Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-08-2014 Ran by SYSTEM on MININT-3476O2M on 13-08-2014 10:07:36 Running from H:\ Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Recovery The current controlset is ControlSet001 [b]ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.[/b] The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [] => [X] HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe [7715160 2014-06-03] () HKLM-x32\...\Run: [] => [X] HKLM-x32\...\RunOnce: [] => [X] HKLM-x32\...\RunOnce: [GrpConv] => grpconv -o Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer: [RestrictRun] 0 HKU\User\...\Policies\Explorer: [RestrictRun] 0 ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-08-06] (SurfRight B.V.) S2 HPM1210RcvFaxSrvc; C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe [362296 2010-05-11] (HP) S2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe [706864 2014-06-03] () S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.) S2 Mitchell1DataProtectionABS; C:\Program Files (x86)\Mitchell1\DataProtection\Mitchell1.DPR.ABS.exe [43464 2013-02-14] (Mitchell Repair Information Company, LLC) S2 Mitchell1DataProtectionBCS; C:\Program Files (x86)\Mitchell1\DataProtection\Mitchell1.DPR.BCS.exe [78792 2013-02-14] (Mitchell Repair Information Company, LLC) S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\ccSvcHst.exe [138760 2011-05-24] (Symantec Corporation) S2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1135136 2012-10-15] (PDF Complete Inc) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20110519.002\BHDrvx64.sys [1143416 2011-05-13] (Symantec Corporation) S1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1300000.080\ccSetx64.sys [165512 2011-05-23] (Symantec Corporation) S0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2014-08-08] (GFI Software) S3 HP1210FAX; C:\Windows\System32\Drivers\HPM1210FAX.sys [16896 2012-11-07] () S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20110519.031\IDSVia64.sys [488056 2011-05-13] (Symantec Corporation) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-12] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-12-24] (Marvell Semiconductor, Inc.) S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20120326.002\ENG64.SYS [117880 2012-03-26] (Symantec Corporation) S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20120326.002\EX64.SYS [2048632 2012-03-26] (Symantec Corporation) S3 SRTSP; C:\Windows\system32\drivers\NISx64\1300000.080\SRTSP64.SYS [721528 2011-05-20] (Symantec Corporation) S1 SRTSPX; C:\Windows\system32\drivers\NISx64\1300000.080\SRTSPX64.SYS [37496 2011-05-20] (Symantec Corporation) S0 SymDS; C:\Windows\System32\drivers\NISx64\1300000.080\SYMDS64.SYS [451192 2011-05-16] (Symantec Corporation) S0 SymEFA; C:\Windows\System32\drivers\NISx64\1300000.080\SYMEFA64.SYS [1083512 2011-05-16] (Symantec Corporation) S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2013-06-19] (Symantec Corporation) S1 SymIRON; C:\Windows\system32\drivers\NISx64\1300000.080\Ironx64.SYS [189560 2011-05-16] (Symantec Corporation) S1 SymNetS; C:\Windows\system32\drivers\NISx64\1300000.080\SYMNETS.SYS [396408 2011-05-09] (Symantec Corporation) S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [389240 2014-04-22] (BitDefender S.R.L.) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-13 10:07 - 2014-08-13 10:07 - 00000000 ____D () C:\FRST 2014-08-12 15:00 - 2014-08-12 15:02 - 00000000 ____D () C:\ProgramData\Recovery 2014-08-12 10:44 - 2014-08-12 10:44 - 00000000 ____D () C:\$Anvi Rescue Disk$ 2014-08-12 10:27 - 2014-08-12 10:27 - 00000000 ____D () C:\AdwCleaner 2014-08-12 10:26 - 2014-08-12 10:26 - 00000861 _____ () C:\Windows\SysWOW64\InstallUtil.InstallLog 2014-08-12 09:41 - 2014-08-12 10:32 - 00000000 ____D () C:\32788R22FWJFW 2014-08-12 09:41 - 2014-05-05 09:12 - 05199940 ____R (Swearware) C:\Users\User\Desktop\ComboFix.exe 2014-08-12 09:11 - 2014-08-12 09:11 - 00003304 ____N () C:\bootsqm.dat 2014-08-12 09:10 - 2014-08-12 09:10 - 00000000 __SHD () C:\found.000 2014-08-12 08:54 - 2014-08-12 10:31 - 00002588 _____ () C:\Users\User\Desktop\Rkill.txt 2014-08-12 08:54 - 2014-08-12 08:54 - 00000000 ____D () C:\Users\User\Desktop\rkill 2014-08-08 07:33 - 2013-07-29 09:31 - 05616264 _____ (Lavasoft Limited) C:\2.exe 2014-08-08 06:06 - 2014-08-12 11:04 - 00002307 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk 2014-08-08 06:05 - 2014-08-08 07:35 - 00047496 _____ (GFI Software) C:\Windows\System32\sbbd.exe 2014-08-08 06:05 - 2014-08-08 07:35 - 00014456 _____ (GFI Software) C:\Windows\System32\Drivers\gfibto.sys 2014-08-08 06:05 - 2014-08-08 06:05 - 00000000 ____D () C:\ProgramData\Lavasoft 2014-08-08 06:05 - 2014-08-08 06:05 - 00000000 ____D () C:\Program Files\Lavasoft 2014-08-08 06:05 - 2014-08-08 06:05 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft 2014-08-07 07:06 - 2014-08-07 07:06 - 00000000 ____D () C:\TDSSKiller_Quarantine 2014-08-07 05:09 - 2014-08-08 07:43 - 00000000 ____D () C:\Users\MiTGuy\AppData\Local\CrashDumps 2014-08-07 05:08 - 2014-08-07 05:08 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{E98F5047-E0D3-4CF4-886F-1F58DF331294} 2014-08-07 05:08 - 2014-08-07 05:08 - 00000000 ____D () C:\Users\MiTGuy\AppData\Roaming\Adobe 2014-08-07 04:56 - 2014-08-07 04:56 - 00000000 ____H () C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf 2014-08-07 03:22 - 2014-08-12 04:52 - 00000000 ____D () C:\Kaspersky Rescue Disk 10.0 2014-08-06 07:52 - 2014-08-12 11:05 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys 2014-08-06 07:52 - 2014-08-08 05:41 - 00001032 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-08-06 07:52 - 2014-08-08 05:41 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-08-06 07:52 - 2014-08-06 07:52 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-06 07:52 - 2014-05-12 03:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys 2014-08-06 07:52 - 2014-05-12 03:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys 2014-08-06 07:52 - 2014-05-12 03:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2014-08-06 07:47 - 2014-08-07 05:06 - 00000000 ____D () C:\users\MiTGuy 2014-08-06 07:47 - 2014-08-06 07:47 - 00000020 ___SH () C:\Users\MiTGuy\ntuser.ini 2014-08-06 07:47 - 2013-06-19 10:27 - 00002315 _____ () C:\Users\MiTGuy\Desktop\MSN.lnk 2014-08-06 07:47 - 2013-06-19 10:16 - 00000000 ___HD () C:\Users\MiTGuy\Documents\hp.system.package.metadata 2014-08-06 07:15 - 2014-08-07 05:14 - 00001823 _____ () C:\Users\Public\Desktop\HitmanPro.lnk 2014-08-06 07:15 - 2014-08-06 07:15 - 00000000 ____D () C:\Program Files\HitmanPro 2014-08-06 07:14 - 2014-08-12 09:36 - 00000000 ____D () C:\ProgramData\HitmanPro 2014-08-06 07:12 - 2014-08-06 07:41 - 00000000 ____D () C:\users\Administrator 2014-08-06 07:12 - 2014-08-06 07:12 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini 2014-08-06 07:12 - 2013-06-19 10:27 - 00002315 _____ () C:\Users\Administrator\Desktop\MSN.lnk 2014-08-06 07:12 - 2013-06-19 10:16 - 00000000 ___HD () C:\Users\Administrator\Documents\hp.system.package.metadata 2014-08-06 07:00 - 2014-08-06 07:20 - 11188736 _____ (SurfRight B.V.) C:\hitmanpro_x64.exe 2014-08-06 06:10 - 2014-08-06 06:10 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\User\Desktop\mbam-setup-2.0.2.1012.exe 2014-08-06 06:10 - 2014-08-06 06:10 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Public\Desktop\mbam-setup-2.0.2.1012.exe 2014-08-06 06:10 - 2014-08-06 06:10 - 17292760 _____ (Malwarebytes Corporation ) C:\1.exe.exe 2014-08-06 05:49 - 2014-08-06 05:49 - 00000000 ____D () C:\Windows\pss 2014-08-05 10:40 - 2014-08-05 11:20 - 00000000 ___HD () C:\Users\Public\Documents\Report 2014-08-01 17:06 - 2014-05-14 08:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\System32\wuaueng.dll 2014-08-01 17:06 - 2014-05-14 08:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\System32\wuauclt.exe 2014-08-01 17:06 - 2014-05-14 08:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\System32\wups2.dll 2014-08-01 17:06 - 2014-05-14 08:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\System32\wucltux.dll 2014-08-01 17:05 - 2014-05-14 08:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\System32\wuapi.dll 2014-08-01 17:05 - 2014-05-14 08:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2014-08-01 17:05 - 2014-05-14 08:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\System32\wups.dll 2014-08-01 17:05 - 2014-05-14 08:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2014-08-01 17:05 - 2014-05-14 08:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\System32\wudriver.dll 2014-08-01 17:05 - 2014-05-14 08:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2014-08-01 17:05 - 2014-05-14 05:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\System32\wuwebv.dll 2014-08-01 17:05 - 2014-05-14 05:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2014-08-01 17:05 - 2014-05-14 05:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\System32\wuapp.exe 2014-08-01 17:05 - 2014-05-14 05:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2014-07-31 10:37 - 2014-07-31 10:38 - 00001264 _____ () C:\Windows\SKSM20.ini 2014-07-31 10:37 - 2014-07-31 10:37 - 00001537 _____ () C:\Users\Public\Desktop\Shopkey Management 32 Program.lnk 2014-07-31 10:35 - 2013-01-22 11:14 - 00300659 _____ (Mitchell1 ) C:\Users\User\Desktop\SKMID3.exe 2014-07-31 10:14 - 2014-07-31 10:14 - 00000000 ____D () C:\Users\User\AppData\Roaming\TeamViewer ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-13 10:07 - 2014-08-13 10:07 - 00000000 ____D () C:\FRST 2014-08-12 15:02 - 2014-08-12 15:00 - 00000000 ____D () C:\ProgramData\Recovery 2014-08-12 11:18 - 2009-07-13 21:13 - 00782470 _____ () C:\Windows\System32\PerfStringBackup.INI 2014-08-12 11:12 - 2014-01-29 07:06 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps 2014-08-12 11:05 - 2014-08-06 07:52 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys 2014-08-12 11:05 - 2013-06-19 10:27 - 00000000 ____D () C:\ProgramData\PDFC 2014-08-12 11:04 - 2014-08-08 06:06 - 00002307 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk 2014-08-12 11:04 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-08-12 11:03 - 2009-07-13 20:51 - 00037349 _____ () C:\Windows\setupact.log 2014-08-12 10:44 - 2014-08-12 10:44 - 00000000 ____D () C:\$Anvi Rescue Disk$ 2014-08-12 10:32 - 2014-08-12 09:41 - 00000000 ____D () C:\32788R22FWJFW 2014-08-12 10:31 - 2014-08-12 08:54 - 00002588 _____ () C:\Users\User\Desktop\Rkill.txt 2014-08-12 10:28 - 2010-11-20 19:47 - 00151820 _____ () C:\Windows\PFRO.log 2014-08-12 10:27 - 2014-08-12 10:27 - 00000000 ____D () C:\AdwCleaner 2014-08-12 10:26 - 2014-08-12 10:26 - 00000861 _____ () C:\Windows\SysWOW64\InstallUtil.InstallLog 2014-08-12 09:36 - 2014-08-06 07:14 - 00000000 ____D () C:\ProgramData\HitmanPro 2014-08-12 09:26 - 2013-08-12 02:44 - 01653714 _____ () C:\Windows\WindowsUpdate.log 2014-08-12 09:19 - 2009-07-13 20:45 - 00027568 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-08-12 09:19 - 2009-07-13 20:45 - 00027568 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-08-12 09:11 - 2014-08-12 09:11 - 00003304 ____N () C:\bootsqm.dat 2014-08-12 09:10 - 2014-08-12 09:10 - 00000000 __SHD () C:\found.000 2014-08-12 08:54 - 2014-08-12 08:54 - 00000000 ____D () C:\Users\User\Desktop\rkill 2014-08-12 08:36 - 2013-06-19 10:27 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-08-12 07:55 - 2013-11-20 07:15 - 00000000 ____D () C:\users\AAx-DPR-SrvAcct 2014-08-12 05:16 - 2013-08-12 04:57 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{FA5A839B-C9CA-42E4-A268-F2786513429F} 2014-08-12 04:52 - 2014-08-07 03:22 - 00000000 ____D () C:\Kaspersky Rescue Disk 10.0 2014-08-08 07:43 - 2014-08-07 05:09 - 00000000 ____D () C:\Users\MiTGuy\AppData\Local\CrashDumps 2014-08-08 07:35 - 2014-08-08 06:05 - 00047496 _____ (GFI Software) C:\Windows\System32\sbbd.exe 2014-08-08 07:35 - 2014-08-08 06:05 - 00014456 _____ (GFI Software) C:\Windows\System32\Drivers\gfibto.sys 2014-08-08 07:35 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache 2014-08-08 06:05 - 2014-08-08 06:05 - 00000000 ____D () C:\ProgramData\Lavasoft 2014-08-08 06:05 - 2014-08-08 06:05 - 00000000 ____D () C:\Program Files\Lavasoft 2014-08-08 06:05 - 2014-08-08 06:05 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft 2014-08-08 05:41 - 2014-08-06 07:52 - 00001032 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-08-08 05:41 - 2014-08-06 07:52 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-08-07 07:06 - 2014-08-07 07:06 - 00000000 ____D () C:\TDSSKiller_Quarantine 2014-08-07 05:14 - 2014-08-06 07:15 - 00001823 _____ () C:\Users\Public\Desktop\HitmanPro.lnk 2014-08-07 05:08 - 2014-08-07 05:08 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{E98F5047-E0D3-4CF4-886F-1F58DF331294} 2014-08-07 05:08 - 2014-08-07 05:08 - 00000000 ____D () C:\Users\MiTGuy\AppData\Roaming\Adobe 2014-08-07 05:06 - 2014-08-06 07:47 - 00000000 ____D () C:\users\MiTGuy 2014-08-07 04:56 - 2014-08-07 04:56 - 00000000 ____H () C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf 2014-08-06 07:52 - 2014-08-06 07:52 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-06 07:47 - 2014-08-06 07:47 - 00000020 ___SH () C:\Users\MiTGuy\ntuser.ini 2014-08-06 07:41 - 2014-08-06 07:12 - 00000000 ____D () C:\users\Administrator 2014-08-06 07:20 - 2014-08-06 07:00 - 11188736 _____ (SurfRight B.V.) C:\hitmanpro_x64.exe 2014-08-06 07:15 - 2014-08-06 07:15 - 00000000 ____D () C:\Program Files\HitmanPro 2014-08-06 07:12 - 2014-08-06 07:12 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini 2014-08-06 06:10 - 2014-08-06 06:10 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\User\Desktop\mbam-setup-2.0.2.1012.exe 2014-08-06 06:10 - 2014-08-06 06:10 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Public\Desktop\mbam-setup-2.0.2.1012.exe 2014-08-06 06:10 - 2014-08-06 06:10 - 17292760 _____ (Malwarebytes Corporation ) C:\1.exe.exe 2014-08-06 05:49 - 2014-08-06 05:49 - 00000000 ____D () C:\Windows\pss 2014-08-05 11:20 - 2014-08-05 10:40 - 00000000 ___HD () C:\Users\Public\Documents\Report 2014-07-31 10:39 - 2013-11-20 07:28 - 00000220 _____ () C:\Windows\picklist.ini 2014-07-31 10:38 - 2014-07-31 10:37 - 00001264 _____ () C:\Windows\SKSM20.ini 2014-07-31 10:37 - 2014-07-31 10:37 - 00001537 _____ () C:\Users\Public\Desktop\Shopkey Management 32 Program.lnk 2014-07-31 10:37 - 2013-11-20 07:21 - 00000092 _____ () C:\Windows\crw.ini 2014-07-31 10:37 - 2013-11-20 07:21 - 00000089 _____ () C:\Windows\mrid32 2014-07-31 10:37 - 2013-11-20 07:11 - 00000350 _____ () C:\Windows\CAS.INI 2014-07-31 10:37 - 2013-08-12 05:51 - 00000516 _____ () C:\Windows\MIREPAIR.INI 2014-07-31 10:37 - 2013-08-12 05:51 - 00000209 _____ () C:\Windows\ODBCINST.INI 2014-07-31 10:37 - 2013-08-12 05:17 - 00001018 _____ () C:\Windows\ODBC.INI 2014-07-31 10:31 - 2013-08-12 05:51 - 00001667 _____ () C:\Windows\SKSM20Demo.ini 2014-07-31 10:14 - 2014-07-31 10:14 - 00000000 ____D () C:\Users\User\AppData\Roaming\TeamViewer Some content of TEMP: ==================== C:\Users\Administrator\AppData\Local\Temp\HitmanPro.exe C:\Users\Administrator\AppData\Local\Temp\Kickstarter.exe C:\Users\User\AppData\Local\Temp\ComboFix.exe C:\Users\User\AppData\Local\Temp\Quarantine.exe ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll [2010-11-20 19:24] - [2014-03-04 01:16] - 0872448 ____A (Microsoft Corporation) 4723C280AB73247C0CAAD1CF7AB6DCD2 C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== Restore Points ========================= Restore point made on: 2014-06-23 22:48:53 Restore point made on: 2014-06-30 22:48:59 Restore point made on: 2014-07-07 22:49:05 Restore point made on: 2014-07-08 23:00:27 Restore point made on: 2014-07-15 00:40:21 Restore point made on: 2014-07-22 00:40:18 Restore point made on: 2014-07-29 00:40:19 Restore point made on: 2014-07-31 10:31:32 Restore point made on: 2014-07-31 10:32:56 Restore point made on: 2014-07-31 10:36:12 Restore point made on: 2014-07-31 10:36:50 Restore point made on: 2014-08-01 17:05:37 Restore point made on: 2014-08-04 22:59:18 Restore point made on: 2014-08-08 05:44:52 Restore point made on: 2014-08-08 06:05:25 Restore point made on: 2014-08-12 05:14:57 ==================== Memory info =========================== Percentage of memory in use: 21% Total physical RAM: 3983.55 MB Available physical RAM: 3133.3 MB Total Pagefile: 3981.75 MB Available Pagefile: 3130.71 MB Total Virtual: 8192 MB Available Virtual: 8191.89 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:451.42 GB) (Free:398.94 GB) NTFS Drive e: (HP_RECOVERY) (Fixed) (Total:14.14 GB) (Free:1.63 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive f: (HP_TOOLS) (Fixed) (Total:0.09 GB) (Free:0.08 GB) FAT32 Drive h: (HITMANPRO) (Removable) (Total:0.93 GB) (Free:0.81 GB) NTFS Drive x: (Boot) (Fixed) (Total:0.12 GB) (Free:0.12 GB) NTFS Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 52047A93) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=451 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=14 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=101 MB) - (Type=27) ======================================================== Disk: 1 (Size: 964 MB) (Disk ID: 545C48EB) Partition 1: (Active) - (Size=957 MB) - (Type=07 NTFS) LastRegBack: 2014-08-08 06:24 ==================== End Of Log ============================