Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-09-2016 Ran by user (administrator) on DELL6430 (29-09-2016 16:59:38) Running from C:\Users\user\Downloads Loaded Profiles: UpdatusUser & user (Available Profiles: UpdatusUser & user) Platform: Windows 8 (X64) Language: Angielski (Stany Zjednoczone) Internet Explorer Version 10 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicShellService.exe (Authentec Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe (Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe (Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe (Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe () C:\Program Files (x86)\AnyDesk\AnyDesk.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe () C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (HP) C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe (HP) C:\Windows\System32\HPSIsvc.exe () C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe () C:\Program Files\Dell\Dell Data Protection\Access\Advanced\hapi64\pbadrvsvc.exe (pdfforge GmbH) C:\Program Files (x86)\PDF Architect 3\creator-ws.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe () C:\Program Files\Smart Menu\WinStartMenuLauncher.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe () C:\Program Files\Smart Menu\Smart Menu.exe (HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe () C:\Program Files (x86)\AnyDesk\AnyDesk.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Fabio Martin) C:\Program Files (x86)\7 Sticky Notes\7StickyNotes.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe () C:\Program Files (x86)\AnyDesk\AnyDesk.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe (Farbar) C:\Users\user\Downloads\FRST64(1).exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [684016 2012-12-22] (Alps Electric Co., Ltd.) HKLM\...\Run: [TdmNotify] => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [370584 2012-11-09] (Wave Systems Corp.) HKLM\...\Run: [DFEPApplication] => C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe [7077432 2012-08-16] (Dell Inc.) HKLM\...\Run: [IntelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [4791024 2013-08-28] (Intel(R) Corporation) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-08-16] (IDT, Inc.) HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134176 2012-10-23] (Intel Corporation) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285680 2013-03-05] (Intel Corporation) HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink) HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-04] (CyberLink Corp.) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [143888 2012-06-02] (CyberLink Corp.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.) HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) HKLM-x32\...\Run: [Tv-Plug-In] => "C:\Program Files (x86)\Tv-Plug-In\Tv-Plug-In.exe" nogui Winlogon\Notify\igfxcui: C:\Windows\SYSTEM32\igfxdev.dll (Intel Corporation) Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (Authentec Inc.) HKU\S-1-5-21-698474549-3661863871-719037460-1002\...\Run: [uTorrent] => C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe [1959424 2016-04-08] (BitTorrent Inc.) HKU\S-1-5-21-698474549-3661863871-719037460-1002\...\MountPoints2: {938acab9-1eea-11e3-be76-24fd5230071b} - "E:\windows\Install\Install.exe" HKU\S-1-5-21-698474549-3661863871-719037460-1002\...\MountPoints2: {b89f48c9-fdd9-11e4-8030-24fd5230071b} - "G:\SISetup.exe" HKU\S-1-5-21-698474549-3661863871-719037460-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [898048 2012-07-26] (Microsoft Corporation) Lsa: [Authentication Packages] msv1_0 wvauth ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2013-02-08] (Autodesk, Inc.) ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2012-11-09] (Wave Systems Corp.) ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2013-06-29] (IvoSoft) ShellIconOverlayIdentifiers: [UninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2012-11-09] (Wave Systems Corp.) ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2013-06-29] (IvoSoft) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AnyDesk.lnk [2016-09-29] ShortcutTarget: AnyDesk.lnk -> C:\Program Files (x86)\AnyDesk\AnyDesk.exe () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2016-09-29] ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\mcserver.lnk [2016-09-29] ShortcutTarget: mcserver.lnk -> C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\mcserver.exe (ZTE) Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk [2013-08-12] ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk [2013-08-12] ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.) Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk [2013-08-12] ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.) Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7 Sticky Notes.lnk [2016-09-29] ShortcutTarget: 7 Sticky Notes.lnk -> C:\Program Files (x86)\7 Sticky Notes\7StickyNotes.exe (Fabio Martin) Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk [2016-09-29] ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.) CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 62.179.1.62 62.179.1.63 Tcpip\..\Interfaces\{71B3C124-6BFC-4799-81EB-AC2F0B4D61A3}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{C47BB8F5-6EE1-4B30-9D71-7B37DDCA84F6}: [DhcpNameServer] 62.179.1.62 62.179.1.63 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.wp.pl/?src01=dp120150521 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.wp.pl/?src01=dp120150521 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com URLSearchHook: [S-1-5-21-698474549-3661863871-719037460-1001] ATTENTION => Default URLSearchHook is missing SearchScopes: HKLM-x32 -> DefaultScope value is missing SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-698474549-3661863871-719037460-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-698474549-3661863871-719037460-1002 -> {2B7A828E-5EB6-4088-A48D-622B2542B40F} URL = BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: PDF Architect 3 Helper -> {06E08260-0695-4EC1-A74B-1310D8899D93} -> C:\Program Files (x86)\PDF Architect 3\creator-ie-helper.dll [2015-04-24] (pdfforge GmbH) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) Toolbar: HKLM-x32 - PDF Architect 3 Toolbar - {2DFF3579-5AA7-45B9-9328-1D38EA230861} - C:\Program Files (x86)\PDF Architect 3\creator-ie-plugin.dll [2015-04-24] (pdfforge GmbH) DPF: HKLM-x32 {68282C51-9459-467B-95BF-3C0E89627E55} hxxp://www.mks.com.pl/skaner/SkanerOnline.cab FireFox: ======== FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fjiljseq.default-1420470866777 FF Homepage: hxxp://www.google.pl/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_181.dll [2016-09-29] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_181.dll [2016-09-29] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-05-06] () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.) FF Plugin-x32: PDF Architect 3 -> C:\Program Files (x86)\PDF Architect 3\np-previewer.dll [2015-04-24] (pdfforge GmbH) FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.4.24\coFFAddon => not found FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\addon FF Extension: (Bytemobile Optimization Client) - C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\addon [2010-04-01] [not signed] FF HKLM-x32\...\Firefox\Extensions: [pdf_architect_3_conv@pdfarchitect.org] - C:\Program Files (x86)\PDF Architect 3\resources\pdfarchitect3firefoxextension FF Extension: (PDF Architect 3 Creator) - C:\Program Files (x86)\PDF Architect 3\resources\pdfarchitect3firefoxextension [2015-05-21] [not signed] FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.4.24\coFFAddon => not found Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR HKLM\...\Chrome\Extension: [hkhkiakolggnnicallabhkobalpeplpi] - CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [hkhkiakolggnnicallabhkobalpeplpi] - CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AnyDesk; C:\Program Files (x86)\AnyDesk\AnyDesk.exe [1403488 2015-08-21] () R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.) R2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [68608 2013-06-29] (IvoSoft) [File not signed] R2 DFEPService; C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe [2280504 2012-08-16] (Dell Inc.) R2 EmbassyService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [225720 2012-11-20] () S2 FirebirdGuardianDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_0\bin\fbguard.exe [81920 2012-02-21] (FirebirdSQL Project) [File not signed] S3 FirebirdServerDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_0\bin\fbserver.exe [2048000 2012-02-21] (FirebirdSQL Project) [File not signed] R2 HPM1210RcvFaxSrvc; C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe [362296 2010-05-11] (HP) R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29728 2016-08-15] (HP Inc.) R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-05] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166432 2012-10-23] (Intel Corporation) S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] () R2 PbaDrvSvc_x64; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\hapi64\pbadrvsvc.exe [20480 2012-11-24] () [File not signed] S3 PDF Architect 3; C:\Program Files (x86)\PDF Architect 3\ws.exe [2244312 2015-04-24] (pdfforge GmbH) S3 PDF Architect 3 CrashHandler; C:\Program Files (x86)\PDF Architect 3\crash-handler-ws.exe [901336 2015-04-24] (pdfforge GmbH) R2 PDF Architect 3 Creator; C:\Program Files (x86)\PDF Architect 3\creator-ws.exe [740568 2015-04-24] (pdfforge GmbH) R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-25] () S2 tcsd_win32.exe; C:\Program Files (x86)\Security Innovation\SI TSS\bin\tcsd_win32.exe [1643520 2012-05-11] () [File not signed] S3 vmicvss; C:\Windows\System32\ICSvc.dll [336384 2012-07-26] (Microsoft Corporation) R2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1758720 2012-11-19] (Wave Systems Corp.) [File not signed] R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16024 2015-05-19] (Microsoft Corporation) R2 WinStartMenuLauncher; C:\Program Files\Smart Menu\WinStartMenuLauncher.exe [249432 2014-12-05] () [File not signed] R2 WvPCR; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [254384 2012-11-08] (Wave Systems Corp.) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-04] (Broadcom Corporation.) R0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [16512 2009-12-15] (Bytemobile, Inc.) [File not signed] R0 BMLoad; C:\Windows\SysWOW64\drivers\BMLoad.sys [16512 2009-12-15] (Bytemobile, Inc.) [File not signed] R3 BTWPANFL; C:\Windows\system32\drivers\btwpanfl.sys [44912 2000-01-01] (Broadcom Corporation.) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink) R3 dcdbas; C:\Windows\System32\drivers\dcdbas64.sys [48464 2015-06-19] (Dell Inc.) R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-25] (OSR Open Systems Resources, Inc.) R3 e1cexpress; C:\Windows\system32\DRIVERS\e1c63x64.sys [468240 2013-02-20] (Intel Corporation) S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3265256 2012-09-20] (Broadcom Corporation) S3 HP1210FAX; C:\Windows\System32\Drivers\HPM1210FAX.sys [16896 2012-11-07] () S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes) U3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation) S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-12-24] (Marvell Semiconductor, Inc.) R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-10-08] (Intel Corporation) R1 nvkflt; C:\Windows\system32\DRIVERS\nvkflt.sys [300320 2013-12-04] (NVIDIA Corporation) R3 ST_Accel; C:\Windows\System32\drivers\ST_Accel.sys [73368 2012-07-13] (STMicroelectronics) R1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [39552 2009-12-15] (Bytemobile, Inc.) [File not signed] R1 tcpipBM; C:\Windows\SysWOW64\drivers\tcpipBM.sys [39552 2009-12-15] (Bytemobile, Inc.) [File not signed] R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-10] (Windows (R) Win 7 DDK provider) S3 wbfcvusbdrv; C:\Windows\System32\Drivers\wbfcvusbdrv.sys [17120 2013-03-07] () S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44024 2015-05-19] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [275712 2015-05-19] (Microsoft Corporation) R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-10] (Windows (R) Win 7 DDK provider) S3 zte_cdc_acm; C:\Windows\system32\DRIVERS\zte_cdc_acm.sys [79872 2011-08-10] (ZTE) S3 zte_cpo; C:\Windows\system32\DRIVERS\zte_cpo.sys [14336 2011-08-10] (ZTE) U3 agrcapod; \??\C:\Users\user\AppData\Local\Temp\agrcapod.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-09-29 16:53 - 2016-09-29 16:53 - 00000000 ____D C:\ProgramData\BackupPCFiles 2016-09-29 09:37 - 2016-09-29 09:37 - 00380928 _____ C:\Users\user\Downloads\xzpnxpbg.exe 2016-09-29 09:36 - 2016-09-29 09:36 - 07027736 _____ (TeamViewer) C:\Users\user\Downloads\TeamViewer_Host_Setup.exe 2016-09-29 09:36 - 2016-09-29 09:36 - 00001176 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9 Host.lnk 2016-09-29 09:36 - 2016-09-29 09:36 - 00001164 _____ C:\Users\Public\Desktop\TeamViewer 9 Host.lnk 2016-09-29 09:36 - 2016-09-29 09:36 - 00000000 ____D C:\Program Files (x86)\TeamViewer 2016-09-29 09:26 - 2016-09-29 09:26 - 02404352 _____ (Farbar) C:\Users\user\Downloads\FRST64(1).exe 2016-09-29 09:23 - 2016-09-29 09:23 - 00004462 _____ C:\Users\user\Documents\cc_20160929_092308.reg 2016-09-29 09:08 - 2016-09-29 09:14 - 00000080 _____ C:\Users\user\Desktop\ZDJĘCIA - skrót.lnk 2016-09-29 09:08 - 2016-09-29 09:14 - 00000080 _____ C:\Users\user\Desktop\www - skrót.lnk 2016-09-29 09:08 - 2016-09-29 09:14 - 00000080 _____ C:\Users\user\Desktop\UMOWA - skrót.lnk 2016-09-29 09:08 - 2016-09-29 09:14 - 00000080 _____ C:\Users\user\Desktop\trybuny ludów 15a - skrót.lnk 2016-09-29 09:08 - 2016-09-29 09:14 - 00000080 _____ C:\Users\user\Desktop\tabal tir - skrót.lnk 2016-09-29 09:08 - 2016-09-29 09:14 - 00000080 _____ C:\Users\user\Desktop\rozliczenia warsztat - skrót.lnk 2016-09-29 09:08 - 2016-09-29 09:14 - 00000080 _____ C:\Users\user\Desktop\Pobrane - skrót.lnk 2016-09-29 09:08 - 2016-09-29 09:14 - 00000080 _____ C:\Users\user\Desktop\organizacja pracy - skrót.lnk 2016-09-29 09:08 - 2016-09-29 09:14 - 00000080 _____ C:\Users\user\Desktop\mp4 - skrót.lnk 2016-09-29 09:08 - 2016-09-29 09:14 - 00000080 _____ C:\Users\user\Desktop\Krecik - skrót.lnk 2016-09-29 09:08 - 2016-09-29 09:14 - 00000080 _____ C:\Users\user\Desktop\KBM - skrót.lnk 2016-09-29 09:08 - 2016-09-29 09:14 - 00000080 _____ C:\Users\user\Desktop\hurt - skrót.lnk 2016-09-29 09:08 - 2016-09-29 09:14 - 00000080 _____ C:\Users\user\Desktop\hala - skrót.lnk 2016-09-29 09:08 - 2016-09-29 09:14 - 00000080 _____ C:\Users\user\Desktop\działka kokotów 48a zamiana - skrót.lnk 2016-09-29 09:08 - 2016-09-29 09:14 - 00000080 _____ C:\Users\user\Desktop\dokumenty do kredytu idea bank - skrót.lnk 2016-09-29 09:08 - 2016-09-29 09:14 - 00000080 _____ C:\Users\user\Desktop\CENNIK WŁASNY - skrót.lnk 2016-09-29 09:08 - 2016-09-29 09:14 - 00000080 _____ C:\Users\user\Desktop\bauleiter - skrót.lnk 2016-09-29 09:08 - 2016-09-29 09:14 - 00000080 _____ C:\Users\user\Desktop\analizy opłacalności działek - skrót.lnk 2016-09-29 09:08 - 2016-09-29 09:14 - 00000080 _____ C:\Users\user\Desktop\analiza przed produkcją słupków - skrót.lnk 2016-09-29 09:08 - 2016-09-29 09:14 - 00000080 _____ C:\Users\user\Desktop\7r logistic - skrót.lnk 2016-09-29 09:08 - 2016-09-29 09:14 - 00000080 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\uTorrent.lnk 2016-09-29 09:07 - 2016-09-29 09:07 - 00000020 _____ C:\Users\user\Documents\dell_st_ec.txt 2016-09-29 09:07 - 2016-09-29 09:07 - 00000000 ____D C:\Windows\LastGood.Tmp 2016-09-29 09:06 - 2016-09-29 09:07 - 00000000 ____D C:\Program Files\IDT 2016-09-29 09:06 - 2013-08-16 12:21 - 02213376 _____ (IDT, Inc.) C:\Windows\system32\stapo64.dll 2016-09-29 09:06 - 2013-08-16 12:21 - 00697856 _____ (IDT, Inc.) C:\Windows\system32\stapi64.dll 2016-09-29 09:06 - 2013-08-16 12:21 - 00551936 _____ (IDT, Inc.) C:\Windows\system32\Drivers\stwrt64.sys 2016-09-29 09:06 - 2013-08-16 12:21 - 00499200 _____ (IDT, Inc.) C:\Windows\system32\stcplx64.dll 2016-09-29 09:06 - 2013-08-16 12:21 - 00256000 _____ (IDT, Inc.) C:\Windows\system32\st646491.dll 2016-09-29 09:05 - 2016-09-29 09:06 - 00000000 ____D C:\Users\user\Desktop\dell_drv 2016-09-29 08:44 - 2016-09-29 08:44 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell 2016-09-29 08:43 - 2016-09-29 08:43 - 00013560 _____ C:\Users\user\Downloads\DellSystemDetectLauncher.Application 2016-09-29 08:42 - 2016-09-29 08:42 - 61653840 _____ (Dell Inc.) C:\Users\user\Downloads\Chipset_Driver_GJVHD_WN_9.5.15.1730_A02.EXE 2016-09-29 08:42 - 2016-09-29 08:42 - 50832368 _____ (Dell Inc.) C:\Users\user\Downloads\Chipset_Driver_46WD8_WN_8.1.0.1281_A01.EXE 2016-09-29 08:42 - 2016-09-29 08:42 - 28587160 _____ (Dell Inc.) C:\Users\user\Downloads\Chipset_Driver_V6681_WN_4.10.0046_A06.EXE 2016-09-29 08:42 - 2016-09-29 08:42 - 08462336 _____ (Dell Inc.) C:\Users\user\Downloads\Chipset_Application_26Y23_WN_3.0.0.1056_A02.EXE 2016-09-29 08:37 - 2016-09-29 08:37 - 00593952 _____ (Duplex Secure Ltd) C:\Users\user\Downloads\SPTDinst-v189-x64.exe 2016-09-29 08:32 - 2016-09-29 08:32 - 00380928 _____ C:\Users\user\Downloads\kkn7s4t7.exe 2016-09-29 08:31 - 2016-09-29 08:32 - 02404352 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe 2016-09-29 08:30 - 2016-09-29 08:30 - 00243632 _____ C:\Users\user\Downloads\Firefox Setup Stub 49.0.1.exe 2016-09-29 08:28 - 2016-09-29 08:28 - 22851472 _____ (Malwarebytes ) C:\Users\user\Downloads\mbam-setup-2.2.1.1043.exe 2016-09-29 01:21 - 2016-09-29 01:22 - 03861056 _____ C:\Users\user\Downloads\AdwCleaner (2).exe 2016-09-29 00:44 - 2016-09-29 00:44 - 00021564 _____ C:\Users\user\Documents\cc_20160929_004402.reg 2016-09-29 00:20 - 2016-09-29 16:52 - 00005012 _____ C:\Windows\System32\Tasks\WSCEAA 2016-09-28 14:58 - 2016-09-28 14:58 - 00000000 ____D C:\Users\user\Documents\Nowy folder (2) 2016-09-28 14:58 - 2016-09-28 14:58 - 00000000 ____D C:\Users\user\Documents\Nowy folder 2016-09-28 10:13 - 2016-09-29 15:26 - 00000000 ____D C:\Tools 2016-09-27 14:41 - 2016-09-27 14:41 - 00000000 ____D C:\ProgramData\NVIDIA Corporation 2016-09-24 11:01 - 2016-09-24 11:25 - 00011190 _____ C:\Users\user\Desktop\lubocza - przeliczenie opłacalności.xlsx 2016-09-24 11:00 - 2016-09-24 11:00 - 00000000 ____D C:\Users\user\Desktop\Nowy folder 2016-09-24 10:26 - 2016-09-24 10:27 - 00000000 ____D C:\Users\user\Desktop\grimbud zdjęcia 2016-09-22 15:39 - 2016-09-28 23:40 - 00000000 ____D C:\Users\user\AppData\Local\ClassicShell 2016-09-22 15:32 - 2016-09-22 15:32 - 00000000 ____D C:\Users\user\Desktop\Stare dane programu Firefox 2016-09-22 12:38 - 2016-09-22 12:38 - 00007638 _____ C:\Users\user\AppData\Local\Resmon.ResmonCfg 2016-09-22 12:37 - 2016-09-29 09:34 - 00180225 _____ C:\Users\user\Downloads\Shortcut.txt 2016-09-22 12:35 - 2016-09-29 09:34 - 00038552 _____ C:\Users\user\Downloads\Addition.txt 2016-09-22 12:34 - 2016-09-29 16:59 - 00023945 _____ C:\Users\user\Downloads\FRST.txt 2016-09-22 12:33 - 2016-09-29 16:59 - 00000000 ____D C:\FRST 2016-09-22 12:30 - 2016-09-29 00:03 - 00000000 ____D C:\Program Files (x86)\CrystalDiskInfo2 2016-09-22 09:14 - 2016-09-22 09:14 - 00000000 ____D C:\Users\user\AppData\Roaming\PDF Producer 2016-09-14 15:38 - 2013-09-04 18:12 - 02252504 _____ (Broadcom Corporation.) C:\Windows\system32\BtwRSupportService.exe 2016-09-14 15:36 - 2016-09-14 15:37 - 00000000 ____D C:\Users\user\AppData\Roaming\DRPSu 2016-09-14 13:55 - 2016-09-29 16:47 - 00161066 _____ C:\Users\user\Desktop\sfc.txt 2016-09-07 15:21 - 2016-09-29 00:01 - 00000000 ____D C:\Users\user\Downloads\tools 2016-09-07 15:14 - 2016-09-07 15:14 - 00020250 _____ C:\Users\user\Desktop\sfcdetails.txt 2016-09-07 15:11 - 2016-09-07 15:12 - 00002538 _____ C:\sfcinfo.txt 2016-09-07 13:18 - 2016-09-29 15:33 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-09-07 13:18 - 2016-09-29 09:14 - 00001098 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2016-09-07 13:18 - 2016-09-29 08:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2016-09-07 13:18 - 2016-09-29 08:28 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2016-09-07 13:18 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2016-09-07 13:18 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2016-09-07 13:18 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2016-09-07 12:27 - 2016-09-07 12:27 - 03826240 _____ C:\Users\user\Downloads\AdwCleaner(2).exe 2016-09-05 10:50 - 2016-09-29 08:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-09-29 16:57 - 2013-09-06 12:00 - 00000000 ____D C:\Users\user\AppData\Local\Google 2016-09-29 16:57 - 2013-09-06 12:00 - 00000000 ____D C:\Program Files (x86)\Google 2016-09-29 16:54 - 2014-06-30 13:39 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-09-29 16:22 - 2013-09-06 12:00 - 00001074 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-09-29 14:22 - 2013-08-12 18:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell 2016-09-29 12:39 - 2015-05-21 18:08 - 00000000 ____D C:\Program Files (x86)\Opera 2016-09-29 11:22 - 2013-09-06 12:00 - 00001070 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-09-29 09:22 - 2012-07-26 07:37 - 00000000 ____D C:\Windows\Inf 2016-09-29 09:21 - 2016-06-23 12:20 - 00000000 ____D C:\Users\user\AppData\Local\CrashDumps 2016-09-29 09:15 - 2016-08-03 09:18 - 00000000 ____D C:\Users\user\AppData\Roaming\7 Sticky Notes 2016-09-29 09:15 - 2016-07-20 11:48 - 00001438 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Asystent (10).lnk 2016-09-29 09:15 - 2016-01-24 16:45 - 00002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2016-09-29 09:15 - 2015-10-28 11:55 - 00002146 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth.lnk 2016-09-29 09:15 - 2015-10-04 14:06 - 00001726 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk 2016-09-29 09:15 - 2015-09-16 07:56 - 00001367 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Asystent (9).lnk 2016-09-29 09:15 - 2015-06-25 12:55 - 00001041 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2016-09-29 09:15 - 2015-05-20 14:23 - 00001367 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Asystent (8).lnk 2016-09-29 09:15 - 2014-12-16 16:44 - 00001367 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Asystent (7).lnk 2016-09-29 09:15 - 2014-08-20 08:19 - 00001367 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Asystent (6).lnk 2016-09-29 09:15 - 2014-05-21 12:07 - 00001367 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Asystent (5).lnk 2016-09-29 09:15 - 2013-12-09 11:13 - 00001367 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Asystent (4).lnk 2016-09-29 09:15 - 2013-10-07 16:27 - 00001367 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Asystent (3).lnk 2016-09-29 09:15 - 2013-09-19 20:35 - 00002507 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk 2016-09-29 09:15 - 2013-09-17 08:59 - 00001367 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Asystent (2).lnk 2016-09-29 09:15 - 2013-09-15 12:05 - 00001149 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2016-09-29 09:15 - 2013-09-14 02:18 - 00001367 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Asystent.lnk 2016-09-29 09:15 - 2013-09-06 09:03 - 00001017 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2016-09-29 09:15 - 2013-08-12 18:42 - 00002012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel(R) WiDi.lnk 2016-09-29 09:14 - 2016-07-20 11:48 - 00001406 _____ C:\Users\user\Desktop\Asystent Firma 2016.lnk 2016-09-29 09:14 - 2015-11-12 19:37 - 00000624 _____ C:\Users\user\Desktop\GoFlex Home Personal.lnk 2016-09-29 09:14 - 2015-11-12 19:35 - 00000532 _____ C:\Users\user\Desktop\GoFlex Home Public.lnk 2016-09-29 09:14 - 2015-05-20 14:23 - 00001333 _____ C:\Users\user\Desktop\Asystent Firma 2015.lnk 2016-09-29 09:14 - 2014-02-06 08:06 - 00000833 _____ C:\Users\Public\Desktop\Zagraj w grę Shrek 2.lnk 2016-09-29 09:14 - 2014-02-03 22:23 - 00000822 _____ C:\Users\Public\Desktop\LEGO MARVEL Super Heroes.lnk 2016-09-29 09:14 - 2014-02-03 22:18 - 00000696 _____ C:\Users\Public\Desktop\Rayman Origins.lnk 2016-09-29 09:14 - 2013-09-15 12:05 - 00001143 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2016-09-29 09:14 - 2013-09-13 01:02 - 00000746 _____ C:\Users\user\Desktop\PRZETARGI - Skrót.lnk 2016-09-29 09:14 - 2013-09-13 01:02 - 00000746 _____ C:\Users\user\Desktop\DOKUMENTY - Shortcut.lnk 2016-09-29 09:14 - 2013-09-13 01:02 - 00000723 _____ C:\Users\user\Desktop\OFERTY - Skrót.lnk 2016-09-29 09:14 - 2013-09-13 01:01 - 00000858 _____ C:\Users\user\Desktop\dokumentacje techniczne - Skrót.lnk 2016-09-29 09:14 - 2013-09-13 00:56 - 00000719 _____ C:\Users\user\Desktop\Skrót do trybuny ludów 25.lnk 2016-09-29 09:14 - 2013-09-13 00:56 - 00000581 _____ C:\Users\user\Desktop\Skrót do wierzytelności.lnk 2016-09-29 09:14 - 2013-09-06 19:22 - 00000355 _____ C:\Users\user\Desktop\Komputer - skrót.lnk 2016-09-29 09:13 - 2014-07-22 19:58 - 00000266 __RSH C:\ProgramData\ntuser.pol 2016-09-29 09:12 - 2012-07-26 09:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-09-29 09:09 - 2013-09-15 12:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-09-29 09:08 - 2013-09-15 10:50 - 00000000 ____D C:\Users\user\Desktop\skróty 2016-09-29 09:06 - 2014-01-12 00:16 - 00000000 ____D C:\Users\user\Documents\Dell Downloads 2016-09-29 08:59 - 2013-09-30 12:02 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-698474549-3661863871-719037460-1002 2016-09-29 08:44 - 2013-09-06 10:01 - 00000000 ____D C:\Users\user\AppData\Local\Deployment 2016-09-29 08:28 - 2013-09-13 23:26 - 00795984 _____ C:\Windows\system32\perfh015.dat 2016-09-29 08:28 - 2013-09-13 23:26 - 00160066 _____ C:\Windows\system32\perfc015.dat 2016-09-29 08:28 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\AUInstallAgent 2016-09-29 08:28 - 2012-07-26 09:28 - 01796820 _____ C:\Windows\system32\PerfStringBackup.INI 2016-09-29 08:27 - 2012-07-26 10:12 - 00000000 ___HD C:\Program Files\WindowsApps 2016-09-29 08:25 - 2013-08-12 18:36 - 00000000 ___HD C:\Windows\system32\WLANProfiles 2016-09-29 01:24 - 2014-06-30 12:53 - 00000000 ____D C:\AdwCleaner 2016-09-29 01:17 - 2012-07-26 07:26 - 00262144 ___SH C:\Windows\system32\config\BBI 2016-09-29 00:54 - 2014-06-30 13:39 - 00003818 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2016-09-29 00:54 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2016-09-29 00:54 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\Macromed 2016-09-29 00:46 - 2014-12-27 17:13 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2016-09-29 00:31 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\NDF 2016-09-29 00:21 - 2013-08-12 18:38 - 00000000 ____D C:\Users\UpdatusUser 2016-09-29 00:13 - 2013-08-12 18:38 - 00000000 ____D C:\ProgramData\NVIDIA 2016-09-29 00:11 - 2013-09-14 00:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell 2016-09-29 00:11 - 2013-09-14 00:00 - 00000000 ____D C:\Program Files\Classic Shell 2016-09-29 00:08 - 2015-05-20 12:54 - 00000000 ____D C:\Windows\system32\appraiser 2016-09-29 00:08 - 2014-08-14 08:13 - 00000000 ___SD C:\Windows\system32\CompatTel 2016-09-29 00:08 - 2012-07-26 10:12 - 00000000 ___RD C:\Windows\ToastData 2016-09-29 00:08 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\SysWOW64\WinMetadata 2016-09-29 00:08 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\WinMetadata 2016-09-29 00:08 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\WinBioPlugIns 2016-09-29 00:08 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\PolicyDefinitions 2016-09-29 00:08 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Windows Defender 2016-09-29 00:08 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files (x86)\Windows Defender 2016-09-29 00:08 - 2012-07-26 07:38 - 00000000 ____D C:\Windows\system32\Sysprep 2016-09-29 00:07 - 2014-11-26 11:31 - 00000000 ____D C:\Windows\system32\AutoUpdateLicense 2016-09-29 00:07 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\rescache 2016-09-29 00:07 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\Help 2016-09-29 00:07 - 2012-07-26 07:37 - 00000000 ____D C:\Windows\servicing 2016-09-29 00:06 - 2016-06-27 14:03 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Total Commander 2016-09-29 00:06 - 2016-06-27 14:03 - 00000000 ____D C:\Users\user\AppData\Roaming\GHISLER 2016-09-29 00:06 - 2015-05-21 18:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect 3 2016-09-29 00:06 - 2015-05-21 18:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator 2016-09-29 00:06 - 2015-02-23 10:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime 2016-09-29 00:06 - 2015-01-27 10:48 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Smart Menu 2016-09-29 00:06 - 2015-01-08 15:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Editor 2.4 2016-09-29 00:06 - 2014-12-30 09:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pazera Free AVI to MP4 Converter 2016-09-29 00:06 - 2014-07-22 19:58 - 00000000 ____D C:\Users\UpdatusUser\AppData\Local\Torch 2016-09-29 00:06 - 2014-03-07 22:33 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\eTeks Sweet Home 3D 2016-09-29 00:06 - 2013-12-30 17:45 - 00000000 ____D C:\Users\user\AppData\Roaming\uTorrent 2016-09-29 00:06 - 2013-11-21 09:17 - 00000000 ____D C:\ProgramData\Package Cache 2016-09-29 00:06 - 2013-09-19 11:02 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2016-09-29 00:06 - 2013-09-19 11:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2016-09-29 00:06 - 2013-09-06 09:02 - 00000000 ____D C:\Users\user\AppData\Local\Packages 2016-09-29 00:05 - 2016-08-03 09:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7 Sticky Notes 2016-09-29 00:05 - 2016-07-20 11:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Asystent Firma 2016 2016-09-29 00:05 - 2016-03-24 20:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firebird 2.0 2016-09-29 00:05 - 2016-03-24 20:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\doPDF 7 2016-09-29 00:05 - 2015-08-21 10:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnyDesk 2016-09-29 00:05 - 2015-05-20 14:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Asystent Firma 2015 2016-09-29 00:05 - 2015-02-11 20:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DWG TrueView 2014 2016-09-29 00:05 - 2014-09-12 16:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2016-09-29 00:05 - 2014-05-21 12:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Asystent Firma 2014 2016-09-29 00:05 - 2014-02-05 23:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin 2016-09-29 00:05 - 2013-12-23 12:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon CanoScan LiDE 110 Manual 2016-09-29 00:05 - 2013-12-23 12:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CanoScan LiDE 110 2016-09-29 00:05 - 2013-11-21 09:19 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless 2016-09-29 00:05 - 2013-11-21 09:19 - 00000000 ____D C:\ProgramData\Intel.sav 2016-09-29 00:05 - 2013-10-21 08:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2016-09-29 00:05 - 2013-10-21 08:53 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2016-09-29 00:05 - 2013-09-16 18:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Manager 2016-09-29 00:05 - 2013-09-14 02:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Asystent Firma 2013 2016-09-29 00:05 - 2013-09-14 00:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NapiProjekt 2016-09-29 00:05 - 2013-09-13 00:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016-09-29 00:05 - 2013-09-06 12:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack 2016-09-29 00:05 - 2013-09-06 12:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2016-09-29 00:05 - 2013-09-06 12:20 - 00000000 ____D C:\Program Files\CCleaner 2016-09-29 00:05 - 2013-08-12 19:08 - 00000000 ____D C:\Program Files\STMicroelectronics 2016-09-29 00:05 - 2013-08-12 19:08 - 00000000 ____D C:\Program Files\DellTPad 2016-09-29 00:05 - 2013-08-12 18:49 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Media Suite 2016-09-29 00:05 - 2013-08-12 18:37 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel 2016-09-29 00:05 - 2013-08-12 18:37 - 00000000 ____D C:\Program Files\NVIDIA Corporation 2016-09-29 00:05 - 2013-08-12 18:35 - 00000000 ____D C:\ProgramData\Intel 2016-09-29 00:05 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Common Files\microsoft shared 2016-09-29 00:04 - 2015-08-21 10:08 - 00000000 ____D C:\Program Files (x86)\AnyDesk 2016-09-29 00:04 - 2013-10-21 08:53 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2016-09-29 00:04 - 2013-08-12 18:38 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2016-09-29 00:04 - 2013-08-12 18:14 - 00000000 ____D C:\Program Files (x86)\Intel 2016-09-28 23:55 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\registration 2016-09-28 23:51 - 2014-07-22 19:58 - 00000000 ____D C:\Users\Guest\AppData\Local\Torch 2016-09-28 23:51 - 2014-07-22 19:58 - 00000000 ____D C:\Users\Guest\AppData\Local\Google 2016-09-28 23:51 - 2014-07-22 19:58 - 00000000 ____D C:\Users\Guest\AppData\Local\Comodo 2016-09-28 23:51 - 2014-07-22 19:58 - 00000000 ____D C:\Users\Guest 2016-09-28 23:51 - 2014-07-22 19:58 - 00000000 ____D C:\Users\Administrator\AppData\Local\Torch 2016-09-28 23:51 - 2014-07-22 19:58 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google 2016-09-28 23:51 - 2014-07-22 19:58 - 00000000 ____D C:\Users\Administrator\AppData\Local\Comodo 2016-09-28 23:51 - 2014-07-22 19:58 - 00000000 ____D C:\Users\Administrator 2016-09-28 23:51 - 2013-09-15 12:05 - 00000000 ____D C:\Users\user\AppData\Local\Mozilla 2016-09-28 23:51 - 2013-08-12 18:42 - 00000000 ____D C:\ProgramData\Wave Systems Corp 2016-09-28 23:50 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Windows NT 2016-09-28 23:50 - 2012-07-26 09:52 - 00000000 ____D C:\Program Files\Windows Journal 2016-09-28 23:49 - 2013-08-12 18:35 - 00000000 ____D C:\Program Files\Intel 2016-09-28 23:48 - 2013-11-21 09:19 - 00000000 ____D C:\Program Files (x86)\Cisco 2016-09-28 23:47 - 2013-09-13 00:13 - 00000000 __RHD C:\MSOCache 2016-09-28 17:21 - 2013-09-13 00:51 - 00000000 ____D C:\Users\user\Documents\Pliki programu Outlook 2016-09-28 14:58 - 2013-09-19 20:15 - 00000000 ____D C:\Users\user\Documents\CyberLink 2016-09-28 10:41 - 2015-05-22 06:59 - 00000000 ____D C:\Users\user\AppData\Local\PDFCreator 2016-09-24 11:29 - 2015-03-02 20:08 - 00011417 _____ C:\Users\user\Desktop\lista nieruchomości.xlsx 2016-09-24 11:00 - 2016-07-20 11:49 - 00000048 _____ C:\Users\user\Documents\Asystent7-19.dat 2016-09-22 23:19 - 2013-09-06 12:36 - 00000000 ____D C:\Windows\system32\MRT 2016-09-22 11:16 - 2013-09-16 13:28 - 00000000 ____D C:\Users\user\AppData\Roaming\Media Player Classic 2016-09-22 11:15 - 2013-12-30 10:40 - 00000000 ____D C:\Windows\Minidump 2016-09-14 15:26 - 2013-08-12 18:14 - 00000000 ____D C:\Intel 2016-09-14 13:52 - 2015-01-29 09:56 - 00000000 ____D C:\Users\user\AppData\Roaming\AnyDesk 2016-09-07 15:01 - 2013-09-13 00:45 - 00000000 ____D C:\Users\user\AppData\Roaming\TeamViewer 2016-09-07 13:45 - 2016-08-03 09:21 - 00000000 ____D C:\ProgramData\WinZip 2016-09-07 12:39 - 2015-05-21 18:13 - 00003888 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1432224798 2016-09-01 18:55 - 2013-12-23 12:17 - 00000000 ____D C:\ProgramData\CanonIJPLM ==================== Files in the root of some directories ======= 2016-03-24 20:34 - 2016-03-24 20:34 - 6493696 _____ () C:\Users\user\AppData\Roaming\agent.dat 2016-03-24 20:33 - 2016-03-24 20:33 - 0127488 _____ () C:\Users\user\AppData\Roaming\Installer.dat 2016-03-24 20:34 - 2016-03-24 20:34 - 0018432 _____ () C:\Users\user\AppData\Roaming\Main.dat 2016-09-22 12:38 - 2016-09-22 12:38 - 0007638 _____ () C:\Users\user\AppData\Local\Resmon.ResmonCfg 2015-06-10 15:02 - 2010-03-30 11:12 - 0024772 _____ () C:\ProgramData\P1210DEF.css 2015-06-10 15:02 - 2015-06-10 15:02 - 0015771 _____ () C:\ProgramData\P1210OS.HTM 2015-06-10 15:02 - 2010-03-30 11:12 - 0002944 _____ () C:\ProgramData\P1210SIG.GIF 2013-08-12 18:52 - 2013-08-12 18:53 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log 2013-08-12 18:49 - 2013-08-12 18:49 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log 2013-08-12 18:49 - 2013-08-12 18:50 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log 2013-08-12 18:49 - 2013-08-12 18:49 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log 2013-08-12 18:51 - 2013-08-12 18:52 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log Some files in TEMP: ==================== C:\Users\user\AppData\Local\Temp\libeay32.dll C:\Users\user\AppData\Local\Temp\msvcr120.dll C:\Users\user\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-09-29 08:59 ==================== End of FRST.txt ============================