Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-03-2019 Ran by admin (administrator) on ADMIN-PC (10-04-2019 07:34:36) Running from C:\Users\admin\Downloads Loaded Profiles: admin (Available Profiles: admin) Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: Angielski (Stany Zjednoczone) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Comodo Security Solutions, Inc. -> COMODO) C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe (Hewlett-Packard Company -> Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Comodo Security Solutions, Inc. -> COMODO) C:\Program Files\Comodo\COMODO Internet Security\cistray.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe (Comodo Security Solutions, Inc. -> COMODO) C:\Program Files\Comodo\Internet Security Essentials\isesrv.exe (Synaptics, Inc.) [File not signed] C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe (Comodo Security Solutions, Inc. -> COMODO) C:\Program Files\Comodo\COMODO Internet Security\cavwp.exe (CHENGDU YIWO Tech Development Co., Ltd. -> ) C:\Program Files\EaseUS\Todo Backup\bin\TodoBackupService.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\vds.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe (Comodo Security Solutions, Inc. -> COMODO) C:\Program Files\Comodo\COMODO Internet Security\cis.exe (Comodo Security Solutions, Inc. -> Comodo) C:\Program Files\Comodo\Dragon\dragon_updater.exe (Comodo Security Solutions, Inc. -> COMODO) C:\Program Files\Comodo\Internet Security Essentials\vkise.exe (Brother Industries, Ltd.) [File not signed] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) [File not signed] C:\Program Files\ControlCenter4\BrCtrlCntr.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Brother Industries, Ltd.) [File not signed] C:\Program Files\Browny02\BrYNSvc.exe (Disc Soft Ltd -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTAgent.exe (Brother Industries, Ltd.) [File not signed] C:\Program Files\ControlCenter4\BrCcUxSys.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\Scrybe\scrybe.exe (Disc Soft Ltd -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [IseUI] => C:\Program Files\COMODO\Internet Security Essentials\vkise.exe [4072648 2018-04-24] (Comodo Security Solutions, Inc. -> COMODO) HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1491648 2018-12-17] (Comodo Security Solutions, Inc. -> COMODO) HKLM\...\Run: [ControlCenter4] => C:\Program Files\ControlCenter4\BrCcBoot.exe [139776 2014-06-16] (Brother Industries, Ltd.) [File not signed] HKLM\...\Run: [BrStsMon00] => C:\Program Files\Browny02\Brother\BrStMonW.exe [4513792 2014-05-22] (Brother Industries, Ltd.) [File not signed] HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2049320 2010-12-22] (Synaptics Incorporated -> Synaptics Incorporated) HKU\S-1-5-21-3450171141-3961884624-1861536451-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4134080 2017-12-15] (Disc Soft Ltd -> Disc Soft Ltd) HKU\S-1-5-21-3450171141-3961884624-1861536451-1000\...\Run: [ALLUpdate] => C:\Program Files\ALLPlayer\ALLUpdate.exe [3884720 2017-10-04] (ALLPlayer Group -> ALLPlayer.org) HKU\S-1-5-21-3450171141-3961884624-1861536451-1000\...\Run: [Free Download Manager] => "C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\fdm.exe" --minimized Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Scrybe.lnk [2018-06-18] ShortcutTarget: Scrybe.lnk -> C:\Windows\Installer\{13061CAA-0284-4F9A-B460-3D4699575B35}\NewShortcut11_8ACB210B42E44145A8C31F8E3DD765A3.exe (Acresso Software Inc.) [File not signed] ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: 127.0.0.1 localhost Tcpip\Parameters: [DhcpNameServer] 94.232.216.45 208.67.222.220 8.8.8.8 10.0.0.1 Tcpip\..\Interfaces\{3B8E8EB8-D5AE-47F4-BB20-F0E35BC35345}: [DhcpNameServer] 8.8.8.8 8.8.8.8 192.168.1.1 Tcpip\..\Interfaces\{5489A24F-D5CF-4E8C-868E-B26FA8431F96}: [DhcpNameServer] 94.232.216.45 208.67.222.220 8.8.8.8 10.0.0.1 Tcpip\..\Interfaces\{5B914D5D-5119-4D13-81B4-16D5CF31B142}: [DhcpNameServer] 192.168.100.252 Tcpip\..\Interfaces\{94433D38-0195-45CE-A498-BE7A0892BED2}: [NameServer] 8.8.8.8 Tcpip\..\Interfaces\{B355275B-3828-41F9-ABC3-506E14B0D866}: [DhcpNameServer] 8.8.8.8 8.8.8.8 192.168.1.1 Internet Explorer: ================== BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2019-04-05] (Microsoft Corporation -> Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\Office16\URLREDIR.DLL [2019-04-05] (Microsoft Corporation -> Microsoft Corporation) BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2019-04-05] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-04-05] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-04-05] (Microsoft Corporation -> Microsoft Corporation) Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-04-05] (Microsoft Corporation -> Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-04-05] (Microsoft Corporation -> Microsoft Corporation) FireFox: ======== FF DefaultProfile: 65gf6gsp.default FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\65gf6gsp.default [2019-04-10] FF Homepage: Mozilla\Firefox\Profiles\65gf6gsp.default -> onet.pl FF Extension: (Adblock Plus - darmowy adblocker) - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\65gf6gsp.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2019-04-04] FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Software Incorporated -> Foxit Corporation) FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Software Incorporated -> Foxit Corporation) FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Software Incorporated -> Foxit Corporation) FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Software Incorporated -> Foxit Corporation) FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-04-05] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-04-05] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-02-01] (Adobe Systems, Incorporated -> Adobe Systems Inc.) ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed] R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7114312 2019-03-28] (Microsoft Corporation -> Microsoft Corporation) R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [8536280 2019-02-11] (Comodo Security Solutions, Inc. -> COMODO) S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2080448 2018-12-17] (Comodo Security Solutions, Inc. -> COMODO) R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [2933952 2017-12-15] (Disc Soft Ltd -> Disc Soft Ltd) R2 DragonUpdater; C:\Program Files\Comodo\Dragon\dragon_updater.exe [2247440 2019-03-28] (Comodo Security Solutions, Inc. -> Comodo) R2 EaseUS Agent; C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe [40080 2018-10-22] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) R2 isesrv; C:\Program Files\COMODO\Internet Security Essentials\isesrv.exe [1199816 2018-04-24] (Comodo Security Solutions, Inc. -> COMODO) R2 ScrybeUpdater; C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe [1294848 2011-01-14] (Synaptics, Inc.) [File not signed] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Windows -> Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 Accelerometer; C:\Windows\System32\DRIVERS\Accelerometer.sys [35896 2011-05-13] (Hewlett-Packard Company -> Hewlett-Packard Company) R3 AgereSoftModem; C:\Windows\System32\DRIVERS\AGRSM.sys [1035776 2009-07-14] (Microsoft Windows -> LSI Corp) R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [30568 2018-05-22] (Comodo Security Solutions, Inc. -> COMODO) R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [662856 2018-05-22] (Comodo Security Solutions, Inc. -> COMODO) R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [54368 2018-05-22] (Comodo Security Solutions, Inc. -> COMODO) R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [26168 2018-01-07] (Disc Soft Ltd -> Disc Soft Ltd) R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [40504 2018-01-07] (Disc Soft Ltd -> Disc Soft Ltd) S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [21960 2018-10-22] (CHENGDU YIWO Tech Development Co., Ltd. -> ) R0 EPMVolFlt; C:\Windows\System32\drivers\EPMVolFlt.sys [17992 2018-10-18] (CHENGDU YIWO Tech Development Co., Ltd. -> Windows (R) Codename Longhorn DDK provider) R0 EUBAKUP; C:\Windows\System32\drivers\eubakup.sys [64968 2018-10-22] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [47048 2018-10-22] (CHENGDU YIWO Tech Development Co., Ltd. -> ) R1 EUDSKACS; C:\Windows\system32\drivers\eudskacs.sys [20936 2018-10-22] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) R1 EUFDDISK; C:\Windows\system32\drivers\EuFdDisk.sys [296392 2018-10-22] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [10208 2018-10-24] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [55144 2018-06-22] (F-Secure Corporation -> ) S3 HECI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2009-09-17] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) R0 hpdskflt; C:\Windows\System32\DRIVERS\hpdskflt.sys [25656 2011-05-13] (Hewlett-Packard Company -> Hewlett-Packard Company) R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [107880 2018-05-22] (Comodo Security Solutions, Inc. -> COMODO) R1 isedrv; C:\Windows\system32\drivers\isedrv.sys [40944 2018-04-24] (Comodo Security Solutions, Inc. -> COMODO) S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [1317952 2012-04-17] (Ralink Technology Corporation -> Ralink Technology Corp.) R3 NETw5s32; C:\Windows\System32\DRIVERS\NETw5s32.sys [6755840 2010-01-13] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) S3 RTL8167; C:\Windows\System32\DRIVERS\Rt86win7.sys [139776 2009-07-14] (Microsoft Windows -> Realtek Corporation ) S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13368 2019-04-02] (Slimware Utilities Holdings, Inc. -> SlimWare Utilities, Inc.) S3 MFE_RR; \??\C:\Users\admin\AppData\Local\Temp\mfe_rr.sys [X] <==== ATTENTION S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-04-10 07:34 - 2019-04-10 07:35 - 000014113 _____ C:\Users\admin\Downloads\FRST.txt 2019-04-10 07:34 - 2019-04-10 07:34 - 001793024 _____ (Farbar) C:\Users\admin\Downloads\FRST.exe 2019-04-10 07:34 - 2019-04-10 07:34 - 000000000 ____D C:\FRST 2019-04-02 15:07 - 2019-04-02 15:07 - 000000846 _____ C:\Users\admin\Desktop\Survivor24 — skrót.lnk 2019-04-02 15:06 - 2019-04-02 15:06 - 000000000 ____D C:\Windows\system32\appmgmt 2019-03-30 20:59 - 2019-03-30 20:59 - 000000000 ____D C:\Program Files\Common Files\DESIGNER 2019-03-30 13:39 - 2019-03-30 20:20 - 000000000 ____D C:\Windows\AutoKMS 2019-03-29 20:27 - 2019-03-29 20:28 - 059192832 _____ () C:\Users\admin\Downloads\Microsoft Toolkit 2.6.4.exe 2019-03-29 20:24 - 2019-03-29 20:40 - 000000000 ____D C:\Users\admin\AppData\Local\MSfree Inc 2019-03-29 20:21 - 2019-03-29 20:21 - 000002228 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk 2019-03-29 20:21 - 2019-03-29 20:21 - 000002131 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk 2019-03-29 20:21 - 2019-03-29 20:21 - 000002131 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk 2019-03-29 20:21 - 2019-03-29 20:21 - 000000000 ___RD C:\Users\admin\OneDrive 2019-03-29 20:21 - 2019-03-29 20:21 - 000000000 ____D C:\ProgramData\Microsoft OneDrive 2019-03-29 20:21 - 2019-03-29 20:21 - 000000000 ____D C:\Program Files\Microsoft OneDrive 2019-03-29 20:18 - 2019-03-29 20:18 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk 2019-03-29 20:18 - 2019-03-29 20:18 - 000002404 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk 2019-03-29 20:18 - 2019-03-29 20:18 - 000002399 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk 2019-03-29 20:18 - 2019-03-29 20:18 - 000002398 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk 2019-03-29 20:18 - 2019-03-29 20:18 - 000002362 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk 2019-03-29 20:18 - 2019-03-29 20:18 - 000002361 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk 2019-03-29 20:18 - 2019-03-29 20:18 - 000002355 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk 2019-03-29 20:18 - 2019-03-29 20:18 - 000002349 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk 2019-03-29 20:18 - 2019-03-29 20:18 - 000002341 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk 2019-03-29 20:17 - 2019-04-05 20:21 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2019-03-29 20:15 - 2019-03-29 20:15 - 000000000 ____D C:\Program Files\Microsoft Office 15 2019-03-29 15:57 - 2019-03-29 15:57 - 000001081 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.10.8.lnk 2019-03-29 15:57 - 2019-03-29 15:57 - 000001069 _____ C:\Users\Public\Desktop\GIMP 2.10.8.lnk 2019-03-29 15:54 - 2019-03-29 15:55 - 000000000 ____D C:\Program Files\GIMP 2 2019-03-20 16:42 - 2019-03-20 16:42 - 000000846 _____ C:\Users\admin\Desktop\Survivor29 — skrót.lnk 2019-03-19 13:26 - 2019-03-19 13:26 - 022135544 _____ C:\Users\admin\Desktop\[12] Szewczyk M., Jawień A. (red.)- Leczenie ran przewlekłych.pdf ==================== One month (modified) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-04-10 07:34 - 2018-01-07 19:30 - 000000000 ____D C:\Users\admin\AppData\LocalLow\Mozilla 2019-04-10 07:27 - 2018-11-16 16:10 - 000000000 ____D C:\Program Files\ALLPlayer 2019-04-10 06:55 - 2009-07-14 06:34 - 000026544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2019-04-10 06:55 - 2009-07-14 06:34 - 000026544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2019-04-10 06:52 - 2018-01-07 18:09 - 000740332 _____ C:\Windows\system32\perfh015.dat 2019-04-10 06:52 - 2018-01-07 18:09 - 000155874 _____ C:\Windows\system32\perfc015.dat 2019-04-10 06:52 - 2010-11-20 23:01 - 001669190 _____ C:\Windows\system32\PerfStringBackup.INI 2019-04-10 06:52 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\inf 2019-04-10 06:45 - 2018-01-07 19:30 - 000000000 ____D C:\Program Files\Comodo 2019-04-10 06:45 - 2009-07-14 06:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2019-04-05 20:20 - 2009-07-14 04:37 - 000000000 ____D C:\Program Files\Common Files\microsoft shared 2019-04-05 20:19 - 2018-01-07 20:00 - 000000000 ____D C:\Program Files\Microsoft Office 2019-04-02 15:06 - 2018-12-19 13:34 - 000000000 ____D C:\Users\admin\AppData\Local\Free Download Manager 2019-04-02 15:05 - 2018-06-18 16:43 - 000013368 _____ (SlimWare Utilities, Inc.) C:\Windows\system32\Drivers\SWDUMon.sys 2019-03-29 20:49 - 2009-07-14 06:33 - 000451112 _____ C:\Windows\system32\FNTCACHE.DAT 2019-03-29 20:22 - 2018-01-07 15:17 - 000117064 _____ C:\Users\admin\AppData\Local\GDIPFONTCACHEV1.DAT 2019-03-29 20:21 - 2018-01-07 13:04 - 000000000 ____D C:\Users\admin 2019-03-29 20:12 - 2018-06-20 07:28 - 000000000 ____D C:\Users\admin\AppData\Roaming\IrfanView 2019-03-29 16:59 - 2019-01-04 21:26 - 000000000 ____D C:\Users\admin\Desktop\dokumentacja 2019-03-29 14:03 - 2018-01-07 19:30 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service 2019-03-29 14:03 - 2018-01-07 19:29 - 000000000 ____D C:\Program Files\Mozilla Firefox 2019-03-26 07:18 - 2018-06-21 19:05 - 000000000 ____D C:\Users\admin\AppData\Local\CrashDumps Some files in TEMP: ==================== 2015-07-31 15:51 - 2015-07-31 15:51 - 000202928 ____R (Microsoft Corporation) C:\Users\admin\AppData\Local\Temp\ose00000.exe 2019-03-29 20:32 - 2019-03-29 20:32 - 000911768 _____ (Microsoft Corporation) C:\Users\admin\AppData\Local\Temp\PidGenX.dll 2018-06-18 16:33 - 2006-05-24 19:10 - 000455600 _____ (Macrovision Corporation) C:\Users\admin\AppData\Local\Temp\_is3C06.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\system32\dllhost.exe => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2019-04-04 20:23 ==================== End of FRST.txt ============================