Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-12-2017 Ran by SYSTEM on MININT-HUSRR56 (12-12-2017 20:33:28) Running from D:\ Platform: WIN_7 Service Pack 1 (X64) Language: English (United States) Boot Mode: Recovery Default: ControlSet002 [b]ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.[/b] Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) ATTENTION: Software hive is not loaded. GroupPolicy: Restriction <==== ATTENTION GroupPolicy\User: Restriction <==== ATTENTION ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S4 AcuWVSSchedulerv9; C:\Program Files (x86)\Acunetix\Web Vulnerability Scanner 9\WVSScheduler.exe [1010208 2013-09-04] () S2 ApHidMonitorService; C:\Program Files\DellTPad\HidMonitorSvc.exe [87384 2015-12-29] (Alps Electric Co., Ltd.) S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-10-11] (Apple Inc.) S3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [369720 2017-09-04] (BlueStack Systems, Inc.) S3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1511728 2017-09-21] (McAfee, Inc.) S4 clr_optimization_v2.0.50727_32; C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [67224 2014-03-20] () S4 clr_optimization_v2.0.50727_64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [90776 2014-03-20] () S2 cmcore; c:\program files (x86)\cmcm\Clean Master\cmcore.exe [395128 2017-12-01] (Cheetah Mobile,Inc.) S3 cphs; C:\Windows\SysWow64\IntelCpHeciSvc.exe [290224 2015-06-01] () S4 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-07] (Dropbox, Inc.) S4 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-07] (Dropbox, Inc.) S2 DbxSvc; C:\Windows\system32\DbxSvc.exe [48944 2017-06-12] (Dropbox, Inc.) S2 dcevt64; C:\Program Files\Dell\Command Monitor\dataeng\bin\dsm_sa_eventmgr64.exe [205640 2015-06-19] (Dell Inc.) S2 dcstor64; C:\Program Files\Dell\Command Monitor\dataeng\bin\dsm_sa_datamgr64.exe [287560 2015-06-19] (Dell Inc.) S2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [208760 2017-07-27] (Dell Inc.) S2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3294584 2017-07-27] (Dell Inc.) S2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [217464 2017-07-27] (Dell Inc.) S3 DFEPService; C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe [2280952 2013-01-22] (Dell Inc.) S4 Dyn Updater; C:\Program Files (x86)\Dyn Updater\DynUpSvc.exe [95608 2011-11-15] (Dyn, Inc.) S3 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-11] (Seiko Epson Corporation) S2 FirebirdGuardianDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_0\bin\fbguard.exe [81920 2012-02-21] (FirebirdSQL Project) S3 FirebirdServerDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_0\bin\fbserver.exe [2048000 2012-02-21] (FirebirdSQL Project) S2 GlassWire; C:\Program Files (x86)\GlassWire\GWCtlSrv.exe [4405200 2017-05-17] (SecureMix LLC) S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135488 2017-11-13] (SurfRight B.V.) S2 hostcontrolsvc; C:\Program Files\Broadcom\CV\bin\HostControlService.exe [1045736 2016-07-20] (Broadcom Corporation) S2 hoststoragesvc; C:\Program Files\Broadcom\CV\bin\HostStorageService.exe [42216 2016-07-20] (Broadcom Corporation) S2 HTTPDebuggerPro; C:\Program Files (x86)\HTTPDebuggerPro\HTTPDebuggerSvc.exe [1564880 2017-02-02] (HttpDebugger.com) S4 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] () S3 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-08] (Intel Corporation) S4 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [882464 2015-11-04] (IObit) S4 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2945312 2016-01-14] (IObit) S4 MacDrive9Service; C:\Program Files\Mediafour\MacDrive 9\MacDrive9Service.exe [187256 2014-03-24] (Mediafour Corporation) S2 ManyCam Service; C:\ProgramData\ManyCam\Service\ManyCamService.exe [544984 2016-03-31] (Visicom Media Inc.) S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes) S4 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [590880 2017-09-06] (McAfee, Inc.) S2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_7\McApExe.exe [728296 2017-10-24] (McAfee, Inc.) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.) S2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.6.319.0\\McCSPServiceHost.exe [2145496 2017-09-26] (McAfee, Inc.) S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [357840 2017-09-14] (McAfee LLC) S2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [509904 2017-09-14] (McAfee LLC) S2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1622856 2017-10-24] (McAfee, Inc.) S2 nordvpn-service; C:\Program Files (x86)\NordVPN\nordvpn-service.exe [414344 2017-11-07] () S3 O2SDIOAssist; c:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] () S2 pcapsvc; C:\Windows\system32\pcapsvc.exe [2071040 2015-10-29] (Proxy Labs) S2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1046456 2017-09-24] (Intel Security, Inc.) S2 PlexUpdateService; C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe [2091496 2017-10-05] (Plex, Inc.) S4 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.) S3 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [53208 2017-09-22] (Dell Inc.) S3 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1633280 2011-02-16] () S3 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-14] (TeamViewer GmbH) S4 usbcs; C:\Program Files\USB Flash Drives Control\usbcs.exe [52224 2016-01-06] (BiniSoft.org) S2 ushupgradesvc; C:\Program Files\Broadcom\CV\bin\UshUpgradeService.exe [257760 2016-07-20] () S3 wampapache; e:\wamp\bin\apache\apache2.4.2\bin\httpd.exe [24576 2012-05-13] (Apache Software Foundation) S3 wampmysqld; e:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe [9693696 2012-04-19] () S3 WcsPlugInService; C:\Windows\SysWOW64\WcsPlugInService.dll [32768 2017-02-09] () S3 WebClient; C:\Windows\SysWOW64\webclnt.dll [208896 2016-09-08] () S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation) S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3377904 2013-07-17] (Intel® Corporation) S3 mfevtp; "C:\Windows\system32\mfevtps.exe" [X] S4 RoxMediaDB12OEM; "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe" [X] S4 RoxWatch12; "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe" [X] S2 SbieSvc; "G:\pobrane\Sandboxie_5.22_Portable_Downloadly.ir\Sandboxie 5.22 Portable\App\Sandboxie64\SbieSvc.exe" [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2014-04-09] (Wondershare) S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [172760 2016-01-26] (Broadcom Corporation.) S3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [270904 2017-06-21] (Bluestack System Inc. ) S1 CBDisk; C:\Windows\system32\drivers\CBDisk.sys [70344 2011-05-06] (EldoS Corporation) S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [77296 2017-09-15] (McAfee LLC) S3 dcdbas; C:\Windows\System32\DRIVERS\dcdbas64.sys [48464 2015-06-29] (Dell Inc.) S3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [32960 2017-07-27] (Dell Inc.) S3 DellProf; C:\Windows\System32\drivers\DellProf.sys [32568 2017-07-27] (Dell Computer Corporation) S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [24056 2016-01-14] () S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [21496 2016-01-14] () S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [10848 2016-07-11] () S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [10208 2016-07-11] () S4 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2015-03-25] (IObit) S1 gwdrv; C:\Windows\System32\DRIVERS\gwdrv.sys [33248 2015-05-28] (SecureMix LLC) S3 hhdusbh64; C:\Windows\System32\DRIVERS\hhdusbh64.sys [43616 2015-10-30] (HHD Software Ltd.) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [235904 2017-10-11] (McAfee, Inc.) S1 HttpDebuggerSdk; C:\Windows\System32\drivers\HttpDebuggerSdk.sys [73000 2017-02-02] (Windows (R) Win 7 DDK provider) S1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-12-28] (REALiX(tm)) S0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-11-08] (Intel Corporation) S3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [143904 2015-11-05] (Zemana Ltd.) S3 ksapi64; C:\Windows\system32\drivers\ksapi64.sys [80560 2017-11-04] (Kingsoft Corporation) S3 Logi_Headset_DFU; C:\Windows\System32\Drivers\lhusbdfuamd64.sys [44136 2014-04-18] (CSR plc.) S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [49304 2014-12-28] (Visicom Media Inc.) S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35992 2014-12-28] (Visicom Media Inc.) S0 MDFSYSNT; C:\Windows\System32\Drivers\MDFSYSNT.sys [331592 2014-03-20] (Mediafour Corporation) S0 MDPMGRNT; C:\Windows\System32\DRIVERS\MDPMGRNT.SYS [41800 2013-11-04] (Mediafour Corporation) S3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [188992 2016-02-09] (Intel Corporation) S3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [492520 2017-09-15] (McAfee LLC) S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [355304 2017-09-15] (McAfee LLC) S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [505328 2017-09-15] (McAfee LLC) S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [936936 2017-09-15] (McAfee LLC) S3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [505768 2017-11-13] (McAfee LLC.) S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [108456 2017-11-13] (McAfee LLC.) S3 mfeplk; C:\Windows\System32\drivers\mfeplk.sys [115184 2017-09-15] (McAfee LLC) S3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [111608 2017-02-14] (McAfee, Inc.) S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [252904 2017-09-15] (McAfee LLC) S1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [66040 2010-04-13] (Mozy, Inc.) S3 NETwNs64; C:\Windows\System32\DRIVERS\NETwsw01.sys [11534096 2015-12-29] (Intel Corporation) S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.) S3 NPF; C:\Windows\SysWOW64\drivers\npf.sys [34064 2009-08-05] (CACE Technologies) S1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [307768 2016-02-08] (NVIDIA Corporation) S5 nvtiob; C:\Windows\system32\drivers\nvtiob.sys [18040 2015-07-29] (NoVirusThanks Company Srl) S3 O2FJ2RDR; C:\Windows\System32\DRIVERS\O2FJ2w7x64.sys [208312 2013-12-12] (O2Micro ) S3 O2MDFW8x64; C:\Windows\System32\DRIVERS\O2MDFw8x64.sys [74368 1999-12-31] (O2Micro ) S3 PORTMON; E:\Tools\SysinternalsSuite\PORTMSYS.SYS [28656 2017-11-20] (Systems Internals) S4 pwdrvio; C:\Windows\system32\pwdrvio.sys [19640 2014-04-02] () S4 pwdspio; C:\Windows\system32\pwdspio.sys [12480 2014-04-02] () S3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34848 2015-03-25] (IObit.com) S3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu_Vista.sys [5764968 2017-08-08] (Realtek Semiconductor Corporation ) S0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit) S3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [51320 2016-01-22] (Synaptics Incorporated) S4 sptd; C:\Windows\System32\Drivers\sptd.sys [381440 2015-12-30] (Duplex Secure Ltd.) S3 ST_Accel; C:\Windows\System32\DRIVERS\ST_Accel.sys [101040 2015-05-21] (STMicroelectronics) S3 tapnordvpn; C:\Windows\System32\DRIVERS\tapnordvpn.sys [75088 2017-03-29] (The OpenVPN Project) S5 TMUSB; C:\Windows\System32\DRIVERS\TMUSB64.SYS [63096 2015-05-25] (Seiko Epson Corporation) S3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2015-03-25] (IObit.com) S1 veracrypt; C:\Windows\System32\drivers\veracrypt.sys [631200 2017-11-12] (IDRIX) S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2015-12-23] (Cisco Systems, Inc.) S3 cpuz143; \??\C:\Users\M\AppData\Local\Temp\cpuz143\cpuz143_x64.sys [X] <==== ATTENTION S4 dbx; system32\DRIVERS\dbx.sys [X] S4 mfeaack01; \Device\mfeaack01.sys [X] S4 mfeavfk05; \Device\mfeavfk05.sys [X] S3 SbieDrv; \??\G:\pobrane\Sandboxie_5.22_Portable_Downloadly.ir\Sandboxie 5.22 Portable\App\Sandboxie64\SbieDrv.sys [X] S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X] S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-12-12 20:33 - 2017-12-12 20:33 - 000000000 ____D C:\FRST 2017-12-12 09:49 - 2017-12-12 09:49 - 000000000 ____D C:\symbols 2017-12-11 19:10 - 2017-12-11 19:10 - 000000000 ____D C:\Windows\Standalone System Sweeper 2017-12-10 22:25 - 2017-12-10 22:25 - 000084992 _____ C:\ResetPassword.exe 2017-12-10 11:27 - 2017-12-10 11:27 - 000280064 _____ C:\Windows\Minidump\121017-73429-01.dmp 2017-12-10 11:26 - 2017-12-11 00:19 - 000786432 _____ C:\Windows\System32\config\default 2017-12-10 11:26 - 2017-12-10 11:26 - 000262144 _____ C:\Windows\System32\config\default1 2017-12-10 10:58 - 2017-12-10 11:26 - 586730406 _____ C:\Windows\MEMORY.DMP 2017-12-10 03:56 - 2017-12-10 03:56 - 000000000 __RSH C:\MSDOS.SYS 2017-12-10 03:56 - 2017-12-10 03:56 - 000000000 __RSH C:\IO.SYS 2017-12-08 15:55 - 2017-12-08 15:55 - 000000000 __SHD C:\found.000 2017-12-04 04:38 - 2017-12-04 04:38 - 000055232 _____ C:\Windows\System32\Drivers\hitmanpro37.sys 2017-11-28 20:22 - 2017-11-28 20:22 - 000000000 ____D C:\Program Files (x86)\Wise 2017-11-28 19:25 - 2017-11-28 19:25 - 000000054 ____H C:\Windows\SysWOW64\azm.sys 2017-11-28 19:25 - 2017-11-28 19:25 - 000000000 ____D C:\Users\Public\Documents\AIT 2017-11-28 19:25 - 2017-11-28 19:25 - 000000000 ____D C:\Users\M\AppData\Local\AIT 2017-11-28 19:25 - 2017-11-28 19:25 - 000000000 ____D C:\ProgramData\Documents\AIT 2017-11-28 19:25 - 2017-11-28 19:25 - 000000000 ____D C:\ProgramData\AIT 2017-11-28 19:25 - 2017-11-28 19:25 - 000000000 ____D C:\Program Files (x86)\AIT 2017-11-28 19:25 - 2012-03-16 01:52 - 000444928 _____ (Embarcadero Technologies, Inc.) C:\Windows\SysWOW64\midas.dll 2017-11-28 19:24 - 2017-11-28 19:24 - 038130608 _____ (Advanced International Translations ) C:\Users\M\Downloads\AnyCount8Setup.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-12-11 17:09 - 2017-11-04 19:19 - 000014432 _____ C:\Windows\System32\CVFirmwareUpgradeLog.txt 2017-12-10 11:27 - 2013-03-01 23:36 - 000000000 ____D C:\Windows\Minidump 2017-12-04 16:51 - 2009-07-13 20:45 - 000035040 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-12-04 16:51 - 2009-07-13 20:45 - 000035040 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-12-04 16:33 - 2009-07-13 21:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2017-12-03 16:16 - 2010-11-21 04:53 - 000741726 _____ C:\Windows\System32\perfh015.dat 2017-12-03 16:16 - 2010-11-21 04:53 - 000156766 _____ C:\Windows\System32\perfc015.dat 2017-12-03 16:16 - 2009-07-13 21:13 - 001674012 _____ C:\Windows\System32\PerfStringBackup.INI 2017-12-03 16:16 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\inf 2017-12-02 16:39 - 2017-11-07 11:13 - 000000000 ____D C:\Users\M\AppData\Roaming\FireShot 2017-12-02 16:37 - 2013-12-22 03:43 - 000000000 ____D C:\ProgramData\BlueStacksSetup 2017-12-02 15:16 - 2011-07-16 13:24 - 000000000 ____D C:\Windows\SysWOW64\Macromed 2017-12-02 15:15 - 2016-11-22 02:58 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2017-12-02 15:15 - 2012-05-07 00:24 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2017-12-02 14:56 - 2017-11-05 01:12 - 000000000 ____D C:\Users\M\AppData\Roaming\X-NetStat 2017-12-02 06:42 - 2016-11-17 02:34 - 000000000 ____D C:\Users\M\AppData\LocalLow\Mozilla 2017-12-01 14:09 - 2017-11-04 20:22 - 000003484 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask 2017-12-01 00:47 - 2015-02-14 20:30 - 000000000 ____D C:\ProgramData\Sonos,_Inc 2017-11-30 03:28 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\System32\NDF 2017-11-28 18:56 - 2011-09-01 03:42 - 000000000 ____D C:\Users\M\AppData\Roaming\PrimoPDF 2017-11-28 02:52 - 2012-04-24 23:28 - 000000336 _____ C:\Windows\SysWOW64\secustat.dat 2017-11-28 02:52 - 2012-04-15 11:39 - 000000000 ____D C:\Users\M\AppData\Roaming\BITS 2017-11-28 02:09 - 2012-04-15 11:52 - 000000891 _____ C:\Windows\SysWOW64\secushr.dat 2017-11-27 03:42 - 2011-08-09 00:06 - 000000000 ____D C:\Program Files (x86)\McAfee 2017-11-27 02:30 - 2011-08-09 00:06 - 000000000 ____D C:\Program Files\Common Files\McAfee 2017-11-27 00:07 - 2015-12-13 13:42 - 000004254 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2017-11-27 00:07 - 2015-12-13 13:42 - 000003482 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1cf8d763e3cf24c 2017-11-25 01:56 - 2016-10-31 00:12 - 000001955 _____ C:\Users\Public\Desktop\Sonos.lnk 2017-11-25 01:56 - 2016-10-31 00:12 - 000001955 _____ C:\ProgramData\Desktop\Sonos.lnk 2017-11-25 01:56 - 2015-02-14 20:31 - 000000000 ____D C:\Program Files (x86)\Sonos 2017-11-25 01:55 - 2012-06-30 21:16 - 000000000 ____D C:\Users\M\AppData\Local\Downloaded Installations 2017-11-23 03:23 - 2014-03-31 11:59 - 000002904 _____ C:\Users\M\Desktop\readme.txt 2017-11-22 13:26 - 2009-07-13 20:45 - 000440448 _____ C:\Windows\System32\FNTCACHE.DAT ==================== Known DLLs (Whitelisted) ========================= ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\dnsapi.dll => MD5 is legit C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== Restore Points ========================= ==================== BCD ================================ Windows Boot Manager -------------------- identifier {bootmgr} device partition=C: path \bootmgr description Windows Boot Manager locale pl-PL default {default} resumeobject {487f79c8-9702-11e7-8075-806e6f6e6963} displayorder {default} timeout 30 Windows Boot Loader ------------------- identifier {default} device partition=C: path \Windows\system32\winload.exe description Windows 7 Professional (odzyskano) locale pl-PL recoverysequence {d2edeccf-96cb-11e7-85b7-cbbe1918aa07} recoveryenabled Yes osdevice partition=C: systemroot \Windows resumeobject {487f79c8-9702-11e7-8075-806e6f6e6963} Windows Boot Loader ------------------- identifier {d2edeccf-96cb-11e7-85b7-cbbe1918aa07} device ramdisk=[F:]\Recovery\windowsre\Winre.wim,{d2edecd0-96cb-11e7-85b7-cbbe1918aa07} path \windows\system32\winload.exe description Windows Recovery Environment (odzyskano) locale osdevice ramdisk=[F:]\Recovery\windowsre\Winre.wim,{d2edecd0-96cb-11e7-85b7-cbbe1918aa07} systemroot \windows winpe Yes Resume from Hibernate --------------------- identifier {487f79c8-9702-11e7-8075-806e6f6e6963} device partition=C: path \Windows\system32\winresume.exe description Windows 7 Professional (odzyskano) locale pl-PL inherit {resumeloadersettings} filedevice partition=C: filepath \hiberfil.sys debugoptionenabled No Windows Memory Tester --------------------- identifier {memdiag} device partition=C: path \boot\memtest.exe description Windows Memory Diagnostic locale pl-PL Device options -------------- identifier {d2edecd0-96cb-11e7-85b7-cbbe1918aa07} ramdisksdidevice partition=F: ramdisksdipath \Recovery\windowsre\boot.sdi ==================== Memory info =========================== Percentage of memory in use: 8% Total physical RAM: 16265.05 MB Available physical RAM: 14935.46 MB Total Virtual: 16263.25 MB Available Virtual: 14933.82 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:231.56 GB) (Free:16.78 GB) NTFS ==>[drive with boot components (obtained from BCD)] Drive d: (KINGSTON) (Removable) (Total:7.32 GB) (Free:3.85 GB) FAT32 Drive e: (Nowy) (Fixed) (Total:222.87 GB) (Free:46.87 GB) NTFS Drive f: (RECOVERY) (Fixed) (Total:11.3 GB) (Free:0.67 GB) NTFS ==>[system with boot components (obtained from drive)] Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 6D22F20B) Partition 1: (Not Active) - (Size=39 MB) - (Type=DE) Partition 2: (Not Active) - (Size=11.3 GB) - (Type=07 NTFS) Partition 3: (Active) - (Size=231.6 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=222.9 GB) - (Type=OF Extended) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 7.3 GB) (Disk ID: A7081100) Partition 1: (Active) - (Size=7.3 GB) - (Type=0B) LastRegBack: 2017-12-02 16:20 ==================== End of FRST.txt ============================