Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-10-2012 Ran by SYSTEM at 16-10-2012 16:02:36 Running from H:\ Windows 7 Home Premium (X64) OS Language: English(US) The current controlset is ControlSet001 ==================== Registry (Whitelisted) =================== HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [x] HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-02-14] (IDT, Inc.) HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2011-04-01] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [94264 2011-02-15] (Hewlett-Packard Development Company L.P.) HKLM-x32\...\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [586296 2010-11-09] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [35768 2012-07-27] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-03-16] (EasyBits Software AS) HKLM-x32\...\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [318520 2011-01-17] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [249064 2010-10-29] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2596984 2012-07-31] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [892768 2011-12-19] () HKLM-x32\...\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot [296096 2012-09-22] (RealNetworks, Inc.) HKLM-x32\...\Run: [] [x] HKLM-x32\...\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [1644744 2012-08-08] (Ask) HKU\jessica\...\Run: [AROReminder] C:\Program Files (x86)\ARO 2011\ARO.exe -rem [2314608 2011-10-07] (Support.com) HKU\jessica\...\Run: [MyTomTomSA.exe] "C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe" [420312 2011-08-15] (TomTom) HKU\jessica\...\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [247728 2011-04-22] (TomTom) HKU\jessica\...\Policies\system: [DisableLockWorkstation] 0 HKU\jessica\...\Policies\system: [DisableChangePassword] 0 HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62 ==================== Services (Whitelisted) =================== 2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe" [5167736 2012-08-13] (AVG Technologies CZ, s.r.o.) 2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-14] (AVG Technologies CZ, s.r.o.) 2 HPAuto; "C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe" [682040 2011-02-16] (Hewlett-Packard) 3 hpCMSrv; "C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe" [1071160 2011-02-15] (Hewlett-Packard Development Company L.P.) 3 rpcapd; "C:\Program Files (x86)\WinPcap\rpcapd.exe" -d -f "C:\Program Files (x86)\WinPcap\rpcapd.ini" [x] ==================== Drivers (Whitelisted) ===================== 3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [124496 2011-12-23] (AVG Technologies CZ, s.r.o. ) 3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. ) 0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. ) 1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [291680 2012-07-26] (AVG Technologies CZ, s.r.o.) 1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.) 0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.) 1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [384352 2012-08-24] (AVG Technologies CZ, s.r.o.) 2 NPF; C:\Windows\System32\Drivers\NPF.sys [35344 2010-06-25] (CACE Technologies, Inc.) ==================== NetSvcs (Whitelisted) ==================== ==================== One Month Created Files and Folders ======== 2012-10-16 16:02 - 2012-10-16 16:02 - 00000000 ____D C:\FRST 2012-10-16 13:06 - 2012-10-16 15:23 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-10-16 13:02 - 2012-10-16 13:02 - 00000000 ____D C:\TDSSKiller_Quarantine 2012-10-16 12:56 - 2012-10-16 12:56 - 00000000 ____D C:\Users\jessica\AppData\Roaming\Wireshark 2012-10-07 14:26 - 2012-10-07 14:26 - 00000000 ____D C:\Users\jessica\AppData\Local\{97CBFD48-9A76-41D5-9FD1-B849D3AB4747} 2012-09-23 23:48 - 2012-09-23 23:48 - 00000000 ____D C:\Users\jessica\AppData\Local\{245DE0E6-4312-469C-A6DF-43C10E152040} 2012-09-23 15:53 - 2012-09-23 15:53 - 00000000 ____D C:\Program Files (x86)\WinPcap 2012-09-23 15:51 - 2012-09-23 15:53 - 00000000 ____D C:\Program Files\Wireshark 2012-09-23 15:49 - 2012-09-23 15:50 - 26624472 ____A (Wireshark development team) C:\Users\jessica\Downloads\Wireshark-win64-1.8.2.exe 2012-09-23 15:49 - 2012-09-23 15:49 - 00002019 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk 2012-09-23 15:41 - 2012-09-23 15:41 - 00007598 ____A C:\Users\jessica\AppData\Local\Resmon.ResmonCfg 2012-09-23 15:16 - 2009-07-13 17:14 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe 2012-09-23 12:11 - 2012-09-23 12:11 - 00000000 ____D C:\Users\jessica\AppData\Roaming\Malwarebytes 2012-09-23 12:11 - 2012-09-23 12:11 - 00000000 ____D C:\Users\All Users\Malwarebytes 2012-09-23 12:10 - 2012-09-23 12:10 - 10524080 ____A (Malwarebytes Corporation ) C:\Users\jessica\Downloads\mbam-setup-1.65.0.1400.exe 2012-09-23 12:10 - 2012-09-23 12:10 - 10524080 ____A (Malwarebytes Corporation ) C:\Users\jessica\Downloads\mbam-setup-1.65.0.1400 (1).exe 2012-09-23 10:18 - 2012-08-24 03:15 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-09-23 10:18 - 2012-08-24 02:39 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-09-23 10:18 - 2012-08-24 02:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-09-23 10:18 - 2012-08-24 02:22 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-09-23 10:18 - 2012-08-24 02:21 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-09-23 10:18 - 2012-08-24 02:20 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-09-23 10:18 - 2012-08-24 02:18 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-09-23 10:18 - 2012-08-24 02:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-09-23 10:18 - 2012-08-24 02:14 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-09-23 10:18 - 2012-08-24 02:14 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-09-23 10:18 - 2012-08-24 02:13 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2012-09-23 10:18 - 2012-08-24 02:12 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-09-23 10:18 - 2012-08-24 02:11 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2012-09-23 10:18 - 2012-08-24 02:10 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-09-23 10:18 - 2012-08-24 02:09 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-09-23 10:18 - 2012-08-24 02:04 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-09-23 10:18 - 2012-08-23 23:27 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2012-09-23 10:18 - 2012-08-23 23:03 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2012-09-23 10:18 - 2012-08-23 22:59 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2012-09-23 10:18 - 2012-08-23 22:51 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2012-09-23 10:18 - 2012-08-23 22:51 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-09-23 10:18 - 2012-08-23 22:51 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2012-09-23 10:18 - 2012-08-23 22:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2012-09-23 10:18 - 2012-08-23 22:48 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-09-23 10:18 - 2012-08-23 22:47 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2012-09-23 10:18 - 2012-08-23 22:47 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2012-09-23 10:18 - 2012-08-23 22:47 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2012-09-23 10:18 - 2012-08-23 22:45 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2012-09-23 10:18 - 2012-08-23 22:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2012-09-23 10:18 - 2012-08-23 22:44 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2012-09-23 10:18 - 2012-08-23 22:43 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2012-09-23 10:18 - 2012-08-23 22:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2012-09-22 17:52 - 2012-09-23 22:03 - 00000000 ____D C:\Users\jessica\Incomplete 2012-09-22 17:52 - 2012-09-22 17:52 - 00000000 ____D C:\Users\jessica\AppData\Local\APN 2012-09-22 17:51 - 2012-10-16 15:44 - 00000000 ____D C:\Program Files (x86)\MP3 Rocket 2012-09-22 17:51 - 2012-09-23 15:23 - 00000000 ____D C:\Users\jessica\AppData\Roaming\MP3Rocket 2012-09-22 17:51 - 2012-09-22 17:51 - 00001994 ____A C:\Users\jessica\Desktop\MP3 Rocket 6.2.3.lnk 2012-09-22 17:49 - 2012-09-22 17:49 - 00000000 ____D C:\Program Files\Google 2012-09-22 17:48 - 2012-09-22 17:49 - 00000000 ____D C:\Users\All Users\Google 2012-09-22 17:48 - 2012-09-22 17:48 - 00001268 ____A C:\Users\Public\Desktop\RealPlayer.lnk 2012-09-22 17:48 - 2012-09-22 17:48 - 00000000 ____D C:\Users\jessica\AppData\Local\Real 2012-09-22 17:47 - 2012-09-22 17:47 - 00272896 ____A (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll 2012-09-22 17:47 - 2012-09-22 17:47 - 00198864 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll 2012-09-22 17:47 - 2012-09-22 17:47 - 00006656 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll 2012-09-22 17:47 - 2012-09-22 17:47 - 00005632 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll 2012-09-22 17:46 - 2012-09-22 17:47 - 00000000 ____D C:\Program Files (x86)\Real 2012-09-22 17:45 - 2012-09-22 17:55 - 00002344 ____A C:\Users\Public\Desktop\Google Chrome.lnk 2012-09-22 17:45 - 2012-09-22 17:49 - 00000000 ____D C:\Users\jessica\AppData\Roaming\Real 2012-09-22 17:44 - 2012-09-24 13:24 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2012-09-22 17:44 - 2012-09-23 21:15 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2012-09-22 17:44 - 2012-09-22 17:49 - 00000000 ____D C:\Program Files (x86)\Google 2012-09-22 17:44 - 2012-09-22 17:48 - 00000000 ____D C:\Users\jessica\AppData\Local\Google 2012-09-22 17:43 - 2012-10-16 15:34 - 00000000 ____D C:\Users\All Users\Real 2012-09-22 17:42 - 2012-09-22 17:42 - 00372457 ____A C:\Users\jessica\Downloads\MP3 Rocket.exe 2012-09-22 17:38 - 2012-09-23 23:50 - 00000000 ____D C:\Users\jessica\AppData\Roaming\MediaMonkey 2012-09-22 17:38 - 2012-09-22 17:38 - 00001047 ____A C:\Users\Public\Desktop\MediaMonkey.lnk 2012-09-22 17:38 - 2012-09-22 17:38 - 00000000 ____D C:\Users\jessica\AppData\Local\MediaMonkey 2012-09-22 17:38 - 2012-09-22 17:38 - 00000000 ____D C:\Users\All Users\MediaMonkey 2012-09-22 17:38 - 2012-09-22 17:38 - 00000000 ____D C:\Program Files (x86)\MediaMonkey 2012-09-22 17:36 - 2012-09-22 17:36 - 15056224 ____A (Ventis Media Inc. ) C:\Users\jessica\Downloads\MediaMonkey_4.0.6.1501.exe ==================== 3 Months Modified Files ================== 2012-09-24 13:24 - 2012-09-22 17:44 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2012-09-24 13:24 - 2011-08-19 15:12 - 01464246 ____A C:\Windows\WindowsUpdate.log 2012-09-23 21:22 - 2009-07-13 20:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-09-23 21:22 - 2009-07-13 20:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-09-23 21:21 - 2009-07-13 21:13 - 00714754 ____A C:\Windows\System32\PerfStringBackup.INI 2012-09-23 21:15 - 2012-09-22 17:44 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2012-09-23 21:14 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-09-23 21:14 - 2009-07-13 20:51 - 00060149 ____A C:\Windows\setupact.log 2012-09-23 15:56 - 2009-07-13 21:08 - 00032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2012-09-23 15:50 - 2012-09-23 15:49 - 26624472 ____A (Wireshark development team) C:\Users\jessica\Downloads\Wireshark-win64-1.8.2.exe 2012-09-23 15:49 - 2012-09-23 15:49 - 00002019 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk 2012-09-23 15:41 - 2012-09-23 15:41 - 00007598 ____A C:\Users\jessica\AppData\Local\Resmon.ResmonCfg 2012-09-23 15:15 - 2012-07-17 20:00 - 00000340 ____A C:\Windows\Tasks\HPCeeScheduleForjessica.job 2012-09-23 15:15 - 2010-11-20 19:47 - 00233766 ____A C:\Windows\PFRO.log 2012-09-23 12:10 - 2012-09-23 12:10 - 10524080 ____A (Malwarebytes Corporation ) C:\Users\jessica\Downloads\mbam-setup-1.65.0.1400.exe 2012-09-23 12:10 - 2012-09-23 12:10 - 10524080 ____A (Malwarebytes Corporation ) C:\Users\jessica\Downloads\mbam-setup-1.65.0.1400 (1).exe 2012-09-23 10:10 - 2012-08-08 17:39 - 00696240 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2012-09-23 10:10 - 2011-09-18 18:17 - 00073136 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2012-09-23 10:08 - 2012-08-04 18:52 - 00000346 ____A C:\Windows\Tasks\HPCeeScheduleForJESSICA-HP$.job 2012-09-22 17:55 - 2012-09-22 17:45 - 00002344 ____A C:\Users\Public\Desktop\Google Chrome.lnk 2012-09-22 17:51 - 2012-09-22 17:51 - 00001994 ____A C:\Users\jessica\Desktop\MP3 Rocket 6.2.3.lnk 2012-09-22 17:48 - 2012-09-22 17:48 - 00001268 ____A C:\Users\Public\Desktop\RealPlayer.lnk 2012-09-22 17:47 - 2012-09-22 17:47 - 00272896 ____A (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll 2012-09-22 17:47 - 2012-09-22 17:47 - 00198864 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll 2012-09-22 17:47 - 2012-09-22 17:47 - 00006656 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll 2012-09-22 17:47 - 2012-09-22 17:47 - 00005632 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll 2012-09-22 17:47 - 2003-03-18 19:14 - 00499712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll 2012-09-22 17:47 - 2003-02-21 03:42 - 00348160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll 2012-09-22 17:42 - 2012-09-22 17:42 - 00372457 ____A C:\Users\jessica\Downloads\MP3 Rocket.exe 2012-09-22 17:38 - 2012-09-22 17:38 - 00001047 ____A C:\Users\Public\Desktop\MediaMonkey.lnk 2012-09-22 17:36 - 2012-09-22 17:36 - 15056224 ____A (Ventis Media Inc. ) C:\Users\jessica\Downloads\MediaMonkey_4.0.6.1501.exe 2012-09-15 22:52 - 2011-05-17 11:58 - 00002590 ____N C:\Users\Public\Desktop\WildTangent Games App - hp.lnk 2012-09-12 20:17 - 2011-11-14 20:47 - 00000965 ____A C:\Users\Public\Desktop\AVG 2012.lnk 2012-08-26 18:19 - 2012-08-26 18:19 - 00275584 ____A C:\Windows\Minidump\082612-36535-01.dmp 2012-08-26 18:19 - 2012-05-11 20:00 - 351105985 ____A C:\Windows\MEMORY.DMP 2012-08-24 14:43 - 2012-08-24 14:43 - 00384352 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgtdia.sys 2012-08-24 03:15 - 2012-09-23 10:18 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-08-24 02:39 - 2012-09-23 10:18 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-08-24 02:31 - 2012-09-23 10:18 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-08-24 02:22 - 2012-09-23 10:18 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-08-24 02:21 - 2012-09-23 10:18 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-08-24 02:20 - 2012-09-23 10:18 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-08-24 02:18 - 2012-09-23 10:18 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-08-24 02:17 - 2012-09-23 10:18 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-08-24 02:14 - 2012-09-23 10:18 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-08-24 02:14 - 2012-09-23 10:18 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-08-24 02:13 - 2012-09-23 10:18 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2012-08-24 02:12 - 2012-09-23 10:18 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-08-24 02:11 - 2012-09-23 10:18 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2012-08-24 02:10 - 2012-09-23 10:18 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-08-24 02:09 - 2012-09-23 10:18 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-08-24 02:04 - 2012-09-23 10:18 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-08-23 23:27 - 2012-09-23 10:18 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2012-08-23 23:03 - 2012-09-23 10:18 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2012-08-23 22:59 - 2012-09-23 10:18 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2012-08-23 22:51 - 2012-09-23 10:18 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2012-08-23 22:51 - 2012-09-23 10:18 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-08-23 22:51 - 2012-09-23 10:18 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2012-08-23 22:49 - 2012-09-23 10:18 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2012-08-23 22:48 - 2012-09-23 10:18 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-08-23 22:47 - 2012-09-23 10:18 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2012-08-23 22:47 - 2012-09-23 10:18 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2012-08-23 22:47 - 2012-09-23 10:18 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2012-08-23 22:45 - 2012-09-23 10:18 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2012-08-23 22:44 - 2012-09-23 10:18 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2012-08-23 22:44 - 2012-09-23 10:18 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2012-08-23 22:43 - 2012-09-23 10:18 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2012-08-23 22:40 - 2012-09-23 10:18 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2012-08-22 10:12 - 2012-09-12 20:13 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2012-08-22 10:12 - 2012-09-12 20:13 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys 2012-08-22 10:12 - 2012-09-12 20:13 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS 2012-08-21 15:16 - 2009-07-13 20:45 - 00276072 ____A C:\Windows\System32\FNTCACHE.DAT 2012-08-01 15:07 - 2012-08-01 15:07 - 00275584 ____A C:\Windows\Minidump\080112-44943-01.dmp 2012-07-26 02:21 - 2012-07-26 02:21 - 00291680 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgldx64.sys ATTENTION: ========> Check for possible partition/boot infection: C:\Windows\svchost.exe ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit TDL4: custom:26000022 <===== ATTENTION! ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2012-09-24 13:27:15 Restore point made on: 2012-09-27 16:02:18 Restore point made on: 2012-09-27 16:45:48 Restore point made on: 2012-10-02 16:33:07 Restore point made on: 2012-10-03 20:56:32 Restore point made on: 2012-10-04 13:07:48 Restore point made on: 2012-10-04 15:49:45 Restore point made on: 2012-10-07 14:13:09 Restore point made on: 2012-10-09 11:03:53 Restore point made on: 2012-10-09 12:33:55 Restore point made on: 2012-10-11 17:42:52 Restore point made on: 2012-10-11 18:19:08 Restore point made on: 2012-10-15 11:45:59 Restore point made on: 2012-10-16 11:22:43 ==================== Memory info =========================== Percentage of memory in use: 19% Total physical RAM: 3562.9 MB Available physical RAM: 2885.22 MB Total Pagefile: 3561.05 MB Available Pagefile: 2879.3 MB Total Virtual: 8192 MB Available Virtual: 8191.9 MB ==================== Partitions ============================= 1 Drive c: () (Fixed) (Total:450.73 GB) (Free:397.79 GB) NTFS ==>[System with boot components (obtained from reading drive)] 2 Drive e: (RECOVERY) (Fixed) (Total:14.73 GB) (Free:1.63 GB) NTFS ==>[System with boot components (obtained from reading drive)] 3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32 5 Drive h: () (Removable) (Total:3.79 GB) (Free:3.79 GB) FAT32 6 Drive x: (Boot) (Fixed) (Total:0.25 GB) (Free:0.25 GB) NTFS 7 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)] ATTENTION: Malware custom entry on BCD on drive y: detected. Check for MBR/Partition infection. Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 465 GB 0 B Disk 1 Online 3892 MB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 199 MB 1024 KB Partition 2 Primary 450 GB 200 MB Partition 3 Primary 14 GB 450 GB Partition 4 Primary 103 MB 465 GB ================================================================================== Disk: 0 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy ========================================================= Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C NTFS Partition 450 GB Healthy ========================================================= Disk: 0 Partition 3 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 E RECOVERY NTFS Partition 14 GB Healthy ========================================================= Disk: 0 Partition 4 Type : 0C Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 F HP_TOOLS FAT32 Partition 103 MB Healthy ========================================================= Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 3891 MB 400 KB ================================================================================== Disk: 1 Partition 1 Type : 0B Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 5 H FAT32 Removable 3891 MB Healthy ========================================================= Last Boot: 2012-03-04 16:29 ==================== End Of Log =============================