Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-04-2014 Ran by SYSTEM on MININT-GTRJF1K on 30-04-2014 08:39:50 Running from I:\ WIN_7 Service Pack 1 (X86) OS Language: Polish Internet Explorer Version 7 Boot Mode: Recovery The current controlset is ControlSet001 [b]ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.[/b] The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SetRefresh] => C:\Program Files\Compaq\SetRefresh\SetRefresh.exe [525824 2003-11-20] (Hewlett-Packard Company) HKLM\...\Run: [Rimage License Manager] => LicenseManager.exe HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe [3158584 2013-02-14] (ESET) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Winlogon: [Userinit] HKLM\...\Winlogon: [Shell] [x ] () <=== ATTENTION HKLM\...\Command Processor: <======= ATTENTION ========================== Services (Whitelisted) ================= S4 AERimage; C:\AERimage\rimage.exe [237625 2009-03-25] (AE) S4 AERimageCDR; C:\AERimage\rimage.exe [237625 2009-03-25] (AE) S3 EhttpSrv; C:\Program Files\ESET\ESET Endpoint Antivirus\EHttpSrv.exe [33136 2013-02-14] (ESET) S2 ekrn; C:\Program Files\ESET\ESET Endpoint Antivirus\ekrn.exe [1020304 2013-02-14] (ESET) S3 ESHASRV; C:\Program Files\ESET\ESET Endpoint Antivirus\EShaSrv.exe [183944 2013-02-14] (ESET) S2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-02-14] (Oracle Corporation) S2 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [540184 2007-08-07] (PDF Complete Inc) S2 Rimage_DS; C:\Program Files\Rimage\DiscoveryServer\RmDiscoverSrv.exe [549376 2009-04-07] () S2 Rimage_eIS; C:\Program Files\Rimage\Imaging Server\eis.exe [455168 2010-04-13] (Rimage Corp) S2 Rimage_eMS; C:\Program Files\Rimage\Messaging\RmsSrv.exe [6144 2009-04-07] () S2 Rimage_ePS; C:\Program Files\Rimage\Production Server\eps.exe [4211200 2010-04-01] (Rimage Corporation) S2 Rimage_eRS; C:\Program Files\Rimage\ers\ers.exe [123904 2009-04-07] (Rimage Corp) S2 WinVNC4; C:\Program Files\RealVNC\VNC4\WinVNC4.exe [439632 2008-10-15] (RealVNC Ltd.) S2 Eventlog; [X] ==================== Drivers (Whitelisted) ==================== S3 ac97intc; C:\Windows\System32\drivers\ac97intc.sys [96256 2001-08-17] (Intel Corporation) S1 eamon; C:\Windows\System32\DRIVERS\eamon.sys [164488 2013-02-04] (ESET) S1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [124848 2013-02-04] (ESET) S1 epfwtdir; C:\Windows\System32\DRIVERS\epfwtdir.sys [107856 2013-02-04] (ESET) S3 i81x; C:\Windows\System32\DRIVERS\i81xnt5.sys [161020 2004-08-04] (Intel(R) Corporation) S3 iAimFP0; C:\Windows\System32\DRIVERS\wADV01nt.sys [12415 2004-08-04] (Intel(R) Corporation) S3 iAimFP1; C:\Windows\System32\DRIVERS\wADV02NT.sys [12127 2004-08-04] (Intel(R) Corporation) S3 iAimFP2; C:\Windows\System32\DRIVERS\wADV05NT.sys [11775 2004-08-04] (Intel(R) Corporation) S3 iAimFP3; C:\Windows\System32\DRIVERS\wSiINTxx.sys [12063 2004-08-04] (Intel(R) Corporation) S3 iAimFP4; C:\Windows\System32\DRIVERS\wVchNTxx.sys [19455 2004-08-04] (Intel(R) Corporation) S3 iAimFP5; C:\Windows\System32\DRIVERS\wADV07nt.sys [11807 2004-08-04] (Intel(R) Corporation) S3 iAimFP6; C:\Windows\System32\DRIVERS\wADV08nt.sys [11295 2004-08-04] (Intel(R) Corporation) S3 iAimFP7; C:\Windows\System32\DRIVERS\wADV09nt.sys [11871 2004-08-04] (Intel(R) Corporation) S3 iAimTV0; C:\Windows\System32\DRIVERS\wATV01nt.sys [29311 2004-08-04] (Intel(R) Corporation) S3 iAimTV1; C:\Windows\System32\DRIVERS\wATV02NT.sys [19551 2004-08-04] (Intel(R) Corporation) S3 iAimTV3; C:\Windows\System32\DRIVERS\wATV04nt.sys [33599 2004-08-04] (Intel(R) Corporation) S3 iAimTV4; C:\Windows\System32\DRIVERS\wCh7xxNT.sys [23615 2004-08-04] (Intel(R) Corporation) S3 iAimTV5; C:\Windows\System32\DRIVERS\wATV10nt.sys [25471 2004-08-04] (Intel(R) Corporation) S3 iAimTV6; C:\Windows\System32\DRIVERS\wATV06nt.sys [22271 2004-08-04] (Intel(R) Corporation) S1 P3; C:\Windows\System32\DRIVERS\p3.sys [46848 2008-04-14] (Microsoft Corporation) S3 silabenm; C:\Windows\System32\DRIVERS\silabenm.sys [17920 2008-07-15] (Silicon Laboratories, Inc.) S3 silabser; C:\Windows\System32\DRIVERS\silabser.sys [60544 2008-07-15] (Silicon Laboratories) S4 Symmpi; C:\Windows\system32\DRIVERS\symmpi.sys [28416 2002-04-04] (LSI Logic) S3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltj.sys [8064 2008-05-02] (Windows (R) Codename Longhorn DDK provider) S5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) S3 slabbus; system32\DRIVERS\slabbus.sys [X] S3 slabser; system32\DRIVERS\slabser.sys [X] S1 WS2IFSL; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-30 08:38 - 2014-04-30 08:39 - 00000000 ____D () C:\FRST 2014-04-29 14:50 - 2008-04-14 23:51 - 01035264 _____ (Microsoft Corporation) C:\Windows\explorer.exe 2014-04-29 14:05 - 2014-04-29 13:51 - 00000284 _____ () C:\boot2.ini 2014-04-29 14:01 - 2014-04-29 14:05 - 00000284 ____N () C:\boot.bak 2014-04-29 13:51 - 2014-04-28 15:06 - 00000485 _____ () C:\boot1.ini 2014-04-28 20:38 - 2014-04-28 20:38 - 00035714 _____ () C:\OTL.Txt 2014-04-03 08:24 - 2014-04-03 08:24 - 94261792 _____ () C:\tmpcache0 ==================== One Month Modified Files and Folders ======= 2014-04-30 08:39 - 2014-04-30 08:38 - 00000000 ____D () C:\FRST 2014-04-29 14:05 - 2014-04-29 14:01 - 00000284 ____N () C:\boot.bak 2014-04-29 14:05 - 2008-10-22 19:38 - 00283760 __RSH () C:\ntldr 2014-04-29 14:05 - 2008-10-22 18:52 - 00000284 ___SH () C:\boot.ini 2014-04-29 13:51 - 2014-04-29 14:05 - 00000284 _____ () C:\boot2.ini 2014-04-29 13:51 - 2008-10-22 19:38 - 00283760 _____ () C:\ntldr.2 2014-04-28 20:38 - 2014-04-28 20:38 - 00035714 _____ () C:\OTL.Txt 2014-04-28 15:06 - 2014-04-29 13:51 - 00000485 _____ () C:\boot1.ini 2014-04-09 08:05 - 2013-03-19 08:18 - 00000000 ____D () C:\Program Files\Windows Media Connect 2 2014-04-03 08:26 - 2008-10-22 09:55 - 00090112 _____ () C:\Windows\DUMP518b.tmp 2014-04-03 08:25 - 2011-11-18 14:45 - 00001963 ____N () C:\jobq.psMsg 2014-04-03 08:24 - 2014-04-03 08:24 - 94261792 _____ () C:\tmpcache0 2014-04-03 08:24 - 2006-05-05 01:12 - 01170671 _____ () C:\Windows\WindowsUpdate.log 2014-04-03 08:21 - 2008-10-22 18:51 - 00001158 _____ () C:\Windows\System32\wpa.dbl 2014-04-02 15:33 - 2008-10-22 18:51 - 00032352 _____ () C:\Windows\SchedLgU.Txt 2014-04-02 12:43 - 2008-10-22 18:51 - 00000549 _____ () C:\Windows\win.ini ==================== Known DLLs (Whitelisted) ============ ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe [2014-04-29 14:50] - [2008-04-14 23:51] - 1035264 ____A (Microsoft Corporation) C791ED9EAC5E76D9525E157B1D7A599A C:\Windows\System32\winlogon.exe [2004-08-04 08:44] - [2008-04-14 18:21] - 0510464 ____A (Microsoft Corporation) 51FD2E13D723857B9CA239AE77150F48 C:\Windows\System32\svchost.exe [2004-08-04 08:44] - [2008-04-14 18:21] - 0014336 ____A (Microsoft Corporation) 8607D35D92528E2DF386F19A960D23CE C:\Windows\System32\services.exe [2004-08-04 08:44] - [2009-02-09 12:25] - 0111104 ____A (Microsoft Corporation) 02A467E27AF55F7064C5B251E587315F C:\Windows\System32\User32.dll [2004-08-04 08:44] - [2008-04-14 18:20] - 0580096 ____A (Microsoft Corporation) A435C5C069AFD901751AC323AD238793 C:\Windows\System32\userinit.exe [2004-08-04 08:44] - [2008-04-14 18:21] - 0026624 ____A (Microsoft Corporation) 2A5B37D520508BE6570A3EA79695F5B5 C:\Windows\System32\rpcss.dll [2004-08-04 08:44] - [2009-02-09 11:53] - 0401408 ____A (Microsoft Corporation) A37311D9D628C1042A2836731787F0F3 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected. C:\Windows\System32\Drivers\volsnap.sys [2004-08-04 08:36] - [2008-04-14 17:01] - 0052864 ____A (Microsoft Corporation) 56B191AC5FC0DF219949C95A6C87AFE7 C:\Windows\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION!. ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= ==================== Memory info =========================== Percentage of memory in use: 18% Total physical RAM: 2038.3 MB Available physical RAM: 1657.73 MB Total Pagefile: 2038.3 MB Available Pagefile: 1662.14 MB Total Virtual: 2047.88 MB Available Virtual: 1959.5 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:149.04 GB) (Free:86.94 GB) NTFS Drive d: (WINAIO) (CDROM) (Total:4.33 GB) (Free:0 GB) UDF Drive i: (USB DISK) (Removable) (Total:3.73 GB) (Free:3.73 GB) FAT32 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows XP) (Size: 149 GB) (Disk ID: 467A4679) Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS) ======================================================== Disk: 5 (MBR Code: Windows XP) (Size: 4 GB) (Disk ID: C3072E18) Partition 1: (Active) - (Size=4 GB) - (Type=0B) ==================== End Of Log ============================