Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-01-2015 02 Ran by SIPLACEAdmin (administrator) on SIPLACE-OFFLINE on 14-01-2015 07:52:33 Running from D:\ Loaded Profile: SIPLACEAdmin (Available profiles: plr & SIPLACEAdmin & UpdatusUser) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Polski (Polska) Internet Explorer Version 8 (Default browser: Chrome) Boot Mode: Safe Mode (with Networking) Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2891592 2013-06-10] (ELAN Microelectronics Corp.) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2009-12-22] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [948672 2009-12-11] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [DLSService] => "C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe" HKLM-x32\...\Run: [StatusClient 2.6] => C:\Program Files (x86)\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe [61440 2004-02-12] (Hewlett-Packard) HKLM-x32\...\Run: [TomcatStartup 2.5] => C:\Program Files (x86)\Hewlett-Packard\Toolbox\hpbpsttp.exe [163840 2004-02-12] (Hewlett-Packard) HKLM-x32\...\Run: [Firebird] => C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe [98304 2013-03-19] (Firebird Project) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1363554176-1050123802-1245359072-1008\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd) HKU\S-1-5-21-1363554176-1050123802-1245359072-1008\...\Run: [SkyDrive] => C:\Users\SIPLACEAdmin\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2014-09-25] (Microsoft Corporation) HKU\S-1-5-21-1363554176-1050123802-1245359072-1008\...\Run: [DymoQuickPrint] => C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe [1825360 2011-01-28] (Sanford, L.P.) HKU\S-1-5-21-1363554176-1050123802-1245359072-1008\...\RunOnce: [Uninstall C:\Users\SIPLACEAdmin\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512_1\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\SIPLACEAdmin\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512_1\amd64" HKU\S-1-5-21-1363554176-1050123802-1245359072-1008\...\RunOnce: [Uninstall C:\Users\SIPLACEAdmin\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512_1] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\SIPLACEAdmin\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512_1" HKU\S-1-5-21-1363554176-1050123802-1245359072-1008\...\RunOnce: [Uninstall C:\Users\SIPLACEAdmin\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\SIPLACEAdmin\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64" HKU\S-1-5-21-1363554176-1050123802-1245359072-1008\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_14_0_0_176_ActiveX.exe [851632 2014-08-13] (Adobe Systems Incorporated) HKU\S-1-5-21-1363554176-1050123802-1245359072-1008\...\MountPoints2: {5927917f-bb2b-11e3-bf44-54bef753a6d4} - H:\wubi.exe HKU\S-1-5-21-1363554176-1050123802-1245359072-1008\...\MountPoints2: {650c11cf-7571-11e4-866b-1c3e84df7024} - G:\AutoRun.exe AppInit_DLLs: ,C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [184048 2013-12-26] (NVIDIA Corporation) AppInit_DLLs-x32: ,C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [156256 2013-12-26] (NVIDIA Corporation) Lsa: [Notification Packages] scecli C:\Program Files\Lenovo\Bluetooth Software\BtwProximityCP.dll Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SIPLACELicensingStateManager.lnk ShortcutTarget: SIPLACELicensingStateManager.lnk -> C:\Program Files (x86)\SIPLACE\SIPLACE Licensing2\Asm.As.License.StateManager.exe (ASM Assembly Systems) CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.wp.pl/?src01=dp220140814 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.wp.pl/?src01=dp220140814 HKU\S-1-5-21-1363554176-1050123802-1245359072-1008\Software\Microsoft\Internet Explorer\Main,Start Page = www.wp.pl/?src01=dp220140814 StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) DPF: HKLM-x32 {108D3206-846A-4A93-BACB-F0572D043ED7} http://192.168.1.108:88/webrec.cab Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox: ======== FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @dymo.com/DymoLabelFramework -> C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll ( Sanford L.P.) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) Chrome: ======= CHR Profile: C:\Users\SIPLACEAdmin\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Dokumenty Google) - C:\Users\SIPLACEAdmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-31] CHR Extension: (Dysk Google) - C:\Users\SIPLACEAdmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-31] CHR Extension: (YouTube) - C:\Users\SIPLACEAdmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-31] CHR Extension: (Szukaj w Google) - C:\Users\SIPLACEAdmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-31] CHR Extension: (Podio Notifications) - C:\Users\SIPLACEAdmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaafmmmpabgogfimjhfakfcemahdbaf [2014-08-14] CHR Extension: (Google Wallet) - C:\Users\SIPLACEAdmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-31] CHR Extension: (Gmail) - C:\Users\SIPLACEAdmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-31] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 Asm.As.License; C:\Program Files (x86)\SIPLACE\SIPLACE Licensing2\Asm.As.License.Host.exe [9728 2012-03-12] (ASM Assembly Systems) [File not signed] S3 BBxService; C:\Program Files (x86)\BMC Software\BMC AppSight\AppSight for Windows\Bin\BBxService.exe [846712 2010-10-13] (BMC Software, Inc.) [File not signed] S2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [1008344 2013-03-29] (Broadcom Corporation.) S2 DeskInfoService; C:\Program Files (x86)\SIPLACE\SIPLACE Pro\DeskInfo.exe [11776 2014-04-03] (ASM Assembly Systems) [File not signed] S2 DymoPnpService; C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [32336 2011-01-28] (Sanford, L.P.) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed] S3 LC_Dispatcher; C:\Program Files (x86)\SIPLACE\SIPLACE Pro\LCDSVR.exe [3410944 2014-04-03] (ASM Assembly Systems) [File not signed] S3 LineControlServer; C:\Program Files (x86)\SIPLACE\SIPLACE Pro\LCSVR.exe [6787072 2014-04-03] (ASM Assembly Systems) [File not signed] S2 MSMQ; C:\Windows\system32\mqsvc.exe [9216 2009-07-14] (Microsoft Corporation) S2 MSMQTriggers; C:\Windows\system32\mqtgsvc.exe [189440 2010-11-21] (Microsoft Corporation) S2 MSSQL$SIPLACE_2008R2EX; C:\Program Files\Microsoft SQL Server\MSSQL10_50.SIPLACE_2008R2EX\MSSQL\Binn\sqlservr.exe [62218696 2012-06-29] (Microsoft Corporation) S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2014-04-28] (Hewlett-Packard) [File not signed] S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2014-04-28] (Hewlett-Packard) [File not signed] S4 SQLAgent$SIPLACE_2008R2EX; C:\Program Files\Microsoft SQL Server\MSSQL10_50.SIPLACE_2008R2EX\MSSQL\Binn\SQLAGENT.EXE [441288 2012-06-29] (Microsoft Corporation) S2 VisionTeachStation Service; C:\Program Files (x86)\SIPLACE\SIPLACE Pro\VtsAdapter.exe [65536 2014-04-03] (ASM Assembly Systems) [File not signed] S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} S2 Crypkey License; crypserv.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170200 2013-03-27] (Broadcom Corporation.) S3 CH341SER_A64; C:\Windows\System32\Drivers\CH341S64.SYS [57856 2011-04-07] (www.winchiphead.com) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-04-03] (Disc Soft Ltd) R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [128200 2013-04-03] (Qualcomm Atheros Co., Ltd.) S3 MQAC; C:\Windows\System32\drivers\mqac.sys [189440 2009-07-14] (Microsoft Corporation) S4 RsFx0153; C:\Windows\System32\DRIVERS\RsFx0153.sys [321992 2012-06-29] (Microsoft Corporation) R1 {49ae2e47-5ec4-48ed-9fbc-0a5ab39ede5a}w64; C:\Windows\System32\drivers\{49ae2e47-5ec4-48ed-9fbc-0a5ab39ede5a}w64.sys [61584 2014-08-07] (StdLib) R1 {c5e48979-bd7f-4cf7-9b73-2482a67a4f37}w64; C:\Windows\System32\drivers\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}w64.sys [61584 2014-08-15] (StdLib) S1 NetworkX; \SystemRoot\system32\ckldrv.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-14 07:50 - 2015-01-14 07:52 - 00000000 ____D () C:\FRST 2015-01-13 09:42 - 2015-01-13 09:42 - 00013506 _____ () C:\Users\SIPLACEAdmin\Desktop\mspaint.exe — skrót.lnk 2015-01-12 13:16 - 2015-01-12 13:45 - 101218661 _____ () C:\Users\SIPLACEAdmin\launch.exe 2015-01-12 13:15 - 2015-01-12 13:15 - 00095834 _____ () C:\Users\SIPLACEAdmin\OTL.Txt 2015-01-12 13:05 - 2015-01-12 13:05 - 00000745 _____ () C:\Users\SIPLACEAdmin\xp_exe_fix.zip 2015-01-12 13:03 - 2015-01-12 13:03 - 03894696 _____ (solvusoft Corporation ) C:\Users\SIPLACEAdmin\Narzędzie_naprawy_programu_Błąd_0x8000FFFF__WinThruster.exe 2015-01-12 12:29 - 2015-01-12 12:30 - 05317104 _____ (Piriform Ltd) C:\Users\SIPLACEAdmin\ccsetup501.exe 2015-01-12 12:22 - 2015-01-12 12:22 - 00133556 _____ () C:\Users\SIPLACEAdmin\Desktop\TPv2_zm.GBX 2015-01-12 12:14 - 2015-01-12 12:16 - 00000000 ____D () C:\ProgramData\MFAData 2015-01-12 12:14 - 2015-01-12 12:14 - 00000000 ____D () C:\Users\SIPLACEAdmin\AppData\Local\MFAData 2015-01-12 12:14 - 2015-01-12 12:14 - 00000000 ____D () C:\Users\SIPLACEAdmin\AppData\Local\Avg2015 2015-01-12 11:26 - 2015-01-12 11:26 - 04578040 _____ (AVG Technologies) C:\Users\SIPLACEAdmin\avg_free_stb_all_2015_5315_ppc1 (1).exe 2015-01-09 10:00 - 2015-01-09 10:00 - 00000123 _____ () C:\Users\SIPLACEAdmin\Desktop\CAM Outputs for ME183b.txt 2015-01-09 09:48 - 2000-12-14 19:52 - 00800256 _____ () C:\Windows\SysWOW64\CSRTL50.bpl 2015-01-09 09:48 - 2000-12-14 19:52 - 00730112 _____ () C:\Windows\SysWOW64\ProtelComponents50.bpl 2015-01-09 09:48 - 1999-08-11 05:00 - 02020864 _____ (Inprise Corporation) C:\Windows\SysWOW64\vcl50.bpl 2015-01-09 09:48 - 1999-08-11 05:00 - 00557568 _____ (Inprise Corporation) C:\Windows\SysWOW64\vcldb50.bpl 2015-01-09 09:48 - 1999-08-11 05:00 - 00248832 _____ (Inprise Corporation) C:\Windows\SysWOW64\vclx50.bpl 2015-01-09 09:31 - 2015-01-09 09:31 - 00000703 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Protel 99 SE.lnk 2015-01-09 09:31 - 2015-01-09 09:31 - 00000697 _____ () C:\Users\Public\Desktop\Protel 99 SE.lnk 2015-01-09 09:31 - 2015-01-09 09:31 - 00000385 _____ () C:\Windows\AdvSch99SE.ini 2015-01-09 09:31 - 2015-01-09 09:31 - 00000369 _____ () C:\Windows\HelpAdvisor99SE.ini 2015-01-09 09:31 - 2015-01-09 09:31 - 00000332 _____ () C:\Windows\CRYPKEY.INI 2015-01-09 09:31 - 2015-01-09 09:31 - 00000073 _____ () C:\Windows\AdvSIM99SE.INI 2015-01-09 09:31 - 2015-01-09 09:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Protel 99 SE Trial 2015-01-09 09:31 - 1999-12-04 02:09 - 00660992 _____ () C:\Windows\SysWOW64\ProtelComponents.dpl 2015-01-09 09:31 - 1999-12-04 02:08 - 00731136 _____ () C:\Windows\SysWOW64\CSRTL.dpl 2015-01-09 09:31 - 1998-11-16 19:40 - 00284160 _____ (Virtual Media Technology Pty Ltd) C:\Windows\SysWOW64\hdk3ct32.dll 2015-01-09 09:31 - 1998-09-21 12:45 - 00177152 _____ (Virtual Media Technology P/L) C:\Windows\SysWOW64\hdk3an32.dll 2015-01-09 09:31 - 1998-06-22 13:43 - 00026224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ODBC16GT.DLL 2015-01-09 09:31 - 1998-06-22 13:43 - 00009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ODBCCP32.CPL 2015-01-09 09:31 - 1998-06-22 13:43 - 00004656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DS16GT.DLL 2015-01-09 09:31 - 1998-06-17 16:58 - 00048856 _____ () C:\Windows\SysWOW64\ODBCINST.HLP 2015-01-09 09:31 - 1998-05-31 16:02 - 00000324 _____ () C:\Windows\SysWOW64\ODBCINST.CNT 2015-01-09 09:31 - 1998-05-31 15:58 - 00072704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Odbctl32.dll 2015-01-09 09:31 - 1998-04-15 16:56 - 00029696 _____ (Virtual Media Technology P/L) C:\Windows\SysWOW64\hdk3ht32.dll 2015-01-09 09:31 - 1997-10-09 13:33 - 00240128 _____ () C:\Windows\SysWOW64\CkRfresh.exe 2015-01-09 09:31 - 1997-08-27 20:34 - 00172544 _____ (Virtual Media Technology P/L) C:\Windows\SysWOW64\hdk3anim.dll 2015-01-09 09:31 - 1997-08-15 02:17 - 00241664 _____ (Virtual Media Technology Pty Ltd) C:\Windows\SysWOW64\hdk3ctnt.dll 2015-01-09 09:31 - 1997-05-27 02:35 - 00082944 _____ (Virtual Media Technology P/L) C:\Windows\SysWOW64\hdk3cryp.dll 2015-01-09 09:31 - 1997-05-27 02:35 - 00082944 _____ (Virtual Media Technology P/L) C:\Windows\SysWOW64\hdk3cr32.dll 2015-01-09 09:31 - 1997-04-09 22:04 - 00050176 _____ () C:\Windows\SysWOW64\CrypServ.exe 2015-01-09 09:31 - 1997-04-09 21:31 - 00020768 _____ () C:\Windows\SysWOW64\CKLDRV.sys 2015-01-09 09:31 - 1997-03-24 03:00 - 01277888 _____ (Borland International) C:\Windows\SysWOW64\vcl30.dpl 2015-01-09 09:31 - 1997-03-24 03:00 - 00216512 _____ (Borland International) C:\Windows\SysWOW64\VCLX30.DPL 2015-01-09 09:31 - 1997-03-20 03:00 - 00627160 _____ (Borland International, Inc.) C:\Windows\SysWOW64\VCLDB30.DPL 2015-01-09 09:31 - 1996-12-05 00:00 - 00062863 _____ () C:\Windows\SysWOW64\Odbcjtnw.hlp 2015-01-09 09:31 - 1996-11-15 03:01 - 00098356 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSJTER32.DLL 2015-01-09 09:31 - 1996-11-15 03:01 - 00033552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSJINT32.DLL 2015-01-09 09:31 - 1996-10-28 00:00 - 00003367 _____ () C:\Windows\SysWOW64\Odbcjtnw.cnt 2015-01-09 09:31 - 1996-05-03 11:21 - 00027648 _____ () C:\Windows\SysWOW64\Setup_CK.exe 2015-01-09 09:31 - 1994-03-31 00:00 - 00086800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ODBCINST.DLL 2015-01-09 09:10 - 2015-01-09 09:23 - 86062865 _____ () C:\Users\SIPLACEAdmin\Desktop\Protel 99 SE PL + ServicePack 6_crack.rar 2015-01-09 08:52 - 2015-01-08 13:18 - 00000000 ____D () C:\Users\SIPLACEAdmin\Desktop\ME171 2014-12-30 13:29 - 2014-12-30 13:29 - 01674557 _____ () C:\Users\SIPLACEAdmin\Documents\CAM_sbc_5.1 (1).zip 2014-12-30 10:11 - 2014-12-30 10:11 - 00079100 _____ () C:\Users\SIPLACEAdmin\Documents\OR0018789.zip 2014-12-30 10:10 - 2014-12-30 10:10 - 01101584 _____ () C:\Users\SIPLACEAdmin\Documents\base_v2 (1).zip 2014-12-30 10:07 - 2014-12-30 10:07 - 00269983 _____ () C:\Users\SIPLACEAdmin\Documents\CAM_sbc_5.1.zip 2014-12-30 10:02 - 2014-12-30 10:02 - 00189260 _____ () C:\Users\SIPLACEAdmin\Documents\base_v2.zip 2014-12-29 19:26 - 2014-12-29 19:26 - 00006687 _____ () C:\Users\SIPLACEAdmin\Desktop\CAM for Szablon IB Panel 8 Key Rev04.zip 2014-12-29 15:34 - 2014-12-29 15:34 - 00000000 ____D () C:\Users\SIPLACEAdmin\Desktop\IB Panel 2014-12-23 10:54 - 2014-12-23 10:54 - 00155447 _____ () C:\Users\SIPLACEAdmin\Desktop\STU_02_34_Logistic4_zm.GBX 2014-12-19 09:13 - 2014-12-19 09:13 - 00009809 _____ () C:\Users\SIPLACEAdmin\Documents\urlopy.xlsx 2014-12-18 13:54 - 2014-12-18 14:06 - 00000000 ____D () C:\Users\SIPLACEAdmin\Desktop\quant 2014-12-18 07:57 - 2014-12-18 07:57 - 00148194 _____ () C:\Users\SIPLACEAdmin\Desktop\QUANTUM_zm.GBX 2014-12-17 15:42 - 2014-12-17 15:42 - 00001005 _____ () C:\Users\SIPLACEAdmin\Desktop\SERWER PCBIZNES.lnk 2014-12-17 15:12 - 2014-12-17 15:12 - 00002829 _____ () C:\Users\Public\Desktop\PCBIZNES PRO, PRESTIŻ.lnk 2014-12-17 15:12 - 2014-12-17 15:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\STREAM soft SQL 2014-12-17 15:06 - 2014-12-17 15:06 - 00000000 ____D () C:\Windows\Downloaded Installations 2014-12-17 15:04 - 2014-12-17 15:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firebird 2.5 (Win32) 2014-12-17 15:04 - 2014-12-17 15:04 - 00000000 ____D () C:\Program Files (x86)\Firebird 2014-12-17 15:04 - 2013-03-19 11:03 - 00462848 _____ (IBPhoenix) C:\Windows\SysWOW64\Firebird2Control.cpl 2014-12-17 15:04 - 2013-03-19 11:02 - 00552960 _____ (Firebird Project) C:\Windows\SysWOW64\GDS32.DLL 2014-12-17 06:54 - 2014-12-17 06:54 - 00011776 _____ () C:\Users\SIPLACEAdmin\Documents\mBus_0_15.SIPLACE-OFFLINE(2).xls 2014-12-17 06:53 - 2014-12-17 06:53 - 00034304 _____ () C:\Users\SIPLACEAdmin\Documents\BOM.xls 2014-12-17 06:53 - 2014-12-17 06:53 - 00011776 _____ () C:\Users\SIPLACEAdmin\Documents\mBus_0_15.SIPLACE-OFFLINE.xls 2014-12-16 16:25 - 2014-12-16 16:25 - 00034304 _____ () C:\Users\SIPLACEAdmin\Documents\BOM2.xls ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-13 15:31 - 2014-08-01 07:47 - 00005146 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for SIPLACE-OFFLINE-SIPLACEAdmin SIPLACE-OFFLINE 2015-01-13 15:25 - 2011-04-12 14:21 - 00803878 _____ () C:\Windows\system32\perfh015.dat 2015-01-13 15:25 - 2011-04-12 14:21 - 00179906 _____ () C:\Windows\system32\perfc015.dat 2015-01-13 15:25 - 2009-07-14 06:13 - 01848984 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-01-13 15:20 - 2009-07-14 05:51 - 00040649 _____ () C:\Windows\setupact.log 2015-01-13 08:27 - 2014-04-03 13:37 - 00000000 ____D () C:\ProgramData\Adobe 2015-01-12 14:00 - 2010-11-21 04:47 - 00011264 _____ () C:\Windows\PFRO.log 2015-01-12 13:50 - 2009-07-14 05:45 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-01-12 13:50 - 2009-07-14 05:45 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-01-12 13:45 - 2014-04-03 13:55 - 00000000 ____D () C:\Users\SIPLACEAdmin 2015-01-12 13:13 - 2014-08-04 06:18 - 00000000 ____D () C:\Users\plr 2015-01-12 12:22 - 2014-07-31 13:28 - 00000000 ____D () C:\totalcmd 2015-01-12 11:33 - 2014-08-04 06:18 - 00000000 ____D () C:\Users\plr\AppData\Local\VirtualStore 2015-01-09 16:57 - 2014-04-03 11:37 - 01458169 _____ () C:\Windows\WindowsUpdate.log 2015-01-09 16:51 - 2014-07-31 12:46 - 00001060 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-01-09 16:13 - 2014-11-27 09:31 - 00001680 _____ () C:\Users\SIPLACEAdmin\ViewMate.cfg 2015-01-09 13:51 - 2014-07-31 12:46 - 00001056 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-01-09 12:09 - 2014-08-18 09:00 - 00000502 _____ () C:\Users\SIPLACEAdmin\Documents\stopka.htm 2015-01-09 09:31 - 2014-10-28 07:44 - 00000209 _____ () C:\Windows\ODBCINST.INI 2015-01-09 09:31 - 2014-04-03 11:54 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-12-31 08:00 - 2014-12-11 10:23 - 00009903 _____ () C:\Users\SIPLACEAdmin\Desktop\Zeszyt1.xlsx 2014-12-31 07:11 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-12-19 15:29 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration Files to move or delete: ==================== C:\Users\SIPLACEAdmin\avg_free_stb_all_2015_5315_ppc1 (1).exe C:\Users\SIPLACEAdmin\ccsetup501.exe C:\Users\SIPLACEAdmin\launch.exe C:\Users\SIPLACEAdmin\Narzędzie_naprawy_programu_Błąd_0x8000FFFF__WinThruster.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-04 00:56 ==================== End Of Log ============================