Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-06-2013 02 Ran by SYSTEM on 27-06-2013 13:30:07 Running from F:\ Windows 7 Ultimate (X86) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Recovery The current controlset is ControlSet001 [b]ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.[/b] ==================== Registry (Whitelisted) ================== HKLM\...\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [31016 2006-10-26] (Microsoft Corporation) HKLM\...\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe [163840 2008-03-26] (Alps Electric Co., Ltd.) HKLM\...\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min [281768 2010-11-04] (Avira GmbH) HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2011-09-07] (Adobe Systems Incorporated) HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-03-29] (Adobe Systems Incorporated) HKLM\...\Run: [DATAMNGR] C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\DATAMN~1.EXE [1115568 2011-02-08] (iMesh, Inc) HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.) HKU\Vedrana\...\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [ 2009-07-26] (Microsoft Corporation) HKU\Vedrana\...\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" [x] HKU\Vedrana\...\Winlogon: [Shell] explorer.exe,C:\Users\Vedrana\AppData\Roaming\skype.dat <==== ATTENTION Startup: C:\ProgramData\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.) Startup: C:\Users\Vedrana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) ========================== Services (Whitelisted) ================= S2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [136360 2011-05-01] (Avira GmbH) S2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [269480 2011-07-01] (Avira GmbH) S2 FirebirdGuardianDefaultInstance; C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe [81920 2007-09-03] (FirebirdSQL Project) S3 FirebirdServerDefaultInstance; C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe [2002944 2007-09-03] (FirebirdSQL Project) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.) S2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [690472 2011-07-22] (Nero AG) S2 SkypeUpdate; "C:\Program Files\Skype\Updater\Updater.exe" [x] ==================== Drivers (Whitelisted) ==================== S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [66616 2011-07-01] () S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [138192 2011-07-01] (Avira GmbH) S0 sptd; C:\Windows\System32\Drivers\sptd.sys [721904 2010-04-14] (Duplex Secure Ltd.) S1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2009-05-10] (Avira GmbH) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-06-27 11:33 - 2013-06-27 11:33 - 00000000 ____D C:\FRST 2013-06-26 12:59 - 2013-06-27 03:05 - 00000000 ___AD C:\Kaspersky Rescue Disk 10.0 ==================== One Month Modified Files and Folders ======== 2013-06-27 11:33 - 2013-06-27 11:33 - 00000000 ____D C:\FRST 2013-06-27 03:28 - 2013-04-28 14:07 - 00000004 ____A C:\Users\Vedrana\AppData\Roaming\skype.ini 2013-06-27 03:28 - 2010-11-14 07:05 - 00000934 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-06-27 03:28 - 2010-05-05 08:06 - 00000000 ____D C:\Users\Vedrana\AppData\Roaming\BitTorrent 2013-06-27 03:28 - 2010-04-14 09:43 - 00000000 ____D C:\Users\Vedrana\Tracing 2013-06-27 03:28 - 2009-07-13 20:34 - 00014016 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-06-27 03:28 - 2009-07-13 20:34 - 00014016 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-06-27 03:27 - 2011-05-31 02:17 - 00056108 ____A C:\Windows\setupact.log 2013-06-27 03:27 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-06-27 03:05 - 2013-06-26 12:59 - 00000000 ___AD C:\Kaspersky Rescue Disk 10.0 2013-06-27 01:39 - 2010-04-14 07:00 - 01516439 ____A C:\Windows\WindowsUpdate.log 2013-06-26 10:55 - 2010-11-14 07:05 - 00000938 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-06-24 05:43 - 2010-04-14 07:09 - 00000000 ____D C:\users\Vedrana 2013-06-24 05:42 - 2011-12-10 04:07 - 00000000 ____D C:\ProgramData\McAfee Security Scan 2013-06-24 05:42 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\wfp 2013-06-24 05:42 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\DriverStore 2013-06-24 05:42 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\registration 2013-06-19 13:14 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\LogFiles 2013-06-19 12:56 - 2013-05-05 13:40 - 00000000 ____D C:\users\TeeSupport.vekson 2013-06-19 12:56 - 2013-05-05 13:38 - 00000000 ____D C:\users\TeeSupport 2013-06-19 12:56 - 2009-07-13 23:48 - 00000000 ___RD C:\Users\Public\Recorded TV Files to move or delete: ==================== C:\Users\Vedrana\AppData\Roaming\skype.dat C:\Users\Vedrana\AppData\Roaming\skype.ini C:\Users\Vedrana\Application Data\skype.dat C:\Users\Vedrana\Application Data\skype.ini ==================== Known DLLs (Whitelisted) ============ ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-04-28 21:52:23 ==================== Memory info =========================== Percentage of memory in use: 36% Total physical RAM: 984.57 MB Available physical RAM: 625.27 MB Total Pagefile: 984.57 MB Available Pagefile: 625.33 MB Total Virtual: 2047.88 MB Available Virtual: 1931.98 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:44.61 GB) (Free:6.53 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: () (Fixed) (Total:188.27 GB) (Free:61.03 GB) NTFS Drive f: () (Removable) (Total:0.98 GB) (Free:0.98 GB) FAT Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 77777777) Partition 1: (Active) - (Size=45 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=188 GB) - (Type=OF Extended) ======================================================== Disk: 1 (Size: 1005 MB) (Disk ID: 00551B5A) Partition 1: (Active) - (Size=1004 MB) - (Type=06) LastRegBack: 2013-04-24 13:15 ==================== End Of Log ============================