangent, Inc.) 2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [136176 2011-09-07] (Google Inc.) 3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [136176 2011-09-07] (Google Inc.) 3 gusvc; "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe" [182768 2011-09-07] (Google) 2 HWDeviceService64.exe; "C:\ProgramData\DatacardService\HWDeviceService64.exe" -/service [346976 2011-03-14] () 3 idsvc; "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe" [856400 2010-11-21] (Microsoft Corporation) 2 Internet Manager. RunOuc; C:\Program Files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [224096 2011-11-08] () 2 iprip; C:\Windows\System32\iprip.dll [35328 2009-07-14] (Microsoft Corporation) 2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [325656 2010-07-01] (Intel Corporation) 4 NetTcpPortSharing; "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe" [116560 2009-06-10] (Microsoft Corporation) 2 NIS; "C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\diMaster.dll" /prefetch:1 [262584 2011-04-01] (Symantec Corporation) 2 NOBU; "C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe" SERVICE [4700824 2011-10-12] (Symantec Corporation) 3 ose; "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE" [149352 2010-01-09] (Microsoft Corporation) 3 PerfHost; C:\Windows\SysWow64\perfhost.exe [20992 2009-07-14] (Microsoft Corporation) 2 RichVideo; "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [244904 2009-12-01] () 3 Samsung UPD Service; "C:\windows\System32\SUPDSvc.exe" [166704 2010-08-09] (Samsung Electronics CO., LTD.) 2 sftlist; "C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe" [508776 2011-10-01] (Microsoft Corporation) 3 sftvsa; "C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe" [219496 2011-10-01] (Microsoft Corporation) 2 simptcp; C:\Windows\System32\tcpsvcs.exe [10240 2009-07-14] (Microsoft Corporation) 2 UNS; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [2533400 2010-07-01] (Intel Corporation) ========================== Drivers (Whitelisted) ============= 2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [24408 2012-03-07] (AVAST Software) 2 aswMonFlt; \??\C:\windows\system32\drivers\aswMonFlt.sys [69976 2012-03-07] (AVAST Software) 1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [53080 2012-03-07] (AVAST Software) 1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [819032 2012-03-07] (AVAST Software) 1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [337240 2012-03-07] (AVAST Software) 1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59224 2012-03-07] (AVAST Software) 3 b06bdrv; C:\Windows\system32\drivers\bxvbda.sys [468480 2009-06-10] (Broadcom Corporation) 3 b57nd60a; C:\Windows\System32\DRIVERS\b57nd60a.sys [270848 2009-06-10] (Broadcom Corporation) 3 BCM43XX; C:\Windows\System32\DRIVERS\bcmwl664.sys [3065408 2010-07-29] (Broadcom Corporation) 1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20111027.001\BHDrvx64.sys [1155704 2011-10-15] (Symantec Corporation) 3 BTWAMPFL; C:\Windows\System32\DRIVERS\btwampfl.sys [348712 2010-09-21] (Broadcom Corporation.) 3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) 3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [118664 2010-08-31] (ELAN Microelectronics Corp.) 3 ew_hwusbdev; C:\Windows\System32\DRIVERS\ew_hwusbdev.sys [117248 2010-07-27] (Huawei Technologies Co., Ltd.) 3 ew_usbenumfilter; C:\Windows\System32\DRIVERS\ew_usbenumfilter.sys [13952 2010-03-20] (Huawei Technologies Co., Ltd.) 3 HECIx64; C:\Windows\System32\DRIVERS\HECIx64.sys [56344 2009-09-17] (Intel Corporation) 3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [98816 2011-02-25] (Huawei Technologies Co., Ltd.) 3 huawei_enumerator; C:\Windows\System32\DRIVERS\ew_jubusenum.sys [86016 2011-01-30] (Huawei Technologies Co., Ltd.) 3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [28672 2011-01-30] (Huawei Technologies Co., Ltd.) 3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [212992 2011-01-30] (Huawei Technologies Co., Ltd.) 1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20111102.030\IDSvia64.sys [488568 2011-10-19] (Symantec Corporation) 3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [10611552 2010-08-25] (Intel Corporation) 3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKVHD64.sys [2647528 2010-12-01] (Realtek Semiconductor Corp.) 3 ksthunk; C:\Windows\system32\drivers\ksthunk.sys [20992 2009-07-14] (Microsoft Corporation) 3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20111103.002\ENG64.SYS [117880 2011-10-21] (Symantec Corporation) 3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20111103.002\EX64.SYS [2048632 2011-10-21] (Symantec Corporation) 3 nmwcd; C:\Windows\System32\drivers\ccdcmbx64.sys [19968 2011-08-17] (Nokia) 3 nmwcdc; C:\Windows\System32\drivers\ccdcmbox64.sys [27136 2011-08-17] (Nokia) 3 RTL8167; C:\Windows\System32\DRIVERS\Rt64win7.sys [409192 2010-11-25] (Realtek ) 3 rtport; \??\C:\windows\SysWOW64\drivers\rtport.sys [15144 2011-07-04] (Windows (R) 2003 DDK 3790 provider) 1 SABI; \??\C:\windows\system32\Drivers\SABI.sys [13824 2010-10-07] (SAMSUNG ELECTRONICS) 3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [744568 2011-03-31] (Symantec Corporation) 1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [40568 2011-03-31] (Symantec Corporation) 0 SymDS; C:\Windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS [450680 2011-01-27] (Symantec Corporation) 0 SymEFA; C:\Windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS [912504 2011-03-15] (Symantec Corporation) 3 SymEvent; \??\C:\windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-09-05] (Symantec Corporation) 1 SymIRON; C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [171128 2011-01-27] (Symantec Corporation) 1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [386168 2011-04-21] (Symantec Corporation) 1 tcpipBM; \??\C:\windows\system32\drivers\tcpipBM.sys [39552 2011-11-08] (Bytemobile, Inc.) 3 upperdev; C:\Windows\System32\DRIVERS\usbser_lowerfltx64.sys [9216 2011-08-17] (Nokia) 3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltjx64.sys [9216 2011-08-17] (Nokia) ========================== NetSvcs (Whitelisted) =========== ============ One Month Created Files and Folders ============== 2012-07-11 06:10 - 2010-11-21 04:25 - 00606208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstime.dll 2012-07-11 06:10 - 2010-11-21 04:24 - 01026560 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll 2012-07-11 06:10 - 2009-07-14 02:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\System32\corpol.dll 2012-07-11 06:10 - 2009-07-14 02:15 - 00018432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\corpol.dll 2012-07-10 21:28 - 2012-07-10 21:28 - 00000000 ____D C:\FRST 2012-07-05 06:32 - 2012-07-05 06:32 - 00001754 ____A C:\Users\Public\Desktop\Wybór przegl¹darki.lnk 2012-07-04 20:33 - 2010-02-23 09:16 - 00294912 ____A (Microsoft Corporation) C:\Windows\System32\browserchoice.exe 2012-06-28 06:52 - 2012-06-28 06:52 - 00000000 ____A C:\Windows\SysWOW64\shoF41E.tmp 2012-06-27 14:37 - 2012-07-05 06:30 - 00001178 ____A C:\Windows\setupact.log 2012-06-27 14:37 - 2012-06-27 14:37 - 00000000 ____A C:\Windows\setuperr.log 2012-06-25 06:20 - 2012-06-25 06:20 - 00956056 ____A (Babylon Ltd.) C:\Users\Ewa Nakonieczna\Downloads\Babylon9_setup (2).exe 2012-06-25 06:14 - 2012-06-25 06:14 - 00956056 ____A (Babylon Ltd.) C:\Users\Ewa Nakonieczna\Downloads\Babylon9_setup (1).exe 2012-06-25 06:13 - 2012-06-25 06:13 - 00956056 ____A (Babylon Ltd.) C:\Users\Ewa Nakonieczna\Downloads\Babylon9_setup.exe 2012-06-21 06:40 - 2012-06-02 23:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll 2012-06-21 06:40 - 2012-06-02 23:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll 2012-06-21 06:40 - 2012-06-02 23:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe 2012-06-21 06:40 - 2012-06-02 23:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll 2012-06-21 06:40 - 2012-06-02 23:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll 2012-06-21 06:40 - 2012-06-02 23:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll 2012-06-21 06:40 - 2012-06-02 23:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll 2012-06-21 06:40 - 2012-06-02 14:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll 2012-06-21 06:40 - 2012-06-02 14:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe 2012-06-13 21:37 - 2012-05-18 02:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-06-13 21:37 - 2012-05-18 02:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-06-13 21:37 - 2012-05-18 02:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-06-13 21:37 - 2012-05-17 23:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2012-06-13 21:37 - 2012-05-17 23:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2012-06-13 21:37 - 2012-05-17 23:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2012-06-13 21:36 - 2012-05-18 03:47 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-06-13 21:36 - 2012-05-18 03:16 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-06-13 21:36 - 2012-05-18 03:06 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-06-13 21:36 - 2012-05-18 02:59 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-06-13 21:36 - 2012-05-18 02:59 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-06-13 21:36 - 2012-05-18 02:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-06-13 21:36 - 2012-05-18 02:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-06-13 21:36 - 2012-05-18 02:55 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-06-13 21:36 - 2012-05-18 02:55 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-06-13 21:36 - 2012-05-18 02:54 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-06-13 21:36 - 2012-05-18 02:47 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-06-13 21:36 - 2012-05-18 00:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2012-06-13 21:36 - 2012-05-17 23:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2012-06-13 21:36 - 2012-05-17 23:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2012-06-13 21:36 - 2012-05-17 23:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2012-06-13 21:36 - 2012-05-17 23:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2012-06-13 21:36 - 2012-05-17 23:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-06-13 21:36 - 2012-05-17 23:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-06-13 21:36 - 2012-05-17 23:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2012-06-13 21:36 - 2012-05-17 23:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2012-06-13 21:36 - 2012-05-17 23:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2012-06-13 21:36 - 2012-05-17 23:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2012-06-13 16:30 - 2012-04-26 06:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll 2012-06-13 16:30 - 2012-04-26 06:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll 2012-06-13 16:30 - 2012-04-26 06:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe 2012-06-13 16:25 - 2012-05-04 12:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2012-06-13 16:25 - 2012-05-04 11:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2012-06-13 16:25 - 2012-05-04 11:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2012-06-13 16:25 - 2012-05-01 06:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll 2012-06-13 16:24 - 2012-04-28 04:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys 2012-06-13 16:24 - 2012-04-24 06:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2012-06-13 16:24 - 2012-04-24 06:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2012-06-13 16:24 - 2012-04-24 06:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2012-06-13 16:24 - 2012-04-24 05:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2012-06-13 16:24 - 2012-04-24 05:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2012-06-13 16:24 - 2012-04-24 05:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2012-06-13 16:24 - 2012-04-07 13:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll 2012-06-13 16:24 - 2012-04-07 12:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2012-06-13 16:24 - 2009-07-14 00:26 - 02326528 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys ============ 3 Months Modified Files ======================== 2012-07-05 06:32 - 2012-07-05 06:32 - 00001754 ____A C:\Users\Public\Desktop\Wybór przegl¹darki.lnk 2012-07-05 06:31 - 2011-09-07 11:26 - 00001062 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2012-07-05 06:31 - 2009-07-14 06:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-07-05 06:30 - 2012-06-27 14:37 - 00001178 ____A C:\Windows\setupact.log 2012-07-04 20:33 - 2011-04-13 16:52 - 01996154 ____A C:\Windows\WindowsUpdate.log 2012-07-04 20:01 - 2011-09-07 11:26 - 00001066 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2012-07-04 12:30 - 2009-07-14 05:45 - 00021200 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-07-04 12:30 - 2009-07-14 05:45 - 00021200 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-07-03 13:25 - 2011-11-09 20:38 - 00002304 ____A C:\Users\Public\Desktop\Google Chrome.lnk 2012-07-01 14:28 - 2011-04-13 02:56 - 00710792 ____A C:\Windows\System32\perfh015.dat 2012-07-01 14:28 - 2011-04-13 02:56 - 00142066 ____A C:\Windows\System32\perfc015.dat 2012-07-01 14:28 - 2009-07-14 06:13 - 01588606 ____A C:\Windows\System32\PerfStringBackup.INI 2012-06-28 06:52 - 2012-06-28 06:52 - 00000000 ____A C:\Windows\SysWOW64\shoF41E.tmp 2012-06-27 14:37 - 2012-06-27 14:37 - 00000000 ____A C:\Windows\setuperr.log 2012-06-25 06:20 - 2012-06-25 06:20 - 00956056 ____A (Babylon Ltd.) C:\Users\Ewa Nakonieczna\Downloads\Babylon9_setup (2).exe 2012-06-25 06:14 - 2012-06-25 06:14 - 00956056 ____A (Babylon Ltd.) C:\Users\Ewa Nakonieczna\Downloads\Babylon9_setup (1).exe 2012-06-25 06:13 - 2012-06-25 06:13 - 00956056 ____A (Babylon Ltd.) C:\Users\Ewa Nakonieczna\Downloads\Babylon9_setup.exe 2012-06-15 15:19 - 2011-11-09 20:35 - 00000000 ____A C:\Windows\SysWOW64\config.nt 2012-06-14 04:47 - 2009-07-14 05:45 - 00284880 ____A C:\Windows\System32\FNTCACHE.DAT 2012-06-13 21:43 - 2011-09-06 18:59 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2012-06-02 23:19 - 2012-06-21 06:40 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll 2012-06-02 23:19 - 2012-06-21 06:40 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll 2012-06-02 23:19 - 2012-06-21 06:40 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe 2012-06-02 23:19 - 2012-06-21 06:40 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll 2012-06-02 23:19 - 2012-06-21 06:40 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll 2012-06-02 23:15 - 2012-06-21 06:40 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll 2012-06-02 23:15 - 2012-06-21 06:40 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll 2012-06-02 14:19 - 2012-06-21 06:40 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll 2012-06-02 14:15 - 2012-06-21 06:40 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe 2012-05-30 23:36 - 2009-07-14 06:08 - 00032608 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2012-05-18 03:47 - 2012-06-13 21:36 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-05-18 03:16 - 2012-06-13 21:36 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-05-18 03:06 - 2012-06-13 21:36 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-05-18 02:59 - 2012-06-13 21:36 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-05-18 02:59 - 2012-06-13 21:36 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-05-18 02:58 - 2012-06-13 21:37 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-05-18 02:58 - 2012-06-13 21:36 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-05-18 02:56 - 2012-06-13 21:36 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-05-18 02:55 - 2012-06-13 21:36 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-05-18 02:55 - 2012-06-13 21:36 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-05-18 02:54 - 2012-06-13 21:36 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-05-18 02:51 - 2012-06-13 21:37 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-05-18 02:51 - 2012-06-13 21:37 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-05-18 02:47 - 2012-06-13 21:36 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-05-18 00:11 - 2012-06-13 21:36 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2012-05-17 23:48 - 2012-06-13 21:36 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2012-05-17 23:45 - 2012-06-13 21:36 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2012-05-17 23:36 - 2012-06-13 21:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2012-05-17 23:35 - 2012-06-13 21:36 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2012-05-17 23:35 - 2012-06-13 21:36 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-05-17 23:33 - 2012-06-13 21:37 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2012-05-17 23:31 - 2012-06-13 21:36 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-05-17 23:29 - 2012-06-13 21:36 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2012-05-17 23:29 - 2012-06-13 21:36 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2012-05-17 23:27 - 2012-06-13 21:36 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2012-05-17 23:25 - 2012-06-13 21:37 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2012-05-17 23:24 - 2012-06-13 21:37 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2012-05-17 23:20 - 2012-06-13 21:36 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2012-05-05 15:29 - 2012-02-08 00:36 - 00001974 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk 2012-05-04 12:06 - 2012-06-13 16:25 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2012-05-04 11:03 - 2012-06-13 16:25 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2012-05-04 11:03 - 2012-06-13 16:25 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2012-05-02 16:54 - 2011-11-09 20:35 - 00001841 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2012-05-01 06:40 - 2012-06-13 16:25 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll 2012-04-28 04:55 - 2012-06-13 16:24 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys 2012-04-26 06:41 - 2012-06-13 16:30 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll 2012-04-26 06:41 - 2012-06-13 16:30 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll 2012-04-26 06:34 - 2012-06-13 16:30 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe 2012-04-24 06:37 - 2012-06-13 16:24 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2012-04-24 06:37 - 2012-06-13 16:24 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2012-04-24 06:37 - 2012-06-13 16:24 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2012-04-24 05:36 - 2012-06-13 16:24 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2012-04-24 05:36 - 2012-06-13 16:24 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2012-04-24 05:36 - 2012-06-13 16:24 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2012-04-24 00:08 - 2012-04-24 00:08 - 00000822 ____A C:\Users\Public\Desktop\CCleaner.lnk 2012-04-16 15:13 - 2012-04-16 15:13 - 06903866 ____A C:\Users\Ewa Nakonieczna\Downloads\Hotmail.zip ========================= Known DLLs (Whitelisted) ============ ATTENTION!:=====> THE OPERATING SYSTEM IS A X64 SYSTEM BUT THE BOOT DISK THAT IS USED TO BOOT TO RECOVERY ENVIRONMENT IS A X86 SYSTEM DISK. ========================= Bamital & volsnap Check ============ C:\Windows\explorer.exe [2011-09-05 20:49] - [2011-02-25 07:19] - 2871808 ____A (Microsoft Corporation) 332FEAB1435662FC6C672E25BEB37BE3 C:\Windows\System32\winlogon.exe [2010-11-21 04:24] - [2010-11-21 04:24] - 0390656 ____A (Microsoft Corporation) 1151B1BAA6F350B1DB6598E0FEA7C457 C:\Windows\System32\wininit.exe [2009-07-14 00:52] - [2009-07-14 02:39] - 0129024 ____A (Microsoft Corporation) 94355C28C1970635A31B3FE52EB7CEBA C:\Windows\System32\svchost.exe [2009-07-14 00:31] - [2009-07-14 02:39] - 0027136 ____A (Microsoft Corporation) C78655BC80301D76ED4FEF1C1EA40A7D C:\Windows\System32\services.exe [2009-07-14 00:19] - [2009-07-14 02:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB C:\Windows\System32\User32.dll [2010-11-21 04:24] - [2010-11-21 04:24] - 1008128 ____A (Microsoft Corporation) FE70103391A64039A921DBFFF9C7AB1B C:\Windows\System32\userinit.exe [2010-11-21 04:24] - [2010-11-21 04:24] - 0030720 ____A (Microsoft Corporation) BAFE84E637BF7388C96EF48D4D3FDD53 C:\Windows\System32\Drivers\volsnap.sys [2010-11-21 04:23] - [2010-11-21 04:23] - 0295808 ____A (Microsoft Corporation) 0D08D2F3B3FF84E433346669B5E0F639 ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: <===== ATTENTION! HKLM\...\exefile\DefaultIcon: <===== ATTENTION! HKLM\...\exefile\open\command: <===== ATTENTION! ========================= Memory info ====================== Percentage of memory in use: 16% Total physical RAM: 2932.55 MB Available physical RAM: 2451.39 MB Total Pagefile: 2930.82 MB Available Pagefile: 2459.57 MB Total Virtual: 2047.88 MB Available Virtual: 1970.3 MB ======================= Partitions ========================= 1 Drive c: () (Fixed) (Total:111 GB) (Free:61.2 GB) NTFS 2 Drive d: () (Fixed) (Total:165.68 GB) (Free:130.96 GB) NTFS 3 Drive f: (SAMSUNG_REC) (Fixed) (Total:21.31 GB) (Free:0.94 GB) NTFS ==>[System with boot components (obtained from reading drive)] 5 Drive h: (LINUX) (Removable) (Total:7.38 GB) (Free:3.96 GB) FAT32 6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS 7 Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)] Nr dysku Stan Rozmiar Wolne Dyn GPT -------- ------------- ------- ------- --- --- Dysk 0 Online 298 GB 1024 KB Dysk 1 Online 7625 MB 0 B Partitions of Disk 0: =============== Partycja ### Typ Rozmiar Przesuni©cie ------------- ---------------- ------- ------------ Partycja 1 Podstawowy 100 MB 1024 KB Partycja 2 Podstawowy 111 GB 101 MB Partycja 0 Rozszerzony 165 GB 111 GB Partycja 4 Logiczny 165 GB 111 GB Partycja 3 Odzyskiwanie 21 GB 276 GB ================================================================================== Disk: 0 Partycja 1 Typ : 07 Ukryta : Nie Aktywna : Tak Przesuni©cie w bajtach: 1048576 Wolumin ### Lit Etykieta Fs Typ Rozmiar Stan Info ----------- --- ----------- ----- ---------- ------- --------- -------- * Wolumin 1 Y SYSTEM NTFS Partycja 100 MB Zdrowy ================================================================================== Disk: 0 Partycja 2 Typ : 07 Ukryta : Nie Aktywna : Nie Przesuni©cie w bajtach: 105906176 Wolumin ### Lit Etykieta Fs Typ Rozmiar Stan Info ----------- --- ----------- ----- ---------- ------- --------- -------- * Wolumin 2 C NTFS Partycja 111 GB Zdrowy ================================================================================== Disk: 0 Partycja 4 Typ : 07 Ukryta : Nie Aktywna : Nie Przesuni©cie w bajtach: 119292297216 Wolumin ### Lit Etykieta Fs Typ Rozmiar Stan Info ----------- --- ----------- ----- ---------- ------- --------- -------- * Wolumin 3 D NTFS Partycja 165 GB Zdrowy ================================================================================== Disk: 0 Partycja 3 Typ : 27 Ukryta : Tak Aktywna : Nie Przesuni©cie w bajtach: 297188458496 Wolumin ### Lit Etykieta Fs Typ Rozmiar Stan Info ----------- --- ----------- ----- ---------- ------- --------- -------- * Wolumin 4 F SAMSUNG_REC NTFS Partycja 21 GB Zdrowy Ukryty ================================================================================== Partitions of Disk 1: =============== Partycja ### Typ Rozmiar Przesuni©cie ------------- ---------------- ------- ------------ Partycja 1 Podstawowy 7616 MB 31 KB ================================================================================== Disk: 1 Partycja 1 Typ : 0B Ukryta : Nie Aktywna : Tak Przesuni©cie w bajtach: 32256 Wolumin ### Lit Etykieta Fs Typ Rozmiar Stan Info ----------- --- ----------- ----- ---------- ------- --------- -------- * Wolumin 5 H LINUX FAT32 Wymienny 7616 MB Zdrowy ================================================================================== ========================================================== Last Boot: 2012-06-28 18:05 ======================= End Of Log ==========================