Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 05-08-2012 01 Ran by SYSTEM at 07-08-2012 16:31:34 Running from D:\ Windows Vista (TM) Home Premium (X86) OS Language: English(US) The current controlset is ControlSet002 ========================== Registry (Whitelisted) ============= HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1008184 2008-01-19] (Microsoft Corporation) HKLM\...\Run: [UpdReg] C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.) HKLM\...\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [151552 2006-09-29] (Intel Corporation) HKLM\...\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\PhotoDownloader.exe [x] HKLM\...\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start [81920 2006-10-03] (Macrovision Corporation) HKLM\...\Run: [] [x] HKLM\...\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup [30192 2010-09-09] (Google) HKLM\...\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe [17920 2006-11-17] ( ) HKLM\...\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup [221184 2006-10-03] (Macrovision Corporation) HKLM\...\Run: [VolPanel] "C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r [180224 2006-11-27] (Creative Technology Ltd) HKLM\...\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s [312200 2006-11-03] () HKLM\...\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe" [292336 2007-01-12] () HKLM\...\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe" [304008 2006-11-03] () HKLM\...\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [16384 2007-11-15] ( ) HKLM\...\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [206064 2009-05-21] (SupportSoft, Inc.) HKLM\...\Run: [NielsenOnline] C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe [45056 2008-05-21] (The Nielsen Company) HKLM\...\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2012-02-23] (Apple Inc.) HKLM\...\Run: [SigmatelSysTrayApp] sttray.exe [x] HKLM\...\Run: [DLCXCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16 [106496 2006-10-16] () HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.) HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.) HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421736 2012-03-06] (Apple Inc.) HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.) HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation) HKLM\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [1996200 2012-06-27] (LogMeIn Inc.) HKU\Default\...\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup [446976 2006-11-12] (Gteko Ltd.) HKU\Default User\...\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup [446976 2006-11-12] (Gteko Ltd.) HKU\Heidi\...\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup [446976 2006-11-12] (Gteko Ltd.) HKU\Heidi\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation) HKU\Heidi\...\Run: [googletalk] C:\Users\Heidi\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart [3739648 2007-01-01] (Google) HKU\Heidi\...\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [206064 2009-05-21] (SupportSoft, Inc.) HKU\Heidi\...\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2097488 2008-01-28] (Safer Networking Limited) HKU\Heidi\...\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [x] HKU\Heidi\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [68856 2008-06-17] (Google Inc.) HKU\Heidi\...\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet [4351216 2009-05-26] (Yahoo! Inc.) HKU\Heidi\...\Run: [HLBackupScheduler] C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe [5247624 2010-12-08] () HKU\Heidi\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation) HKU\Heidi\...\Run: [Spino] C:\Program Files\Jurassic Park III Games\Dino Defender\DINO3.EXE [x] HKU\Heidi\...\Run: [Steam] "C:\Program Files\Steam\steam.exe" -silent [1242448 2012-06-28] (Valve Corporation) HKU\Heidi\...\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.) HKU\Heidi\...\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [17148552 2012-02-29] (Skype Technologies S.A.) HKU\Heidi\...\Run: [xBuRdeRWhJWa.exe] C:\ProgramData\xBuRdeRWhJWa.exe [x] HKU\TEMP\...\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup [446976 2006-11-12] (Gteko Ltd.) AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL Startup: C:\Users\Heidi\Start Menu\Programs\Startup\Kuma_Tray.lnk ShortcutTarget: Kuma_Tray.lnk -> C:\Program Files\Animal Planet Games\kgsystray\Kuma_tray.exe () Startup: C:\Users\Heidi\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk ShortcutTarget: OpenOffice.org 2.4.lnk -> C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe () ================================ Services (Whitelisted) ================== 2 Creative Labs Licensing Service; "C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe" [72704 2007-05-17] (Creative Labs) 2 Creative Service for CDROM Access; C:\Windows\system32\CTsvcCDA.exe [44032 1999-12-13] (Creative Technology Ltd) 2 dlcx_device; C:\Windows\system32\dlcxcoms.exe -service [532480 2006-10-11] ( ) 3 DSBrokerService; "C:\Program Files\DellSupport\brkrsvc.exe" [70656 2006-11-07] () 2 Eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [21504 2008-01-19] (Microsoft Corporation) 3 getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [33752 2008-12-01] (NOS Microsystems Ltd.) 3 GoogleDesktopManager-051210-111108; "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [30192 2010-09-09] (Google) 2 Hamachi2Svc; "C:\Program Files\LogMeIn Hamachi\hamachi-2.exe" -s [1385896 2012-06-27] (LogMeIn Inc.) 2 IHA_MessageCenter; "C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe" [290832 2011-12-12] (Verizon) 2 MyWebSearchService; C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe [28728 2007-12-19] (MyWebSearch.com) 2 NielsenUpdate; C:\Program Files\NetRatingsNetSight\NetSight\NielsenUpdate.exe [825664 2012-02-24] (The Nielsen Company) 3 npggsvc; C:\Windows\system32\GameMon.des -service [4005936 2011-06-06] (INCA Internet Co., Ltd.) 2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2012-06-24] () 2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [810320 2008-01-28] (Safer Networking Ltd.) 2 SkypeUpdate; "C:\Program Files\Skype\Updater\Updater.exe" [158856 2012-02-29] (Skype Technologies) 2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter [201968 2008-08-13] (SupportSoft, Inc.) 3 SSDPSRV; C:\Windows\System32\ssdpsrv.dll [0 2008-01-19] () 2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [x] 4 NetMsmqActivator; "c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator [x] 4 NetPipeActivator; c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [x] 4 NetTcpActivator; c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [x] 4 NetTcpPortSharing; c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [x] 3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [x] ========================== Drivers (Whitelisted) ============= 2 dsunidrv; \??\C:\Program Files\DellSupport\Drivers\dsunidrv.sys [7424 2006-08-17] (Gteko Ltd.) 3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.) 3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [79816 2009-09-16] (McAfee, Inc.) 3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [35272 2009-09-16] (McAfee, Inc.) 1 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [214664 2009-09-16] (McAfee, Inc.) 3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [34248 2009-09-16] (McAfee, Inc.) 3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [40552 2009-09-16] (McAfee, Inc.) 0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation) 1 MpKsl156dce76; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7502AF7B-D9D0-44F0-A841-AC1685747FC2}\MpKsl156dce76.sys [29904 2012-07-02] () 3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [822272 2009-11-16] (Ralink Technology Corp.) 1 nnfwdk; \??\C:\Program Files\NetRatingsNetSight\NetSight\meter9\nnfwdk.sys [22064 2012-03-20] (The Nielsen Company) 3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation) 3 SQTECH913D; C:\Windows\System32\Drivers\Capt913D.sys [29522 2006-12-21] (Service & Quality Technology.) 3 sscdbus; C:\Windows\System32\DRIVERS\sscdbus.sys [104648 2010-04-26] (MCCI Corporation) 3 sscdmdfl; C:\Windows\System32\DRIVERS\sscdmdfl.sys [14920 2010-04-26] (MCCI Corporation) 3 sscdmdm; C:\Windows\System32\DRIVERS\sscdmdm.sys [132424 2010-04-26] (MCCI Corporation) 3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [110280 2010-04-26] (MCCI Corporation) 3 STHDA; C:\Windows\System32\drivers\stwrt.sys [647680 2007-02-08] (SigmaTel, Inc.) 3 usbbus; C:\Windows\System32\DRIVERS\lgusbbus.sys [12672 2007-04-09] (LG Electronics Inc.) 3 UsbDiag; C:\Windows\System32\DRIVERS\lgusbdiag.sys [21248 2007-04-09] (LG Electronics Inc.) 3 USBModem; C:\Windows\System32\DRIVERS\lgusbmodem.sys [22912 2007-04-09] (LG Electronics Inc.) 3 xusb21; C:\Windows\System32\DRIVERS\xusb21.sys [56448 2009-04-08] (Microsoft Corporation) 3 ZDCNDIS5; \??\C:\Windows\system32\ZDCNDIS5.SYS [20736 2008-10-28] (ZDC., Inc. (ZDC)) 4 blbdrive; C:\Windows\system32\drivers\blbdrive.sys [x] 3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x] 2 MCSTRM; [x] 3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x] 3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x] 2 X4HSX32; \??\C:\Program Files\GameTap Web Player\bin\Release\X4HSX32.Sys [x] 3 XG762_VS; C:\Windows\System32\DRIVERS\WlanGZG.sys [x] ========================== NetSvcs (Whitelisted) =========== ============ One Month Created Files and Folders ============== 2012-08-07 16:31 - 2012-08-07 16:31 - 00000000 ____D C:\FRST 2012-07-31 22:44 - 2012-07-31 23:27 - 59896688 ____A C:\cmd.txt 2012-07-31 22:44 - 2012-07-31 23:20 - 00000036 ____A C:\cmd.bat 2012-07-31 22:44 - 2012-07-31 22:44 - 00000000 ____D C:\_OTL 2012-07-27 19:18 - 2012-07-28 15:28 - 00102370 ____A C:\OTL.Txt ============ 3 Months Modified Files ======================== 2012-07-31 23:27 - 2012-07-31 22:44 - 59896688 ____A C:\cmd.txt 2012-07-31 23:20 - 2012-07-31 22:44 - 00000036 ____A C:\cmd.bat 2012-07-28 15:28 - 2012-07-27 19:18 - 00102370 ____A C:\OTL.Txt 2012-07-02 15:09 - 2012-07-02 15:09 - 00000609 ____A C:\Users\Heidi\Desktop\Data_Recovery.lnk 2012-07-02 15:08 - 2011-07-23 20:00 - 00000368 ____A C:\Windows\Tasks\FinalTorrent Update Checker.job 2012-07-02 15:08 - 2010-12-24 20:20 - 00000880 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2012-07-02 15:08 - 2006-11-02 06:22 - 00262144 ____A C:\Windows\System32\config\sam.123 2012-07-02 15:02 - 2010-12-24 20:20 - 00000884 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2012-07-02 15:02 - 2006-11-02 08:47 - 00003696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2012-07-02 15:02 - 2006-11-02 08:47 - 00003696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2012-07-02 14:43 - 2012-04-21 19:28 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2012-07-02 13:06 - 2007-05-17 19:31 - 01155874 ____A C:\Windows\WindowsUpdate.log 2012-07-02 13:02 - 2011-01-11 18:20 - 00000434 ____A C:\Windows\System32\Drivers\etc\hosts.ics 2012-07-02 13:02 - 2007-05-17 19:57 - 00797632 ____A C:\Windows\PFRO.log 2012-07-02 13:02 - 2006-11-02 09:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-07-02 13:00 - 2006-11-02 09:01 - 00032546 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2012-07-02 11:43 - 2008-03-12 16:23 - 00056077 ____A C:\Windows\setupact.log 2012-06-28 12:25 - 2007-05-23 17:04 - 00089600 ___AH C:\Users\Heidi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2012-06-25 20:22 - 2012-06-25 20:22 - 00028016 ____A C:\Windows\System32\wbers.dat.dmp 2012-06-25 20:22 - 2012-06-25 20:22 - 00003672 ____A C:\Windows\System32\wbers.dat 2012-06-24 22:52 - 2011-08-30 19:51 - 00283416 ____A C:\Windows\System32\PnkBstrB.xtr 2012-06-24 22:52 - 2011-08-30 12:34 - 00283416 ____A C:\Windows\System32\PnkBstrB.exe 2012-06-24 22:52 - 2011-08-30 12:34 - 00140232 ____A C:\Windows\System32\Drivers\PnkBstrK.sys 2012-06-24 22:44 - 2011-08-30 12:34 - 00189248 ____A C:\Windows\System32\PnkBstrB.ex0 2012-06-24 22:44 - 2011-08-30 12:34 - 00138904 ___AH C:\Users\Heidi\AppData\Roaming\PnkBstrK.sys 2012-06-24 22:44 - 2011-08-30 12:34 - 00076888 ____A C:\Windows\System32\PnkBstrA.exe 2012-06-24 22:44 - 2007-05-26 08:31 - 00424752 ____A C:\Windows\DirectX.log 2012-06-17 16:37 - 2008-10-23 07:01 - 00023232 ___AH C:\Users\Heidi\AppData\Roaming\wklnhst.dat 2012-06-17 16:33 - 2006-11-02 06:33 - 00771926 ____A C:\Windows\System32\PerfStringBackup.INI 2012-06-17 16:32 - 2012-06-17 16:32 - 00034592 ___AH C:\Users\Heidi\Desktop\Staff Member Name.tif 2012-06-14 16:37 - 2012-06-14 16:51 - 00807734 ___AH C:\Users\Heidi\Documents\MinecraftForge-3.3.7.135-Client.zip 2012-06-14 04:10 - 2006-11-02 08:47 - 00457016 ____A C:\Windows\System32\FNTCACHE.DAT 2012-06-14 03:16 - 2006-11-02 06:24 - 56731752 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe 2012-06-06 05:46 - 2008-11-16 15:34 - 00130832 ___AH C:\Users\Heidi\AppData\Roaming\GDIPFONTCACHEV1.DAT 2012-06-05 16:52 - 2010-06-24 20:25 - 00002032 ___AH C:\Users\Heidi\AppData\Local\d3d9caps.dat 2012-06-02 18:19 - 2012-06-22 05:24 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll 2012-06-02 18:19 - 2012-06-22 05:24 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe 2012-06-02 18:19 - 2012-06-22 05:24 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll 2012-06-02 18:19 - 2012-06-22 05:23 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll 2012-06-02 18:19 - 2012-06-22 05:23 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll 2012-06-02 18:12 - 2012-06-22 05:24 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll 2012-06-02 18:12 - 2012-06-22 05:23 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll 2012-06-02 15:19 - 2012-06-22 05:23 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll 2012-06-02 15:12 - 2012-06-22 05:23 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe 2012-05-29 21:54 - 2007-05-23 17:01 - 00130832 ___AH C:\Users\Heidi\AppData\Local\GDIPFONTCACHEV1.DAT 2012-05-22 16:45 - 2012-05-22 16:45 - 00135100 ___AH C:\Users\Heidi\Desktop\WITNESS WHEREOF each.tif 2012-05-20 11:03 - 2012-05-20 11:03 - 00000723 ___AH C:\Users\Heidi\Desktop\Toribash.lnk 2012-05-17 19:11 - 2012-06-14 03:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-05-17 18:48 - 2012-06-14 03:07 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-05-17 18:45 - 2012-06-14 03:07 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-05-17 18:36 - 2012-06-14 03:07 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-05-17 18:35 - 2012-06-14 03:07 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-05-17 18:35 - 2012-06-14 03:07 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-05-17 18:33 - 2012-06-14 03:07 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-05-17 18:31 - 2012-06-14 03:07 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-05-17 18:29 - 2012-06-14 03:07 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-05-17 18:29 - 2012-06-14 03:07 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-05-17 18:27 - 2012-06-14 03:07 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-05-17 18:25 - 2012-06-14 03:07 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-05-17 18:24 - 2012-06-14 03:07 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-05-17 18:20 - 2012-06-14 03:07 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-05-15 15:51 - 2012-06-13 05:52 - 02045440 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys ========================= Known DLLs (Whitelisted) ============ ========================= Bamital & volsnap Check ============ C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points (XP) ===================== ========================= Memory info ====================== Percentage of memory in use: 15% Total physical RAM: 2045.84 MB Available physical RAM: 1734.55 MB Total Pagefile: 1876.54 MB Available Pagefile: 1816.41 MB Total Virtual: 2047.88 MB Available Virtual: 2001.38 MB ======================= Partitions ========================= 2 Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS 3 Drive c: (OS) (Fixed) (Total:222.78 GB) (Free:23.9 GB) NTFS 4 Drive d: (KINGSTON) (Removable) (Total:1.87 GB) (Free:1.86 GB) FAT 5 Drive h: (RECOVERY) (Fixed) (Total:10 GB) (Free:2.57 GB) NTFS 6 Drive x: (ReatogoPE) (CDROM) (Total:0.28 GB) (Free:0 GB) CDFS Disk ### Status Size Free Dyn Gpt -------- ---------- ------- ------- --- --- Disk 0 Online 233 GB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 OEM 55 MB 32 KB Partition 2 Primary 10 GB 55 MB Partition 3 Primary 223 GB 10 GB ================================================================================== Disk: 0 Partition 1 Type : DE Hidden: Yes Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 FAT Partition 55 MB Healthy ================================================================================== Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 H RECOVERY NTFS Partition 10 GB Healthy ================================================================================== Disk: 0 Partition 3 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 C OS NTFS Partition 223 GB Healthy ================================================================================== ========================================================== Last Boot: 2012-07-02 13:20 ======================= End Of Log ==========================