Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-05-2015 Ran by SYSTEM on MINWINPC on 12-05-2015 09:19:13 Running from G:\ Platform: Windows Vista (TM) Home Basic (X86) OS Language: English (United States) Internet Explorer Version 8 Boot Mode: Recovery The current controlset is ControlSet001 [b]ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.[/b] Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-01-20] (Apple Inc.) HKLM\...\Run: [AvastUI.exe] => "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui HKLM\...\Run: [MFPrintServer_Pro_LL] => C:\Program Files\Companion Suite Pro LL\MFPrintServer.exe [73728 2007-09-18] () HKLM\...\Run: [MFServices_Pro_LL] => C:\Program Files\Companion Suite Pro LL\MFServices.exe [352256 2007-09-18] () HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2015-01-26] (Apple Inc.) Winlogon\Notify\klogon: C:\Windows\system32\klogon.dll [2008-07-29] (Kaspersky Lab) HKU\marta\...\Run: [uTorrent] => "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED HKU\marta\...\Run: [Skype] => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun HKU\marta\Control Panel\Desktop\\SCRNSAVE.EXE -> c:\windows\system32\Fujits~1.scr [16896 2007-04-19] (Fujitsu Siemens Computers) AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll => C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\mzvkbd.dll [79112 2008-07-29] (Kaspersky Lab) AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll => C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\mzvkbd3.dll [79112 2008-07-29] (Kaspersky Lab) AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll => C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\adialhk.dll [83208 2008-07-29] (Kaspersky Lab) AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll => C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\kloehk.dll [11016 2008-07-29] (Kaspersky Lab) Startup: C:\Users\marta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk [2011-05-25] ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe () ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S4 nmservice; C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [642856 2008-12-12] (Cisco Systems, Inc.) S4 TestHandler; C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe [204800 2006-12-08] (Fujitsu Siemens Computers) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [265912 2007-11-06] (Microsoft Corporation) S2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [X] S2 avast! Firewall; "C:\Program Files\AVAST Software\Avast\afwServ.exe" [X] S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X] S2 CLTNetCnService; No ImagePath ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-05-04] () S1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [26096 2015-05-04] (Avast Software s.r.o.) S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [74976 2015-05-04] (Avast Software s.r.o.) S0 aswNdis; C:\Windows\System32\DRIVERS\aswNdis.sys [12112 2015-05-04] (ALWIL Software) S0 aswNdis2; C:\Windows\System32\Drivers\aswNdis2.sys [253600 2015-05-04] (Avast Software s.r.o.) S1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55200 2015-05-04] (Avast Software s.r.o.) S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787760 2015-05-04] (Avast Software s.r.o.) S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427992 2015-05-04] (Avast Software s.r.o.) S1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57888 2015-05-04] (Avast Software s.r.o.) S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [209048 2015-05-04] () S2 E4LOADER; C:\Windows\System32\Drivers\e4ldr.sys [69656 2007-01-04] (Analog Deivces) S3 e4usbaw; C:\Windows\System32\DRIVERS\e4usbaw.sys [104344 2007-01-04] (Analog Devices Inc.) S3 itecir; C:\Windows\System32\DRIVERS\itecir.sys [46592 2007-04-03] (Windows (R) Codename Longhorn DDK provider) S4 JRAID; C:\Windows\system32\drivers\jraid.sys [48256 2007-06-13] (JMicron Technology Corp.) S1 kl1; C:\Windows\System32\DRIVERS\kl1.sys [121872 2008-07-21] (Kaspersky Lab) S0 klbg; C:\Windows\System32\drivers\klbg.sys [33808 2009-02-04] (Kaspersky Lab) S3 KLFLTDEV; C:\Windows\System32\DRIVERS\klfltdev.sys [26640 2008-03-13] (Kaspersky Lab) S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [224272 2009-02-04] (Kaspersky Lab) S1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [20496 2008-07-09] (Kaspersky Lab) S3 LFXACT; C:\Windows\System32\Drivers\LFXACT.sys [20672 2007-01-07] (OEM) S1 lfxnt; C:\Windows\system32\drivers\lfxnt.sys [61820 2007-09-18] () S2 pnarp; C:\Windows\System32\DRIVERS\pnarp.sys [24880 2008-12-12] (Cisco Systems, Inc.) S2 purendis; C:\Windows\System32\DRIVERS\purendis.sys [26416 2008-12-12] (Cisco Systems, Inc.) S4 viamraid; C:\Windows\system32\drivers\viamraid.sys [102912 2006-11-08] (VIA Technologies inc,.ltd) S3 XMLDIUSB; C:\Windows\System32\Drivers\XMLDIUSB.sys [31879 2007-01-07] (OEM) S3 ZTEusbnmeaext; C:\Windows\System32\DRIVERS\ZTEusbnmeaext.sys [103936 2008-10-14] (ZTE Incorporated) S5 AppMgmt; C:\Windows\system32\svchost.exe [22016 2006-11-02] (Microsoft Corporation) S0 aswRvrt; No ImagePath S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X] S3 catchme; \??\C:\Users\ADMIN~1.MAR\AppData\Local\Temp\catchme.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-05-12 09:17 - 2015-05-12 09:17 - 00000000 ____D () C:\FRST 2015-05-04 15:51 - 2015-05-04 15:51 - 00001895 _____ () C:\Users\Public\Desktop\Avast SafeZone.lnk 2015-05-04 15:51 - 2015-05-04 15:51 - 00001835 _____ () C:\Users\Public\Desktop\Avast Internet Security.lnk 2015-05-04 15:49 - 2015-05-11 10:21 - 00000000 ____D () C:\Windows\LastGood.Tmp 2015-05-04 15:40 - 2015-05-04 15:39 - 00026096 _____ (Avast Software s.r.o.) C:\Windows\System32\Drivers\aswKbd.sys 2015-05-04 15:40 - 2015-05-04 15:38 - 00253600 _____ (Avast Software s.r.o.) C:\Windows\System32\Drivers\aswNdis2.sys 2015-05-04 15:40 - 2015-03-11 00:56 - 00427480 _____ (Avast Software s.r.o.) C:\Windows\System32\Drivers\aswF8C2.tmp 2015-05-04 15:40 - 2015-03-11 00:56 - 00206976 _____ () C:\Windows\System32\Drivers\aswF911.tmp 2015-05-04 15:40 - 2015-03-11 00:56 - 00073440 _____ (Avast Software s.r.o.) C:\Windows\System32\Drivers\aswF843.tmp 2015-05-04 15:40 - 2015-03-11 00:56 - 00057888 _____ (Avast Software s.r.o.) C:\Windows\System32\Drivers\aswF941.tmp 2015-05-04 15:40 - 2015-03-11 00:56 - 00055200 _____ (Avast Software s.r.o.) C:\Windows\System32\Drivers\aswF767.tmp 2015-05-04 15:40 - 2015-03-11 00:56 - 00049904 _____ () C:\Windows\System32\Drivers\aswF873.tmp 2015-05-04 15:40 - 2015-03-11 00:56 - 00024144 _____ () C:\Windows\System32\Drivers\aswF7C5.tmp 2015-05-04 15:40 - 2015-03-11 00:55 - 00788272 _____ (Avast Software s.r.o.) C:\Windows\System32\Drivers\aswF66C.tmp 2015-05-04 15:39 - 2015-05-04 15:39 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr 2015-05-04 15:38 - 2015-05-04 15:38 - 00012112 _____ (ALWIL Software) C:\Windows\System32\Drivers\aswNdis.sys 2015-04-27 15:47 - 2015-04-27 15:49 - 00012891 _____ () C:\Users\marta\Desktop\sip.odt 2015-04-27 15:44 - 2015-04-27 15:51 - 00016602 _____ () C:\Users\marta\Desktop\plac.odt ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-05-11 12:03 - 2015-02-25 16:30 - 258676174 _____ () C:\Windows\MEMORY.DMP 2015-05-11 10:21 - 2011-05-23 14:20 - 00000000 ____D () C:\users\admin.marta-PC 2015-05-11 10:21 - 2008-08-16 10:23 - 00000000 ____D () C:\users\marta 2015-05-11 10:21 - 2006-11-02 03:18 - 00000000 ____D () C:\Windows\registration 2015-05-11 10:21 - 2006-11-02 02:22 - 32768000 _____ () C:\Windows\System32\config\software_previous 2015-05-11 10:21 - 2006-11-02 02:22 - 100663296 _____ () C:\Windows\System32\config\system_previous 2015-05-11 10:19 - 2006-11-02 02:22 - 23592960 _____ () C:\Windows\System32\config\components_previous 2015-05-11 10:19 - 2006-11-02 02:22 - 00262144 _____ () C:\Windows\System32\config\sam_previous 2015-05-11 10:16 - 2006-11-02 02:22 - 00262144 _____ () C:\Windows\System32\config\security_previous 2015-05-04 16:07 - 2013-03-21 09:25 - 00026428 _____ () C:\Windows\PFRO.log 2015-05-04 16:07 - 2009-06-24 08:51 - 00000000 ____D () C:\Windows\Minidump 2015-05-04 15:54 - 2011-05-17 00:58 - 01707454 _____ () C:\Windows\WindowsUpdate.log 2015-05-04 15:49 - 2006-11-02 02:22 - 00262144 _____ () C:\Windows\System32\config\default_previous 2015-05-04 15:39 - 2014-11-04 08:29 - 00787760 _____ (Avast Software s.r.o.) C:\Windows\System32\Drivers\aswSnx.sys 2015-05-04 15:39 - 2014-11-04 08:29 - 00427992 _____ (Avast Software s.r.o.) C:\Windows\System32\Drivers\aswSP.sys 2015-05-04 15:39 - 2014-11-04 08:29 - 00209048 _____ () C:\Windows\System32\Drivers\aswVmm.sys 2015-05-04 15:39 - 2014-11-04 08:29 - 00074976 _____ (Avast Software s.r.o.) C:\Windows\System32\Drivers\aswMonFlt.sys 2015-05-04 15:39 - 2014-11-04 08:29 - 00057888 _____ (Avast Software s.r.o.) C:\Windows\System32\Drivers\aswTdi.sys 2015-05-04 15:39 - 2014-11-04 08:29 - 00055200 _____ (Avast Software s.r.o.) C:\Windows\System32\Drivers\aswRdr.sys 2015-05-04 15:39 - 2014-11-04 08:29 - 00024144 _____ () C:\Windows\System32\Drivers\aswHwid.sys 2015-05-04 15:37 - 2006-12-04 21:19 - 02443902 _____ () C:\Windows\System32\perfh015.dat 2015-05-04 15:37 - 2006-12-04 21:19 - 00752040 _____ () C:\Windows\System32\perfc015.dat 2015-05-04 15:37 - 2006-11-02 02:33 - 00005100 _____ () C:\Windows\System32\PerfStringBackup.INI 2015-05-04 15:29 - 2006-11-02 04:45 - 00003072 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2015-05-04 15:29 - 2006-11-02 04:45 - 00003072 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2015-04-27 16:16 - 2011-05-23 15:33 - 00000032 ___SH () C:\Windows\System32\Drivers\fidbox2.idx 2015-04-27 16:16 - 2011-05-23 15:33 - 00000032 ___SH () C:\Windows\System32\Drivers\fidbox2.dat 2015-04-27 16:16 - 2011-05-23 15:33 - 00000032 ___SH () C:\Windows\System32\Drivers\fidbox.idx 2015-04-27 16:16 - 2011-05-23 15:33 - 00000032 ___SH () C:\Windows\System32\Drivers\fidbox.dat 2015-04-21 14:37 - 2014-11-04 08:30 - 00001983 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-04-20 23:49 - 2014-09-29 16:25 - 00000000 ____D () C:\Users\marta\Desktop\Alicja SF 2015-04-17 13:40 - 2013-08-21 07:19 - 00000000 ____D () C:\Windows\System32\MRT 2015-04-17 13:32 - 2006-11-02 02:24 - 125832184 _____ (Microsoft Corporation) C:\Windows\System32\mrt.exe Files to move or delete: ==================== C:\Users\marta\Nokia_Suite_webinstaller_ALL.exe C:\Users\marta\real.exe ==================== Known DLLs (Whitelisted) ============ ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE Association (whitelisted) ============= ==================== Restore Points ========================= Restore point made on: 2015-05-04 15:53:55 ==================== Memory info =========================== Percentage of memory in use: 21% Total physical RAM: 2045.81 MB Available physical RAM: 1597.69 MB Total Pagefile: 1862.13 MB Available Pagefile: 1719.76 MB Total Virtual: 2047.88 MB Available Virtual: 1980.14 MB ==================== Drives ================================ Drive c: (System) (Fixed) (Total:147.38 GB) (Free:100.34 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (DATA) (Fixed) (Total:73.69 GB) (Free:10.45 GB) NTFS Drive e: (2007.11.03_2329) (CDROM) (Total:0.12 GB) (Free:0 GB) UDF Drive f: (WinRE) (Fixed) (Total:11.82 GB) (Free:6.82 GB) NTFS Drive g: (TOSHIBA) (Removable) (Total:7.21 GB) (Free:6.35 GB) FAT32 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: F4B9C9D2) Partition 1: (Not Active) - (Size=11.8 GB) - (Type=27) Partition 2: (Active) - (Size=147.4 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=73.7 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 7.2 GB) (Disk ID: 4CAA6DAA) Partition 1: (Not Active) - (Size=7.2 GB) - (Type=0B) LastRegBack: 2015-05-04 15:49 ==================== End Of Log ============================