Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-07-2015 Ran by Kanon (administrator) on KANON-HP on 10-07-2015 12:43:54 Running from C:\Users\Kanon\Desktop Loaded Profiles: Kanon (Available Profiles: Kanon) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Polski (Polska) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe (Baidu, Inc.) C:\Program Files (x86)\PC Faster\5.1.0.0\PCFasterSvc.exe (IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\stacsv64.exe (Hewlett-Packard) C:\Windows\System32\hpservice.exe (DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe (IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe () C:\Program Files (x86)\ToolsUpdatePlatform\UpdatePlatform.exe (SlimWare Utilities, Inc.) C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe (LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe (Baidu, Inc.) C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.122701.0\BAVSvc.exe (Baidu, Inc.) C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.122701.0\BHipsSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe () C:\Program Files (x86)\ScreenSnapshotTool\1.0.1.10301\ScreenShotServ.exe () C:\Program Files (x86)\ScreenSnapshotTool\1.0.1.10301\ScreenSnapshot.exe (Baidu, Inc.) C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.122701.0\bavhm.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe () C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe (ABBYY) C:\Program Files (x86)\ABBYY FineReader 9.0 Sprint\Bonus.ScreenshotReader.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Baidu, Inc.) C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.122701.0\BavTray.exe (Baidu, Inc.) C:\Program Files (x86)\PC Faster\5.1.0.0\PCFTray.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Baidu, Inc.) C:\Program Files (x86)\PC Faster\5.1.0.0\PCFasterSvc.exe (Baidu, Inc.) C:\Program Files (x86)\PC Faster\5.1.0.0\SysOptEngineSvc.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Windows\System32\wscript.exe () C:\Users\Kanon\Desktop\f7hp56rl.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [1691192 2010-06-19] (Hewlett-Packard Company) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2174760 2010-06-04] (Synaptics Incorporated) HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-04-05] (Hewlett-Packard) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-17] (IDT, Inc.) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation) HKLM-x32\...\Run: [Baidu Antivirus] => C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.122701.0\BavTray.exe [1997296 2015-05-15] (Baidu, Inc.) HKLM-x32\...\Run: [Baidu PC Faster 4.0.0.0] => C:\Program Files (x86)\PC Faster\5.1.0.0\PCFTray.exe [2333152 2015-05-13] (Baidu, Inc.) HKLM-x32\...\Run: [Baidu PC Faster 5.1.0.0] => C:\Program Files (x86)\PC Faster\5.1.0.0\PCFTray.exe [2333152 2015-05-13] (Baidu, Inc.) Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-4258540652-3167376319-1349578961-1002\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [4287536 2013-08-09] () HKU\S-1-5-21-4258540652-3167376319-1349578961-1002\...\Run: [Advanced SystemCare 8] => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe [2429728 2015-04-08] (IObit) HKU\S-1-5-21-4258540652-3167376319-1349578961-1002\...\Run: [ABBYY Screenshot Reader Bonus] => C:\Program Files (x86)\ABBYY FineReader 9.0 Sprint\Bonus.ScreenshotReader.exe [939272 2009-11-25] (ABBYY) HKU\S-1-5-21-4258540652-3167376319-1349578961-1002\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-06-05] (Google Inc.) HKU\S-1-5-21-4258540652-3167376319-1349578961-1002\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-4258540652-3167376319-1349578961-1002\...\MountPoints2: {63437dc6-40b2-11e2-a298-806e6f6e6963} - F:\setup.exe HKU\S-1-5-21-4258540652-3167376319-1349578961-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\System32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation) Lsa: [Notification Packages] DPPassFilter scecli Startup: C:\Users\Kanon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\home.vbe [2015-06-30] () ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.122701.0\BavShx64.dll [2015-05-15] (Baidu, Inc.) CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=home HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=home HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-4258540652-3167376319-1349578961-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=iehp HKU\S-1-5-21-4258540652-3167376319-1349578961-1002\Software\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.certified-toolbar.com?si=33953&st=home&tid=3546&ts=1362241244403&tguid=33953-3546-1362241219609-188651 HKU\S-1-5-21-4258540652-3167376319-1349578961-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.certified-toolbar.com?si=33953&tid=3546&ts=1362241244403&tguid=33953-3546-1362241219609-188651&st=chrome&q= SearchScopes: HKLM -> DefaultScope {0633ee93-d776-472f-a0ff-e1416b8b2e3a} URL = SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {F3699528-160E-4C0D-A1B6-E1E8DDCAEB9A} URL = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox SearchScopes: HKLM-x32 -> DefaultScope {0633ee93-d776-472f-a0ff-e1416b8b2e3a} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox SearchScopes: HKLM-x32 -> {F3699528-160E-4C0D-A1B6-E1E8DDCAEB9A} URL = http://search.certified-toolbar.com?si=33953&st=bs&tid=3546&ts=1362241244403&tguid=33953-3546-1362241219609-188651&q={searchTerms} SearchScopes: HKU\S-1-5-21-4258540652-3167376319-1349578961-1002 -> DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.delta-search.com/?q={searchTerms}&affID=119535&babsrc=SP_ss&mntrId=B6BAE02A825A1C08 SearchScopes: HKU\S-1-5-21-4258540652-3167376319-1349578961-1002 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.delta-search.com/?q={searchTerms}&affID=119535&babsrc=SP_ss&mntrId=B6BAE02A825A1C08 SearchScopes: HKU\S-1-5-21-4258540652-3167376319-1349578961-1002 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-4258540652-3167376319-1349578961-1002 -> {F3699528-160E-4C0D-A1B6-E1E8DDCAEB9A} URL = BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll [2015-05-07] (IObit) BHO: HP ProtectTools Security Manager Extension -> {395610AE-C624-4f58-B89E-23733EA00F9A} -> c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll [2009-12-03] (DigitalPersona, Inc.) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2011-01-26] (SEIKO EPSON CORPORATION) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2014-03-28] (Google Inc.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: File Sanitizer for HP ProtectTools -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll [2009-12-12] (Hewlett-Packard) BHO-x32: HP ProtectTools Security Manager Extension -> {395610AE-C624-4f58-B89E-23733EA00F9A} -> c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll [2009-12-03] (DigitalPersona, Inc.) BHO-x32: Pomocnik logowania za pomocą konta Microsoft -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2014-03-28] (Google Inc.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2011-01-26] (SEIKO EPSON CORPORATION) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2014-03-28] (Google Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2014-03-28] (Google Inc.) DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-04-08] (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{3DFF655C-5B56-4415-A35C-82EC24D235EF}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{CE74BD91-7E68-4BC2-8553-DF9A153B2402}: [DhcpNameServer] 192.168.1.1 StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=sc&from=cor&uid=WDCXWD3200BEKT-60PVMT0_WD-WXC1AB00103401034&ts=1381734589 FireFox: ======== FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll [2013-06-26] (Adobe Systems, Inc.) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-08-09] (Pando Networks) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll [2014-05-10] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll [2014-05-10] (Google Inc.) FF Plugin HKU\S-1-5-21-4258540652-3167376319-1349578961-1002: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-08-09] (Pando Networks) FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt FF Extension: DigitalPersona Extension - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2010-09-03] Chrome: ======= CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll () CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File CHR Plugin: (Bing Bar) - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll No File CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File CHR Profile: C:\Users\Kanon\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (BIODIGITAL HUMAN) - C:\Users\Kanon\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak [2013-01-23] CHR Extension: (Angry Birds) - C:\Users\Kanon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2013-01-23] CHR Extension: (Google Drive) - C:\Users\Kanon\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-15] CHR Extension: (SKiD Racer) - C:\Users\Kanon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhoaojooagiaaiidlnfhkkafjpbbnnno [2013-01-23] CHR Extension: (3D Aerobatics Training) - C:\Users\Kanon\AppData\Local\Google\Chrome\User Data\Default\Extensions\napaodofbddcgpbgepkedckklhcmpilc [2013-01-23] CHR Extension: (Highlight Keywords for Google Search) - C:\Users\Kanon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhahncknpppipmgjchbbhehkfglelepf [2013-01-23] CHR Extension: (Google Wallet) - C:\Users\Kanon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY) S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) R2 AdvancedSystemCareService8; C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [814880 2015-04-03] (IObit) S3 AESTFilters; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation) R2 BavSvc; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.122701.0\BavSvc.exe [2572928 2015-05-15] (Baidu, Inc.) S3 BdSandboxSrv; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.122701.0\BdSandboxSrv64.exe [264736 2015-01-08] (Baidu, Inc.) R2 BHipsSvc; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.122701.0\BHipsSvc.exe [531232 2015-05-15] (Baidu, Inc.) S4 DEBridge; c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [704512 2009-12-16] (McAfee, Inc.) [File not signed] R2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [462088 2009-11-25] (DigitalPersona, Inc.) S3 FLCDLOCK; c:\Windows\SysWOW64\flcdlock.exe [362040 2009-11-17] (Hewlett-Packard Ltd) S4 HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [121344 2010-07-01] (Hewlett-Packard Company) [File not signed] S3 HP ProtectTools Service; c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [36864 2009-11-19] (Hewlett-Packard Development Company, L.P) [File not signed] S3 HPDayStarterService; c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe [90112 2010-05-10] (Hewlett-Packard Company) [File not signed] S4 HpFkCryptService; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [281192 2009-12-16] (McAfee, Inc.) S4 HPFSService; C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [297984 2009-12-12] (Hewlett-Packard) [File not signed] S4 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [264248 2010-03-01] (Hewlett-Packard Company) S3 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-06-17] (Hewlett-Packard Company) [File not signed] S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2585376 2015-03-26] (IObit) R2 PCFasterSvc_{PCFaster_5.1.0.0}; C:\Program Files (x86)\PC Faster\5.1.0.0\PCFasterSvc.exe [1714448 2015-05-13] (Baidu, Inc.) S4 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [635416 2009-10-23] (PDF Complete Inc) S3 SparkSvc; C:\Program Files (x86)\baidu\Spark\sparkservice.exe [86840 2015-05-07] (Baidu Inc.) S3 SparkUpdater; C:\Program Files (x86)\Baidu\SparkUpdate\Sparkupdate.exe [1628352 2014-06-12] (Baidu.com, Inc.) [File not signed] R2 STacSV; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\STacSV64.exe [244736 2010-03-17] (IDT, Inc.) R2 TheScreenSnapshotService; C:\Program Files (x86)\ScreenSnapshotTool\1.0.1.10301\ScreenShotServ.exe [143520 2015-06-15] () S3 uArcCapture; C:\windows\system\uArcCapture.exe [506472 2009-12-04] (ArcSoft, Inc.) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) S2 IePluginService; No ImagePath S2 IePluginServices; No ImagePath S2 winzipersvc; No ImagePath <==== ATTENTION S2 Wpm; No ImagePath ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 ARCVCAM; C:\Windows\System32\DRIVERS\ArcSoftVCapture.sys [32640 2009-12-04] (ArcSoft, Inc.) S3 Baidu PC Faster FileShredder; C:\Program Files (x86)\PC Faster\5.1.0.0\FileKill_x64.sys [21824 2013-03-19] () U3 BdApiUtil; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.122701.0\BdApiUtil64.sys [116936 2015-05-15] (Baidu, Inc.) R3 bdark64; C:\windows\system32\drivers\bdark64.sys [78792 2015-04-20] () U3 BdCameraProtect; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.122701.0\BdCameraProtect64.sys [25032 2015-05-15] (Baidu, Inc.) S3 BdSandbox; C:\windows\System32\drivers\BdSandbox.sys [232440 2015-01-08] (Baidu, Inc.) R1 Bfilter; C:\windows\System32\drivers\Bfilter.sys [62920 2015-05-15] (Baidu, Inc.) R1 Bfmon; C:\windows\System32\drivers\Bfmon.sys [38344 2015-05-15] (Baidu, Inc.) R1 Bnbase; C:\Windows\System32\drivers\bnbasex64.sys [62792 2015-05-15] (Baidu, Inc.) R1 Bndef; C:\windows\System32\drivers\bndef64.sys [485672 2015-05-15] (Baidu, Inc.) R3 BNmon; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.122701.0\Bnmon64.sys [82376 2015-05-15] (Baidu, Inc.) R1 Bprotect; C:\windows\System32\drivers\Bprotect.sys [169416 2015-05-15] (Baidu, Inc.) R1 BprotectEx; C:\windows\System32\drivers\BprotectEx.sys [93512 2015-04-09] (Baidu, Inc.) S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [40760 2009-10-21] (Hewlett-Packard Development Company L.P.) R0 E08AE23A; C:\Windows\System32\drivers\E08AE23A.sys [457824 2015-06-23] (Kaspersky Lab ZAO) R3 PCFApiUtil; C:\Program Files (x86)\PC Faster\5.1.0.0\PCFApiUtil64.sys [144648 2015-04-09] (Baidu, Inc.) R1 RsvLock; C:\Windows\System32\Drivers\RsvLock.sys [58184 2009-12-16] (McAfee, Inc.) R1 RsvLock; C:\Windows\SysWow64\Drivers\RsvLock.sys [40088 2009-12-16] (McAfee, Inc.) R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [89216 2009-12-22] (Realtek Semiconductor Corp.) R0 SafeBoot; C:\Windows\System32\Drivers\SafeBoot.sys [56648 2009-12-16] () R0 SafeBoot; C:\Windows\SysWow64\Drivers\SafeBoot.sys [110520 2009-12-16] (McAfee, Inc.) R0 SbAlg; C:\Windows\System32\Drivers\SbAlg.sys [60160 2009-06-04] (McAfee, Inc.) R0 SbAlg; C:\Windows\SysWow64\Drivers\SbAlg.sys [51800 2009-12-16] (McAfee, Inc.) R0 SbFsLock; C:\Windows\System32\Drivers\SbFsLock.sys [15688 2009-12-16] (McAfee, Inc.) R0 SbFsLock; C:\Windows\SysWow64\Drivers\SbFsLock.sys [13256 2009-12-16] (McAfee, Inc.) R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit) S3 ss_bserd; C:\Windows\System32\DRIVERS\ss_bserd.sys [128000 2009-09-19] (MCCI Corporation) S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16056 2015-07-10] (SlimWare Utilities, Inc.) S3 X6va013; No ImagePath S3 Spring; \??\C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\Spring64.sys [X] U3 agtiqpog; \??\C:\Users\Kanon\AppData\Local\Temp\agtiqpog.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-10 12:43 - 2015-07-10 12:44 - 00024364 _____ C:\Users\Kanon\Desktop\FRST.txt 2015-07-10 12:41 - 2015-07-10 12:43 - 00000000 ____D C:\FRST 2015-07-10 12:40 - 2015-07-10 12:40 - 02112512 _____ (Farbar) C:\Users\Kanon\Desktop\FRST64.exe 2015-07-10 12:32 - 2015-07-10 12:32 - 00120096 _____ C:\Users\Kanon\Desktop\OTL.Txt 2015-07-10 12:19 - 2015-07-10 12:19 - 03220760 _____ (El Desaparecido - SosVirus.net - UsbFix.net) C:\Users\Kanon\Desktop\UsbFix_2015_7.986_www.INSTALKI.pl.exe 2015-07-10 12:12 - 2015-07-10 12:12 - 00602112 _____ (OldTimer Tools) C:\Users\Kanon\Desktop\OTL.exe 2015-07-10 11:50 - 2015-07-10 12:33 - 00129440 _____ C:\Users\Kanon\Desktop\Extras.Txt 2015-07-10 11:43 - 2015-07-10 11:43 - 00000000 ____D C:\ProgramData\BavSvc_exe 2015-07-10 11:40 - 2015-07-10 11:40 - 00380416 _____ C:\Users\Kanon\Desktop\f7hp56rl.exe 2015-07-06 09:59 - 2015-07-10 12:40 - 00000646 _____ C:\windows\Tasks\{61FFE1F9-137D-4c31-A181-3415FCAA5946}{19F8DB95-4D78-4ddb-AC71-C610654FE37F}.job 2015-07-06 09:59 - 2015-07-10 09:59 - 00000430 _____ C:\windows\Tasks\ToolsUpdatePlatform_ScheduledTask.job 2015-07-06 09:59 - 2015-07-10 09:59 - 00000000 ____D C:\ProgramData\ToolsUpdatePlatform 2015-07-06 09:59 - 2015-07-06 10:47 - 00000000 ____D C:\Users\Kanon\AppData\Roaming\ScreenSnapshotTool 2015-07-06 09:59 - 2015-07-06 09:59 - 00003650 _____ C:\windows\System32\Tasks\{61FFE1F9-137D-4c31-A181-3415FCAA5946}{19F8DB95-4D78-4ddb-AC71-C610654FE37F} 2015-07-06 09:59 - 2015-07-06 09:59 - 00003534 _____ C:\windows\System32\Tasks\ToolsUpdatePlatform_ScheduledTask 2015-07-06 09:59 - 2015-07-06 09:59 - 00000000 ____D C:\Users\Public\Documents\Guid 2015-07-06 09:59 - 2015-07-06 09:59 - 00000000 ____D C:\Program Files (x86)\ToolsUpdatePlatform 2015-07-06 09:59 - 2015-07-06 09:59 - 00000000 ____D C:\Program Files (x86)\ScreenSnapshotTool 2015-06-30 21:34 - 2015-06-30 21:35 - 00151290 _____ C:\Users\Kanon\Desktop\20141230_Probny_sprawdzian_Analiza_Czesc_1_p.zip 2015-06-30 16:16 - 2013-05-24 14:34 - 00282112 _____ C:\Users\Kanon\Desktop\Broń nowa.ppt 2015-06-29 23:41 - 2015-06-29 23:41 - 00007389 _____ C:\Users\Kanon\Desktop\potwierdzenie_rezerwacji_413277b0-d67d-23da-aabf-494d68dce446.html 2015-06-23 10:38 - 2015-06-23 10:38 - 00457824 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\E08AE23A.sys 2015-06-23 09:53 - 2015-06-23 09:53 - 00052320 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\79384206.sys 2015-06-23 09:48 - 2015-06-23 09:53 - 00000000 ____D C:\KVRT_Data 2015-06-23 09:48 - 2015-06-22 07:54 - 103883936 _____ (Kaspersky Lab ZAO) C:\Users\Kanon\Desktop\KVRT(2).exe 2015-06-19 14:18 - 2015-06-22 21:55 - 00005718 ____H C:\windows\SysWOW64\binary_proc_soft 2015-06-16 20:43 - 2015-07-10 09:11 - 00000000 ____D C:\Users\Kanon\Desktop\licheń 2015-06-11 18:57 - 2015-06-11 18:59 - 00000000 ____D C:\Users\Kanon\AppData\Roaming\Device Doctor 2015-06-11 18:57 - 2015-06-11 18:57 - 00001066 _____ C:\Users\Kanon\Desktop\Device Doctor.lnk 2015-06-11 18:57 - 2015-06-11 18:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Device Doctor 2015-06-11 18:57 - 2015-06-11 18:57 - 00000000 ____D C:\Program Files (x86)\Device Doctor 2015-06-11 18:56 - 2015-06-11 18:56 - 01481976 _____ (Device Doctor Software Inc. ) C:\Users\Kanon\Downloads\Device Doctor 3.1.0.0.exe 2015-06-11 18:54 - 2015-06-01 21:16 - 00389840 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll 2015-06-11 18:54 - 2015-06-01 20:07 - 00342736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll 2015-06-11 18:54 - 2015-05-27 16:35 - 24917504 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2015-06-11 18:54 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2015-06-11 18:54 - 2015-05-23 05:28 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2015-06-11 18:54 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll 2015-06-11 18:54 - 2015-05-23 05:15 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll 2015-06-11 18:54 - 2015-05-23 05:15 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll 2015-06-11 18:54 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec 2015-06-11 18:54 - 2015-05-23 05:13 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll 2015-06-11 18:54 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2015-06-11 18:54 - 2015-05-23 05:09 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll 2015-06-11 18:54 - 2015-05-23 05:08 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll 2015-06-11 18:54 - 2015-05-23 05:06 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll 2015-06-11 18:54 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll 2015-06-11 18:54 - 2015-05-23 05:05 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe 2015-06-11 18:54 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll 2015-06-11 18:54 - 2015-05-23 04:57 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll 2015-06-11 18:54 - 2015-05-23 04:52 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-06-11 18:54 - 2015-05-23 04:49 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll 2015-06-11 18:54 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll 2015-06-11 18:54 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2015-06-11 18:54 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll 2015-06-11 18:54 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2015-06-11 18:54 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl 2015-06-11 18:54 - 2015-05-23 04:37 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll 2015-06-11 18:54 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2015-06-11 18:54 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2015-06-11 18:54 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2015-06-11 18:54 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll 2015-06-11 18:54 - 2015-05-22 21:16 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2015-06-11 18:54 - 2015-05-22 21:16 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll 2015-06-11 18:54 - 2015-05-22 21:01 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2015-06-11 18:54 - 2015-05-22 21:00 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2015-06-11 18:54 - 2015-05-22 21:00 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2015-06-11 18:54 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec 2015-06-11 18:54 - 2015-05-22 21:00 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll 2015-06-11 18:54 - 2015-05-22 20:59 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll 2015-06-11 18:54 - 2015-05-22 20:53 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2015-06-11 18:54 - 2015-05-22 20:52 - 06026240 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2015-06-11 18:54 - 2015-05-22 20:52 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2015-06-11 18:54 - 2015-05-22 20:48 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2015-06-11 18:54 - 2015-05-22 20:47 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll 2015-06-11 18:54 - 2015-05-22 20:47 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll 2015-06-11 18:54 - 2015-05-22 20:47 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2015-06-11 18:54 - 2015-05-22 20:47 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe 2015-06-11 18:54 - 2015-05-22 20:40 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe 2015-06-11 18:54 - 2015-05-22 20:36 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll 2015-06-11 18:54 - 2015-05-22 20:29 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll 2015-06-11 18:54 - 2015-05-22 20:25 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll 2015-06-11 18:54 - 2015-05-22 20:24 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2015-06-11 18:54 - 2015-05-22 20:21 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll 2015-06-11 18:54 - 2015-05-22 20:07 - 00720384 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2015-06-11 18:54 - 2015-05-22 20:06 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2015-06-11 18:54 - 2015-05-22 20:05 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2015-06-11 18:54 - 2015-05-22 20:05 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll 2015-06-11 18:54 - 2015-05-22 19:57 - 14404096 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2015-06-11 18:54 - 2015-05-22 19:50 - 02426880 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2015-06-11 18:54 - 2015-05-22 19:38 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2015-06-11 18:54 - 2015-05-22 19:26 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2015-06-11 18:05 - 2015-06-11 18:05 - 00000000 ____D C:\ProgramData\SlimWare Utilities, Inc 2015-06-11 18:03 - 2015-07-10 08:27 - 00016056 _____ (SlimWare Utilities, Inc.) C:\windows\system32\Drivers\SWDUMon.sys 2015-06-11 18:03 - 2015-07-10 08:27 - 00002836 _____ C:\windows\System32\Tasks\SlimDrivers Startup 2015-06-11 18:03 - 2015-07-10 08:27 - 00000410 _____ C:\windows\Tasks\SlimDrivers Startup.job 2015-06-11 18:03 - 2015-06-11 18:03 - 00000000 ____D C:\Users\Kanon\AppData\Local\SlimWare Utilities Inc 2015-06-11 18:02 - 2015-06-11 18:02 - 00000000 ____D C:\Users\Public\Documents\Downloaded Installers ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-10 12:44 - 2013-08-09 15:54 - 00000000 ____D C:\Users\Kanon\AppData\Local\PMB Files 2015-07-10 12:25 - 2010-09-03 16:59 - 00740688 _____ C:\windows\system32\perfh015.dat 2015-07-10 12:25 - 2010-09-03 16:59 - 00156230 _____ C:\windows\system32\perfc015.dat 2015-07-10 12:25 - 2009-07-14 07:13 - 01670590 _____ C:\windows\system32\PerfStringBackup.INI 2015-07-10 12:11 - 2012-12-15 22:49 - 00001046 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-07-10 11:59 - 2014-06-30 09:14 - 01311580 _____ C:\windows\WindowsUpdate.log 2015-07-10 11:43 - 2014-02-26 13:22 - 00000000 ____D C:\Users\Kanon\AppData\Roaming\SupTab 2015-07-10 11:17 - 2014-09-10 06:37 - 00000000 ____D C:\Users\Kanon\Desktop\berlin '14 2015-07-10 11:08 - 2013-07-25 12:43 - 00000000 ____D C:\Users\Kanon\Desktop\zdj z aparatu 2015-07-10 11:00 - 2014-08-09 16:23 - 00000000 ____D C:\Users\Kanon\Desktop\zakopane 2014 2015-07-10 10:42 - 2015-04-28 20:21 - 00000000 ____D C:\Users\Kanon\Desktop\Nowy folder 2015-07-10 10:11 - 2012-12-15 22:49 - 00001042 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-07-10 08:37 - 2015-03-04 21:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster 2015-07-10 08:35 - 2009-07-14 06:45 - 00022704 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-07-10 08:35 - 2009-07-14 06:45 - 00022704 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-07-10 08:27 - 2015-04-29 16:58 - 00014580 _____ C:\windows\system32\HWLook.log 2015-07-10 08:27 - 2009-07-14 07:08 - 00000006 ____H C:\windows\Tasks\SA.DAT 2015-07-09 18:20 - 2014-11-19 15:23 - 00000000 ____D C:\Users\Kanon\Desktop\Paulina ;d 2015-07-07 20:50 - 2015-05-31 09:51 - 00000000 ____D C:\Users\Kanon\Desktop\skarga stowarzyszenia 2015-07-05 15:24 - 2012-12-10 17:38 - 00000000 ____D C:\Users\Kanon\Documents\Basia 2015-07-05 15:21 - 2009-07-14 07:32 - 00000000 ____D C:\windows\system32\FxsTmp 2015-07-05 10:04 - 2013-12-30 12:44 - 00000000 ____D C:\ProgramData\ProductData 2015-06-23 10:10 - 2015-01-11 12:15 - 00000000 ____D C:\Users\Kanon\Desktop\postę. dyscyp. 2015 2015-06-23 09:58 - 2012-12-15 22:50 - 00002259 _____ C:\Users\Kanon\Desktop\Google Chrome.lnk 2015-06-23 09:58 - 2012-12-08 22:05 - 00001425 _____ C:\Users\Kanon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-06-23 09:58 - 2012-12-07 14:35 - 00001477 _____ C:\Users\Kanon\Desktop\Internet Explorer (No Add-ons).lnk 2015-06-22 21:55 - 2015-04-11 10:31 - 00294462 ____H C:\windows\SysWOW64\binary_proc_stub 2015-06-20 21:23 - 2010-09-03 16:56 - 00000000 ____D C:\ProgramData\PDFC 2015-06-17 20:05 - 2009-07-14 07:08 - 00032604 _____ C:\windows\Tasks\SCHEDLGU.TXT 2015-06-12 23:21 - 2014-11-13 22:43 - 00000000 __SHD C:\Users\Kanon\AppData\Local\EmieBrowserModeList 2015-06-12 23:21 - 2014-04-20 12:10 - 00000000 __SHD C:\Users\Kanon\AppData\Local\EmieUserList 2015-06-12 23:21 - 2014-04-20 12:10 - 00000000 __SHD C:\Users\Kanon\AppData\Local\EmieSiteList 2015-06-11 21:07 - 2009-07-14 05:20 - 00000000 ____D C:\windows\PolicyDefinitions 2015-06-11 08:32 - 2009-07-14 05:20 - 00000000 ____D C:\windows\system32\NDF ==================== Files in the root of some directories ======= 2013-03-09 23:30 - 2013-09-08 19:08 - 0010752 _____ () C:\Users\Kanon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-06-01 10:59 - 2013-06-01 10:59 - 0215025 _____ () C:\ProgramData\1370077131.bdinstall.bin 2013-06-01 11:00 - 2013-06-01 11:00 - 0059672 _____ () C:\ProgramData\1370077236.bdinstall.bin 2013-06-01 11:13 - 2013-06-01 11:13 - 0661845 _____ () C:\ProgramData\1370077516.bdinstall.bin 2013-10-14 09:13 - 2013-10-14 09:13 - 0489320 _____ () C:\ProgramData\1381734345.bdinstall.bin 2013-10-19 13:51 - 2013-10-19 13:51 - 0225740 _____ () C:\ProgramData\1382183432.bdinstall.bin 2014-05-25 18:44 - 2014-05-25 18:44 - 0000088 __RSH () C:\ProgramData\965614D0CF.sys 2014-09-22 17:35 - 2015-03-04 21:33 - 0014501 _____ () C:\ProgramData\Duplicaterecord.js 2012-12-23 20:52 - 2012-12-23 20:52 - 0000056 ____H () C:\ProgramData\ezsidmv.dat 2014-01-15 07:15 - 2014-01-15 07:15 - 0167784 _____ (Baidu, Inc.) C:\ProgramData\FileSplitUpLoad.dll 2014-11-29 19:37 - 2014-11-29 19:37 - 2141763 _____ () C:\ProgramData\GH-H4-125.7z 2014-05-25 18:44 - 2014-05-25 18:44 - 0002516 ___SH () C:\ProgramData\KGyGaAvL.sys Files to move or delete: ==================== C:\ProgramData\Duplicaterecord.js C:\ProgramData\FileSplitUpLoad.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-07-03 20:29 ==================== End of log ============================