Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-11-2013 02 Ran by SYSTEM on MININT-N53LO66 on 18-11-2013 15:23:55 Running from H:\ Windows 7 Home Premium (X64) OS Language: English(US) Internet Explorer Version 10 Boot Mode: Recovery The current controlset is ControlSet001 [b]ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.[/b] ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2122536 2010-05-07] (Synaptics Incorporated) HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10144288 2010-04-13] (Realtek Semiconductor) HKLM\...\Run: [QuickSet] - C:\Program Files\Dell\QuickSet\quickset.exe [3203440 2010-04-06] (Dell Inc.) HKLM\...\Run: [FS Camera Monitor] - C:\Program Files\FLIR Systems\FLIR Device Drivers\FLIR T3Srv\sysx64\T3Mon.exe [334432 2010-03-18] (FLIR) HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation) HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] - "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [559616 2011-10-06] (Dell) HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-01-22] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Desktop Disc Tool] - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [498160 2009-10-15] () HKLM-x32\...\Run: [Dell Webcam Central] - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd) HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [4767304 2013-03-06] (AVAST Software) HKLM-x32\...\Run: [NokiaMServer] - C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup HKLM-x32\...\Run: [IndexSearch] - C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-08] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PaperPort PTD] - C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-08] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PPort12reminder] - C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini [377 2013-11-13] () HKLM-x32\...\Run: [PDFHook] - C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe [636192 2010-03-05] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PDF5 Registry Controller] - C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.) HKLM-x32\...\Run: [ControlCenter4] - C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2011-04-20] (Brother Industries, Ltd.) HKLM-x32\...\Run: [BrStsMon00] - C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.) HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1561768 2012-05-04] (Ask) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [] - [x] HKLM-x32\...\Run: [SearchSettings] - C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe [1379648 2013-10-24] (Spigot, Inc.) HKU\Krzysztof Dobrzyński\...\Run: [] - [x] HKU\Krzysztof Dobrzyński\...\Run: [NokiaOviSuite2] - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe [966712 2011-06-29] (Nokia) HKU\Krzysztof Dobrzyński\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation) HKU\Krzysztof Dobrzyński\...\Run: [Sony PC Companion] - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [445624 2012-05-31] (Sony) ==================== Services (Whitelisted) ================= S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [45248 2013-03-06] (AVAST Software) S2 DCService.exe; C:\ProgramData\DatacardService\DCService.exe [249856 2010-09-28] () S2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-08] (Nuance Communications, Inc.) S2 T3Srv; C:\Program Files\FLIR Systems\FLIR Device Drivers\FLIR T3Srv\sysx64\T3Srv.exe [781408 2010-03-18] (FLIR) ==================== Drivers (Whitelisted) ==================== S2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-03-06] (AVAST Software) S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-03-06] (AVAST Software) S1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [70992 2013-03-06] (AVAST Software) S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-03-06] () S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-28] (AVAST Software) S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-28] (AVAST Software) S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [68920 2013-03-06] (AVAST Software) S3 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-28] () S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [256000 2011-03-09] (Huawei Technologies Co., Ltd.) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-11-18 15:22 - 2013-11-18 15:22 - 00000000 ____D C:\FRST 2013-11-18 11:46 - 2013-11-18 11:46 - 00003288 ____N C:\bootsqm.dat 2013-10-30 05:19 - 2013-11-18 16:55 - 00000000 ____D C:\Program Files (x86)\pdfforge Toolbar 2013-10-30 05:19 - 2013-11-18 16:55 - 00000000 ____D C:\Program Files (x86)\Application Updater ==================== One Month Modified Files and Folders ======= 2013-11-18 16:56 - 2011-07-04 07:09 - 00000000 ____D C:\users\Krzysztof Dobrzyński 2013-11-18 16:55 - 2013-10-30 05:19 - 00000000 ____D C:\Program Files (x86)\pdfforge Toolbar 2013-11-18 16:55 - 2013-10-30 05:19 - 00000000 ____D C:\Program Files (x86)\Application Updater 2013-11-18 16:55 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\System32\NDF 2013-11-18 16:55 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\registration 2013-11-18 16:55 - 2009-07-13 21:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared 2013-11-18 16:54 - 2011-07-04 09:01 - 00000000 ____D C:\Users\Krzysztof Dobrzyński\AppData\Roaming\SoftGrid Client 2013-11-18 16:54 - 2010-08-31 16:14 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup 2013-11-18 15:22 - 2013-11-18 15:22 - 00000000 ____D C:\FRST 2013-11-18 11:46 - 2013-11-18 11:46 - 00003288 ____N C:\bootsqm.dat 2013-11-18 11:37 - 2010-08-31 16:24 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks 2013-11-18 11:37 - 2010-08-31 16:24 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks 2013-11-15 03:29 - 2013-01-07 04:33 - 00052631 _____ C:\Users\Krzysztof Dobrzyński\Desktop\KOSZTY 2013.xlsx 2013-11-13 04:22 - 2013-08-25 15:00 - 00000000 ____D C:\Windows\System32\MRT 2013-11-13 04:15 - 2010-08-31 10:57 - 01331172 _____ C:\Windows\WindowsUpdate.log 2013-11-13 04:01 - 2009-07-13 22:45 - 00014240 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-11-13 04:01 - 2009-07-13 22:45 - 00014240 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-11-13 03:51 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-11-13 03:51 - 2009-07-13 22:51 - 00146528 _____ C:\Windows\setupact.log 2013-11-12 17:37 - 2012-04-20 09:34 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-11-10 11:07 - 2011-07-04 07:39 - 00043654 _____ C:\Windows\PFRO.log 2013-11-03 02:29 - 2009-08-13 20:50 - 00738644 _____ C:\Windows\System32\perfh015.dat 2013-11-03 02:29 - 2009-08-13 20:50 - 00155042 _____ C:\Windows\System32\perfc015.dat 2013-11-03 02:29 - 2009-07-13 23:13 - 01664964 _____ C:\Windows\System32\PerfStringBackup.INI Some content of TEMP: ==================== C:\Users\Krzysztof Dobrzynski\AppData\Local\Temp\ApnStub.exe C:\Users\Krzysztof Dobrzynski\AppData\Local\Temp\DataCard_Setup64.exe C:\Users\Krzysztof Dobrzynski\AppData\Local\Temp\ddr_yh1l.dll C:\Users\Krzysztof Dobrzynski\AppData\Local\Temp\EasyCN.exe C:\Users\Krzysztof Dobrzynski\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe C:\Users\Krzysztof Dobrzynski\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe C:\Users\Krzysztof Dobrzynski\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe C:\Users\Krzysztof Dobrzynski\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe C:\Users\Krzysztof Dobrzynski\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe C:\Users\Krzysztof Dobrzynski\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe C:\Users\Krzysztof Dobrzynski\AppData\Local\Temp\NEventMessages.dll C:\Users\Krzysztof Dobrzynski\AppData\Local\Temp\nicinst.exe C:\Users\Krzysztof Dobrzynski\AppData\Local\Temp\NOSEventMessages.dll C:\Users\Krzysztof Dobrzynski\AppData\Local\Temp\Pit2012_6.0.20.31.exe C:\Users\Krzysztof Dobrzynski\AppData\Local\Temp\ResetDevice.exe C:\Users\Krzysztof Dobrzynski\AppData\Local\Temp\SkypeSetup.exe C:\Users\Krzysztof Dobrzynski\AppData\Local\Temp\_is62F6.exe C:\Users\Krzysztof Dobrzynski\AppData\Local\Temp\_isE484.exe ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= 7 Restore point made on: 2013-10-15 08:17:03 Restore point made on: 2013-10-20 09:32:45 Restore point made on: 2013-10-25 03:32:22 Restore point made on: 2013-10-29 07:10:29 Restore point made on: 2013-11-05 11:58:28 Restore point made on: 2013-11-12 05:46:55 Restore point made on: 2013-11-13 04:16:07 ==================== Memory info =========================== Percentage of memory in use: 19% Total physical RAM: 2996.52 MB Available physical RAM: 2425.23 MB Total Pagefile: 2994.67 MB Available Pagefile: 2426.53 MB Total Virtual: 8192 MB Available Virtual: 8191.87 MB ==================== Drives ================================ Drive c: (System) (Fixed) (Total:156.67 GB) (Free:106.48 GB) NTFS Drive d: (Dane) (Fixed) (Total:126.67 GB) (Free:124.42 GB) NTFS Drive e: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:9.18 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive h: (GOODRAM) (Removable) (Total:58.14 GB) (Free:58.14 GB) FAT32 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: F6996089) Partition 1: (Not Active) - (Size=100 MB) - (Type=DE) Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=157 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=127 GB) - (Type=OF Extended) ======================================================== Disk: 2 (MBR Code: Windows XP) (Size: 58 GB) (Disk ID: C3072E18) Partition 1: (Active) - (Size=58 GB) - (Type=0C) LastRegBack: 2013-10-13 10:44 ==================== End Of Log ============================