Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-08-2013 Ran by SYSTEM on 11-08-2013 03:27:15 Running from E:\ Windows 7 Professional Service Pack 1 (X64) OS Language: Polish Internet Explorer Version 10 Boot Mode: Recovery The current controlset is ControlSet001 [b]ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.[/b] ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11613288 2010-11-19] (Realtek Semiconductor) HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2919168 2011-11-22] (ESET) HKLM\...\Run: [LogMeIn GUI] - C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2011-09-16] (LogMeIn, Inc.) HKLM\...\RunOnce: [*Restore] - C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-21] (Microsoft Corporation) HKLM-x32\...\Run: [UpdateLBPShortCut] - C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-12-15] (CyberLink) HKLM-x32\...\Run: [UpdateP2GoShortCut] - C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM-x32\...\Run: [LGODDFU] - C:\Program Files (x86)\lg_fwupdate\lgfw.exe [27760 2012-08-14] (Bitleader) HKLM-x32\...\Run: [UpdatePSTShortCut] - C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [222504 2010-04-20] (CyberLink Corp.) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-03] (Adobe Systems Incorporated) HKLM-x32\...\Run: [OrderReminder] - C:\Program Files (x86)\Hewlett-Packard\OrderReminder\OrderReminder.exe [98304 2006-01-30] (Hewlett-Packard) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKU\Psse\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-08-16] (Hewlett-Packard Company) ==================== Services (Whitelisted) ================= S3 EhttpSrv; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [42360 2011-11-22] (ESET) S2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [814264 2011-11-22] (ESET) S2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376144 2013-06-10] (LogMeIn, Inc.) S2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226640 2013-06-10] (LogMeIn, Inc.) S2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2011-09-16] (LogMeIn, Inc.) ==================== Drivers (Whitelisted) ==================== S3 ACSSCR; C:\Windows\System32\DRIVERS\a38usb.sys [44928 2012-02-23] (Advanced Card Systems Ltd) S2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [171152 2011-11-21] (ESET) S1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [141264 2011-11-21] (ESET) S2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [125296 2011-11-21] (ESET) S2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-06-04] (LogMeIn, Inc.) S3 radpms; C:\Windows\System32\DRIVERS\radpms.sys [14944 2011-09-16] (LogMeIn, Inc.) S4 LMIRfsClientNP; No ImagePath ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-08-11 03:19 - 2013-08-11 03:19 - 00000000 ____D C:\FRST 2013-08-09 13:45 - 2013-08-09 13:46 - 00000000 ____D C:\Windows\System32\config\aaa 2013-08-09 06:51 - 2013-08-09 06:51 - 00003352 ____N C:\bootsqm.dat 2013-07-26 10:27 - 2013-07-26 10:27 - 00262144 _____ C:\Windows\Minidump\072613-21606-01.dmp 2013-07-22 10:49 - 2013-07-22 10:49 - 00013988 _____ C:\Users\Psse\Desktop\Wzor_nr_1-Upowaznienie_do_odbioru_pakietu .zip 2013-07-22 10:47 - 2013-07-22 10:47 - 00014289 _____ C:\Users\Psse\Desktop\Wzor_nr_3-Zgloszenie_wystapienia_sytuacji_awaryjnej_pakietu_ochrony_kryptograficznej.zip ==================== One Month Modified Files and Folders ======= 2013-08-11 07:44 - 2013-08-11 07:35 - 00038136 _____ C:\OTL.Txt 2013-08-11 07:32 - 2012-02-06 18:09 - 00000000 ____D C:\users\Psse 2013-08-11 03:19 - 2013-08-11 03:19 - 00000000 ____D C:\FRST 2013-08-09 13:46 - 2013-08-09 13:45 - 00000000 ____D C:\Windows\System32\config\aaa 2013-08-09 12:11 - 2012-02-16 11:40 - 00000000 ____D C:\ProgramData\VideoTEL 2013-08-09 12:11 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\AppCompat 2013-08-09 12:10 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration 2013-08-09 06:51 - 2013-08-09 06:51 - 00003352 ____N C:\bootsqm.dat 2013-08-08 07:32 - 2012-02-22 14:46 - 00000000 ____D C:\ProgramData\LogMeIn 2013-08-06 07:40 - 2012-02-07 01:06 - 01113088 _____ C:\Windows\WindowsUpdate.log 2013-08-06 07:38 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-08-06 07:38 - 2009-07-14 05:51 - 00058745 _____ C:\Windows\setupact.log 2013-08-05 13:07 - 2013-01-04 09:02 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-08-05 11:00 - 2009-07-14 05:45 - 00022096 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-08-05 11:00 - 2009-07-14 05:45 - 00022096 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-08-05 10:59 - 2011-04-12 14:21 - 00697896 _____ C:\Windows\System32\perfh015.dat 2013-08-05 10:59 - 2011-04-12 14:21 - 00135006 _____ C:\Windows\System32\perfc015.dat 2013-08-05 10:59 - 2009-07-14 06:13 - 01549932 _____ C:\Windows\System32\PerfStringBackup.INI 2013-07-26 10:27 - 2013-07-26 10:27 - 00262144 _____ C:\Windows\Minidump\072613-21606-01.dmp 2013-07-26 10:27 - 2012-06-25 14:06 - 418844739 _____ C:\Windows\MEMORY.DMP 2013-07-26 10:27 - 2012-06-25 14:06 - 00000000 ____D C:\Windows\Minidump 2013-07-22 10:49 - 2013-07-22 10:49 - 00013988 _____ C:\Users\Psse\Desktop\Wzor_nr_1-Upowaznienie_do_odbioru_pakietu .zip 2013-07-22 10:47 - 2013-07-22 10:47 - 00014289 _____ C:\Users\Psse\Desktop\Wzor_nr_3-Zgloszenie_wystapienia_sytuacji_awaryjnej_pakietu_ochrony_kryptograficznej.zip ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-06-21 06:58:04 Restore point made on: 2013-06-26 07:04:51 Restore point made on: 2013-07-01 07:39:22 Restore point made on: 2013-07-05 07:11:41 Restore point made on: 2013-07-09 07:59:10 Restore point made on: 2013-07-10 13:35:14 Restore point made on: 2013-07-16 06:40:42 Restore point made on: 2013-07-22 09:54:28 Restore point made on: 2013-07-26 09:29:15 Restore point made on: 2013-07-30 08:12:32 Restore point made on: 2013-08-06 07:40:30 ==================== BCD ================================ Menedľer rozruchu systemu Windows --------------------------------- Identyfikator {bootmgr} device partition=Y: description Windows Boot Manager locale pl-PL inherit {globalsettings} default {default} resumeobject {149e1b82-511f-11e1-a51d-8f905fd33f86} displayorder {default} toolsdisplayorder {memdiag} timeout 30 Moduˆ ˆadujĄcy rozruchu systemu Windows --------------------------------------- Identyfikator {default} device partition=C: path \Windows\system32\winload.exe description Windows 7 locale pl-PL inherit {bootloadersettings} recoverysequence {149e1b84-511f-11e1-a51d-8f905fd33f86} recoveryenabled Yes osdevice partition=C: systemroot \Windows resumeobject {149e1b82-511f-11e1-a51d-8f905fd33f86} nx OptIn Moduˆ ˆadujĄcy rozruchu systemu Windows --------------------------------------- Identyfikator {149e1b84-511f-11e1-a51d-8f905fd33f86} device ramdisk=[C:]\Recovery\149e1b84-511f-11e1-a51d-8f905fd33f86\Winre.wim,{149e1b85-511f-11e1-a51d-8f905fd33f86} path \windows\system32\winload.exe description Windows Recovery Environment inherit {bootloadersettings} osdevice ramdisk=[C:]\Recovery\149e1b84-511f-11e1-a51d-8f905fd33f86\Winre.wim,{149e1b85-511f-11e1-a51d-8f905fd33f86} systemroot \windows nx OptIn winpe Yes Wznawianie ze stanu hibernacji ------------------------------ Identyfikator {149e1b82-511f-11e1-a51d-8f905fd33f86} device partition=C: path \Windows\system32\winresume.exe description Windows Resume Application locale pl-PL inherit {resumeloadersettings} filedevice partition=C: filepath \hiberfil.sys debugoptionenabled No Moduˆ testujĄcy pami©† systemu Windows -------------------------------------- Identyfikator {memdiag} device partition=Y: path \boot\memtest.exe description Diagnostyka pami©ci systemu Windows locale pl-PL inherit {globalsettings} badmemoryaccess Yes Ustawienia usˆug EMS -------------------- Identyfikator {emssettings} bootems Yes Ustawienia debugera ------------------- Identyfikator {dbgsettings} debugtype Serial debugport 1 baudrate 115200 Uszkodzenia pami©ci RAM ----------------------- Identyfikator {badmemory} Ustawienia globalne ------------------- Identyfikator {globalsettings} inherit {dbgsettings} {emssettings} {badmemory} Ustawienia moduˆu ˆadujĄcego rozruchu ------------------------------------- Identyfikator {bootloadersettings} inherit {globalsettings} {hypervisorsettings} Ustawienia funkcji hypervisor ----------------------------- Identyfikator {hypervisorsettings} hypervisordebugtype Serial hypervisordebugport 1 hypervisorbaudrate 115200 Ustawienia moduˆu ˆadujĄcego wznawiania --------------------------------------- Identyfikator {resumeloadersettings} inherit {globalsettings} Opcje urzĄdzenia ---------------- Identyfikator {149e1b85-511f-11e1-a51d-8f905fd33f86} description Ramdisk Options ramdisksdidevice partition=C: ramdisksdipath \Recovery\149e1b84-511f-11e1-a51d-8f905fd33f86\boot.sdi ==================== Memory info =========================== Percentage of memory in use: 16% Total physical RAM: 4008.31 MB Available physical RAM: 3337.09 MB Total Pagefile: 4006.51 MB Available Pagefile: 3329.69 MB Total Virtual: 8192 MB Available Virtual: 8191.85 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:270.35 GB) (Free:229.54 GB) NTFS (Disk=0 Partition=2) Drive d: (XBOOT_16) (Removable) (Total:14.63 GB) (Free:1.37 GB) FAT32 (Disk=1 Partition=1) Drive e: () (Fixed) (Total:195.31 GB) (Free:193.94 GB) NTFS (Disk=0 Partition=3) Drive f: (GSP1RMCPRXFREO_PL_DVD) (CDROM) (Total:2.98 GB) (Free:0 GB) UDF Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: (Zastrzeżone przez system) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 8DA5F8AF) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=270 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=195 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 15 GB) (Disk ID: 00344A78) Partition 1: (Active) - (Size=15 GB) - (Type=0C) LastRegBack: 2013-08-02 07:54 ==================== End Of Log ============================