Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19.04.2018 Ran by SYSTEM on MININT-KRU7O7O (22-04-2018 15:54:13) Running from D:\ Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 Boot Mode: Recovery Default: ControlSet001 [b]ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.[/b] Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-29] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2016-02-03] (Brother Industries, Ltd.) HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4513792 2014-05-22] (Brother Industries, Ltd.) HKU\Witek\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [41061856 2017-11-20] () HKU\Witek\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9364696 2017-03-03] (Piriform Ltd) Startup: C:\Users\Witek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Powiadomienia monitorowania tuszu - HP Deskjet 1050 J410 series.lnk [2015-11-03] GroupPolicy: Restriction - Chrome <==== ATTENTION ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 ByteFenceService; C:\Program Files\ByteFence\ByteFenceService.exe [145888 2017-07-19] (Byte Technologies LLC) S2 lxda_device; C:\Windows\system32\lxdacoms.exe [566192 2007-04-26] ( ) S2 lxda_device; C:\Windows\SysWOW64\lxdacoms.exe [537520 2007-04-26] ( ) S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation) S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation) S2 rtop; C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe [302920 2017-09-19] () S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 CH341SER_A64; C:\Windows\System32\Drivers\CH341S64.SYS [58368 2014-09-23] (www.winchiphead.com) S3 cpuz138; C:\Users\Witek\AppData\Local\Temp\cpuz138_x64.sys [43304 2015-12-13] (CPUID) <==== ATTENTION S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation) S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation) S3 atikmdag; system32\DRIVERS\atikmdag.sys [X] S0 AtiPcie; system32\DRIVERS\AtiPcie.sys [X] S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [X] S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X] S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-04-22 15:54 - 2018-04-22 15:54 - 000000000 ____D C:\FRST 2018-04-11 02:12 - 2018-04-11 02:12 - 000000000 ____D C:\Windows\System32\Drivers\ati 2018-04-10 17:26 - 2018-04-11 02:20 - 000000000 ____D C:\Windows\System32\Drivers\amd 2018-04-09 17:14 - 2018-04-10 18:02 - 085721088 _____ C:\Windows\System32\config\software 2018-04-09 15:54 - 2018-04-09 15:54 - 000000006 _____ C:\list.txt ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-04-10 16:09 - 2018-02-06 03:02 - 000674572 _____ C:\Windows\ntbtlog.txt Some files in TEMP: ==================== 2014-11-08 00:33 - 2015-01-07 13:48 - 000601088 _____ () C:\Users\Witek\AppData\Local\Temp\Quarantine.exe 2014-11-08 00:47 - 2014-10-17 03:39 - 000665682 _____ (SQLite Development Team) C:\Users\Witek\AppData\Local\Temp\sqlite3.dll ==================== Known DLLs (Whitelisted) ========================= ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\dnsapi.dll => MD5 is legit C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== Association (Whitelisted) ============= ==================== Restore Points ========================= ==================== Memory info =========================== Percentage of memory in use: 44% Total physical RAM: 1788.05 MB Available physical RAM: 998.86 MB Total Virtual: 1788.05 MB Available Virtual: 1037.04 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:111.69 GB) (Free:54.28 GB) NTFS Drive d: (WINPE) (Removable) (Total:1.95 GB) (Free:1.54 GB) FAT32 Drive x: (Boot) (Fixed) (Total:0.5 GB) (Free:0.5 GB) NTFS Drive y: (Zastrzeżone przez system) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: D4A18603) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7/8/10) (Size: 29.3 GB) (Disk ID: B12E0BE1) Partition 1: (Active) - (Size=2 GB) - (Type=0C) LastRegBack: 2018-01-29 05:00 ==================== End of FRST.txt ============================