Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-02-2015 01 Ran by Agata (administrator) on AGATA-PC on 11-02-2015 16:05:54 Running from C:\Users\Agata\Desktop\GMER Loaded Profiles: Agata (Available profiles: Agata) Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: English (United States) Internet Explorer Version 9 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe () C:\ProgramData\DatacardService\DCService.exe (ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe () C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe () C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe (www.shadowexplorer.com) C:\Program Files (x86)\ShadowExplorer\sesvc.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Motorola Inc.) C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Realtek Semiconductor) C:\Windows\RAVCpl64.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe ( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe (ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (CyberLink Corp.) C:\Program Files (x86)\HP\QuickPlay\QPService.exe ( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe (Apple Computer, Inc.) C:\Program Files (x86)\QuickTime\qttask.exe (Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Ask) C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcMon.exe () C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe () C:\Users\Agata\Desktop\GMER\kx1wbytx.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\conime.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1220392 2008-01-18] (Synaptics, Inc.) HKLM\...\Run: [SMSERIAL] => C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [833536 2007-01-17] (Motorola Inc.) HKLM\...\Run: [RtHDVCpl] => C:\Windows\RAVCpl64.exe [5429760 2007-10-09] (Realtek Semiconductor) HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2007-10-24] (Intel Corporation) HKLM\...\Run: [OnScreenDisplay] => C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe [701440 2007-09-04] ( Hewlett-Packard Development Company, L.P.) HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-21] (Microsoft Corporation) HKLM\...\Run: [HP Health Check Scheduler] => [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5595336 2014-10-01] (ESET) HKLM-x32\...\Run: [QPService] => C:\Program Files (x86)\HP\QuickPlay\QPService.exe [468264 2007-12-20] (CyberLink Corp.) HKLM-x32\...\Run: [QlbCtrl] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [202032 2007-09-19] ( Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [UCam_Menu] => C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [218408 2007-08-17] (CyberLink Corp.) HKLM-x32\...\Run: [hpqSRMon] => [X] HKLM-x32\...\Run: [hpWirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [480560 2007-09-13] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [WAWifiMessage] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [311296 2007-01-09] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [WinampAgent] => "C:\Program Files (x86)\Winamp\winampa.exe" HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\qttask.exe [98304 2010-02-15] (Apple Computer, Inc.) HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-07-09] (Nuance Communications, Inc.) HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [46368 2008-07-09] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PPort11reminder] => C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.) HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1150976 2009-01-19] (Brother Industries, Ltd.) HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2009-01-09] (Brother Industries, Ltd.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [ApnUpdater] => C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1644680 2013-02-08] (Ask) HKLM-x32\...\Run: [] => [X] HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-21-3558287341-2231117270-3972338399-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-3558287341-2231117270-3972338399-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.) HKU\S-1-5-21-3558287341-2231117270-3972338399-1000\...\Run: [WMPNSCFG] => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe HKU\S-1-5-21-3558287341-2231117270-3972338399-1000\...\MountPoints2: {0dd842a9-7d36-11de-8007-001e6848846b} - F:\AutoRun.exe HKU\S-1-5-21-3558287341-2231117270-3972338399-1000\...\MountPoints2: {27b46017-cd88-11e1-82f3-8c3129235fb1} - G:\AutoRun.exe HKU\S-1-5-21-3558287341-2231117270-3972338399-1000\...\MountPoints2: {2efb11b7-134c-11df-a6ba-001e6848846b} - F:\AutoRun.exe HKU\S-1-5-21-3558287341-2231117270-3972338399-1000\...\MountPoints2: {3fc60974-65bc-11e2-8a39-f8623c476397} - G:\AutoRun.exe HKU\S-1-5-21-3558287341-2231117270-3972338399-1000\...\MountPoints2: {5cc86c74-a233-11de-b51f-001e6848846b} - F:\AutoRun.exe HKU\S-1-5-21-3558287341-2231117270-3972338399-1000\...\MountPoints2: {712f429d-8f8c-11df-89d2-001e6848846b} - F:\AutoRun.exe HKU\S-1-5-21-3558287341-2231117270-3972338399-1000\...\MountPoints2: {8f9ec4d6-8ad8-11df-9fb0-001e6848846b} - F:\AutoRun.exe HKU\S-1-5-21-3558287341-2231117270-3972338399-1000\...\MountPoints2: {b890f352-3ac6-11e1-b2b6-ef76beb5deb5} - G:\AutoRun.exe HKU\S-1-5-21-3558287341-2231117270-3972338399-1000\...\MountPoints2: {bbd59034-355c-11e1-a53d-a913b0e3d1cc} - F:\AutoRun.exe HKU\S-1-5-21-3558287341-2231117270-3972338399-1000\...\MountPoints2: {bbd5905e-355c-11e1-a53d-a913b0e3d1cc} - G:\AutoRun.exe HKU\S-1-5-21-3558287341-2231117270-3972338399-1000\...\MountPoints2: {f4e7f293-6e86-11de-b4c8-001e6848846b} - F:\AutoRun.exe HKU\S-1-5-21-3558287341-2231117270-3972338399-1000\...\MountPoints2: {f4e7f2cf-6e86-11de-b4c8-001e6848846b} - F:\AutoRun.exe Startup: C:\Users\Agata\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk ShortcutTarget: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_pl&c=81&bd=Pavilion&pf=laptop HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_pl&c=81&bd=Pavilion&pf=laptop HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_pl&c=81&bd=Pavilion&pf=laptop HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_pl&c=81&bd=Pavilion&pf=laptop HKU\S-1-5-21-3558287341-2231117270-3972338399-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ HKU\S-1-5-21-3558287341-2231117270-3972338399-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_pl&c=81&bd=Pavilion&pf=laptop HKU\S-1-5-21-3558287341-2231117270-3972338399-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.pl/ URLSearchHook: HKU\S-1-5-21-3558287341-2231117270-3972338399-1000 - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) SearchScopes: HKLM -> DefaultScope value is missing. SearchScopes: HKLM-x32 -> DefaultScope value is missing. BHO-x32: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> No File BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO-x32: Ask Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll No File BHO-x32: HP Print Clips -> {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} -> c:\Program Files (x86)\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.) Toolbar: HKLM-x32 - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) Toolbar: HKU\S-1-5-21-3558287341-2231117270-3972338399-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File DPF: HKLM-x32 {92ECE6FA-AC2E-4042-BFAE-0C8608E52A41} https://www.pekaobiznes24.pl/components/SignActivXPEKAO.cab DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 194.204.152.34 194.204.159.1 FireFox: ======== FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF Plugin-x32: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF Plugin-x32: @java.com/DTPlugin,version=10.10.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @viewpoint.com/VMP -> C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-16] Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com CHR StartupUrls: Default -> "https://www.google.pl/", "chrome://newtab/" CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll () CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\gcswf32.dll No File CHR Plugin: (Skype Toolbars) - C:\Users\Agata\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll No File CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File CHR Plugin: (Java(TM) Platform SE 6 U29) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File CHR Plugin: (DivX Player Netscape Plugin) - C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) CHR Plugin: (DivX Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll () CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll No File CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Plugin: (Default Plug-in) - default_plugin No File CHR Profile: C:\Users\Agata\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Entanglement Web App) - C:\Users\Agata\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2011-03-09] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Agata\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-22] CHR Extension: (Skype Click to Call) - C:\Users\Agata\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2011-11-10] CHR Extension: (Poppit!) - C:\Users\Agata\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2011-03-09] CHR Extension: (Google Wallet) - C:\Users\Agata\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-06] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-01-17] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 Com4Qlb; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [110592 2007-03-05] (Hewlett-Packard Development Company, L.P.) [File not signed] R2 DCService.exe; C:\ProgramData\DatacardService\DCService.exe [229376 2010-05-08] () [File not signed] R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1349576 2014-10-01] (ESET) R2 HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [65536 2007-09-20] (Hewlett-Packard) [File not signed] R2 hpqwmiex; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe [135168 2006-05-03] (Hewlett-Packard Development Company, L.P.) [File not signed] S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] R2 QPCapSvc; C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [271760 2007-12-20] () S2 QPSched; C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe [112016 2007-12-20] () R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe [272024 2007-01-09] () R2 sesvc; C:\Program Files (x86)\ShadowExplorer\sesvc.exe [9216 2013-01-02] (www.shadowexplorer.com) [File not signed] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-21] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [243440 2014-10-10] (ESET) U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [241368 2014-10-10] (ESET) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2015-02-03] (Symantec Corporation) R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [169280 2014-10-10] (ESET) R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [222280 2014-10-10] (ESET) R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [44632 2014-10-10] (ESET) R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [63160 2014-10-10] (ESET) S3 ESETCleanersDriver; C:\Windows\system32\Drivers\ESETCleanersDriver.sys [170280 2015-02-10] (ESET) S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [138752 2010-08-27] (Huawei Technologies Co., Ltd.) R3 HpqRemHid; C:\Windows\System32\DRIVERS\HpqRemHid.sys [9088 2007-07-11] (Hewlett-Packard Development Company, L.P.) S3 jrdusbser; C:\Windows\System32\DRIVERS\jrdusbser.sys [119680 2010-07-23] (TCT International Mobile Ltd) [File not signed] S3 NVENETFD; C:\Windows\System32\DRIVERS\nvm60x64.sys [742696 2006-10-10] (NVIDIA Corporation) R3 smserial; C:\Windows\System32\DRIVERS\smserial.sys [1455616 2007-01-17] (Motorola Inc.) S3 USBCCID; C:\Windows\System32\DRIVERS\usbccid.sys [38400 2009-04-11] (Microsoft Corporation) R2 {22D78859-9CE9-4B77-BF18-AC83E81A9263}; C:\Program Files (x86)\HP\QuickPlay\000.fcl [32240 2007-12-20] (Cyberlink Corp.) U1 eabfiltr; No ImagePath S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S3 SymIMMP; system32\DRIVERS\SymIM.sys [X] U3 uglorpow; \??\C:\Users\Agata\AppData\Local\Temp\uglorpow.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-11 10:39 - 2015-01-13 02:51 - 01209856 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2015-02-11 10:39 - 2015-01-13 02:39 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2015-02-11 10:35 - 2015-01-15 07:53 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-02-11 10:35 - 2015-01-15 05:08 - 00516536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-02-11 00:10 - 2015-02-11 16:05 - 00000000 ____D () C:\Users\Agata\Desktop\GMER 2015-02-11 00:02 - 2015-02-11 00:06 - 00057622 _____ () C:\Users\Agata\Downloads\Shortcut.txt 2015-02-10 23:57 - 2015-02-10 23:57 - 00380416 _____ () C:\Users\Agata\Downloads\fde505ri.exe 2015-02-10 23:41 - 2015-02-11 00:09 - 00741937 _____ () C:\Users\Agata\Downloads\gmer.zip 2015-02-10 15:24 - 2015-02-10 15:24 - 00000000 ____D () C:\Users\Agata\AppData\Local\AOL OCP 2015-02-10 14:55 - 2015-02-10 14:56 - 00030344 _____ () C:\Users\Agata\Downloads\Addition.txt 2015-02-10 14:52 - 2015-02-11 16:05 - 00000000 ____D () C:\FRST 2015-02-10 14:52 - 2015-02-11 00:06 - 00059858 _____ () C:\Users\Agata\Downloads\FRST.txt 2015-02-10 13:52 - 2015-02-10 13:58 - 01247346 _____ () C:\ProgramData\LuUninstall.LiveUpdate 2015-02-10 13:35 - 2015-02-10 13:35 - 00000000 ____D () C:\Users\Agata\AppData\Local\APN 2015-02-10 13:35 - 2015-02-10 13:35 - 00000000 ____D () C:\Program Files (x86)\Ask.com 2015-02-10 13:30 - 2015-02-10 13:30 - 00000000 ____D () C:\Users\Agata\AppData\Roaming\ESET 2015-02-10 13:30 - 2015-02-10 13:30 - 00000000 ____D () C:\Users\Agata\AppData\Local\ESET 2015-02-10 13:10 - 2015-02-10 13:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET 2015-02-10 13:10 - 2015-02-10 13:10 - 00000000 ____D () C:\ProgramData\ESET 2015-02-10 13:10 - 2015-02-10 13:10 - 00000000 ____D () C:\Program Files\ESET 2015-02-10 12:50 - 2015-02-10 12:50 - 01660616 _____ (ESET) C:\Users\Agata\Downloads\eset_smart_security_live_installer_ (1).exe 2015-02-10 12:49 - 2015-02-10 12:49 - 00000000 ____D () C:\Users\Agata\AppData\Roaming\HpUpdate 2015-02-10 12:48 - 2015-02-10 12:48 - 00000000 ____D () C:\Windows\Hewlett-Packard 2015-02-10 12:05 - 2015-02-10 12:05 - 00529520 _____ () C:\Users\Agata\Downloads\2011 Biella PAR FS_Biella_Szydlowiec_EY_v4 uwagi Mateusz.v2.XLS.bmzhcib 2015-02-06 00:19 - 2015-02-10 12:49 - 00170280 _____ (ESET) C:\Windows\system32\Drivers\ESETCleanersDriver.sys 2015-02-06 00:02 - 2015-02-06 00:02 - 11231944 _____ (ESET) C:\Users\Agata\Downloads\avremover_nt64_enu.exe 2015-02-05 23:52 - 2015-02-05 23:52 - 00138366 _____ () C:\Users\Agata\Documents\kwar.txt 2015-02-05 08:30 - 2015-02-05 08:30 - 02347384 _____ (ESET) C:\Users\Agata\Downloads\esetsmartinstaller_plk.exe 2015-02-05 06:59 - 2015-02-10 12:49 - 00000000 ____D () C:\Users\Agata\Downloads\Speclean 2015-02-05 06:55 - 2015-02-05 06:55 - 01660616 _____ (ESET) C:\Users\Agata\Downloads\eset_smart_security_live_installer_.exe 2015-02-05 00:41 - 2015-02-05 00:41 - 03267488 _____ () C:\Users\Agata\Downloads\PandoraRecovery2.1.1Setup.exe 2015-02-04 23:54 - 2015-02-04 23:54 - 00001724 _____ () C:\Users\Agata\Desktop\ShadowExplorer.lnk 2015-02-04 23:54 - 2015-02-04 23:54 - 00000000 ____D () C:\Users\Agata\AppData\Roaming\www.shadowexplorer.com 2015-02-04 23:54 - 2015-02-04 23:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShadowExplorer 2015-02-04 23:54 - 2015-02-04 23:54 - 00000000 ____D () C:\Program Files (x86)\ShadowExplorer 2015-02-04 23:52 - 2015-02-04 23:53 - 00969845 _____ (ShadowExplorer.com ) C:\Users\Agata\Downloads\ShadowExplorer-0.9-setup.exe 2015-02-04 20:02 - 2015-02-04 20:07 - 00000000 ____D () C:\Users\Agata\Desktop\copy_foto 2015-02-04 17:49 - 2015-02-04 17:49 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-02-04 17:47 - 2015-02-04 17:47 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Agata\Downloads\mbam-setup-2.0.4.1028.exe 2015-02-04 13:50 - 2015-02-04 13:50 - 02998656 _____ (Enigma Software Group USA, LLC.) C:\Users\Agata\Downloads\SpyHunter-Installer (3).exe 2015-02-04 13:39 - 2015-02-04 13:39 - 02998656 _____ (Enigma Software Group USA, LLC.) C:\Users\Agata\Downloads\SpyHunter-Installer (2).exe 2015-02-04 13:37 - 2015-02-04 13:37 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\Agata\Downloads\SpyHunter-installer (1).exe 2015-02-04 13:01 - 2015-02-04 13:01 - 02998656 _____ (Enigma Software Group USA, LLC.) C:\Users\Agata\Downloads\SpyHunter-Installer.exe 2015-02-04 12:50 - 2015-02-04 12:50 - 00000732 _____ () C:\Users\Agata\AppData\Local\d3d9caps64.dat 2015-02-03 22:38 - 2009-01-06 19:43 - 02137552 _____ () C:\Users\Agata\Desktop\Kuba 2008-2009 315.JPG.bmzhcib 2015-02-03 20:17 - 2015-02-03 20:17 - 00000000 ____D () C:\Windows\System32\Tasks\Norton AntiVirus 2015-02-03 19:02 - 2015-02-05 08:27 - 00000000 ____D () C:\ProgramData\NCOTEMP 2015-02-03 19:01 - 2015-02-03 20:11 - 00003218 _____ () C:\Windows\System32\Tasks\Norton WSC Integration 2015-02-03 18:48 - 2015-02-03 18:51 - 221055520 ____N (Symantec Corporation) C:\Users\Agata\Downloads\NAV-TW-21.1.0-PL (3).exe 2015-02-03 18:37 - 2015-02-03 18:45 - 221055520 ____N (Symantec Corporation) C:\Users\Agata\Downloads\NAV-TW-21.1.0-PL.exe 2015-02-03 17:27 - 2015-02-03 23:35 - 02304301 _____ () C:\ProgramData\dqacswg.html 2015-02-03 17:20 - 2015-02-03 17:20 - 00002928 _____ () C:\Windows\System32\Tasks\tiffeug 2015-02-02 17:10 - 2015-02-05 00:33 - 00000000 ____D () C:\Users\Agata\Desktop\02.2015 2015-01-14 13:27 - 2014-12-19 01:26 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2015-01-14 13:26 - 2014-12-06 04:14 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll 2015-01-14 13:26 - 2014-12-06 04:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll 2015-01-14 13:26 - 2014-12-06 03:54 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2015-01-14 13:26 - 2014-12-06 03:54 - 00178688 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-01-14 13:26 - 2014-12-06 03:54 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-11 15:45 - 2011-04-24 13:38 - 00000000 ____D () C:\Users\Agata\AppData\Roaming\Skype 2015-02-11 15:45 - 2010-02-05 20:39 - 00001048 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-02-11 15:44 - 2012-04-17 22:18 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-02-11 15:44 - 2010-07-25 20:21 - 00118499 _____ () C:\ProgramData\nvModes.dat 2015-02-11 15:44 - 2010-07-25 20:21 - 00118499 _____ () C:\ProgramData\nvModes.001 2015-02-11 13:10 - 2010-02-05 20:39 - 00001044 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-02-11 12:43 - 2006-11-02 16:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2015-02-11 12:43 - 2006-11-02 16:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2015-02-11 11:08 - 2008-04-11 19:44 - 01366156 _____ () C:\Windows\WindowsUpdate.log 2015-02-11 10:50 - 2006-11-02 13:46 - 00759582 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-02-11 10:46 - 2008-04-11 20:00 - 00000255 _____ () C:\Users\Public\Documents\hpqp.ini 2015-02-11 10:43 - 2006-11-02 16:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-02-11 10:40 - 2006-11-02 16:42 - 00032554 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-02-11 10:39 - 2008-02-18 07:40 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-02-10 23:51 - 2009-07-12 03:19 - 00000000 ____D () C:\Program Files\Google 2015-02-10 23:51 - 2008-06-18 23:00 - 00000000 ____D () C:\Program Files (x86)\Google 2015-02-10 23:51 - 2008-01-21 04:26 - 00614670 _____ () C:\Windows\PFRO.log 2015-02-10 19:14 - 2010-02-06 22:18 - 00002031 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-02-10 17:05 - 2008-02-18 06:47 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2015-02-10 16:54 - 2011-12-26 15:44 - 00003686 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{16050822-BCBE-42E7-AB51-BB12C6851E54} 2015-02-10 13:50 - 2008-02-18 08:05 - 00000000 ____D () C:\Program Files (x86)\Java 2015-02-10 13:45 - 2008-06-18 23:07 - 00000000 ____D () C:\ProgramData\Google 2015-02-10 13:45 - 2008-06-18 23:00 - 00000000 ____D () C:\Users\Agata\AppData\Local\Google 2015-02-10 13:44 - 2010-02-15 17:47 - 00000000 _____ () C:\Windows\KA.ini 2015-02-10 13:43 - 2009-07-12 03:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\blueconnect 2015-02-10 13:43 - 2009-07-12 02:58 - 00000000 ____D () C:\Program Files (x86)\blueconnect 2015-02-10 13:35 - 2012-12-25 23:32 - 00000000 ____D () C:\Firefox 2015-02-10 13:29 - 2008-06-12 13:35 - 00000000 ____D () C:\ProgramData\AOL 2015-02-10 13:27 - 2008-06-03 02:00 - 00000000 ____D () C:\Users\Agata 2015-02-10 13:05 - 2010-02-05 20:39 - 00004044 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-02-10 13:05 - 2010-02-05 20:39 - 00003792 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-02-10 12:50 - 2008-02-18 07:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP 2015-02-10 12:50 - 2008-02-18 07:45 - 00000000 ____D () C:\Program Files (x86)\HP 2015-02-10 12:43 - 2008-06-04 05:11 - 00007808 _____ () C:\Users\Agata\AppData\Local\d3d9caps.dat 2015-02-10 02:55 - 2012-06-04 18:22 - 00000000 ____D () C:\Program Files (x86)\Advanced Disk Recovery 2015-02-05 15:43 - 2011-11-10 01:06 - 00000000 ____D () C:\Users\Agata\Desktop\copy 2015-02-05 08:28 - 2010-02-21 15:00 - 00000000 ____D () C:\ProgramData\Norton 2015-02-05 00:46 - 2013-01-22 21:46 - 00000000 ____D () C:\Users\Agata\Desktop\FB 2015-02-05 00:30 - 2012-04-17 22:18 - 00003682 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-02-05 00:29 - 2012-04-17 22:18 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-02-05 00:29 - 2012-04-17 22:18 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-02-04 23:58 - 2006-11-02 16:21 - 00324296 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-02-04 18:34 - 2008-06-04 05:24 - 00044544 _____ () C:\Users\Agata\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-02-04 18:18 - 2006-11-02 16:07 - 00000000 ____D () C:\Windows\ShellNew 2015-02-03 22:11 - 2012-01-02 19:11 - 00000000 ____D () C:\ProgramData\DatacardService 2015-02-03 21:14 - 2014-01-07 21:27 - 00012112 _____ () C:\Users\Agata\Downloads\Agata_Magier_List_motywacyjny.DOCX.bmzhcib 2015-02-03 20:21 - 2014-01-07 21:27 - 00013376 _____ () C:\Users\Agata\Downloads\Agata_Magier_List_motywacyjny_PL&Eng.DOC.bmzhcib 2015-02-03 20:20 - 2004-03-10 19:07 - 00000128 ____H () C:\Users\Agata\Downloads\~$ata_Magier_CV_ENG_PL.DOC.bmzhcib 2015-02-03 20:19 - 2014-01-07 21:27 - 00050128 _____ () C:\Users\Agata\Downloads\Agata_Magier_CV_ENG_PL.DOC.bmzhcib 2015-02-03 19:37 - 2011-12-27 21:42 - 00000000 ____D () C:\Users\Agata\USB 2015-02-03 18:40 - 2012-08-22 18:16 - 00000000 ____D () C:\Users\Agata\Desktop\Agito 2015-02-03 18:10 - 2012-02-29 22:28 - 00040144 _____ () C:\Users\Agata\Downloads\Agata_Magier_CV_ENG (1).DOC.bmzhcib 2015-02-03 18:09 - 2012-02-29 22:28 - 00010560 _____ () C:\Users\Agata\Downloads\Agata_Magier_List_motywacyjny_PL.DOC.bmzhcib 2015-02-03 18:08 - 2012-02-29 22:28 - 00151440 _____ () C:\Users\Agata\Downloads\Agata_Magier_CV_PL.DOC.bmzhcib 2015-02-03 18:07 - 2012-02-29 22:28 - 00153296 _____ () C:\Users\Agata\Desktop\Kalkulator płac Kalkulatory podatkowe Podatki.url.DOC.bmzhcib 2015-02-03 18:07 - 2012-02-29 22:28 - 00010256 _____ () C:\Users\Agata\Downloads\Agata_Magier_Application Letter.DOC.bmzhcib 2015-02-03 18:06 - 2012-02-29 22:28 - 00153472 _____ () C:\Users\Agata\Downloads\Agata_Magier_CV_ENG.DOC.bmzhcib 2015-02-03 17:37 - 2012-10-28 14:16 - 00000000 ____D () C:\Users\Agata\Desktop\Budżety CatMan 2015-02-03 17:36 - 2010-10-29 07:17 - 00000000 ____D () C:\Users\Agata\Desktop\Budget 2011 2015-02-03 17:35 - 2012-07-04 20:18 - 00000000 ____D () C:\Users\Agata\Desktop\Czerwiec 2012 2015-02-03 17:34 - 2012-02-07 14:25 - 00000000 ____D () C:\Users\Agata\Desktop\CV_02.2012 2015-02-03 17:33 - 2011-03-28 19:15 - 00000000 ____D () C:\Users\Agata\Desktop\BTZ 2015-02-03 17:32 - 2012-11-18 23:05 - 00000000 ____D () C:\Users\Agata\Desktop\PBS Connect 2015-02-03 17:29 - 2011-12-26 16:33 - 00000000 ____D () C:\Users\Agata\Downloads\ExchangeMapiCdo 2015-02-03 17:25 - 2008-02-05 18:03 - 00000000 ____D () C:\SWSetup 2015-02-03 17:24 - 2015-01-07 19:23 - 00000000 ____D () C:\Users\Agata\Desktop\01.2015 2015-02-03 17:20 - 2012-04-23 14:52 - 00000000 ____D () C:\PIT Format 2011 2015-02-03 17:15 - 2004-03-10 19:07 - 00030704 _____ () C:\Users\Agata\Downloads\copeland_and_craddock_ltd670 (1).ZIP.bmzhcib 2015-02-03 17:13 - 2004-03-10 19:07 - 00030704 _____ () C:\Users\Agata\Downloads\copeland_and_craddock_ltd670.ZIP.bmzhcib 2015-02-03 15:28 - 2004-03-10 19:07 - 00000080 _____ () C:\Users\Public\Documents\hpqp.TXT.bmzhcib 2015-01-29 22:36 - 2004-03-10 19:07 - 00406048 _____ () C:\Users\Agata\Desktop\z_10.PDF.bmzhcib 2015-01-28 18:51 - 2006-11-02 16:27 - 00088653 _____ () C:\Windows\setupact.log 2015-01-28 15:43 - 2004-03-10 19:07 - 00018448 _____ () C:\Users\Agata\Downloads\Availabilities_table_EU.DOC.bmzhcib 2015-01-25 00:30 - 2004-03-10 19:07 - 00670000 _____ () C:\Users\Agata\Downloads\POM_OLCHA_0-65 (1).PDF.bmzhcib 2015-01-25 00:27 - 2004-03-10 19:07 - 00514000 _____ () C:\Users\Agata\Downloads\POM DAB 18-65.PDF.bmzhcib 2015-01-25 00:19 - 2004-03-10 19:07 - 00490688 _____ () C:\Users\Agata\Downloads\POM BRZOZA 18-65.PDF.bmzhcib 2015-01-23 17:18 - 2004-03-10 19:07 - 00000128 ____H () C:\Users\Agata\Desktop\~$Dublin.DOCX.bmzhcib 2015-01-16 13:32 - 2004-03-10 19:07 - 00009824 _____ () C:\Users\Agata\Downloads\Wniosek (2).DOCX.bmzhcib 2015-01-16 13:32 - 2004-03-10 19:07 - 00009824 _____ () C:\Users\Agata\Desktop\Wniosek.DOCX.bmzhcib 2015-01-16 13:31 - 2004-03-10 19:07 - 00009808 _____ () C:\Users\Agata\Downloads\Wniosek (1).DOCX.bmzhcib 2015-01-16 13:30 - 2004-03-10 19:07 - 00009824 _____ () C:\Users\Agata\Downloads\Wniosek.DOCX.bmzhcib 2015-01-14 13:23 - 2012-02-29 22:28 - 01822128 _____ () C:\Users\Agata\Desktop\pl_WzorSprawozdania_MSSF_2014.PDF.bmzhcib 2015-01-13 13:11 - 2004-03-10 19:07 - 00670000 _____ () C:\Users\Agata\Downloads\POM_OLCHA_0-65.PDF.bmzhcib 2015-01-12 13:52 - 2014-12-01 17:01 - 00000000 ____D () C:\Users\Agata\Desktop\12.2014 ==================== Files in the root of some directories ======= 2008-06-04 05:16 - 2010-07-25 18:24 - 0027839 _____ () C:\Users\Agata\AppData\Roaming\nvModes.001 2008-06-04 05:15 - 2010-02-21 15:16 - 0027839 _____ () C:\Users\Agata\AppData\Roaming\nvModes.dat 2008-06-03 02:29 - 2008-06-03 02:29 - 0000000 _____ () C:\Users\Agata\AppData\Local\AtStart.txt 2008-06-04 05:11 - 2015-02-10 12:43 - 0007808 _____ () C:\Users\Agata\AppData\Local\d3d9caps.dat 2015-02-04 12:50 - 2015-02-04 12:50 - 0000732 _____ () C:\Users\Agata\AppData\Local\d3d9caps64.dat 2008-06-04 05:24 - 2015-02-04 18:34 - 0044544 _____ () C:\Users\Agata\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2008-06-03 02:29 - 2008-06-03 02:29 - 0000000 _____ () C:\Users\Agata\AppData\Local\DSwitch.txt 2010-10-29 07:12 - 2014-03-05 18:25 - 0000000 _____ () C:\Users\Agata\AppData\Local\FnF4.txt 2008-06-03 02:29 - 2008-06-03 02:29 - 0000000 _____ () C:\Users\Agata\AppData\Local\QSwitch.txt 2015-02-03 17:27 - 2015-02-03 23:35 - 2304301 _____ () C:\ProgramData\dqacswg.html 2011-04-24 13:58 - 2011-04-24 13:58 - 0000056 ____H () C:\ProgramData\ezsidmv.dat 2008-02-18 07:44 - 2008-02-18 07:45 - 0000372 _____ () C:\ProgramData\hpzinstall.log 2015-02-10 13:52 - 2015-02-10 13:58 - 1247346 _____ () C:\ProgramData\LuUninstall.LiveUpdate 2010-07-25 20:21 - 2015-02-11 15:44 - 0118499 _____ () C:\ProgramData\nvModes.001 2010-07-25 20:21 - 2015-02-11 15:44 - 0118499 _____ () C:\ProgramData\nvModes.dat ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-11 10:48 ==================== End Of Log ============================