Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-11-2014 01 Ran by SYSTEM on MINWINPC on 26-11-2014 14:48:17 Running from J:\ Platform: Windows Vista (TM) Home Premium Service Pack 1 (X86) OS Language: Polski (Polska) Internet Explorer Version 9 Boot Mode: Recovery The current controlset is ControlSet010 [b]ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.[/b] Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [141608 2010-07-21] (Apple Inc.) HKLM\...\Run: [Samsung PanelMgr] => C:\Windows\Samsung\PanelMgr\SSMMgr.exe [524288 2008-05-07] () HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [3521424 2012-03-31] (Samsung Electronics Co., Ltd.) HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM\...\Run: [WPCUMI] => C:\Windows\system32\WpcUmi.exe [176128 2006-11-02] (Microsoft Corporation) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated) HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3478600 2013-05-11] (Adobe Systems Inc.) HKLM\...\Run: [OLPSYNCH] => C:\Program Files\Offline Course Player\OlpSynch.exe [42912 2012-08-28] () HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [4085896 2014-10-05] (AVAST Software) HKLM\...\Run: [BlueStacks Agent] => C:\Program Files\BlueStacks\HD-Agent.exe [843480 2014-10-07] (BlueStack Systems, Inc.) HKU\Arek\...\Run: [GAINWARD] => C:\Program Files\EXPERTool\TBPanel.exe [2181672 2009-05-12] (Gainward Co.) HKU\Arek\...\Run: [Odkurzacz-MCD] => C:\Program Files\Odkurzacz\odk_mcd.exe [264704 2008-08-16] (Franmo Software) HKU\Arek\...\Run: [KiesPDLR] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21392 2012-03-31] () HKU\Arek\...\Policies\system: [LogonHoursAction] 2 HKU\Arek\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\Default\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\Default User\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\Drukarka\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\Drukarka\...\Run: [Gadu-Gadu] => C:\Program Files\Gadu-Gadu\gg.exe [2127296 2008-03-20] (Gadu-Gadu S.A.) HKU\Drukarka\...\Policies\system: [LogonHoursAction] 2 HKU\Drukarka\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\Test\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\Test\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil32_11_9_900_117_Plugin.exe -update plugin HKU\Test\...\Policies\system: [LogonHoursAction] 2 HKU\Test\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\UpdatusUser\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter GroupPolicyUsers\S-1-5-21-1091646785-3068542575-47033121-1003\User: Group Policy restriction detected <======= ATTENTION ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2014-10-04] (AVAST Software) S2 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [409304 2014-10-07] (BlueStack Systems, Inc.) S2 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [388824 2014-10-07] (BlueStack Systems, Inc.) S2 BstHdUpdaterSvc; C:\Program Files\BlueStacks\HD-UpdaterService.exe [782040 2014-10-07] (BlueStack Systems, Inc.) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.) S2 NVIDIA Performance Driver Service; C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [4440064 2009-04-28] () ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-10-04] () S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-10-04] (AVAST Software) S1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55112 2014-10-04] (AVAST Software) S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49944 2014-10-04] () S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-10-04] (AVAST Software) S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-10-05] (AVAST Software) S1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57800 2014-10-04] (AVAST Software) S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [192352 2014-10-04] () S2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [112344 2014-10-07] (BlueStack Systems) S3 Cardex; C:\Windows\system32\drivers\TBPANEL.SYS [12256 2007-03-16] (Windows (R) 2000 DDK provider) S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2010-02-03] (LogMeIn, Inc.) S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [7680 2006-10-16] () S0 sptd; C:\Windows\System32\Drivers\sptd.sys [697328 2010-08-08] (Duplex Secure Ltd.) S2 TBPanel; C:\Windows\System32\Drivers\TBPanel.sys [12256 2007-03-16] (Windows (R) 2000 DDK provider) S3 USB_RNDIS; C:\Windows\System32\DRIVERS\usb8023.sys [15872 2013-02-12] (Microsoft Corporation) S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S3 VSPerfDrv100; \??\d:\Program Files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-26 14:47 - 2014-11-26 14:47 - 00000000 ____D () C:\FRST 2014-11-16 21:46 - 2014-11-16 21:46 - 00000000 __SHD () C:\found.000 2014-11-14 03:31 - 2014-10-10 02:01 - 00449536 _____ (Microsoft Corporation) C:\Windows\System32\termsrv.dll 2014-11-14 03:31 - 2014-10-10 02:00 - 01259008 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll 2014-11-14 03:31 - 2014-10-10 02:00 - 00146432 _____ (Microsoft Corporation) C:\Windows\System32\msaudite.dll 2014-11-14 03:31 - 2014-10-10 00:22 - 00619520 _____ (Microsoft Corporation) C:\Windows\System32\adtschema.dll 2014-11-14 03:31 - 2014-08-27 01:55 - 01249280 _____ (Microsoft Corporation) C:\Windows\System32\msxml3.dll 2014-11-14 03:31 - 2014-08-27 01:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\msxml3r.dll 2014-11-14 03:30 - 2014-10-24 02:04 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\packager.dll 2014-11-14 03:30 - 2014-09-19 01:50 - 00278528 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll 2014-11-14 03:25 - 2014-08-12 03:25 - 00729600 _____ (Microsoft Corporation) C:\Windows\System32\IMJP10K.DLL 2014-11-14 03:20 - 2014-10-03 02:18 - 00274432 _____ (Microsoft Corporation) C:\Windows\System32\AUDIOKSE.dll 2014-11-14 03:20 - 2014-10-03 02:17 - 00396800 _____ (Microsoft Corporation) C:\Windows\System32\AudioEng.dll 2014-11-14 03:20 - 2014-10-03 02:17 - 00316928 _____ (Microsoft Corporation) C:\Windows\System32\audiosrv.dll 2014-11-14 03:20 - 2014-10-03 02:17 - 00170496 _____ (Microsoft Corporation) C:\Windows\System32\EncDump.dll 2014-11-14 03:19 - 2014-10-18 02:08 - 00564224 _____ (Microsoft Corporation) C:\Windows\System32\oleaut32.dll 2014-11-14 03:02 - 2014-10-13 00:34 - 02054656 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys 2014-11-03 00:34 - 2014-11-03 00:34 - 00001640 _____ () C:\Users\Public\Desktop\Start BlueStacks.lnk 2014-11-03 00:34 - 2014-11-03 00:34 - 00001640 _____ () C:\ProgramData\Desktop\Start BlueStacks.lnk 2014-11-03 00:33 - 2014-11-03 00:33 - 00000000 ____D () C:\ProgramData\BlueStacks 2014-11-03 00:33 - 2014-11-03 00:33 - 00000000 ____D () C:\Program Files\BlueStacks 2014-11-02 23:37 - 2014-11-02 23:37 - 00000000 ____D () C:\Users\Arek\AppData\Local\Bluestacks 2014-10-29 01:33 - 2014-10-29 14:24 - 00000000 ____D () C:\Users\Arek\AppData\Local\Adobe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-16 22:18 - 2010-12-15 11:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\System32\fontsub.dll 2014-11-16 21:28 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\System32\pl-PL 2014-11-16 20:58 - 2008-01-21 02:35 - 01100648 _____ () C:\Windows\WindowsUpdate.log 2014-11-16 20:58 - 2006-11-02 13:47 - 00004240 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-11-16 20:58 - 2006-11-02 13:47 - 00004240 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-11-16 20:45 - 2013-10-03 11:11 - 00078848 _____ () C:\Windows\KMSEmulator.exe 2014-11-16 20:45 - 2012-05-28 12:23 - 00763288 _____ () C:\Windows\AutoKMS.log 2014-11-16 19:58 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\tracing 2014-11-16 19:38 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-11-16 19:27 - 2009-09-07 12:30 - 00109528 _____ () C:\Users\Arek\AppData\Local\GDIPFONTCACHEV1.DAT 2014-11-14 04:15 - 2006-11-02 13:47 - 00403344 _____ () C:\Windows\System32\FNTCACHE.DAT 2014-11-14 03:34 - 2010-10-22 03:11 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-11-14 03:18 - 2013-07-13 02:00 - 00000000 ____D () C:\Windows\System32\MRT 2014-11-14 03:18 - 2011-06-09 10:30 - 00000000 ____D () C:\Users\Arek\AppData\Local\Deployment 2014-11-14 03:04 - 2006-11-02 11:24 - 00000000 _____ () C:\Windows\System32\mrt.exe 2014-11-14 01:22 - 2012-04-07 11:41 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe 2014-11-14 01:22 - 2011-05-14 22:48 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl 2014-11-13 23:29 - 2011-07-04 13:02 - 00002413 _____ () C:\Users\Arek\Desktop\Microsoft Excel 2010.lnk 2014-11-13 22:42 - 2012-05-03 10:20 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-11-13 14:35 - 2013-11-06 17:44 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-11-13 03:03 - 2014-06-25 16:56 - 00011681 _____ () C:\Users\Arek\Desktop\Zeszyt1.xlsx 2014-11-08 02:10 - 2010-11-02 09:44 - 00000000 ____D () C:\Users\Arek\Desktop\Wszystko 2014-11-06 01:37 - 2009-09-16 01:15 - 00121856 _____ () C:\Users\Arek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-11-03 17:04 - 2009-12-17 12:57 - 00000000 ____D () C:\Users\Arek\Documents\Pliki programu Outlook 2014-10-31 01:55 - 2009-09-23 19:03 - 00000000 ___RD () C:\Users\Arek\Desktop\Moje rzeczy 2014-10-28 16:00 - 2008-01-21 07:24 - 01832186 _____ () C:\Windows\System32\PerfStringBackup.INI 2014-10-28 16:00 - 2008-01-21 07:24 - 00796848 _____ () C:\Windows\System32\perfh015.dat 2014-10-28 16:00 - 2008-01-21 07:24 - 00182324 _____ () C:\Windows\System32\perfc015.dat 2014-10-28 06:35 - 2009-10-02 18:47 - 00229000 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe Files to move or delete: ==================== C:\ProgramData\nvUnsupRes.dat C:\Users\Arek\taskmgr.exe Some content of TEMP: ==================== C:\Users\Arek\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe C:\Users\Arek\AppData\Local\Temp\{762B4A6B-6F2C-4EEC-BEA1-98D7B3471955}-GoogleUpdateSetup.exe ==================== Known DLLs (Whitelisted) ============ ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== Restore Points ========================= ==================== Memory info =========================== Percentage of memory in use: 16% Total physical RAM: 3069.82 MB Available physical RAM: 2573.88 MB Total Pagefile: 2841.51 MB Available Pagefile: 2682.87 MB Total Virtual: 2047.88 MB Available Virtual: 1971.76 MB ==================== Drives ================================ Drive c: (DANE) (Fixed) (Total:154.76 GB) (Free:19.13 GB) NTFS Drive e: (LRMCFRE_PL_DVD) (CDROM) (Total:2.83 GB) (Free:0 GB) CDFS Drive j: (KINGSTON) (Removable) (Total:3.73 GB) (Free:0.07 GB) FAT32 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: () (Fixed) (Total:78.12 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: 8AB4C816) Partition 1: (Active) - (Size=78.1 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=154.8 GB) - (Type=OF Extended) ======================================================== Disk: 5 (MBR Code: Windows XP) (Size: 3.7 GB) (Disk ID: C3072E18) Partition 1: (Active) - (Size=3.7 GB) - (Type=0C) LastRegBack: 2014-11-16 23:18 ==================== End Of Log ============================