Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-09-2013 03 Ran by SYSTEM on MININT-F6VSIR4 on 17-09-2013 23:59:42 Running from J:\ Windows 7 Ultimate Service Pack 1 (X86) OS Language: Polish Internet Explorer Version 8 Boot Mode: Recovery The current controlset is ControlSet001 [b]ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.[/b] ==================== Registry (Whitelisted) ================== HKLM\...\Run: [] - [x] HKU\don_Alberto\...\Winlogon: [Shell] explorer.exe,C:\Users\don_Alberto\AppData\Roaming\data.dat [ 2010-11-20] () <==== ATTENTION ========================== Services (Whitelisted) ================= S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [291840 2012-04-05] (Advanced Micro Devices, Inc.) S2 NIS; C:\Program Files\Norton Internet Security\Engine\19.9.1.14\diMaster.dll [309688 2012-04-13] (Symantec Corporation) S2 OMSI download service; C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [90112 2009-04-30] () S2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [75136 2012-07-09] () S3 Microsoft SharePoint Workspace Audit Service; "C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" /auditservice [x] ==================== Drivers (Whitelisted) ==================== S3 ALCXWDM; C:\Windows\System32\drivers\RTKVAC.SYS [4172832 2009-06-19] (Realtek Semiconductor Corp.) S1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20130620.001\BHDrvx86.sys [1002072 2013-05-31] (Symantec Corporation) S1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1309010.00E\ccSetx86.sys [132768 2012-06-07] (Symantec Corporation) S0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation) S1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2013-01-11] (Symantec Corporation) S2 Hardlock; C:\Windows\system32\drivers\hardlock.sys [693760 2006-11-22] (Aladdin Knowledge Systems Ltd.) S1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20130627.001\IDSvix86.sys [386720 2013-01-11] (Symantec Corporation) S1 ISODrive; C:\Program Files\UltraISO\drivers\ISODrive.sys [82320 2010-01-29] (EZB Systems, Inc.) S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20130627.021\NAVENG.SYS [93272 2013-05-22] (Symantec Corporation) S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20130627.021\NAVEX15.SYS [1611992 2013-05-22] (Symantec Corporation) S2 NSHE; C:\Windows\system32\Drivers\NSHE.SYS [97792 2008-11-23] (T0r0 2008) S3 PortTalk; C:\Windows\System32\Drivers\PortTalk.sys [3567 2002-01-12] (Beyond Logic http://www.beyondlogic.org) S3 s1039mdm; C:\Windows\System32\DRIVERS\s1039mdm.sys [124016 2009-11-19] (MCCI Corporation) S0 sptd; C:\Windows\System32\Drivers\sptd.sys [473656 2012-03-28] (Duplex Secure Ltd.) S3 SRTSP; C:\Windows\System32\Drivers\NIS\1309010.00E\SRTSP.SYS [574112 2012-07-06] (Symantec Corporation) S1 SRTSPX; C:\Windows\system32\drivers\NIS\1309010.00E\SRTSPX.SYS [32928 2012-07-06] (Symantec Corporation) S0 SymDS; C:\Windows\System32\drivers\NIS\1309010.00E\SYMDS.SYS [340088 2011-07-25] (Symantec Corporation) S0 SymEFA; C:\Windows\System32\drivers\NIS\1309010.00E\SYMEFA.SYS [924320 2012-05-22] (Symantec Corporation) S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [141944 2013-01-11] (Symantec Corporation) S1 SymIRON; C:\Windows\system32\drivers\NIS\1309010.00E\Ironx86.SYS [149624 2012-04-18] (Symantec Corporation) S1 SymNetS; C:\Windows\System32\Drivers\NIS\1309010.00E\SYMNETS.SYS [318584 2012-04-18] (Symantec Corporation) S3 VGPU; System32\drivers\rdvgkmd.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-09-17 23:59 - 2013-09-17 23:59 - 00000000 ____D C:\FRST 2013-09-17 22:28 - 2013-09-17 22:38 - 00000004 _____ C:\Users\don_Alberto\AppData\Roaming\settings.ini 2013-09-17 22:27 - 2013-09-17 22:27 - 00000000 ____D C:\Windows\Sun 2013-09-12 06:19 - 2013-09-12 06:19 - 00000000 ____D C:\Users\don_Alberto\Documents\Game of Thrones 2013-09-11 06:19 - 2013-09-11 06:19 - 00000000 ____D C:\Program Files\Microsoft Chart Controls 2013-09-11 06:17 - 2013-09-11 06:17 - 00002295 _____ C:\Users\Public\Desktop\Game of Thrones.lnk 2013-09-11 06:11 - 2013-09-11 06:11 - 00000000 ____D C:\Program Files\Cyanide 2013-09-01 15:58 - 2013-09-10 22:59 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-09-01 14:38 - 2013-09-01 14:38 - 00137392 _____ C:\Windows\Minidump\090113-21828-01.dmp ==================== One Month Modified Files and Folders ======= 2013-09-17 23:59 - 2013-09-17 23:59 - 00000000 ____D C:\FRST 2013-09-17 22:38 - 2013-09-17 22:28 - 00000004 _____ C:\Users\don_Alberto\AppData\Roaming\settings.ini 2013-09-17 22:34 - 2009-07-14 05:39 - 00107413 _____ C:\Windows\setupact.log 2013-09-17 22:27 - 2013-09-17 22:27 - 00000000 ____D C:\Windows\Sun 2013-09-17 21:28 - 2009-07-14 05:34 - 00021072 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-09-17 21:28 - 2009-07-14 05:34 - 00021072 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-09-17 21:25 - 2010-11-21 03:32 - 00737242 _____ C:\Windows\System32\perfh015.dat 2013-09-17 21:25 - 2010-11-21 03:32 - 00153930 _____ C:\Windows\System32\perfc015.dat 2013-09-17 21:25 - 2010-11-20 22:01 - 01661232 _____ C:\Windows\System32\PerfStringBackup.INI 2013-09-17 21:24 - 2012-03-27 15:06 - 01223108 _____ C:\Windows\WindowsUpdate.log 2013-09-16 19:55 - 2012-03-27 16:39 - 00000000 ____D C:\Program Files\The KMPlayer 2013-09-14 09:40 - 2012-04-03 21:08 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe 2013-09-14 09:40 - 2012-03-27 15:43 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl 2013-09-12 22:53 - 2012-11-18 23:40 - 00000000 ____D C:\Users\don_Alberto\AppData\Local\CrashDumps 2013-09-12 21:11 - 2012-03-27 17:17 - 00000000 ____D C:\Users\don_Alberto\AppData\Roaming\uTorrent 2013-09-12 21:09 - 2012-03-27 17:21 - 00000000 ____D C:\==DOWNLOAD== 2013-09-12 06:19 - 2013-09-12 06:19 - 00000000 ____D C:\Users\don_Alberto\Documents\Game of Thrones 2013-09-11 06:19 - 2013-09-11 06:19 - 00000000 ____D C:\Program Files\Microsoft Chart Controls 2013-09-11 06:17 - 2013-09-11 06:17 - 00002295 _____ C:\Users\Public\Desktop\Game of Thrones.lnk 2013-09-11 06:11 - 2013-09-11 06:11 - 00000000 ____D C:\Program Files\Cyanide 2013-09-10 23:46 - 2012-03-28 16:29 - 00000000 ____D C:\==FILMY== 2013-09-10 22:59 - 2013-09-01 15:58 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-09-10 06:38 - 2012-03-28 16:29 - 00000000 ____D C:\==GRY== 2013-09-02 06:06 - 2012-04-26 08:34 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2013-09-01 15:02 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\NDF 2013-09-01 14:38 - 2013-09-01 14:38 - 00137392 _____ C:\Windows\Minidump\090113-21828-01.dmp 2013-09-01 14:38 - 2012-09-17 06:41 - 00000000 ____D C:\Windows\Minidump Files to move or delete: ==================== C:\ProgramData\hpe8D8.dll Some content of TEMP: ==================== C:\Users\don_Alberto\AppData\Local\Temp\b34btbztdb0vavaw.exe C:\Users\don_Alberto\AppData\Local\Temp\KMP_3.7.0.109.exe ==================== Known DLLs (Whitelisted) ============ ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= ==================== Memory info =========================== Percentage of memory in use: 14% Total physical RAM: 3071.55 MB Available physical RAM: 2619.87 MB Total Pagefile: 3069.84 MB Available Pagefile: 2618.85 MB Total Virtual: 2047.88 MB Available Virtual: 1941.37 MB ==================== Drives ================================ Drive c: (SYSTEM) (Fixed) (Total:34.47 GB) (Free:6.27 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive e: (GRY) (Fixed) (Total:80.01 GB) (Free:0.08 GB) NTFS Drive f: (FILMY II) (Fixed) (Total:50.01 GB) (Free:0.06 GB) NTFS Drive g: (DANE 2) (Fixed) (Total:50.01 GB) (Free:0 GB) NTFS Drive h: (DANE) (Fixed) (Total:18.06 GB) (Free:0.16 GB) NTFS Drive j: (PENDRIVE) (Removable) (Total:1.92 GB) (Free:0.23 GB) FAT32 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: (FILMY) (Fixed) (Total:100.01 GB) (Free:1.28 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 298 GB) (Disk ID: E38BE38B) Partition 1: (Active) - (Size=100 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=198 GB) - (Type=OF Extended) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 34 GB) (Disk ID: 5A477AA5) Partition 1: (Active) - (Size=34 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (Size: 2 GB) (Disk ID: 01E8E558) Partition 1: (Active) - (Size=2 GB) - (Type=0B) LastRegBack: 2013-09-11 20:53 ==================== End Of Log ============================