Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19.04.2018 Ran by SYSTEM on MININT-HDJD6LH (26-04-2018 23:06:04) Running from D:\ Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 Boot Mode: Recovery Default: ControlSet001 [b]ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.[/b] Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-29] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2016-02-03] (Brother Industries, Ltd.) HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4513792 2014-05-22] (Brother Industries, Ltd.) HKU\Witek\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [41061856 2017-11-20] () HKU\Witek\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9364696 2017-03-03] (Piriform Ltd) Startup: C:\Users\Witek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Powiadomienia monitorowania tuszu - HP Deskjet 1050 J410 series.lnk [2015-11-03] GroupPolicy: Restriction - Chrome <==== ATTENTION ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 ByteFenceService; C:\Program Files\ByteFence\ByteFenceService.exe [145888 2017-07-19] (Byte Technologies LLC) S2 lxda_device; C:\Windows\system32\lxdacoms.exe [566192 2007-04-26] ( ) S2 lxda_device; C:\Windows\SysWOW64\lxdacoms.exe [537520 2007-04-26] ( ) S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation) S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation) S2 rtop; C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe [302920 2017-09-19] () S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 CH341SER_A64; C:\Windows\System32\Drivers\CH341S64.SYS [58368 2014-09-23] (www.winchiphead.com) S3 cpuz138; C:\Users\Witek\AppData\Local\Temp\cpuz138_x64.sys [43304 2015-12-13] (CPUID) <==== ATTENTION S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation) S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Three Months Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-04-25 16:04 - 2010-11-20 19:24 - 000179072 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Classpnp.sys 2018-04-24 01:26 - 2018-04-23 19:17 - 000016440 _____ (Advanced Micro Devices Inc.) C:\Windows\System32\Drivers\AtiPcie.sys 2018-04-22 15:54 - 2018-04-23 23:52 - 000000000 ____D C:\FRST 2018-04-11 02:12 - 2018-04-11 02:12 - 000000000 ____D C:\Windows\System32\Drivers\ati 2018-04-10 17:26 - 2018-04-11 02:20 - 000000000 ____D C:\Windows\System32\Drivers\amd 2018-04-09 17:14 - 2018-04-24 01:43 - 084410368 _____ C:\Windows\System32\config\software 2018-04-09 15:54 - 2018-04-09 15:54 - 000000006 _____ C:\list.txt 2018-02-06 03:02 - 2018-04-10 16:09 - 000674572 _____ C:\Windows\ntbtlog.txt 2018-02-06 02:09 - 2018-02-06 02:09 - 000455648 _____ C:\Windows\Minidump\020618-13712-01.dmp 2018-02-04 05:17 - 2018-02-04 05:17 - 000001027 _____ C:\Users\Public\Desktop\MozBackup.lnk 2018-02-04 05:17 - 2018-02-04 05:17 - 000001027 _____ C:\ProgramData\Desktop\MozBackup.lnk 2018-02-04 05:16 - 2018-02-04 05:17 - 000000000 ____D C:\Program Files (x86)\MozBackup 2018-02-04 05:14 - 2018-02-04 05:14 - 001035926 _____ C:\Users\Witek\Downloads\MozBackup-1.5.1-EN.exe 2018-01-31 05:21 - 2018-01-31 05:21 - 000243596 _____ C:\Users\Witek\Downloads\wycena_brbkrata_2_b_1_0131135358917.pdf 2018-01-31 05:20 - 2018-01-31 05:20 - 000243634 _____ C:\Users\Witek\Downloads\wycena_brbkrata_1_b_1_0131135148327.pdf 2018-01-31 04:01 - 2018-01-31 04:01 - 000027286 _____ C:\Users\Witek\Downloads\potwIerdzenie odbioru PIT.pdf 2018-01-31 03:11 - 2018-01-31 03:11 - 000075946 _____ C:\Users\Witek\Desktop\Skarbowy 2017.pdf 2018-01-31 03:10 - 2018-01-31 03:10 - 000075946 _____ C:\Users\Witek\Downloads\Lista_transakcji_nr_0019122761_310118.pdf 2018-01-31 03:09 - 2018-01-31 03:09 - 000047672 _____ C:\Users\Witek\Desktop\pit- 28.pdf 2018-01-31 03:08 - 2018-01-31 03:08 - 000047672 _____ C:\Users\Witek\Downloads\Lista_transakcji_nr_0019122534_310118.pdf 2018-01-31 02:32 - 2018-01-31 02:32 - 000169269 _____ C:\Users\Witek\Downloads\tmpD8F7.pdf 2018-01-31 02:23 - 2018-01-31 02:23 - 000133125 _____ C:\Users\Witek\Downloads\proforma 033-18.pdf 2018-01-30 04:26 - 2018-01-30 04:26 - 000138342 _____ C:\Users\Witek\Downloads\N_-FSE_PLN(FF)-Faktura_Sprzedaży_EURO_FSE-112_01_2018_FVAL_20180125 (2).pdf 2018-01-30 00:57 - 2018-01-30 00:57 - 000095765 _____ C:\Users\Witek\Downloads\max1.pdf 2018-01-26 04:24 - 2018-01-26 04:24 - 000108227 _____ C:\Users\Witek\Downloads\Zamówienie_sprzedaży_ZS-121_2018_01_20180126_11-03-27.pdf 2018-01-26 01:56 - 2018-01-26 01:56 - 000138342 _____ C:\Users\Witek\Downloads\N_-FSE_PLN(FF)-Faktura_Sprzedaży_EURO_FSE-112_01_2018_FVAL_20180125.pdf 2018-01-26 01:56 - 2018-01-26 01:56 - 000138342 _____ C:\Users\Witek\Downloads\N_-FSE_PLN(FF)-Faktura_Sprzedaży_EURO_FSE-112_01_2018_FVAL_20180125 (1).pdf ==================== Three Months Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) Some files in TEMP: ==================== 2014-11-08 00:33 - 2015-01-07 13:48 - 000601088 _____ () C:\Users\Witek\AppData\Local\Temp\Quarantine.exe 2014-11-08 00:47 - 2014-10-17 03:39 - 000665682 _____ (SQLite Development Team) C:\Users\Witek\AppData\Local\Temp\sqlite3.dll ==================== Known DLLs (Whitelisted) ========================= ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\dnsapi.dll => MD5 is legit C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== Association (Whitelisted) ============= ==================== Restore Points ========================= ==================== Memory info =========================== Percentage of memory in use: 44% Total physical RAM: 1788.05 MB Available physical RAM: 996.22 MB Total Virtual: 1788.05 MB Available Virtual: 1033.64 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:111.69 GB) (Free:53.92 GB) NTFS Drive d: (WINPE) (Removable) (Total:1.95 GB) (Free:1.54 GB) FAT32 Drive x: (Boot) (Fixed) (Total:0.5 GB) (Free:0.5 GB) NTFS Drive y: (Zastrzeżone przez system) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: D4A18603) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7/8/10) (Size: 29.3 GB) (Disk ID: B12E0BE1) Partition 1: (Active) - (Size=2 GB) - (Type=0C) LastRegBack: 2018-01-29 05:00 ==================== End of FRST.txt ============================