Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:14-08-2014 02 Ran by SYSTEM on REATOGO on 14-08-2014 20:44:18 Running from F:\ Platform: Windows 7 Professional (X86) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Recovery The current controlset is ControlSet001 [b]ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.[/b] ATTENTION!:=====> THE OPERATING SYSTEM IS A X64 SYSTEM BUT THE BOOT DISK THAT IS USED TO BOOT TO RECOVERY ENVIRONMENT IS A X86 SYSTEM DISK. The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKU\Julia\...\Run: [7BCB48A8CF9AE9A586557F05E70F22C1DB92DDFB._service_run] => "C:\Users\Julia\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service HKU\Julia\...\Run: [MCShield Monitor] => C:\Program Files (x86)\MCShield\MCShieldRTM.exe [650816 2014-04-11] (MyCity) HKU\Julia\...\Run: [Google Update] => C:\Users\Julia\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-08-14] (Google Inc.) HKU\Julia\...\Run: [KiesPDLR.exe] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2014-07-25] (Samsung) HKU\Julia\...\Run: [Digiarty_Software_AirPlayit] => "C:\Program Files\Digiarty\Air_Playit\airplayit.exe" -min HKU\Julia\...\Run: [uTorrent] => C:\Users\Julia\AppData\Roaming\uTorrent\uTorrent.exe [1322832 2014-07-02] (BitTorrent Inc.) HKU\Julia\...\Run: [Spotify Web Helper] => C:\Users\Julia\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1178168 2014-07-16] (Spotify Ltd) HKU\Julia\...\Run: [GoogleChromeAutoLaunch_BEB264476601C2F647076843F9B80748] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-07-15] (Google Inc.) AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [168616 2013-10-23] (NVIDIA Corporation) Startup: C:\Users\Julia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> (No File) ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 AdobeFlashPlayerUpdateSvc; C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [262320 2014-07-09] (Adobe Systems Incorporated) S2 Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [43336 2014-02-12] (Apple Inc.) S3 aspnet_state; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [51808 2013-09-11] (Microsoft Corporation) S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-15] (AVAST Software) S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [246256 2010-08-24] (CyberLink) S4 clr_optimization_v2.0.50727_64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [89920 2009-06-10] (Microsoft Corporation) S2 clr_optimization_v4.0.30319_64; C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [124088 2013-09-11] (Microsoft Corporation) S3 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [42856 2010-11-20] (Microsoft Corporation) S2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [449592 2013-11-22] (GAS Tecnologia) S2 gupdate; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [116648 2013-11-19] (Google Inc.) S3 gupdatem; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [116648 2013-11-19] (Google Inc.) S3 gusvc; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [136120 2011-05-09] (Google) S3 idsvc; C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe [856400 2010-11-20] (Microsoft Corporation) S2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [325656 2010-10-06] (Intel Corporation) S2 lxeeCATSCustConnectService; C:\windows\system32\spool\DRIVERS\x64\3\\lxeeserv.exe [45736 2010-04-14] (Lexmark International, Inc.) S2 lxee_device; C:\windows\system32\lxeecoms.exe [1052328 2010-04-14] ( ) S2 MemeoBackgroundService; C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [26496 2012-10-11] (Memeo) S2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC) S4 NetMsmqActivator; C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139856 2013-09-11] (Microsoft Corporation) S4 NetPipeActivator; C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139856 2013-09-11] (Microsoft Corporation) S4 NetTcpActivator; C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139856 2013-09-11] (Microsoft Corporation) S4 NetTcpPortSharing; C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139856 2013-09-11] (Microsoft Corporation) S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15122208 2013-10-17] (NVIDIA Corporation) S2 nvUpdatusService; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [1914656 2013-10-17] (NVIDIA Corporation) S3 ose; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [149352 2010-01-09] (Microsoft Corporation) S3 PerfHost; C:\Windows\SysWow64\perfhost.exe [20992 2009-07-13] (Microsoft Corporation) S2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) S2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] () S3 Samsung UPD Service; C:\windows\System32\SUPDSvc.exe [166704 2010-08-09] (Samsung Electronics CO., LTD.) S2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.) S2 SeagateDashboardService; C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [14752 2012-10-15] (Memeo) S2 SkypeUpdate; C:\Program Files (x86)\Skype\Updater\Updater.exe [172192 2013-10-23] (Skype Technologies) S3 Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software) S2 TomTomHOMEService; C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [93072 2013-08-27] (TomTom) S2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2655768 2010-10-06] (Intel Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-15] () S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-15] (AVAST Software) S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-15] (AVAST Software) S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-15] () S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-15] (AVAST Software) S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-15] (AVAST Software) S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-15] (AVAST Software) S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-15] () S3 b06bdrv; C:\Windows\system32\drivers\bxvbda.sys [468480 2009-06-10] (Broadcom Corporation) S3 b57nd60a; C:\Windows\System32\DRIVERS\b57nd60a.sys [270848 2009-06-10] (Broadcom Corporation) S3 BCM43XX; C:\Windows\System32\DRIVERS\bcmwl664.sys [4745280 2011-07-05] (Broadcom Corporation) S3 BTWAMPFL; C:\Windows\System32\DRIVERS\btwampfl.sys [348712 2010-09-21] (Broadcom Corporation.) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) S3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [138024 2014-04-06] (ELAN Microelectronics Corp.) S3 FsUsbExDisk; C:\windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] () S3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [12311904 2012-01-10] (Intel Corporation) S3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKVHD64.sys [2905320 2011-06-24] (Realtek Semiconductor Corp.) S3 ksthunk; C:\Windows\system32\drivers\ksthunk.sys [20992 2009-07-13] (Microsoft Corporation) S3 MEIx64; C:\Windows\System32\DRIVERS\HECIx64.sys [56344 2010-10-19] (Intel Corporation) S3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [80384 2010-12-03] (Renesas Electronics Corporation) S3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [181248 2010-12-03] (Renesas Electronics Corporation) S0 nvpciflt; C:\Windows\System32\DRIVERS\nvpciflt.sys [32544 2013-10-23] (NVIDIA Corporation) S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-09-27] (NVIDIA Corporation) S3 Point64; C:\Windows\System32\DRIVERS\point64.sys [50896 2014-03-19] (Microsoft Corporation) S3 RTL8167; C:\Windows\System32\DRIVERS\Rt64win7.sys [533096 2011-05-17] (Realtek ) S3 ssudobex; C:\Windows\System32\DRIVERS\ssudobex.sys [206080 2014-06-16] (DEVGURU Co., LTD.(www.devguru.co.kr)) S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [40664 2013-12-08] (The OpenVPN Project) S2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [19192 2010-10-08] (Intel(R) Corporation) S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) S0 GbpKm; system32\drivers\GbpKm.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-14 20:44 - 2014-08-14 20:44 - 00000000 ____D () C:\FRST 2014-08-12 21:45 - 2014-08-12 21:45 - 00008546 _____ () C:\Users\Julia\Downloads\The.Fosters.2013.S02E09.HDTV.x264-KILLERS.torrent 2014-08-12 21:19 - 2014-08-12 21:19 - 00448512 _____ (OldTimer Tools) C:\Users\Julia\Desktop\Temp File Cleaner.exe 2014-08-10 21:30 - 2014-08-11 00:31 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys 2014-08-10 21:30 - 2014-08-10 21:30 - 00001062 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-08-10 21:30 - 2014-05-12 06:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys 2014-08-10 21:30 - 2014-05-12 06:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys 2014-08-10 16:07 - 2014-08-10 16:08 - 00000811 _____ () C:\DelFix.txt 2014-08-10 16:07 - 2014-08-10 16:07 - 00000000 ____D () C:\Windows\ERUNT 2014-08-07 15:39 - 2014-08-07 15:39 - 00002215 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-08-02 22:21 - 2014-06-16 02:01 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudobex.sys 2014-08-02 22:21 - 2014-06-16 02:01 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudmdm.sys 2014-08-02 22:21 - 2014-06-16 02:01 - 00110336 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudbus.sys 2014-07-30 23:43 - 2014-07-30 23:43 - 00895120 _____ (Google Inc.) C:\Users\Julia\Downloads\GoogleEarthPluginSetup.exe 2014-07-30 02:45 - 2014-07-30 02:45 - 00007093 _____ () C:\Users\Julia\Downloads\Rizzoli.and.Isles.S05E07.HDTV.x264-LOL.torrent 2014-07-29 02:17 - 2014-07-29 02:17 - 00007785 _____ () C:\Users\Julia\Downloads\The.Fosters.2013.S02E07.HDTV.x264-KILLERS.torrent 2014-07-22 23:46 - 2014-07-22 23:46 - 00006282 _____ () C:\Users\Julia\Downloads\Rizzoli.and.Isles.S05E06.HDTV.x264-LOL.torrent 2014-07-22 00:17 - 2014-07-22 00:17 - 00006633 _____ () C:\Users\Julia\Downloads\The.Fosters.2013.S02E06.HDTV.x264-ASAP.torrent 2014-07-16 00:31 - 2014-07-16 00:31 - 00007042 _____ () C:\Users\Julia\Downloads\Rizzoli.and.Isles.S05E05.HDTV.x264-LOL.torrent 2014-07-15 04:18 - 2014-07-15 04:18 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-07-15 02:09 - 2014-07-15 02:09 - 00007785 _____ () C:\Users\Julia\Downloads\The.Fosters.2013.S02E05.HDTV.x264-KILLERS.torrent ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-14 20:44 - 2014-08-14 20:44 - 00000000 ____D () C:\FRST 2014-08-13 01:53 - 2012-08-15 15:09 - 00000000 ____D () C:\Users\Julia\Downloads\uTorrent 2014-08-12 21:55 - 2012-08-14 23:20 - 00000000 ____D () C:\Users\Julia\AppData\Roaming\uTorrent 2014-08-12 21:45 - 2014-08-12 21:45 - 00008546 _____ () C:\Users\Julia\Downloads\The.Fosters.2013.S02E09.HDTV.x264-KILLERS.torrent 2014-08-12 21:20 - 2009-07-14 00:45 - 00021216 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-08-12 21:20 - 2009-07-14 00:45 - 00021216 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-08-12 21:19 - 2014-08-12 21:19 - 00448512 _____ (OldTimer Tools) C:\Users\Julia\Desktop\Temp File Cleaner.exe 2014-08-12 21:18 - 2011-07-28 22:34 - 01936269 _____ () C:\Windows\WindowsUpdate.log 2014-08-12 21:13 - 2012-08-14 23:11 - 00000000 ___RD () C:\Users\Julia\Dropbox 2014-08-12 21:11 - 2012-08-14 23:09 - 00000000 ____D () C:\Users\Julia\AppData\Roaming\Dropbox 2014-08-12 21:07 - 2013-12-13 03:25 - 00033910 _____ () C:\Windows\setupact.log 2014-08-12 21:07 - 2012-10-17 16:27 - 00000000 ____D () C:\Temp 2014-08-11 00:31 - 2014-08-10 21:30 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys 2014-08-10 21:30 - 2014-08-10 21:30 - 00001062 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-08-10 21:30 - 2013-12-11 22:49 - 00000000 ____D () C:\Users\Julia\AppData\Roaming\Malwarebytes 2014-08-10 21:30 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files (x86) 2014-08-10 16:08 - 2014-08-10 16:07 - 00000811 _____ () C:\DelFix.txt 2014-08-10 16:07 - 2014-08-10 16:07 - 00000000 ____D () C:\Windows\ERUNT 2014-08-09 03:13 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64 2014-08-09 01:44 - 2012-08-22 21:04 - 00000000 ____D () C:\Users\Julia\AppData\Local\CrashDumps 2014-08-07 16:58 - 2013-12-13 03:25 - 00224950 _____ () C:\Windows\PFRO.log 2014-08-07 15:39 - 2014-08-07 15:39 - 00002215 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-08-07 00:00 - 2013-12-23 21:57 - 00000000 ____D () C:\Users\Julia\AppData\Roaming\vlc 2014-08-06 16:31 - 2009-07-14 01:13 - 00006222 _____ () C:\Windows\System32\PerfStringBackup.INI 2014-08-06 16:30 - 2014-05-29 15:38 - 00000000 ____D () C:\Users\Julia\AppData\Roaming\Spotify 2014-08-06 16:06 - 2014-05-29 15:38 - 00000000 ____D () C:\Users\Julia\AppData\Local\Spotify 2014-08-06 04:38 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\System32\LogFiles 2014-08-02 23:46 - 2012-10-17 16:22 - 00000000 ____D () C:\Users\Julia\AppData\Roaming\Samsung 2014-08-02 22:25 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-07-30 23:43 - 2014-07-30 23:43 - 00895120 _____ (Google Inc.) C:\Users\Julia\Downloads\GoogleEarthPluginSetup.exe 2014-07-30 02:45 - 2014-07-30 02:45 - 00007093 _____ () C:\Users\Julia\Downloads\Rizzoli.and.Isles.S05E07.HDTV.x264-LOL.torrent 2014-07-29 02:17 - 2014-07-29 02:17 - 00007785 _____ () C:\Users\Julia\Downloads\The.Fosters.2013.S02E07.HDTV.x264-KILLERS.torrent 2014-07-26 21:14 - 2013-03-14 02:02 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-07-22 23:46 - 2014-07-22 23:46 - 00006282 _____ () C:\Users\Julia\Downloads\Rizzoli.and.Isles.S05E06.HDTV.x264-LOL.torrent 2014-07-22 00:17 - 2014-07-22 00:17 - 00006633 _____ () C:\Users\Julia\Downloads\The.Fosters.2013.S02E06.HDTV.x264-ASAP.torrent 2014-07-16 00:31 - 2014-07-16 00:31 - 00007042 _____ () C:\Users\Julia\Downloads\Rizzoli.and.Isles.S05E05.HDTV.x264-LOL.torrent 2014-07-15 16:38 - 2012-12-03 13:59 - 00006656 _____ () C:\Users\Julia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-07-15 04:19 - 2014-05-26 01:07 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-07-15 04:19 - 2014-02-10 22:38 - 00427360 _____ (AVAST Software) C:\Windows\System32\Drivers\aswsp.sys 2014-07-15 04:18 - 2014-07-15 04:18 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-07-15 04:18 - 2014-05-26 01:06 - 00029208 _____ () C:\Windows\System32\Drivers\aswHwid.sys 2014-07-15 04:18 - 2014-02-10 22:38 - 01041168 _____ (AVAST Software) C:\Windows\System32\Drivers\aswsnx.sys 2014-07-15 04:18 - 2014-02-10 22:38 - 00307344 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe 2014-07-15 04:18 - 2014-02-10 22:38 - 00224896 _____ () C:\Windows\System32\Drivers\aswVmm.sys 2014-07-15 04:18 - 2014-02-10 22:38 - 00093568 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys 2014-07-15 04:18 - 2014-02-10 22:38 - 00092008 _____ (AVAST Software) C:\Windows\System32\Drivers\aswstm.sys 2014-07-15 04:18 - 2014-02-10 22:38 - 00079184 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys 2014-07-15 04:18 - 2014-02-10 22:38 - 00065776 _____ () C:\Windows\System32\Drivers\aswRvrt.sys 2014-07-15 02:09 - 2014-07-15 02:09 - 00007785 _____ () C:\Users\Julia\Downloads\The.Fosters.2013.S02E05.HDTV.x264-KILLERS.torrent ==================== Known DLLs (Whitelisted) ============ ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe [2011-07-28 07:19] - [2011-02-25 02:19] - 2871808 ____A (Microsoft Corporation) 332FEAB1435662FC6C672E25BEB37BE3 C:\Windows\System32\winlogon.exe [2014-05-14 15:30] - [2014-03-04 05:43] - 0455168 ____A (Microsoft Corporation) 88AB9B72B4BF3963A0DE0820B4B0B06C C:\Windows\System32\wininit.exe [2009-07-13 19:52] - [2009-07-13 21:39] - 0129024 ____A (Microsoft Corporation) 94355C28C1970635A31B3FE52EB7CEBA C:\Windows\System32\svchost.exe [2009-07-13 19:31] - [2009-07-13 21:39] - 0027136 ____A (Microsoft Corporation) C78655BC80301D76ED4FEF1C1EA40A7D C:\Windows\System32\services.exe [2009-07-13 19:19] - [2009-07-13 21:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB C:\Windows\System32\User32.dll [2010-11-20 23:24] - [2010-11-20 23:24] - 1008128 ____A (Microsoft Corporation) FE70103391A64039A921DBFFF9C7AB1B C:\Windows\System32\userinit.exe [2010-11-20 23:24] - [2010-11-20 23:24] - 0030720 ____A (Microsoft Corporation) BAFE84E637BF7388C96EF48D4D3FDD53 C:\Windows\System32\rpcss.dll [2010-11-20 23:24] - [2010-11-20 23:24] - 0512000 ____A (Microsoft Corporation) 5C627D1B1138676C0A7AB2C2C190D123 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected. C:\Windows\System32\Drivers\volsnap.sys [2010-11-20 23:23] - [2010-11-20 23:23] - 0295808 ____A (Microsoft Corporation) 0D08D2F3B3FF84E433346669B5E0F639 ==================== Restore Points ========================= Restore point made on: 2014-08-10 16:07:58 ==================== Memory info =========================== Percentage of memory in use: 9% Total physical RAM: 3497.15 MB Available physical RAM: 3148.31 MB Total Pagefile: 3319.25 MB Available Pagefile: 3239.54 MB Total Virtual: 2047.88 MB Available Virtual: 1999.9 MB ==================== Drives ================================ Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS Drive c: () (Fixed) (Total:171 GB) (Free:77.79 GB) NTFS Drive d: () (Fixed) (Total:505.7 GB) (Free:293.12 GB) NTFS Drive f: (REPAIR DISC) (Removable) (Total:7.25 GB) (Free:7.25 GB) FAT32 Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 699 GB) (Disk ID: CD49667D) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=171 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=506 GB) - (Type=OF Extended) Partition 4: (Not Active) - (Size=22 GB) - (Type=27) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 7 GB) (Disk ID: 012AB0AE) Partition 1: (Active) - (Size=7 GB) - (Type=0B) LastRegBack: 2014-08-07 00:44 ==================== End Of Log ============================