Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-10-2015 Ran by SYSTEM on MININT-276JHNM (17-10-2015 11:40:41) Running from F:\ Platform: Windows 7 Ultimate (X86) Language: English (United States) Internet Explorer Version 9 Boot Mode: Recovery Default: ControlSet002 [b]ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.[/b] Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [483420 2009-01-19] (IDT, Inc.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1348904 2008-07-24] (Synaptics, Inc.) HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-11] (Adobe Systems Incorporated) HKLM\...\Run: [AudioSetup] => C:\Program Files\IDT\setup.exe [117200 2004-07-15] (InstallShield Software Corporation) HKLM\...\Run: [CLMLServer for HP TouchSmart] => C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [189736 2008-12-25] (CyberLink) HKLM\...\Run: [CtaMon] => Rundll32 CtaMon.dll,RunMonitor HKLM\...\Run: [DVDAgent] => C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe [1148200 2008-11-28] (CyberLink Corp.) HKLM\...\Run: [FlashGet] => C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe [1795656 2008-08-18] (FLASHGET) HKLM\...\Run: [HP Health Check Scheduler] => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-10-08] (Hewlett-Packard) HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard) HKLM\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [180224 2010-04-12] (PowerISO Computing, Inc.) HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [206128 2008-10-10] ( Hewlett-Packard Development Company, L.P.) HKLM\...\Run: [Samsung PanelMgr] => C:\Windows\Samsung\PanelMgr\SSMMgr.exe [548864 2009-02-04] () HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [914224 2008-11-18] (Hewlett-Packard) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [248552 2010-05-14] (Sun Microsystems, Inc.) HKLM\...\Run: [TSMAgent] => C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe [1316136 2008-12-25] (CyberLink Corp.) HKLM\...\Run: [TVAgent] => C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe [206120 2009-05-08] (CyberLink Corp.) HKLM\...\Run: [UCam_Menu] => C:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe [218408 2008-11-14] (CyberLink Corp.) HKLM\...\Run: [UpdateLBPShortCut] => C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.) HKLM\...\Run: [UpdateP2GoShortCut] => C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [210216 2008-10-30] (CyberLink Corp.) HKLM\...\Run: [UpdatePDIRShortCut] => C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.) HKLM\...\Run: [UpdatePSTShortCut] => C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2008-11-26] (CyberLink Corp.) HKLM\...\Run: [VolPanel] => C:\Program Files\Creative\SB Arena Surround Headset\Volume Panel\VolPanlu.exe [241789 2009-05-04] (Creative Technology Ltd) HKLM\...\Run: [WinampAgent] => C:\Program Files\Winamp\winampa.exe [37888 2009-07-01] () HKLM\...\Run: [WirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [432432 2008-12-08] (Hewlett-Packard) HKLM\...\Run: [SpeedTouch USB Diagnostics] => C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe [866816 2004-01-26] (THOMSON Telecom Belgium) HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM\...\Run: [ControlCenter4] => C:\Program Files\ControlCenter4\BrCcBoot.exe [139264 2013-05-14] (Brother Industries, Ltd.) HKLM\...\Run: [BrStsMon00] => C:\Program Files\Browny02\Brother\BrStMonW.exe [4522496 2012-12-27] (Brother Industries, Ltd.) HKLM\...\Run: [BrHelp] => C:\Program Files\Brother\Brother Help\BrotherHelp.exe [2009088 2013-01-18] (Brother Industries, Ltd.) HKU\Marcin\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [144384 2010-11-20] (Microsoft Corporation) HKU\Marcin\...\Run: [FlashGet] => C:\Program Files\FlashGet Network\FlashGet universal\flashget.exe [1795656 2008-08-18] (FLASHGET) HKU\Marcin\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2008-06-09] (Hewlett-Packard Company) HKU\Marcin\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-07-12] (Google Inc.) HKU\Marcin\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files\DAEMON Tools Pro\DTProAgent.exe [136136 2007-09-06] (DT Soft Ltd.) HKU\Marcin\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x95000000 Lsa: [Notification Packages] scecli DPPWDFLT Startup: C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk [2010-12-08] ShortcutTarget: Xfire.lnk -> C:\Program Files\Xfire\Xfire.exe (Xfire Inc.) ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) S2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-08] (Hewlett-Packard) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [227232 2010-01-15] (McAfee, Inc.) S2 Recovery Service for Windows; C:\Program Files\SMINST\BLService.exe [365952 2008-12-17] () S2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [241734 2008-09-15] () S3 Samsung UPD Service; C:\Windows\System32\SUPDSvc.exe [127656 2009-03-24] (Samsung Electronics CO., LTD.) S2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_55dec32c4954532c\STacSV.exe [249938 2009-01-19] (IDT, Inc.) S2 TVCapSvc; C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [296320 2008-11-26] () S2 TVSched; C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [116096 2008-11-26] () S3 usnjsvc; C:\Program Files\MSN Messenger\usnsvc.exe [97136 2007-01-19] (Microsoft Corporation) S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 alcan5wn; C:\Windows\System32\DRIVERS\alcan5wn.sys [53600 2003-12-08] (THOMSON) S3 alcaudsl; C:\Windows\System32\DRIVERS\alcaudsl.sys [70688 2003-12-08] (THOMSON) S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [271360 2010-12-08] () S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [18048 2010-12-08] () S4 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-11-26] (Duplex Secure Ltd.) S2 {55662437-DA8C-40c0-AADA-2C816A897A49}; C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl [87536 2008-11-28] (CyberLink Corp.) S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X] S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X] S3 PCAMPR4; \??\C:\Windows\system32\PCAMPR4.SYS [X] S3 PCANDIS4; \??\C:\Windows\system32\PCANDIS4.SYS [X] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] S5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-13] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-10-15 10:13 - 2015-10-15 10:14 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0 2015-10-15 08:57 - 2015-10-17 11:40 - 00000000 ____D C:\FRST 2015-10-04 17:02 - 2015-10-04 17:02 - 00000000 ____D C:\Windows\System32\SPReview 2015-10-01 17:20 - 2015-10-01 17:20 - 00000000 ____D C:\Program Files\Common Files\Skype 2015-10-01 17:20 - 2015-10-01 17:20 - 00000000 ____D C:\d1d0b0d062ed0a2aa11a 2015-09-20 12:39 - 2015-10-11 09:48 - 00000000 ____D C:\Users\Marcin\Desktop\Nowy folder (3) 2015-09-20 09:43 - 2015-09-20 09:57 - 00000000 ____D C:\Users\Marcin\Desktop\Nowy folder 2015-09-20 09:31 - 2015-09-21 12:21 - 00000000 ____D C:\Users\Marcin\Desktop\klasa 2 2015-09-20 09:31 - 2015-09-20 09:32 - 00000000 ____D C:\Users\Marcin\Desktop\klasa 1 2015-09-20 09:26 - 2015-09-28 00:33 - 00000000 ____D C:\Users\Marcin\Desktop\klsa 3 ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-10-15 12:16 - 2010-11-02 10:39 - 00000000 ____D C:\Temp 2015-10-15 04:24 - 2010-10-28 07:55 - 00000435 _____ C:\Windows\System32\Drivers\etc\hosts.ics 2015-10-15 04:22 - 2009-07-13 20:39 - 00000000 _____ C:\Windows\setupact.log 2015-10-15 03:48 - 2010-12-07 11:38 - 00009936 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-10-15 03:48 - 2010-12-07 11:38 - 00009936 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-10-15 02:49 - 2010-12-07 12:43 - 02094383 _____ C:\Windows\WindowsUpdate.log 2015-10-15 02:46 - 2010-10-28 03:12 - 00000000 ____D C:\Users\Marcin\AppData\Roaming\BITS 2015-10-15 01:29 - 2010-12-07 12:56 - 03880034 _____ C:\Windows\System32\PerfStringBackup.INI 2015-10-15 01:29 - 2009-09-03 21:55 - 00675958 _____ C:\Windows\System32\perfh019.dat 2015-10-15 01:29 - 2009-09-03 21:55 - 00132516 _____ C:\Windows\System32\perfc019.dat 2015-10-15 01:29 - 2009-09-03 21:44 - 00697912 _____ C:\Windows\System32\perfh015.dat 2015-10-15 01:29 - 2009-09-03 21:44 - 00134990 _____ C:\Windows\System32\perfc015.dat 2015-10-13 12:47 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Microsoft.NET 2015-10-13 03:00 - 2015-08-29 07:39 - 00000000 ____D C:\Users\Marcin\Desktop\wet 2015-10-13 02:58 - 2015-09-08 08:29 - 00007887 _____ C:\Windows\BRRBCOM.INI 2015-10-08 11:24 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\NDF 2015-10-05 03:34 - 2010-12-07 12:19 - 00025268 _____ C:\Windows\PFRO.log 2015-10-04 23:17 - 2009-07-13 20:33 - 00436280 _____ C:\Windows\System32\FNTCACHE.DAT 2015-10-04 23:11 - 2009-07-13 23:50 - 00000000 ____D C:\Program Files\Windows Journal 2015-10-04 23:11 - 2009-07-13 20:52 - 00000000 ____D C:\Program Files\Windows Sidebar 2015-10-04 23:11 - 2009-07-13 20:52 - 00000000 ____D C:\Program Files\Windows Portable Devices 2015-10-04 23:11 - 2009-07-13 20:52 - 00000000 ____D C:\Program Files\Windows Photo Viewer 2015-10-04 23:11 - 2009-07-13 20:52 - 00000000 ____D C:\Program Files\Windows Defender 2015-10-04 23:11 - 2009-07-13 20:52 - 00000000 ____D C:\Program Files\DVD Maker 2015-10-04 23:11 - 2009-07-13 18:37 - 00000000 ____D C:\Program Files\Common Files\System 2015-10-04 23:10 - 2009-09-03 21:34 - 00000000 ____D C:\Windows\System32\hu 2015-10-04 23:10 - 2009-09-03 21:25 - 00000000 ____D C:\Windows\System32\cs 2015-10-04 23:10 - 2009-07-13 23:49 - 00000000 __SHD C:\Windows\BitLockerDiscoveryVolumeContents 2015-10-04 23:10 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\ru-RU 2015-10-04 23:10 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\hu-HU 2015-10-04 23:10 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\AdvancedInstallers 2015-10-04 23:09 - 2009-09-03 21:55 - 00000000 ____D C:\Windows\System32\Drivers\ru-RU 2015-10-04 23:09 - 2009-09-03 21:44 - 00000000 ____D C:\Windows\System32\Drivers\pl-PL 2015-10-04 23:09 - 2009-09-03 21:34 - 00000000 ____D C:\Windows\System32\Drivers\hu-HU 2015-10-04 23:09 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\pl-PL 2015-10-04 17:18 - 2009-07-13 18:05 - 00152576 _____ (Microsoft Corporation) C:\Windows\System32\msclmd.dll 2015-10-04 10:00 - 2009-12-07 03:23 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2015-10-04 09:49 - 2009-09-10 07:46 - 00000000 ____D C:\ProgramData\Microsoft Help 2015-10-02 04:39 - 2010-12-07 13:01 - 00116688 _____ C:\Users\Marcin\AppData\Local\GDIPFONTCACHEV1.DAT 2015-10-02 03:47 - 2009-07-13 18:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared 2015-10-02 03:14 - 2006-11-02 02:23 - 00000219 _____ C:\Windows\win.ini 2015-10-01 17:20 - 2009-09-10 12:08 - 00002687 _____ C:\Users\Public\Desktop\Skype.lnk 2015-10-01 17:20 - 2009-09-10 12:08 - 00000000 ___RD C:\Program Files\Skype 2015-10-01 17:20 - 2009-09-10 12:08 - 00000000 ____D C:\ProgramData\Skype 2015-10-01 17:17 - 2009-09-10 07:47 - 00000000 ____D C:\Program Files\Microsoft Works 2015-09-23 14:48 - 2010-11-15 09:27 - 00000000 ____D C:\Users\Marcin\AppData\Local\Google 2015-09-20 09:40 - 2013-02-03 06:11 - 00000000 ____D C:\Users\Marcin\Desktop\kgj ==================== Known DLLs (Whitelisted) ========================= ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\dnsapi.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== Restore Points ========================= ==================== BCD ================================ Windows Boot Manager -------------------- identifier {bootmgr} device partition=C: description Windows Boot Manager locale pl-PL inherit {globalsettings} default {default} resumeobject {a9a772cd-33f5-11dd-8dd3-f60ab8d5cad9} displayorder {default} toolsdisplayorder {memdiag} timeout 30 Windows Boot Loader ------------------- identifier {current} device ramdisk=[C:]\Recovery\1825008c-0245-11e0-af3b-00247e89f938\Winre.wim,{1825008d-0245-11e0-af3b-00247e89f938} path \windows\system32\winload.exe description Windows Recovery Environment inherit {bootloadersettings} osdevice ramdisk=[C:]\Recovery\1825008c-0245-11e0-af3b-00247e89f938\Winre.wim,{1825008d-0245-11e0-af3b-00247e89f938} systemroot \windows nx OptIn winpe Yes Windows Boot Loader ------------------- identifier {572bcd55-ffa7-11d9-aae2-0007e994107d} device ramdisk=[D:]\sources\boot.wim,{ramdiskoptions} path \windows\system32\boot\winload.exe description HP Recovery Manager osdevice ramdisk=[D:]\sources\boot.wim,{ramdiskoptions} systemroot \windows nx OptIn detecthal Yes winpe Yes Windows Boot Loader ------------------- identifier {default} device partition=C: path \Windows\system32\winload.exe description Windows 7 locale pl-PL inherit {bootloadersettings} recoverysequence {current} recoveryenabled Yes osdevice partition=C: systemroot \Windows resumeobject {a9a772cd-33f5-11dd-8dd3-f60ab8d5cad9} nx OptIn Resume from Hibernate --------------------- identifier {a9a772cd-33f5-11dd-8dd3-f60ab8d5cad9} device partition=C: path \Windows\system32\winresume.exe description Windows Resume Application locale pl-PL inherit {resumeloadersettings} filedevice partition=C: filepath \hiberfil.sys pae Yes debugoptionenabled No Windows Memory Tester --------------------- identifier {memdiag} device partition=C: path \boot\memtest.exe description Diagnostyka pamieci systemu Windows locale pl-PL inherit {globalsettings} badmemoryaccess Yes EMS Settings ------------ identifier {emssettings} bootems Yes Debugger Settings ----------------- identifier {dbgsettings} debugtype Serial debugport 1 baudrate 115200 RAM Defects ----------- identifier {badmemory} Global Settings --------------- identifier {globalsettings} inherit {dbgsettings} {emssettings} {badmemory} Boot Loader Settings -------------------- identifier {bootloadersettings} inherit {globalsettings} Hypervisor Settings ------------------- identifier {hypervisorsettings} hypervisordebugtype Serial hypervisordebugport 1 hypervisorbaudrate 115200 Resume Loader Settings ---------------------- identifier {resumeloadersettings} inherit {globalsettings} Device options -------------- identifier {1825008d-0245-11e0-af3b-00247e89f938} description Ramdisk Options ramdisksdidevice partition=C: ramdisksdipath \Recovery\1825008c-0245-11e0-af3b-00247e89f938\boot.sdi Setup Ramdisk Options --------------------- identifier {ramdiskoptions} description Ramdisk Options ramdisksdidevice partition=D: ramdisksdipath \boot\boot.sdi ==================== Memory info =========================== Percentage of memory in use: 12% Total physical RAM: 4063.19 MB Available physical RAM: 3553.48 MB Total Virtual: 4061.47 MB Available Virtual: 3557.68 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:287.2 GB) (Free:37.58 GB) NTFS ==>[drive with boot components (obtained from BCD)] Drive d: (RECOVERY) (Fixed) (Total:10.89 GB) (Free:2.74 GB) NTFS Drive f: (Restore) (Removable) (Total:14.45 GB) (Free:5.84 GB) NTFS Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: C47511FF) Partition 1: (Active) - (Size=287.2 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=10.9 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 14.5 GB) (Disk ID: C3072E18) Partition 1: (Active) - (Size=14.5 GB) - (Type=07 NTFS) LastRegBack: 2010-12-07 11:34 ==================== End of FRST.txt ============================