Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013 Ran by SYSTEM on MININT-LCP3EPS on 13-10-2013 02:12:35 Running from G:\Data Windows 7 Home Premium (X86) OS Language: English(US) Internet Explorer Version 10 Boot Mode: Recovery The current controlset is ControlSet001 [b]ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.[/b] ==================== Registry (Whitelisted) ================== HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-08-06] (Intel Corporation) HKLM\...\Run: [MDS_Menu] - C:\Program Files\Lenovo\MediaShow\MUITransfer\MUIStartMenu.exe [218408 2008-11-14] (CyberLink Corp.) HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1545512 2009-07-30] (Synaptics Incorporated) HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7625248 2009-07-20] (Realtek Semiconductor) HKLM\...\Run: [OnekeyDM] - C:\Program Files\Lenovo\OnekeyDM\OnekeyDM.exe [335872 2009-03-27] () HKLM\...\Run: [UpdateP2GShortCut] - C:\Program Files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.) HKLM\...\Run: [EnergyUtility] - C:\Program Files\Lenovo\Energy Management\utility.exe [4114288 2009-08-26] (Lenovo(beijing) Limited) HKLM\...\Run: [Energy Management] - C:\Program Files\Lenovo\Energy Management\Energy Management.exe [5064520 2009-06-25] (Lenovo (Beijing) Limited) HKLM\...\Run: [Lenovo SlideNav] - C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe [839680 2009-08-18] (Lenovo) HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [947152 2013-01-27] (Microsoft Corporation) HKLM\...\RunOnce: [*Restore] - C:\windows\system32\rstrui.exe /RUNONCE [262656 2010-11-20] (Microsoft Corporation) HKU\Alicja\...\Run: [Akamai NetSession Interface] - C:\Users\Alicja\AppData\Local\Akamai\netsession_win.exe [ 2013-01-25] (Akamai Technologies, Inc.) HKU\Default\...\Run: [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\Default User\...\Run: [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun Startup: C:\Users\Alicja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> (No File) ========================== Services (Whitelisted) ================= S2 ABBYY.Licensing.PDFTransformer.Classic.3.0; C:\Program Files\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe [759048 2010-02-01] (ABBYY) S2 appdrvrem01; C:\Windows\System32\appdrvrem01.exe [318632 2012-11-30] (Protection Technology) S2 Browser Defender Update Service; C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [580728 2012-10-23] (Threat Expert Ltd.) S2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [582944 2009-07-01] (Broadcom Corporation.) S2 KMService; C:\windows\system32\srvany.exe [8192 2012-03-24] () S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation) S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295232 2013-01-27] (Microsoft Corporation) S4 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1324104 2013-01-09] (pdfforge GbR) S4 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [795208 2013-01-09] (pdfforge GbR) S2 ProtexisLicensing; C:\windows\system32\PSIService.exe [177704 2007-06-05] () S2 RichVideo; C:\Program Files\Cyberlink\Shared files\RichVideo.exe [244904 2009-07-17] () S3 sdAuxService; C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe [403416 2012-10-30] (PC Tools) S3 sdCoreService; C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe [1162360 2012-11-01] (PC Tools) S4 Soda PDF 5 Helper Service; C:\Program Files\Soda PDF 5\HelperService.exe [1069408 2013-01-29] (LULU Software) S4 Soda PDF 5 Service; C:\Program Files\Soda PDF 5\ConversionService.exe [794464 2013-01-29] (LULU Software) S4 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software) S2 dealplylive; C:\Program Files\DealPlyLive\Update\DealPlyLive.exe /svc [x] S3 dealplylivem; C:\Program Files\DealPlyLive\Update\DealPlyLive.exe /medsvc [x] ==================== Drivers (Whitelisted) ==================== S3 ACPIVPC; C:\Windows\System32\DRIVERS\AcpiVpc.sys [21520 2009-05-19] (Lenovo Corporation) S1 appdrv01; C:\Windows\System32\Drivers\appdrv01.sys [2279808 2012-11-30] (Protection Technology) S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [83872 2011-07-18] () S3 cleanhlp; C:\Users\Alicja\Desktop\EmsisoftEmergencyKit\Run\cleanhlp32.sys [50200 2013-09-08] (Emsisoft GmbH) S0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-13] (Microsoft Corporation) S3 enecirhid; C:\Windows\System32\DRIVERS\enecirhid.sys [11776 2009-05-19] (ENE TECHNOLOGY INC.) S3 enecirhidma; C:\Windows\System32\DRIVERS\enecirhidma.sys [5632 2008-04-24] (ENE TECHNOLOGY INC.) S1 funfrm; C:\Windows\System32\Drivers\funfrm.sys [54800 2009-11-02] () S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2011-07-18] () S0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [36208 2009-07-02] (COMPAL ELECTRONIC INC.) S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation) S3 PCTBD; C:\Windows\System32\Drivers\PCTBD.sys [62688 2012-10-23] (PC Tools) S0 PCTCore; C:\Windows\System32\drivers\PCTCore.sys [368616 2012-10-22] (PC Tools) S0 pctDS; C:\Windows\System32\drivers\pctDS.sys [342168 2012-02-28] (PC Tools) S0 pctEFA; C:\Windows\System32\drivers\pctEFA.sys [909728 2012-02-28] (PC Tools) S1 pctgntdi; C:\Windows\System32\drivers\pctgntdi.sys [260760 2012-10-31] (PC Tools) S3 pctplsm; C:\Windows\System32\drivers\pctplsm.sys [68272 2012-11-01] (PC Tools) S1 PCTSD; C:\Windows\System32\Drivers\PCTSD.sys [202280 2012-11-01] (PC Tools) S3 usbsmi; C:\Windows\System32\DRIVERS\SMIksdrv.sys [171520 2009-08-21] (SMI) S3 wdmirror; C:\Windows\System32\DRIVERS\WDMirror.sys [11792 2009-07-16] (Windows (R) Codename Longhorn DDK provider) S3 wsvd; C:\Windows\System32\DRIVERS\wsvd.sys [81704 2009-07-21] (CyberLink) S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [x] S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-13 02:12 - 2013-10-13 02:12 - 00000000 ____D C:\FRST 2013-10-08 14:10 - 2013-10-08 14:10 - 15026363 _____ C:\Users\Alicja\Desktop\wirusologiapt_.zip 2013-10-08 14:09 - 2013-10-08 14:09 - 00032367 _____ C:\Users\Alicja\Desktop\Wirusologia - ćwiczenia.odt 2013-10-06 15:27 - 2013-10-06 15:28 - 00000000 ____D C:\Users\Alicja\Desktop\Zdjęcia z komórki 2013-10-06 12:57 - 2013-10-06 12:57 - 00087552 _____ C:\Users\Alicja\Desktop\Rok II semestr zimowy (1).xls 2013-09-28 13:20 - 2013-09-28 13:20 - 00000000 ____D C:\Users\Alicja\AppData\Roaming\Need for Speed World 2013-09-28 13:04 - 2013-09-28 13:04 - 00002163 _____ C:\Users\Public\Desktop\Need For Speed World.lnk 2013-09-28 13:04 - 2013-09-28 13:04 - 00000000 ____D C:\Users\Alicja\AppData\Local\Electronic_Arts_Inc 2013-09-28 13:03 - 2013-09-28 13:03 - 06400680 _____ (Electronic Arts ) C:\Users\Alicja\Desktop\setup_nfsw.exe 2013-09-28 13:03 - 2013-09-28 13:03 - 00000000 ____D C:\ProgramData\Electronic Arts 2013-09-28 13:03 - 2013-09-28 13:03 - 00000000 ____D C:\Program Files\Electronic Arts 2013-09-27 16:46 - 2013-10-06 15:38 - 00000000 ____D C:\Users\Alicja\Desktop\Inne fajne(muzyka) 2013-09-27 15:12 - 2013-09-29 15:51 - 00000000 ____D C:\Users\Alicja\Desktop\Ulubione 2013-09-23 16:30 - 2013-09-23 16:30 - 00000000 ____D C:\Users\Alicja\Desktop\Chris Cornell - Scream 2009 2013-09-23 15:06 - 2013-09-23 16:31 - 00000000 ____D C:\Users\Alicja\Desktop\Metallica 2013-09-22 15:40 - 2013-09-23 15:06 - 00000000 ____D C:\Users\Alicja\Desktop\Jo Nesbo 2013-09-21 04:32 - 2013-10-06 12:23 - 00002778 _____ C:\Windows\setupact.log 2013-09-21 04:32 - 2013-09-21 04:32 - 00000000 _____ C:\Windows\setuperr.log 2013-09-19 13:41 - 2013-09-19 13:41 - 00000000 ____D C:\Users\Alicja\Desktop\Chemia-organiczna-John-McMurry 2013-09-13 17:36 - 2013-09-13 17:37 - 00000000 ____D C:\Users\Alicja\Desktop\Good stuff ==================== One Month Modified Files and Folders ======= 2013-10-13 02:12 - 2013-10-13 02:12 - 00000000 ____D C:\FRST 2013-10-11 16:11 - 2013-04-14 13:31 - 00000000 ____D C:\Users\Alicja\AppData\Local\Akamai 2013-10-11 16:11 - 2011-07-25 06:09 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-10-11 16:11 - 2010-03-10 10:43 - 00000000 ____D C:\users\Mama 2013-10-11 16:11 - 2010-02-27 12:49 - 00000000 ___HD C:\Users\Alicja\AppData\Roaming\Winamp 2013-10-11 16:11 - 2010-02-27 07:22 - 00000000 ___HD C:\users\Alicja 2013-10-11 16:11 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\wfp 2013-10-11 16:11 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\registration 2013-10-11 16:11 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Microsoft.NET 2013-10-11 16:10 - 2013-05-05 14:43 - 00000000 ___RD C:\Users\Alicja\Dropbox 2013-10-11 15:12 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\LogFiles 2013-10-08 14:10 - 2013-10-08 14:10 - 15026363 _____ C:\Users\Alicja\Desktop\wirusologiapt_.zip 2013-10-08 14:09 - 2013-10-08 14:09 - 00032367 _____ C:\Users\Alicja\Desktop\Wirusologia - ćwiczenia.odt 2013-10-06 15:38 - 2013-09-27 16:46 - 00000000 ____D C:\Users\Alicja\Desktop\Inne fajne(muzyka) 2013-10-06 15:28 - 2013-10-06 15:27 - 00000000 ____D C:\Users\Alicja\Desktop\Zdjęcia z komórki 2013-10-06 12:57 - 2013-10-06 12:57 - 00087552 _____ C:\Users\Alicja\Desktop\Rok II semestr zimowy (1).xls 2013-10-06 12:36 - 2009-11-02 13:15 - 01872787 _____ C:\Windows\WindowsUpdate.log 2013-10-06 12:31 - 2009-07-13 20:34 - 00009920 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-10-06 12:31 - 2009-07-13 20:34 - 00009920 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-10-06 12:24 - 2013-05-05 14:38 - 00000000 ____D C:\Users\Alicja\AppData\Roaming\Dropbox 2013-10-06 12:23 - 2013-09-21 04:32 - 00002778 _____ C:\Windows\setupact.log 2013-10-05 09:37 - 2009-10-16 06:38 - 04972128 _____ C:\Windows\System32\perfh015.dat 2013-10-05 09:37 - 2009-10-16 06:38 - 01637118 _____ C:\Windows\System32\perfc015.dat 2013-10-05 09:37 - 2009-10-15 23:01 - 00006468 _____ C:\Windows\System32\PerfStringBackup.INI 2013-10-02 13:40 - 2010-12-18 16:49 - 00002376 _____ C:\Users\Alicja\Desktop\Google Chrome.lnk 2013-09-29 15:51 - 2013-09-27 15:12 - 00000000 ____D C:\Users\Alicja\Desktop\Ulubione 2013-09-28 13:20 - 2013-09-28 13:20 - 00000000 ____D C:\Users\Alicja\AppData\Roaming\Need for Speed World 2013-09-28 13:04 - 2013-09-28 13:04 - 00002163 _____ C:\Users\Public\Desktop\Need For Speed World.lnk 2013-09-28 13:04 - 2013-09-28 13:04 - 00000000 ____D C:\Users\Alicja\AppData\Local\Electronic_Arts_Inc 2013-09-28 13:03 - 2013-09-28 13:03 - 06400680 _____ (Electronic Arts ) C:\Users\Alicja\Desktop\setup_nfsw.exe 2013-09-28 13:03 - 2013-09-28 13:03 - 00000000 ____D C:\ProgramData\Electronic Arts 2013-09-28 13:03 - 2013-09-28 13:03 - 00000000 ____D C:\Program Files\Electronic Arts 2013-09-27 15:12 - 2012-11-30 09:44 - 00000000 ____D C:\Users\Alicja\Desktop\studia 2013-09-23 16:31 - 2013-09-23 15:06 - 00000000 ____D C:\Users\Alicja\Desktop\Metallica 2013-09-23 16:30 - 2013-09-23 16:30 - 00000000 ____D C:\Users\Alicja\Desktop\Chris Cornell - Scream 2009 2013-09-23 15:06 - 2013-09-22 15:40 - 00000000 ____D C:\Users\Alicja\Desktop\Jo Nesbo 2013-09-22 17:22 - 2013-02-01 15:58 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe 2013-09-22 17:22 - 2013-02-01 15:58 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl 2013-09-21 04:32 - 2013-09-21 04:32 - 00000000 _____ C:\Windows\setuperr.log 2013-09-19 13:41 - 2013-09-19 13:41 - 00000000 ____D C:\Users\Alicja\Desktop\Chemia-organiczna-John-McMurry 2013-09-14 15:09 - 2013-07-30 13:18 - 00000088 __RSH C:\Windows\System32\0B3A31FE4F.sys 2013-09-14 15:09 - 2013-07-30 13:18 - 00000000 ____D C:\Users\Alicja\Documents\My PSP Files 2013-09-14 15:09 - 2013-07-30 13:10 - 00002828 ___SH C:\Windows\System32\KGyGaAvL.sys 2013-09-13 17:37 - 2013-09-13 17:36 - 00000000 ____D C:\Users\Alicja\Desktop\Good stuff 2013-09-13 10:21 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\rescache 2013-09-13 07:24 - 2009-07-13 20:33 - 00452384 _____ C:\Windows\System32\FNTCACHE.DAT 2013-09-13 07:22 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\pl-PL Some content of TEMP: ==================== C:\Users\Alicja\AppData\Local\Temp\Foxit Reader Updater.exe ==================== Known DLLs (Whitelisted) ============ C:\Windows\System32\LPK.dll IS MISSING <==== ATTENTION!. ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= 7 Restore point made on: 2013-09-19 07:57:43 Restore point made on: 2013-09-22 15:13:53 Restore point made on: 2013-09-26 10:46:09 Restore point made on: 2013-09-29 12:57:15 Restore point made on: 2013-10-03 09:44:57 Restore point made on: 2013-10-06 12:36:33 Restore point made on: 2013-10-10 09:46:21 ==================== Memory info =========================== Percentage of memory in use: 13% Total physical RAM: 4090.6 MB Available physical RAM: 3552.82 MB Total Pagefile: 4088.88 MB Available Pagefile: 3560.08 MB Total Virtual: 2047.88 MB Available Virtual: 1934.2 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:420.55 GB) (Free:253.16 GB) NTFS Drive d: (Lenovo) (Fixed) (Total:30.25 GB) (Free:29.17 GB) NTFS Drive g: () (Removable) (Total:1.88 GB) (Free:1.11 GB) FAT32 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: () (Fixed) (Total:0.2 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: AAD13451) Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=421 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=30 GB) - (Type=OF Extended) Partition 4: (Not Active) - (Size=15 GB) - (Type=12) ======================================================== Disk: 1 (Size: 2 GB) (Disk ID: 6F20736B) No partition Table on disk 1. Disk 1 is a removable device. LastRegBack: 2013-10-10 15:45 ==================== End Of Log ============================