Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-07-2016 Ran by SYSTEM on MININT-B7LQM1I (02-08-2016 14:05:12) Running from H:\ Platform: Windows 7 Home Premium (X64) Language: Angielski (Stany Zjednoczone) Internet Explorer Version 8 Boot Mode: Recovery Default: ControlSet001 [b]ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.[/b] Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-14] (Synaptics Incorporated) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-19] (Adobe Systems Incorporated) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-23] (IDT, Inc.) HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [323640 2009-11-24] ( Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM-x32\...\Run: [WirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard) HKLM-x32\...\Run: [AdobeCS4ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-13] (Adobe Systems Incorporated) HKLM-x32\...\Run: [DpAgent] => C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe [842816 2009-12-01] (DigitalPersona, Inc.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.) HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-11] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3477640 2012-09-23] (Adobe Systems Inc.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [F-Secure Hoster (6661000)] => C:\Program Files (x86)\F-Secure\fshoster32.exe [187432 2015-04-02] (F-Secure Corporation) HKLM-x32\...\Run: [F-Secure Manager] => C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE [306216 2015-06-12] (F-Secure Corporation) HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [73216 2016-03-03] () HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [186640 2016-07-20] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [Tv-Plug-In] => C:\Program Files (x86)\Tv-Plug-In\Tv-Plug-In.exe [312552 2015-02-24] (Orzilia Ltd.) HKLM\...\RunOnce: [*Restore] => C:\Windows\System32\rstrui.exe [296960 2010-11-20] (Microsoft Corporation) HKLM\...26dfa299cadb\InprocServer32: [Authentication UI Logon UI] authuitu.dll <==== ATTENTION HKU\Cinas\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [357696 2010-04-01] (DT Soft Ltd) HKU\Cinas\...\Run: [ALLUpdate] => C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe [2765256 2015-01-24] (ALLPlayer Group Ltd.) HKU\Cinas\...\Run: [Google Update] => C:\Users\Cinas\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.) HKU\Cinas\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload HKU\Cinas\...\Run: [AdobeBridge] => [X] HKU\Cinas\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe HKU\Cinas\...\Run: [uTorrent] => C:\Users\Cinas\AppData\Roaming\uTorrent\uTorrent.exe [2133504 2016-05-17] (BitTorrent Inc.) HKU\Cinas\...\Run: [ALLPlayer WiFi Remote] => C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe [5182896 2014-07-23] (ALLPlayer Group Ltd.) HKU\Cinas\...\Run: [Napisy24Update] => C:\Program Files (x86)\Napisy24\Napisy24Update.exe [2790856 2015-01-26] (Napisy24.pl) HKU\Cinas\...\Run: [Google Photos Backup] => C:\Users\Cinas\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe [3790936 2016-04-08] (Google, Inc) HKU\Cinas\...\Run: [Napisy24.pl] => C:\Program Files (x86)\Napisy24\Napisy24.exe [4736456 2015-01-26] (Napisy24.pl) HKU\Cinas\...\Run: [BingSvc] => C:\Users\Cinas\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-12] (© 2015 Microsoft Corporation) HKU\Cinas\...\Run: [catsramp] => C:\Users\Cinas\AppData\Roaming\bitssvcs\api-uota.exe [833536 2016-07-28] () HKU\Cinas\...\RunOnce: [ALLPlayer Remote Update] => C:\Users\Cinas\AppData\Local\Temp\ALLRemote.exe [2152872 2016-07-28] (ALLPlayer ) <===== ATTENTION HKU\Cinas\...\Policies\system: [WallpaperStyle] 2 HKU\Default\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN HKU\Default\...\Policies\system: [WallpaperStyle] 2 HKU\Default User\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN HKU\Default User\...\Policies\system: [WallpaperStyle] 2 AppInit_DLLs: C:\ProgramData\Quotenamron\Donphase.dll => C:\ProgramData\Quotenamron\Donphase.dll [363008 2016-06-21] () AppInit_DLLs-x32: C:\ProgramData\Quotenamron\WhiteStatis.dll => C:\ProgramData\Quotenamron\WhiteStatis.dll [257536 2016-06-21] () Lsa: [Notification Packages] scecli DPPWDFLT Startup: C:\Users\Cinas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Powiadomienia monitorowania tuszu - HP Deskjet 1510 series.lnk [2015-04-05] Startup: C:\Users\Cinas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TorpedoCopy.lnk [2013-03-03] ShortcutTarget: TorpedoCopy.lnk -> (No File) ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation) S2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1097488 2016-07-20] (AVG Technologies CZ, s.r.o.) S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2016-03-03] (Freemake) S2 fshoster; C:\Program Files (x86)\F-Secure\fshoster32.exe [187432 2015-04-02] (F-Secure Corporation) S3 FSMA; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE [216104 2015-06-12] (F-Secure Corporation) S2 FSORSPClient; C:\Program Files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe [60456 2015-05-16] (F-Secure Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes) S2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe [247808 2010-03-23] (IDT, Inc.) S2 TorchCrashHandler; C:\Users\Cinas\AppData\Local\Torch\Update\TorchCrashHandler.exe [1217400 2016-04-05] (TorchMedia Inc.) <==== ATTENTION S2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [4803344 2016-06-01] (AVG Technologies CZ, s.r.o.) S2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [56080 2016-06-01] (AVG Technologies CZ, s.r.o.) S2 vfsFPService; C:\Windows\system32\vfsFPService.exe [721712 2009-06-02] (Validity Sensors, Inc.) S2 vfsFPService; C:\Windows\SysWOW64\vfsFPService.exe [599344 2009-06-02] (Validity Sensors, Inc.) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [16512 2009-12-14] (Bytemobile, Inc.) S0 BMLoad; C:\Windows\SysWOW64\drivers\BMLoad.sys [16512 2009-12-14] (Bytemobile, Inc.) S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) S3 F-Secure Gatekeeper; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [208424 2015-11-17] (F-Secure Corporation) S1 F-Secure HIPS; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\HIPS\drivers\fshs.sys [106696 2016-07-05] (F-Secure Corporation) S0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [73928 2016-07-06] () S3 fsni; C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\fsni64.sys [110272 2016-07-18] (F-Secure Corporation) S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] () S3 LgBttPort; C:\Windows\System32\DRIVERS\lgbtpt64.sys [16384 2009-09-28] (LG Electronics Inc.) S3 lgbusenum; C:\Windows\System32\DRIVERS\lgbtbs64.sys [14848 2009-09-28] (LG Electronics Inc.) S3 LGVMODEM; C:\Windows\System32\DRIVERS\lgvmdm64.sys [17408 2009-09-28] (LG Electronics Inc.) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation) S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19936 2010-04-09] () S3 pwdspio; C:\Windows\system32\pwdspio.sys [13280 2010-04-09] () S0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-04-30] (Duplex Secure Ltd.) S3 StarOpen; no ImagePath S1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [39552 2009-12-14] (Bytemobile, Inc.) S1 tcpipBM; C:\Windows\SysWOW64\drivers\tcpipBM.sys [39552 2009-12-14] (Bytemobile, Inc.) S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [32304 2016-02-15] (AVG Netherlands B.V.) S3 zte_cdc_acm; C:\Windows\System32\DRIVERS\zte_cdc_acm.sys [79872 2011-08-10] (ZTE) S3 zte_cpo; C:\Windows\System32\DRIVERS\zte_cpo.sys [14336 2011-08-10] (ZTE) S3 Andbus; system32\DRIVERS\lgandbus64.sys [X] S3 AndDiag; system32\DRIVERS\lganddiag64.sys [X] S3 AndGps; system32\DRIVERS\lgandgps64.sys [X] S3 ANDModem; system32\DRIVERS\lgandmodem64.sys [X] S3 dgderdrv; System32\drivers\dgderdrv.sys [X] S4 eabfiltr; no ImagePath S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X] S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X] S3 GearAspiWDM; System32\drivers\GEARAspiWDM.sys [X] S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X] S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X] S3 usbbus; system32\DRIVERS\lgx64bus.sys [X] S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [X] S3 USBModem; system32\DRIVERS\lgx64modem.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-08-02 10:27 - 2016-08-02 14:05 - 00000000 ____D C:\FRST 2016-08-01 13:25 - 2016-08-01 13:56 - 00993240 _____ C:\Windows\ntbtlog.txt 2016-07-29 03:34 - 2016-08-01 01:23 - 00000000 ____D C:\Users\Cinas\AppData\Roaming\catsr_36 2016-07-29 03:12 - 2016-08-01 01:22 - 00000000 ____D C:\Windows\System32\GWX 2016-07-28 16:43 - 2016-07-28 16:44 - 00000000 ____D C:\Users\Cinas\Desktop\Nowy folder 2016-07-27 18:32 - 2009-07-13 17:41 - 01393152 _____ (Microsoft Corporation) C:\Windows\System32\WMALFXGFXDSP.dll 2016-07-18 10:22 - 2014-05-14 08:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\System32\wuaueng.dll 2016-07-18 10:22 - 2014-05-14 08:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\System32\wuapi.dll 2016-07-18 10:22 - 2014-05-14 08:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2016-07-18 10:22 - 2014-05-14 08:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\System32\wuauclt.exe 2016-07-18 10:22 - 2014-05-14 08:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\System32\wups2.dll 2016-07-18 10:22 - 2014-05-14 08:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\System32\wups.dll 2016-07-18 10:22 - 2014-05-14 08:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2016-07-18 10:22 - 2014-05-14 08:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\System32\wucltux.dll 2016-07-18 10:22 - 2014-05-14 08:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\System32\wudriver.dll 2016-07-18 10:22 - 2014-05-14 08:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2016-07-18 10:21 - 2014-05-13 23:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\System32\wuwebv.dll 2016-07-18 10:21 - 2014-05-13 23:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2016-07-18 10:21 - 2014-05-13 23:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\System32\wuapp.exe 2016-07-18 10:21 - 2014-05-13 23:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2016-07-13 04:58 - 2016-07-25 03:47 - 00000000 ____D C:\Users\Cinas\Desktop\getinbank 2016-07-11 05:03 - 2016-07-12 07:52 - 00000000 ____D C:\Users\Cinas\Desktop\Wyższa Szkoła Biznesu 2016-07-11 04:38 - 2016-07-22 21:34 - 00000000 ____D C:\Users\Cinas\Desktop\faktury lipiec 2016-07-07 02:39 - 2016-07-25 20:27 - 00000000 ____D C:\Users\Cinas\Desktop\Jai Kudo kaseton ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-08-01 01:24 - 2010-04-28 16:43 - 00000000 ____D C:\users\Cinas 2016-08-01 01:24 - 2009-09-17 21:29 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer 2016-08-01 01:24 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\Offline Web Pages 2016-08-01 01:24 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\Downloaded Program Files 2016-08-01 01:24 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender 2016-08-01 01:24 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender 2016-08-01 01:24 - 2009-07-13 21:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD 2016-08-01 01:24 - 2009-07-13 19:20 - 00000000 __RSD C:\Windows\Media 2016-08-01 01:24 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\MUI 2016-08-01 01:24 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\Dism 2016-08-01 01:24 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\MUI 2016-08-01 01:24 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\Dism 2016-08-01 01:24 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\AdvancedInstallers 2016-08-01 01:24 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\servicing 2016-08-01 01:24 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\schemas 2016-08-01 01:24 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions 2016-08-01 01:24 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf 2016-08-01 01:23 - 2016-06-27 01:54 - 00000000 ____D C:\Users\Cinas\AppData\Roaming\bitssvcs 2016-08-01 01:23 - 2015-05-16 08:06 - 00000000 ____D C:\Program Files (x86)\F-Secure 2016-08-01 01:23 - 2014-12-03 14:15 - 00000000 ____D C:\Users\Cinas\AppData\Roaming\uTorrent 2016-08-01 01:23 - 2013-11-30 06:50 - 00000000 ____D C:\ProgramData\TorchCrashHandler 2016-08-01 01:23 - 2010-04-28 16:45 - 00000000 ____D C:\Program Files (x86)\Microsoft Office 2016-08-01 01:23 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared 2016-08-01 01:19 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration 2016-08-01 01:09 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat 2016-08-01 00:19 - 2015-04-05 11:20 - 00000361 _____ C:\ProgramData\HPWALog.txt 2016-08-01 00:04 - 2009-07-13 20:45 - 00023248 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-08-01 00:04 - 2009-07-13 20:45 - 00023248 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-07-31 23:50 - 2016-06-29 05:03 - 00000000 ____D C:\Users\Cinas\AppData\LocalLow\uTorrent 2016-07-29 03:23 - 2009-07-24 22:11 - 00000000 ____D C:\Windows\Panther 2016-07-29 03:13 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\tracing 2016-07-28 17:36 - 2012-08-01 11:33 - 00001058 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-638423551-2369995082-1162759976-1000UA.job 2016-07-28 17:36 - 2010-07-16 12:56 - 00001048 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-07-28 16:44 - 2015-04-20 01:13 - 00000000 ____D C:\Users\Cinas\Desktop\POBRANE 2016-07-28 16:36 - 2012-08-01 11:33 - 00001006 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-638423551-2369995082-1162759976-1000Core.job 2016-07-28 16:31 - 2012-08-01 11:33 - 00004032 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-638423551-2369995082-1162759976-1000UA 2016-07-28 16:31 - 2012-08-01 11:33 - 00003636 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-638423551-2369995082-1162759976-1000Core 2016-07-28 16:00 - 2010-04-29 08:36 - 00000000 ____D C:\Users\Cinas\AppData\Local\Adobe 2016-07-28 14:30 - 2010-07-16 12:56 - 00001044 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-07-28 14:30 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-07-28 12:31 - 2010-07-16 12:56 - 00004044 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2016-07-28 12:30 - 2010-07-16 12:56 - 00003792 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2016-07-27 18:47 - 2010-05-01 03:10 - 00002828 ___SH C:\ProgramData\KGyGaAvL.sys 2016-07-27 16:04 - 2011-03-19 13:38 - 00000000 ____D C:\Users\Cinas\AppData\Roaming\Winamp 2016-07-25 19:24 - 2015-12-27 09:33 - 00000000 ____D C:\Users\Cinas\Desktop\Ekolonialka 2016-07-18 12:37 - 2015-12-20 04:09 - 00000000 ____D C:\Users\Cinas\Desktop\Nowe H2D 2016-07-18 11:33 - 2009-09-17 21:29 - 00744020 _____ C:\Windows\System32\perfh015.dat 2016-07-18 11:33 - 2009-09-17 21:29 - 00157470 _____ C:\Windows\System32\perfc015.dat 2016-07-18 11:33 - 2009-07-13 21:13 - 01679202 _____ C:\Windows\System32\PerfStringBackup.INI 2016-07-18 10:56 - 2013-03-03 14:27 - 00001496 _____ C:\Users\Cinas\AppData\Local\Adobe Zapisz dla Internetu 13.0 Prefs 2016-07-16 11:51 - 2016-06-21 02:11 - 00000000 ____D C:\ProgramData\Quotenamron 2016-07-16 11:51 - 2016-06-21 02:11 - 00000000 ____D C:\ProgramData\Logic Handler 2016-07-14 07:36 - 2013-02-10 12:59 - 00000000 ____D C:\Users\Cinas\AppData\Roaming\GoPlayer 2016-07-14 07:36 - 2013-02-10 12:59 - 00000000 ____D C:\Program Files (x86)\GoPlayer 2016-07-12 03:41 - 2013-10-06 06:24 - 00000000 ____D C:\Users\Cinas\Desktop\REALIZACJE foty 2016-07-11 02:18 - 2014-12-23 11:53 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2016-07-06 06:23 - 2016-04-27 11:31 - 00000000 ____D C:\Users\Cinas\Desktop\Emasters 2016-07-06 01:49 - 2015-05-16 08:26 - 00073928 _____ C:\Windows\System32\Drivers\fsbts.sys 2016-07-05 03:57 - 2016-01-20 05:23 - 00000000 ____D C:\Users\Cinas\Desktop\Democo 2016 2016-07-04 11:27 - 2010-05-21 14:39 - 00000000 ____D C:\Users\Cinas\AppData\Local\ElevatedDiagnostics 2016-07-04 01:47 - 2012-02-25 08:02 - 00003186 _____ C:\Windows\System32\Tasks\HPCeeScheduleForCinas 2016-07-04 01:47 - 2012-02-25 08:02 - 00000332 _____ C:\Windows\Tasks\HPCeeScheduleForCinas.job Files to move or delete: ==================== C:\Users\Cinas\AppData\Local\Temp\ALLRemote.exe Some files in TEMP: ==================== C:\Users\Cinas\AppData\Local\Temp\ALLRemote.exe ==================== Known DLLs (Whitelisted) ========================= C:\Windows\System32\LPK.dll IS MISSING <==== ATTENTION C:\Windows\SysWOW64\LPK.dll IS MISSING <==== ATTENTION ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\dnsapi.dll => MD5 is legit C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit C:\Windows\System32\winsrv.dll IS MISSING <==== ATTENTION ==================== Association (Whitelisted) ============= ==================== Restore Points ========================= ==================== Memory info =========================== Percentage of memory in use: 18% Total physical RAM: 4063.19 MB Available physical RAM: 3312.21 MB Total Virtual: 4061.34 MB Available Virtual: 3304.07 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:90.25 GB) (Free:11.9 GB) NTFS ==>[system with boot components (obtained from drive)] Drive e: (My Space) (Fixed) (Total:362.81 GB) (Free:150.5 GB) NTFS Drive f: (Recovery) (Fixed) (Total:12.5 GB) (Free:2.09 GB) NTFS ==>[system with boot components (obtained from drive)] Drive h: (KINGSTON) (Removable) (Total:7.21 GB) (Free:7.21 GB) FAT32 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[system with boot components (obtained from drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 7A003DD7) Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=90.3 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=362.8 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=12.5 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 7.2 GB) (Disk ID: FE923A54) Partition 1: (Active) - (Size=7.2 GB) - (Type=0C) LastRegBack: 2016-07-07 12:33 ==================== End of FRST.txt ============================