Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-01-2015 Ran by Krzysieq (administrator) on KRZYSIEQ-HP on 29-01-2015 21:55:41 Running from F:\ Loaded Profiles: Krzysieq (Available profiles: Krzysieq) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Polski (Polska) Internet Explorer Version 11 (Default browser: Opera) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (HP) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (AMD) C:\Windows\System32\atiesrxx.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (AMD) C:\Windows\System32\atieclxx.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe (Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Frameworkx86\v4.0.30319\mscorsvw.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe () C:\ProgramData\DatacardService\HWDeviceService64.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe () C:\Windows\SysWOW64\srvany.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (GG Network S.A.) C:\Program Files (x86)\Gadu-Gadu 10\gg.exe () C:\Program Files (x86)\RocketDock\RocketDock.exe () C:\Program Files (x86)\ActiveURLs\Check&Get\Check&Get.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe () C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe () C:\Program Files (x86)\Common Files\RbtProt\sgsrv.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Dropbox, Inc.) C:\Users\Krzysieq\AppData\Roaming\Dropbox\bin\Dropbox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe () C:\Windows\KMService.exe (Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) C:\Windows\splwow64.exe (HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe (HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe (Opera Software) C:\Program Files (x86)\Opera\opera.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated) HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2327952 2010-07-06] (Microsoft Corporation) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation) HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2014-03-27] (IDT, Inc.) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-03-15] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2013-05-23] (Renesas Electronics Corporation) HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [94264 2011-02-15] (Hewlett-Packard Development Company L.P.) HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2014-12-03] (Adobe Systems Incorporated) HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.) HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.) HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [574008 2011-07-11] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [488328 2014-09-04] (Autodesk Inc.) HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-12-16] (Hewlett-Packard) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 HKU\S-1-5-21-3147454950-3773726357-3176012894-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2014-10-14] (Microsoft Corporation) HKU\S-1-5-21-3147454950-3773726357-3176012894-1001\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEMN.EXE [945856 2013-03-06] (Microsoft Corporation) HKU\S-1-5-21-3147454950-3773726357-3176012894-1001\...\Run: [Gadu-Gadu 10] => C:\Program Files (x86)\Gadu-Gadu 10\gg.exe [13374048 2012-10-17] (GG Network S.A.) HKU\S-1-5-21-3147454950-3773726357-3176012894-1001\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] () HKU\S-1-5-21-3147454950-3773726357-3176012894-1001\...\Run: [] => [X] HKU\S-1-5-21-3147454950-3773726357-3176012894-1001\...\Run: [Google Update] => C:\Users\Krzysieq\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-04-03] (Google Inc.) HKU\S-1-5-21-3147454950-3773726357-3176012894-1001\...\Run: [Check&Get] => C:\Program Files (x86)\ActiveURLs\Check&Get\Check&Get.exe [2121728 2007-03-22] () HKU\S-1-5-21-3147454950-3773726357-3176012894-1001\...\Policies\system: [DisableLockWorkstation] 0 HKU\S-1-5-21-3147454950-3773726357-3176012894-1001\...\Policies\system: [DisableChangePassword] 0 HKU\S-1-5-21-3147454950-3773726357-3176012894-1001\...\Policies\Explorer: [] HKU\S-1-5-21-3147454950-3773726357-3176012894-1001\...\MountPoints2: {0a63f268-9abf-11e3-aa55-bc7737dfbe5b} - F:\AutoRun.exe HKU\S-1-5-21-3147454950-3773726357-3176012894-1001\...\MountPoints2: {0a63f279-9abf-11e3-aa55-bc7737dfbe5b} - F:\AutoRun.exe HKU\S-1-5-21-3147454950-3773726357-3176012894-1001\...\MountPoints2: {940c0828-5e5e-11e3-ab2f-bc7737dfbe5b} - F:\LGAutoRun.exe HKU\S-1-5-21-3147454950-3773726357-3176012894-1001\...\MountPoints2: {d596a574-1b0a-11e4-a9aa-bc7737dfbe5b} - F:\AutoRun.exe HKU\S-1-5-21-3147454950-3773726357-3176012894-1001\...\Winlogon: [Shell] explorer.exe, <==== ATTENTION IFEO\taskmgr.exe: [Debugger] "C:\PROGRAM FILES\PROCESS EXPLORER\PROCEXP.EXE" Startup: C:\Users\Krzysieq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Krzysieq\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Krzysieq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Thunderbird.lnk ShortcutTarget: Mozilla Thunderbird.lnk -> C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation) ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.) ShellIconOverlayIdentifiers: [Uchwyt nakładania ikony podpisu cyfrowego] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-3147454950-3773726357-3176012894-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=HPNTDF SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKLM -> {FF9858AD-FFBA-4360-B551-CB47AB646635} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope value is missing. SearchScopes: HKLM-x32 -> {FF9858AD-FFBA-4360-B551-CB47AB646635} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\S-1-5-21-3147454950-3773726357-3176012894-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-3147454950-3773726357-3176012894-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-3147454950-3773726357-3176012894-1001 -> {FF9858AD-FFBA-4360-B551-CB47AB646635} URL = BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation) BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard) BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation) BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP) BHO-x32: Pomocnik logowania za pomocą identyfikatora Windows Live -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com/bin/srldetect_intel_4.5.24.0.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\Krzysieq\AppData\Roaming\Mozilla\Firefox\Profiles\tktexyw8.default-1393719110753 FF Homepage: hxxp://google.com FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll () FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.) FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF Plugin-x32: @esn/esnlaunch,version=2.1.7 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) FF Plugin-x32: @real.com/nppl3260;version=6.0.12.450 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\4\NP_wtapp.dll () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files (x86)\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.) FF Plugin HKU\S-1-5-21-3147454950-3773726357-3176012894-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Krzysieq\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKU\S-1-5-21-3147454950-3773726357-3176012894-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Krzysieq\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKU\S-1-5-21-3147454950-3773726357-3176012894-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Krzysieq\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Extension: ImageTools - C:\Users\Krzysieq\AppData\Roaming\Mozilla\Firefox\Profiles\tktexyw8.default-1393719110753\Extensions\matus.uhliar@gmail.com [2014-03-02] FF Extension: All-in-One Gestures - C:\Users\Krzysieq\AppData\Roaming\Mozilla\Firefox\Profiles\tktexyw8.default-1393719110753\Extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055} [2014-03-08] FF Extension: Image Resizer/Scaler - C:\Users\Krzysieq\AppData\Roaming\Mozilla\Firefox\Profiles\tktexyw8.default-1393719110753\Extensions\jid0-hd39BGK3EuIbK47rGW3fZdR163o@jetpack.xpi [2014-03-02] FF Extension: Text Complete - C:\Users\Krzysieq\AppData\Roaming\Mozilla\Firefox\Profiles\tktexyw8.default-1393719110753\Extensions\textcomplete@cfavatar.com.xpi [2014-09-17] FF Extension: Screengrab (fix version) - C:\Users\Krzysieq\AppData\Roaming\Mozilla\Firefox\Profiles\tktexyw8.default-1393719110753\Extensions\{02450914-cdd9-410f-b1da-db004e18c671}.xpi [2014-07-25] FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com [2015-01-27] Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com/ CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR Profile: C:\Users\Krzysieq\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (YouTube) - C:\Users\Krzysieq\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-04-03] CHR Extension: (Szukaj w Google) - C:\Users\Krzysieq\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-04-03] CHR Extension: (LongClick New Tab) - C:\Users\Krzysieq\AppData\Local\Google\Chrome\User Data\Default\Extensions\jphlcgnallcfbnpgmblmlmkehbffnoph [2013-11-27] CHR Extension: (Refresh Monkey) - C:\Users\Krzysieq\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljngnafhejmefmijjoedbclkadhacebd [2013-11-24] CHR Extension: (Clickable Links) - C:\Users\Krzysieq\AppData\Local\Google\Chrome\User Data\Default\Extensions\mblbciejcodpealifnhfjbdlkedplodp [2013-11-24] CHR Extension: (Google Wallet) - C:\Users\Krzysieq\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24] CHR Extension: (Auto Refresh Plus) - C:\Users\Krzysieq\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih [2013-11-25] CHR Extension: (Page Monitor) - C:\Users\Krzysieq\AppData\Local\Google\Chrome\User Data\Default\Extensions\pemhgklkefakciniebenbfclihhmmfcd [2013-11-25] CHR Extension: (Gmail) - C:\Users\Krzysieq\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-04-03] CHR HKLM-x32\...\Chrome\Extension: [dfaldikcoaplhepekpbngkepfcoiihef] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx [2011-08-22] StartMenuInternet: Google Chrome - C:\Users\Krzysieq\AppData\Local\Google\Chrome\Application\chrome.exe Opera: ======= OPR Extension: (Download Chrome Extension) - C:\Users\Krzysieq\AppData\Roaming\Opera Software\Opera Stable\Extensions\kipjbhgniklcnglfaldilecjomjaddfi [2014-08-29] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [597896 2014-09-04] (Autodesk Inc.) R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc.) S3 Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [85096 2012-04-05] (Autodesk) R2 Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [901184 2011-01-24] (Intel Corporation) [File not signed] R3 Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1298496 2011-01-24] (Intel Corporation) [File not signed] R2 Bluetooth OBEX Service; C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [991296 2011-01-24] (Intel Corporation) [File not signed] R2 clr_optimization_v4.0.30319; C:\Windows\Microsoft.NET\Frameworkx86\v4.0.30319\mscorsvw.exe [26390016 2014-08-02] (Microsoft Corporation) [File not signed] R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed] R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed] R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company) R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] () R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2413056 2013-05-23] (Realsil Microelectronics Inc.) [File not signed] R2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2012-04-06] () [File not signed] R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2011-03-04] (Hewlett-Packard Company) [File not signed] S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [655744 2012-06-28] () R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-08] () R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-08-21] () R2 SG_Service; C:\Program Files (x86)\Common Files\RbtProt\sgsrv.exe [159744 2006-06-13] () [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3674864 2014-01-08] (Intel® Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [29184 2013-04-18] (LG Electronics Inc.) S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [36352 2013-06-28] (LG Electronics Inc.) S3 Bulk1528; C:\Windows\System32\Drivers\Bulk1528.sys [14848 2008-06-28] (SunPlus) S2 Ca1528av; C:\Windows\System32\Drivers\Ca1528av.sys [533760 2008-12-17] (Digital Camera) S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] () R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-04-22] (DT Soft Ltd) S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [239104 2012-09-18] (Huawei Technologies Co., Ltd.) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-29] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation) S3 s1039bus; C:\Windows\System32\DRIVERS\s1039bus.sys [127600 2010-03-15] (MCCI Corporation) S3 s1039mdfl; C:\Windows\System32\DRIVERS\s1039mdfl.sys [19568 2010-03-15] (MCCI Corporation) S3 s1039mdm; C:\Windows\System32\DRIVERS\s1039mdm.sys [161904 2010-03-15] (MCCI Corporation) S3 s1039mgmt; C:\Windows\System32\DRIVERS\s1039mgmt.sys [141424 2010-03-15] (MCCI Corporation) S3 s1039nd5; C:\Windows\System32\DRIVERS\s1039nd5.sys [34416 2010-03-15] (MCCI Corporation) S3 s1039obex; C:\Windows\System32\DRIVERS\s1039obex.sys [137328 2010-03-15] (MCCI Corporation) S3 s1039unic; C:\Windows\System32\DRIVERS\s1039unic.sys [158320 2010-03-15] (MCCI Corporation) S3 WINIO; \??\C:\Program Files (x86)\QMacro\hknms.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-29 21:55 - 2015-01-29 21:55 - 00000000 ____D () C:\FRST 2015-01-29 21:29 - 2015-01-29 21:29 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-01-29 21:29 - 2015-01-29 21:29 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-01-29 21:29 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-01-29 21:29 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-01-29 21:03 - 2015-01-29 21:03 - 00001831 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera 12.17 1863.lnk 2015-01-29 21:03 - 2015-01-29 21:03 - 00000000 ____D () C:\Program Files (x86)\Opera x64 2015-01-29 19:02 - 2015-01-29 19:02 - 00000000 ____D () C:\Users\Krzysieq\AppData\Local\BVRP Software 2015-01-29 19:02 - 2015-01-29 19:02 - 00000000 ____D () C:\ProgramData\BVRP Software 2015-01-27 18:15 - 2015-01-27 18:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-01-27 09:55 - 2015-01-23 13:45 - 01010800 _____ () C:\Users\Krzysieq\Desktop\notes.adr 2015-01-27 09:06 - 2015-01-27 09:06 - 00000000 ____D () C:\Users\Krzysieq\Desktop\Rescue 2015-01-27 09:04 - 2015-01-23 08:32 - 03734652 _____ () C:\Users\Krzysieq\Desktop\Al-Wakrah.pptx 2015-01-27 08:54 - 2015-01-27 09:02 - 315289600 _____ () C:\Users\Krzysieq\Desktop\kav_rescue_10.iso 2015-01-27 08:54 - 2015-01-27 08:54 - 00387584 ____N () C:\Users\Krzysieq\Desktop\rescue2usb.exe 2015-01-27 08:14 - 2015-01-27 08:15 - 00000000 ____D () C:\Users\Krzysieq\Desktop\Projekt stalowego komina - Złożone konstrukcje metalowe 2014-2015 - Krzysztof Mieczkowski 2015-01-25 20:43 - 2015-01-25 20:43 - 01576960 _____ () C:\Users\Krzysieq\Downloads\WERSJA-NR-2.rtd 2015-01-25 20:43 - 2015-01-25 20:43 - 00017695 _____ () C:\Users\Krzysieq\Downloads\Obliczenia-Statyczne-Mateusz-Ofiarski.xlsx 2015-01-25 18:52 - 2015-01-25 18:53 - 00027744 _____ () C:\Users\Krzysieq\Downloads\Piotr-Ordon-gotowe1(1).xlsx 2015-01-25 13:25 - 2015-01-25 13:25 - 00027744 _____ () C:\Users\Krzysieq\Downloads\Piotr-Ordon-gotowe1.xlsx 2015-01-25 13:09 - 2015-01-25 13:09 - 01581056 _____ () C:\Users\Krzysieq\Downloads\zalacznik-dildo.rtd 2015-01-25 13:09 - 2015-01-25 13:09 - 00018949 _____ () C:\Users\Krzysieq\Downloads\Obliczenia-Wiatru-Mateusz-Ofiarski.xlsx 2015-01-24 23:40 - 2015-01-24 23:40 - 00000000 ____D () C:\Program Files (x86)\Hp 2015-01-24 23:39 - 2015-01-24 23:39 - 05165056 _____ () C:\Users\Krzysieq\Downloads\HPSupportSolutionsFramework-11.51.0048.msi 2015-01-24 16:14 - 2015-01-24 16:29 - 142546944 _____ () C:\Users\Krzysieq\Desktop\rescue-cd-3.16-63801.iso 2015-01-24 13:07 - 2015-01-24 13:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Active@ ISO Burner 2015-01-24 13:07 - 2015-01-24 13:07 - 00000000 ____D () C:\Program Files (x86)\LSoft Technologies 2015-01-24 12:56 - 2015-01-24 13:10 - 126310400 _____ () C:\Users\Krzysieq\Desktop\Vista_Recovery_Disc.iso 2015-01-23 08:04 - 2015-01-23 08:04 - 03734652 _____ () C:\Users\Krzysieq\Downloads\Al-Wakrah.pptx 2015-01-21 15:43 - 2015-01-21 15:43 - 00527360 _____ () C:\Users\Krzysieq\Downloads\Prezentacja-inzynierska.ppt 2015-01-21 06:07 - 2015-01-21 06:07 - 00000000 ____D () C:\Users\Krzysieq\Downloads\PDF wyklady ZPI 2015-01-21 06:06 - 2015-01-21 06:06 - 08951674 _____ () C:\Users\Krzysieq\Downloads\PDF wyklady ZPI.zip 2015-01-20 21:39 - 2015-01-20 21:39 - 00344943 _____ () C:\Users\Krzysieq\Downloads\rearaszkiewiczzaliczenie.zip 2015-01-20 14:35 - 2015-01-20 14:35 - 03378871 _____ () C:\Users\Krzysieq\Downloads\brakujaca-8-strona.rar 2015-01-20 14:33 - 2015-01-20 14:33 - 00027920 _____ () C:\Users\Krzysieq\Downloads\Kopia-strunobeton.xlsx 2015-01-19 04:19 - 2015-01-19 04:19 - 01069896 _____ () C:\Users\Krzysieq\Downloads\13790.txt 2015-01-18 21:41 - 2015-01-18 21:41 - 00384865 _____ () C:\Users\Krzysieq\Downloads\wmo122000iso (1).zip 2015-01-18 21:38 - 2015-01-18 21:38 - 00024452 _____ () C:\Users\Krzysieq\Downloads\Piotr-Ordon1(1).xlsx 2015-01-18 21:37 - 2015-01-18 21:37 - 00384865 _____ () C:\Users\Krzysieq\Downloads\wmo122000iso.zip 2015-01-18 20:17 - 2015-01-18 20:17 - 00024452 _____ () C:\Users\Krzysieq\Downloads\Piotr-Ordon1.xlsx 2015-01-16 09:07 - 2015-01-16 09:07 - 00087488 _____ () C:\Users\Krzysieq\Downloads\rzut-przyziemia-KD-poprawione.dwg 2015-01-16 08:57 - 2015-01-16 08:57 - 00084416 _____ () C:\Users\Krzysieq\Downloads\rzut-przyziemia-KD.dwg 2015-01-16 06:57 - 2015-01-16 06:57 - 00000198 ____H () C:\Users\Krzysieq\Downloads\Rysunek1.dwl2 2015-01-16 06:57 - 2015-01-16 06:57 - 00000048 ____H () C:\Users\Krzysieq\Downloads\Rysunek1.dwl 2015-01-16 06:04 - 2015-01-16 06:04 - 00250592 _____ () C:\Users\Krzysieq\Downloads\rzut-przyziemia-BO.dwg 2015-01-15 22:12 - 2015-01-15 22:12 - 00111328 _____ () C:\Users\Krzysieq\Downloads\KD-rzut-fundamentow.dwg 2015-01-15 21:44 - 2015-01-15 21:44 - 00099616 _____ () C:\Users\Krzysieq\Downloads\BO-rzut-fundamentow.dwg 2015-01-15 17:39 - 2015-01-15 17:39 - 13900063 _____ () C:\Users\Krzysieq\Downloads\notatkizlaborekzdrwygocka.zip 2015-01-14 23:45 - 2015-01-14 23:45 - 00373216 _____ () C:\Users\Krzysieq\Downloads\Kratownica2007.dwg 2015-01-14 23:44 - 2015-01-14 23:44 - 00325500 _____ () C:\Users\Krzysieq\Downloads\Kratownica.dwg 2015-01-14 18:47 - 2015-01-14 18:47 - 00036668 _____ () C:\Users\Krzysieq\Downloads\TABELA.dwg 2015-01-14 07:13 - 2015-01-14 07:14 - 00000000 ____D () C:\Users\Krzysieq\Downloads\Nowy folder 2015-01-14 03:10 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-01-14 03:10 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2015-01-14 03:10 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-01-14 03:10 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-01-14 03:10 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-01-14 03:10 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-01-14 03:10 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-01-14 03:10 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-01-14 03:10 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-01-14 03:10 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2015-01-14 03:10 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2015-01-14 03:10 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll 2015-01-14 03:10 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll 2015-01-13 23:45 - 2015-01-14 14:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2015-01-13 20:25 - 2015-01-13 20:25 - 01251436 _____ () C:\Users\Krzysieq\Downloads\fwdprojektkominrysunki.zip 2015-01-13 04:06 - 2015-01-14 18:51 - 00000572 _____ () C:\Windows\system32\acad.err 2015-01-13 03:52 - 2015-01-13 03:53 - 00000000 ____D () C:\Users\Krzysieq\Downloads\Mat 2015-01-12 22:56 - 2015-01-12 22:56 - 00008451 _____ () C:\Users\Krzysieq\Downloads\zut.xlsx 2015-01-12 15:58 - 2015-01-12 15:58 - 00380050 _____ () C:\Users\Krzysieq\Downloads\wymiary lekko popierdolone reszta ok.dwg 2015-01-09 20:41 - 2015-01-09 20:41 - 00290736 _____ () C:\Users\Krzysieq\Downloads\pas-gorny.xmcd 2015-01-09 13:05 - 2015-01-09 13:05 - 05250693 _____ () C:\Users\Krzysieq\Downloads\projekt wozniak.rar ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-29 21:41 - 2012-11-25 15:30 - 00001048 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-01-29 21:29 - 2013-08-29 18:06 - 00000000 ____D () C:\Users\Krzysieq\AppData\Roaming\Malwarebytes 2015-01-29 21:29 - 2013-08-29 18:06 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-01-29 21:29 - 2013-08-29 18:06 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2015-01-29 21:19 - 2012-04-03 20:23 - 00001070 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3147454950-3773726357-3176012894-1001UA.job 2015-01-29 21:11 - 2012-08-14 21:03 - 00000930 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-01-29 21:05 - 2012-04-04 19:25 - 00000000 ____D () C:\Program Files (x86)\Opera 2015-01-29 21:03 - 2013-02-02 17:27 - 00000000 ____D () C:\Program Files\Opera x64 2015-01-29 20:33 - 2013-12-15 16:10 - 01142719 _____ () C:\Windows\WindowsUpdate.log 2015-01-29 19:37 - 2013-10-13 11:34 - 00004008 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{A1DB7FD9-1898-45FE-A0E4-B3D0EE30046A} 2015-01-29 19:02 - 2012-04-03 19:37 - 00000000 ____D () C:\Users\Krzysieq\AppData\Local\CrashDumps 2015-01-29 19:02 - 2011-04-24 16:35 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2015-01-29 19:01 - 2013-04-19 16:33 - 00000000 ____D () C:\ProgramData\Sony Ericsson 2015-01-29 19:01 - 2013-04-19 16:32 - 00000000 ____D () C:\Program Files (x86)\Sony Ericsson 2015-01-29 17:34 - 2009-07-14 05:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-01-29 17:34 - 2009-07-14 05:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-01-29 16:09 - 2012-04-10 16:05 - 00000000 ___RD () C:\Users\Krzysieq\Dropbox 2015-01-29 16:09 - 2012-04-10 16:03 - 00000000 ____D () C:\Users\Krzysieq\AppData\Roaming\Dropbox 2015-01-29 16:07 - 2012-11-25 15:30 - 00001044 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-01-29 16:06 - 2014-03-02 01:00 - 00044721 _____ () C:\Windows\setupact.log 2015-01-29 16:06 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-01-29 06:06 - 2012-06-06 17:06 - 17497600 ___SH () C:\Users\Krzysieq\Desktop\Thumbs.db 2015-01-29 01:19 - 2012-04-03 20:23 - 00001018 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3147454950-3773726357-3176012894-1001Core.job 2015-01-28 15:14 - 2014-01-10 12:20 - 00000000 ____D () C:\Konkursy 2015-01-28 13:52 - 2011-04-25 02:05 - 00744058 _____ () C:\Windows\system32\perfh015.dat 2015-01-28 13:52 - 2011-04-25 02:05 - 00157508 _____ () C:\Windows\system32\perfc015.dat 2015-01-28 13:52 - 2009-07-14 06:13 - 01679426 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-01-28 13:13 - 2013-08-20 21:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-01-28 00:01 - 2012-09-04 10:38 - 00028672 ___SH () C:\Users\Krzysieq\Thumbs.db 2015-01-27 23:07 - 2014-06-26 20:09 - 00003204 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForKrzysieq 2015-01-27 23:07 - 2014-06-26 20:09 - 00000344 _____ () C:\Windows\Tasks\HPCeeScheduleForKrzysieq.job 2015-01-27 16:55 - 2014-06-10 12:35 - 00003878 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1378648697 2015-01-27 08:04 - 2014-06-16 21:34 - 00001964 _____ () C:\Users\Krzysieq\Documents\plot.log 2015-01-25 20:11 - 2012-08-14 21:03 - 00003868 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-01-25 20:11 - 2012-04-04 19:42 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-01-25 20:11 - 2012-04-04 19:42 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-25 12:17 - 2014-01-09 23:21 - 00000000 ____D () C:\ProgramData\Oracle 2015-01-25 12:17 - 2012-04-03 19:56 - 00000000 ____D () C:\Program Files (x86)\Java 2015-01-25 12:16 - 2014-01-09 23:31 - 00000000 ____D () C:\Program Files\Java 2015-01-25 12:14 - 2014-01-09 23:32 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2015-01-25 12:14 - 2014-01-09 23:32 - 00191400 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2015-01-25 12:14 - 2014-01-09 23:32 - 00190888 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2015-01-25 12:14 - 2014-01-09 23:32 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2015-01-25 12:13 - 2014-10-17 19:55 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2015-01-25 12:13 - 2014-10-17 19:55 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2015-01-25 12:13 - 2014-10-17 19:55 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2015-01-25 12:13 - 2014-10-17 19:55 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2015-01-25 11:57 - 2012-04-03 19:25 - 00146352 _____ () C:\Users\Krzysieq\AppData\Local\GDIPFONTCACHEV1.DAT 2015-01-25 11:57 - 2009-07-14 05:45 - 00525600 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-01-24 12:33 - 2012-04-22 12:33 - 00000000 ____D () C:\Users\Krzysieq\AppData\Roaming\DAEMON Tools Lite 2015-01-24 00:47 - 2012-10-01 16:53 - 00000000 ____D () C:\Reszta 2015-01-22 21:48 - 2012-04-19 20:14 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt 2015-01-22 21:48 - 2012-04-05 15:37 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log 2015-01-20 09:09 - 2012-04-04 20:21 - 01652032 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2015-01-14 14:22 - 2014-08-29 20:46 - 00003888 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1409341610 2015-01-14 14:22 - 2013-09-08 14:53 - 00000000 ____D () C:\Program Files (x86)\Opera Next 2015-01-14 08:33 - 2013-07-12 13:51 - 00000000 ____D () C:\Windows\system32\MRT 2015-01-14 08:23 - 2012-04-04 20:17 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-01-13 03:49 - 2013-05-29 00:35 - 00000000 ____D () C:\Users\Krzysieq\Downloads\1 2015-01-10 20:28 - 2009-07-14 06:08 - 00032604 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-01-02 19:18 - 2012-04-04 19:44 - 00000000 ____D () C:\Zdjęcia 2015-01-02 19:17 - 2012-04-04 19:43 - 00000000 ____D () C:\Muzyka 2014-12-31 12:14 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-12-30 16:59 - 2013-10-17 17:02 - 00000000 ____D () C:\Users\Krzysieq\AppData\Roaming\Audacity ==================== Files in the root of some directories ======= 2014-03-02 15:24 - 2014-03-02 15:24 - 0001355 _____ () C:\Users\Krzysieq\AppData\Local\Temp0canimage.jpg 2014-01-09 02:54 - 2014-01-09 02:54 - 0004109 _____ () C:\ProgramData\iqrjmdeq.fak Some content of TEMP: ==================== C:\Users\Krzysieq\AppData\Local\Temp\AcDeltree.exe C:\Users\Krzysieq\AppData\Local\Temp\BackupSetup.exe C:\Users\Krzysieq\AppData\Local\Temp\BaiduJP_Setup_MINI_Silent.exe C:\Users\Krzysieq\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptzr8s8.dll C:\Users\Krzysieq\AppData\Local\Temp\DseShExt-x64.dll C:\Users\Krzysieq\AppData\Local\Temp\DseShExt-x86.dll C:\Users\Krzysieq\AppData\Local\Temp\Extract.exe C:\Users\Krzysieq\AppData\Local\Temp\gg10.upgr.exe C:\Users\Krzysieq\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe C:\Users\Krzysieq\AppData\Local\Temp\jre-8u31-windows-au.exe C:\Users\Krzysieq\AppData\Local\Temp\MiniBand0.dll C:\Users\Krzysieq\AppData\Local\Temp\NEventMessages.dll C:\Users\Krzysieq\AppData\Local\Temp\NOSEventMessages.dll C:\Users\Krzysieq\AppData\Local\Temp\SDShelEx-win32.dll C:\Users\Krzysieq\AppData\Local\Temp\SDShelEx-x64.dll C:\Users\Krzysieq\AppData\Local\Temp\ShellHook.dll C:\Users\Krzysieq\AppData\Local\Temp\SP55068.exe C:\Users\Krzysieq\AppData\Local\Temp\SP55094.exe C:\Users\Krzysieq\AppData\Local\Temp\SP55150.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-24 02:45 ==================== End Of Log ============================