Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-06-2015 01 Ran by SYSTEM on MININT-2PMRKC5 on 24-06-2015 17:02:11 Running from G:\ Platform: Windows 8.1 (X64) OS Language: Angielski (Wielka Brytania) Internet Explorer Version 11 Boot Mode: Recovery The current controlset is ControlSet001 [b]ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.[/b] Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe [79376 2013-04-22] (Intel Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13550152 2013-05-30] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1308232 2013-05-20] (Realtek Semiconductor) HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2013-05-01] (ASUSTek Computer Inc.) HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-19] (ASUS Cloud Corporation) HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [379904 2013-01-10] (IVT Corporation) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.) HKLM-x32\...\Run: [fst_pl_115] => [X] HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [643064 2015-02-09] (McAfee, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer: [NoFolderOptions] 0 HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKU\Maciek\...\Run: [StageLightUpdate] => C:\Program Files\StageLight\StageLightUpdate.exe [1339864 2014-02-14] () HKU\Maciek\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd) HKU\Maciek\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [455392 2015-04-10] (Sony) HKU\Maciek\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd) HKU\Maciek\...\Run: [PC Suite Tray] => C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [1516632 2012-06-26] (Nokia) HKU\mama\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [455392 2015-04-10] (Sony) HKU\mama\...\Run: [PC Suite Tray] => C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [1516632 2012-06-26] (Nokia) HKU\tata\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd) HKU\tata\...\Run: [GoogleChromeAutoLaunch_B8F35D4785F5C19F7CD9AEDBB4051269] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-06-05] (Google Inc.) HKU\tata\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [21969480 2015-05-19] (Google) HKU\tata\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [455392 2015-04-10] (Sony) HKU\tata\...\Run: [PC Suite Tray] => C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [1516632 2012-06-26] (Nokia) HKU\UpdatusUser\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2014-10-29] (Microsoft Corporation) AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~2.DLL => C:\PROGRA~2\SupTab\SEARCH~2.DLL File not found AppInit_DLLs-x32: C:\PROGRA~2\SupTab\SEARCH~1.DLL => "C:\PROGRA~2\SupTab\SEARCH~1.DLL" File not found Startup: C:\Users\tata\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-07-21] ShortcutTarget: Dropbox.lnk -> (No File) ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S4 0107891431023548mcinstcleanup; C:\WINDOWS\TEMP\010789~1.EXE [883024 2015-04-06] (McAfee, Inc.) S4 ASUS InstantOn; C:\Program Files\ASUS\P4G\InsOnSrv.exe [277120 2013-04-29] (ASUS) S4 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] () S3 Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [85096 2014-05-22] (Autodesk) S4 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1619704 2013-03-26] (IVT Corporation) S4 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [138752 2013-01-10] (IVT Corporation) S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation) S4 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [83032 2013-04-22] (Intel Corporation) S4 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [100032 2013-04-22] (Intel Corporation) S4 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [84568 2013-04-22] (Intel Corporation) S4 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [92864 2013-04-22] (Intel Corporation) S4 egGetSvc; C:\Program Files (x86)\EagleGet\EGMonitor.exe [230400 2015-01-07] () S4 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent) S4 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.) S4 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [704112 2014-05-08] (Cherished Technololgy LIMITED) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation) S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-05-31] (Intel Corporation) S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-31] (Intel Corporation) S4 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [154856 2015-04-17] (McAfee, Inc.) S2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [562200 2015-02-27] (McAfee, Inc.) S4 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.3.374.0\McCSPServiceHost.exe [422632 2015-01-22] (McAfee, Inc.) S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.) S4 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.) S4 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [601864 2015-02-27] (McAfee, Inc.) S4 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.) S4 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.) S2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1050952 2014-11-06] (McAfee, Inc.) S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [221832 2014-10-01] (McAfee, Inc.) S2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [189920 2014-10-01] (McAfee, Inc.) S4 mi-raysat_3dsmax2011_64; C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe [86016 2010-03-10] () S2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2015-02-02] () S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation) S4 Wpm; C:\ProgramData\WPM\wprotectmanager.exe [549008 2014-05-12] (Cherished Technololgy LIMITED) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [32768 2010-04-29] (Google Inc) S3 ATP; C:\Windows\System32\drivers\AsusTP.sys [65784 2013-05-28] (ASUS Corporation) S3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation) S4 BthAvrcpTg; No ImagePath S4 bthhfhid; No ImagePath S3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-19] (Ralink Corporation) S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation) S3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [49584 2013-03-25] (Ralink Corporation) S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72136 2014-10-01] (McAfee, Inc.) S3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [57216 2013-04-22] (Intel Corporation) S3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [120256 2013-04-22] (Intel Corporation) S3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [200808 2013-04-22] (Intel Corporation) S1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-05-19] (Disc Soft Ltd) S3 eagleGet; C:\Windows\System32\Drivers\eagleGet.sys [80208 2014-10-27] (eagleGet) S3 ggsomc; C:\Windows\System32\drivers\ggsomc.sys [30424 2014-09-27] (Sony Mobile Communications) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.) S2 IntelHaxm; C:\Windows\system32\DRIVERS\IntelHaxm.sys [84992 2015-01-30] (Intel Corporation) S3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( ) S3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99800 2013-05-31] (Intel Corporation) S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181584 2014-10-01] (McAfee, Inc.) S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313680 2014-10-01] (McAfee, Inc.) S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70608 2014-10-01] (McAfee, Inc.) S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526360 2014-10-01] (McAfee, Inc.) S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786304 2014-10-01] (McAfee, Inc.) S3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [447440 2014-09-19] (McAfee, Inc.) S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96600 2014-09-19] (McAfee, Inc.) S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348560 2014-10-01] (McAfee, Inc.) S3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1149232 2013-03-09] (Ralink Technology, Corp.) S3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [460872 2013-03-08] (RTS Corporation) S3 s0016bus; C:\Windows\System32\drivers\s0016bus.sys [115240 2008-05-16] (MCCI Corporation) S3 s0016mdfl; C:\Windows\system32\DRIVERS\s0016mdfl.sys [19496 2008-05-16] (MCCI Corporation) S3 s0016mdm; C:\Windows\system32\DRIVERS\s0016mdm.sys [158760 2008-05-16] (MCCI Corporation) S3 s0016mgmt; C:\Windows\system32\DRIVERS\s0016mgmt.sys [137256 2008-05-16] (MCCI Corporation) S3 s0016nd5; C:\Windows\system32\DRIVERS\s0016nd5.sys [34344 2008-05-16] (MCCI Corporation) S3 s0016obex; C:\Windows\system32\DRIVERS\s0016obex.sys [136744 2008-05-16] (MCCI Corporation) S3 s0016unic; C:\Windows\System32\drivers\s0016unic.sys [151592 2008-05-16] (MCCI Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation) S1 {9acd1534-e8f8-40cb-b5ac-4996fe01175b}Gw64; C:\Windows\System32\drivers\{9acd1534-e8f8-40cb-b5ac-4996fe01175b}Gw64.sys [61112 2014-05-16] (StdLib) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-24 17:01 - 2015-06-24 17:01 - 00000000 ____D C:\FRST 2015-06-23 17:11 - 2015-06-23 17:11 - 00000000 _____ C:\Recovery.txt 2015-06-21 15:57 - 2015-06-21 15:57 - 413840801 _____ C:\Windows\MEMORY.DMP 2015-06-21 15:57 - 2015-06-21 15:57 - 00000000 _____ C:\Windows\Minidump\062115-99140-01.dmp 2015-06-15 17:38 - 2015-06-15 17:39 - 00018511 _____ C:\Windows\DirectX.log 2015-06-15 15:55 - 2015-06-15 15:55 - 00000219 _____ C:\Users\maciejf\Desktop\Counter-Strike Global Offensive.url 2015-06-15 15:20 - 2015-06-15 15:20 - 00000000 ____D C:\Users\maciejf\AppData\Local\Steam 2015-06-14 16:43 - 2015-06-14 16:43 - 00000000 ____D C:\Users\tata\AppData\Local\GWX 2015-06-10 16:36 - 2015-06-10 16:36 - 00000000 ____D C:\Users\maciejf\AppData\Local\GWX 2015-06-10 13:39 - 2015-05-27 14:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2015-06-10 13:39 - 2015-05-27 14:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-06-10 13:39 - 2015-05-23 03:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-06-10 13:39 - 2015-05-23 03:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-06-10 13:39 - 2015-05-23 03:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-06-10 13:39 - 2015-05-23 03:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-06-10 13:39 - 2015-05-23 03:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-06-10 13:39 - 2015-05-23 02:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-06-10 13:39 - 2015-05-23 02:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-06-10 13:39 - 2015-05-23 02:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-06-10 13:39 - 2015-05-23 02:47 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2015-06-10 13:39 - 2015-05-23 02:43 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2015-06-10 13:39 - 2015-05-23 02:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-06-10 13:39 - 2015-05-23 02:38 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-06-10 13:39 - 2015-05-23 02:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-06-10 13:39 - 2015-05-23 02:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-06-10 13:39 - 2015-05-23 02:28 - 01042944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll 2015-06-10 13:39 - 2015-05-23 02:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-06-10 13:39 - 2015-05-23 02:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-06-10 13:39 - 2015-05-23 02:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-06-10 13:39 - 2015-05-22 19:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2015-06-10 13:39 - 2015-05-22 19:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2015-06-10 13:39 - 2015-05-22 19:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\System32\html.iec 2015-06-10 13:39 - 2015-05-22 18:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2015-06-10 13:39 - 2015-05-22 18:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll 2015-06-10 13:39 - 2015-05-22 18:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll 2015-06-10 13:39 - 2015-05-22 18:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll 2015-06-10 13:39 - 2015-05-22 18:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2015-06-10 13:39 - 2015-05-22 18:23 - 00145408 _____ (Microsoft Corporation) C:\Windows\System32\iepeers.dll 2015-06-10 13:39 - 2015-05-22 18:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll 2015-06-10 13:39 - 2015-05-22 18:15 - 01032704 _____ (Microsoft Corporation) C:\Windows\System32\inetcomm.dll 2015-06-10 13:39 - 2015-05-22 18:09 - 00262144 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll 2015-06-10 13:39 - 2015-05-22 18:08 - 00374272 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll 2015-06-10 13:39 - 2015-05-22 18:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2015-06-10 13:39 - 2015-05-22 18:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2015-06-10 13:39 - 2015-05-22 17:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2015-06-10 13:39 - 2015-05-22 17:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll 2015-06-10 13:39 - 2015-05-22 17:49 - 02865152 _____ (Microsoft Corporation) C:\Windows\System32\actxprxy.dll 2015-06-10 13:39 - 2015-05-22 17:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2015-06-10 13:39 - 2015-05-22 17:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll 2015-06-10 13:39 - 2015-04-25 02:34 - 00653824 _____ (Microsoft Corporation) C:\Windows\System32\comctl32.dll 2015-06-10 13:39 - 2015-04-25 02:33 - 00549888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll 2015-06-10 13:38 - 2015-05-21 16:47 - 04177920 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys 2015-06-10 12:37 - 2015-06-10 12:37 - 00000000 ____D C:\Users\piotrf\AppData\Local\GWX 2015-06-08 08:16 - 2015-05-22 13:08 - 00700416 _____ (Microsoft Corporation) C:\Windows\System32\generaltel.dll 2015-06-08 08:16 - 2015-05-21 13:08 - 01119232 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll 2015-06-08 08:16 - 2015-05-21 13:08 - 01020928 _____ (Microsoft Corporation) C:\Windows\System32\appraiser.dll 2015-06-08 08:16 - 2015-05-21 13:08 - 00756736 _____ (Microsoft Corporation) C:\Windows\System32\invagent.dll 2015-06-08 08:16 - 2015-05-21 13:08 - 00422912 _____ (Microsoft Corporation) C:\Windows\System32\devinv.dll 2015-06-08 08:16 - 2015-05-21 13:08 - 00193536 _____ (Microsoft Corporation) C:\Windows\System32\aepic.dll 2015-06-08 08:16 - 2015-05-21 13:08 - 00045568 _____ (Microsoft Corporation) C:\Windows\System32\acmigration.dll 2015-06-08 08:16 - 2015-04-16 22:07 - 00227328 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll 2015-06-01 19:10 - 2015-06-01 19:10 - 00001394 _____ C:\Users\piotrf\Desktop\GAR — skrót.lnk 2015-06-01 19:10 - 2015-06-01 19:10 - 00000000 ____D C:\Users\piotrf\AppData\Local\Steam 2015-06-01 19:08 - 2015-06-01 19:08 - 00000000 ____D C:\Users\Maciek\AppData\Local\GWX 2015-06-01 18:48 - 2015-06-01 18:48 - 00000222 _____ C:\Users\tata\Desktop\Guns and Robots.url 2015-05-28 18:36 - 2015-04-30 20:35 - 00124112 _____ (Microsoft Corporation) C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll 2015-05-28 18:36 - 2015-04-30 20:35 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-23 22:26 - 2015-03-25 21:34 - 00015867 _____ C:\Windows\setupact.log 2015-06-23 16:47 - 2014-05-17 22:33 - 00000000 ____D C:\users\Maciek 2015-06-22 23:10 - 2014-05-17 22:27 - 01468387 _____ C:\Windows\WindowsUpdate.log 2015-06-21 07:55 - 2013-08-22 14:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-06-20 23:04 - 2015-04-07 07:34 - 00003364 _____ C:\Windows\PFRO.log 2015-06-17 18:04 - 2014-05-18 05:26 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2075368250-343810846-1359158498-1007 2015-06-17 18:00 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\System32\sru 2015-06-17 17:53 - 2014-06-24 22:23 - 00001080 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf8ffaee5a2d43.job 2015-06-17 17:39 - 2015-02-05 17:18 - 00000580 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2075368250-343810846-1359158498-1008.job 2015-06-17 15:34 - 2014-05-12 16:26 - 00000000 ____D C:\Program Files (x86)\Steam 2015-06-17 14:30 - 2014-05-18 05:23 - 00000062 _____ C:\Users\maciejf\AppData\Roaming\sp_data.sys 2015-06-17 14:30 - 2014-05-11 20:17 - 00001076 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-06-17 14:29 - 2014-10-12 18:00 - 00000382 _____ C:\Windows\Tasks\DriverToolkit Autorun.job 2015-06-17 08:03 - 2014-12-18 15:51 - 00000062 _____ C:\Users\piotrf\AppData\Roaming\sp_data.sys 2015-06-16 15:54 - 2012-07-26 07:59 - 00000000 ____D C:\Windows\CbsTemp 2015-06-15 21:05 - 2014-05-10 02:47 - 00000062 _____ C:\Users\Maciek\AppData\Roaming\sp_data.sys 2015-06-14 20:01 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\rescache 2015-06-14 17:51 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\AppReadiness 2015-06-14 17:04 - 2014-05-19 19:38 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2075368250-343810846-1359158498-1008 2015-06-14 16:43 - 2014-07-21 00:23 - 00000000 ___RD C:\Users\tata\Dropbox 2015-06-14 16:43 - 2014-07-21 00:20 - 00000000 ____D C:\Users\tata\AppData\Roaming\Dropbox 2015-06-14 16:42 - 2014-05-19 19:27 - 00000062 _____ C:\Users\tata\AppData\Roaming\sp_data.sys 2015-06-13 21:52 - 2014-06-02 18:58 - 00003992 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{D3D20A26-85EE-434F-BB4F-531098C5264B} 2015-06-13 20:45 - 2014-03-18 09:57 - 00338274 _____ C:\Windows\System32\PerfStringBackup.INI 2015-06-13 20:45 - 2014-03-18 09:28 - 00019470 _____ C:\Windows\System32\perfh015.dat 2015-06-13 20:45 - 2014-03-18 09:28 - 00006916 _____ C:\Windows\System32\perfc015.dat 2015-06-13 06:55 - 2014-11-27 15:46 - 00002060 _____ C:\Users\Public\Desktop\Google Slides.lnk 2015-06-13 06:55 - 2014-11-27 15:46 - 00002058 _____ C:\Users\Public\Desktop\Google Sheets.lnk 2015-06-13 06:55 - 2014-11-27 15:46 - 00002048 _____ C:\Users\Public\Desktop\Google Docs.lnk 2015-06-10 20:57 - 2014-11-24 22:45 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2075368250-343810846-1359158498-1009 2015-06-10 20:53 - 2014-11-24 22:41 - 00000062 _____ C:\Users\mama\AppData\Roaming\sp_data.sys 2015-06-10 15:43 - 2013-08-22 14:44 - 00562408 _____ C:\Windows\System32\FNTCACHE.DAT 2015-06-10 15:41 - 2013-08-22 13:25 - 00524288 ___SH C:\Windows\System32\config\BBI 2015-06-10 15:36 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\PolicyDefinitions 2015-06-10 14:00 - 2014-12-18 15:57 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2075368250-343810846-1359158498-1010 2015-06-10 13:03 - 2014-05-11 20:18 - 00002211 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-06-09 09:05 - 2013-08-22 13:25 - 00262144 ___SH C:\Windows\System32\config\ELAM 2015-06-09 09:01 - 2014-12-11 14:15 - 00000000 ____D C:\Windows\System32\appraiser 2015-06-09 09:01 - 2014-07-16 13:06 - 00000000 ___SD C:\Windows\System32\CompatTel 2015-06-03 16:18 - 2015-03-11 17:42 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-06-03 16:18 - 2015-03-11 17:42 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-06-02 08:23 - 2014-12-01 14:05 - 00003992 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{7D27C245-B67A-4982-9C3F-386779257AF5} 2015-06-01 20:06 - 2014-12-18 15:50 - 00000000 ____D C:\users\piotrf 2015-06-01 18:28 - 2014-05-18 05:20 - 00000000 ____D C:\users\maciejf 2015-05-31 20:50 - 2014-05-18 05:38 - 00004004 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{56A89A93-15EE-444F-BC37-0EC91E726575} 2015-05-30 07:57 - 2014-11-05 16:56 - 00000000 ____D C:\Users\maciejf\Desktop\piotr payday 2@ 2015-05-28 20:18 - 2015-04-06 16:44 - 00000000 ___SD C:\Windows\SysWOW64\GWX 2015-05-28 20:18 - 2015-04-06 16:44 - 00000000 ___SD C:\Windows\System32\GWX 2015-05-28 20:18 - 2013-08-22 15:36 - 00000000 ___RD C:\Windows\ImmersiveControlPanel 2015-05-28 20:18 - 2013-08-22 13:36 - 00000000 ____D C:\Windows\System32\AdvancedInstallers 2015-05-28 18:35 - 2014-05-10 16:13 - 00000000 ____D C:\Windows\System32\MRT 2015-05-28 18:23 - 2014-05-10 16:13 - 140425016 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe 2015-05-28 18:13 - 2014-03-18 09:40 - 00000000 ____D C:\Program Files\Windows Journal Files to move or delete: ==================== C:\ProgramData\SetStretch.exe C:\ProgramData\SetStretch.VBS Some files in TEMP: ==================== C:\Users\maciejf\AppData\Local\Temp\TouchURL.exe C:\Users\maciejf\AppData\Local\Temp\ubiE011.tmp.exe C:\Users\Maciek\AppData\Local\Temp\jre-8u45-windows-au.exe C:\Users\mama\AppData\Local\Temp\Nokia_Suite_PCS_update.exe C:\Users\tata\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpg62oas.dll C:\Users\tata\AppData\Local\Temp\jna3434211703695944903.dll C:\Users\tata\AppData\Local\Temp\jna6943413527351563398.dll C:\Users\tata\AppData\Local\Temp\jna8112348345233703521.dll C:\Users\tata\AppData\Local\Temp\KMP_3.9.1.131.exe C:\Users\tata\AppData\Local\Temp\Runner2.exe C:\Users\tata\AppData\Local\Temp\Runner4.exe C:\Users\tata\AppData\Local\Temp\TouchURL.exe C:\Users\tata\AppData\Local\Temp\ttv.exe C:\Users\tata\AppData\Local\Temp\ubi204B.tmp.exe C:\Users\tata\AppData\Local\Temp\ubiEFF9.tmp.exe ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe [2015-03-08 00:04] - [2014-10-29 01:22] - 0572416 ____A (Microsoft Corporation) EC498BAE1F0D3E0E401C963F8D76C437 C:\Windows\System32\wininit.exe [2015-03-08 00:00] - [2014-10-29 01:25] - 0145920 ____A (Microsoft Corporation) A570A64292214C43E0BA50E6A72A6380 C:\Windows\explorer.exe [2015-03-12 17:32] - [2015-01-27 23:47] - 2501368 ____A (Microsoft Corporation) C10A66189DC8C090E7C84873EDCEBC88 C:\Windows\SysWOW64\explorer.exe [2015-03-12 17:32] - [2015-01-27 23:41] - 2207488 ____A (Microsoft Corporation) 91E24273FCA076EA9E65DAFA98901225 C:\Windows\System32\svchost.exe [2015-03-07 23:58] - [2014-10-29 04:11] - 0038792 ____A (Microsoft Corporation) E3A2AD05E24105B35E986CF9CB38EC47 C:\Windows\SysWOW64\svchost.exe [2015-03-07 23:58] - [2014-10-29 03:17] - 0033088 ____A (Microsoft Corporation) D0ABC231C0B3E88C6B612B28ABBF734D C:\Windows\System32\services.exe [2015-05-22 22:26] - [2015-04-08 22:55] - 0410128 ____A (Microsoft Corporation) E0C7813A97CA7947FF5C18A8F3B61A45 C:\Windows\System32\User32.dll [2015-03-08 00:10] - [2014-10-29 04:00] - 1540696 ____A (Microsoft Corporation) 25026E350BC3BE37631634EC72B10BD5 C:\Windows\SysWOW64\User32.dll [2015-03-08 00:10] - [2014-10-29 01:04] - 1376256 ____A (Microsoft Corporation) 76C5CF09F53A3B089B5581B9938F8CAE C:\Windows\System32\userinit.exe [2015-03-07 23:56] - [2014-10-29 01:28] - 0026112 ____A (Microsoft Corporation) 5C131534A3EA4A461A793FB507A8004F C:\Windows\SysWOW64\userinit.exe [2015-03-07 23:57] - [2014-10-29 01:05] - 0022528 ____A (Microsoft Corporation) D10643FC0095434C819316CA6CD748C0 C:\Windows\System32\rpcss.dll [2015-03-08 00:08] - [2014-10-29 01:19] - 0817664 ____A (Microsoft Corporation) A6F17C299A03BAFEFB9257C462A19E00 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected. C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== Restore Points ========================= Restore point made on: 2015-06-15 17:38:29 ==================== Memory info =========================== Percentage of memory in use: 18% Total physical RAM: 3979.46 MB Available physical RAM: 3232.36 MB Total Pagefile: 3979.46 MB Available Pagefile: 3241.01 MB Total Virtual: 8192 MB Available Virtual: 8191.87 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:185.87 GB) (Free:12 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive d: (DATA) (Fixed) (Total:258.34 GB) (Free:35.71 GB) NTFS Drive f: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS Drive g: (POPP) (Removable) (Total:7.47 GB) (Free:6.8 GB) FAT32 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 568814A2) Partition: GPT Partition Type. ======================================================== Disk: 1 (Size: 7.5 GB) (Disk ID: 10956C6E) Partition 1: (Not Active) - (Size=7.5 GB) - (Type=0B) LastRegBack: 2015-06-01 20:10 ==================== End of log ============================