Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-02-2015 01 Ran by Patrycja (administrator) on PATRYCJA-75727D on 20-02-2015 11:04:05 Running from C:\Documents and Settings\Patrycja\Moje dokumenty Loaded Profiles: Patrycja (Available profiles: Patrycja) Platform: Microsoft Windows XP Home Edition Dodatek Service Pack 3 (X86) OS Language: Polski Internet Explorer Version 8 (Default browser: Opera) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe () C:\WINDOWS\system32\WLTRYSVC.EXE (Broadcom Corporation) C:\WINDOWS\system32\BCMWLTRY.EXE (AuthenTec,Inc) C:\WINDOWS\system32\FpLogonServ.exe (Lenovo.) C:\Program Files\Lenovo\HOTKEY\FnF5svc.exe () C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\HWDeviceService.exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe (Lenovo) C:\Program Files\Lenovo\PM Driver\PMSveH.exe (Absolute Software Corp.) C:\WINDOWS\system32\rpcnet.exe (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe (Agere Systems) C:\WINDOWS\AGRSMMSG.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe (Lenovo) C:\PROGRA~1\Lenovo\PMDRIV~1\PMHandler.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe (Broadcom Corporation) C:\WINDOWS\system32\WLTRAY.EXE () C:\Documents and Settings\Patrycja\Ustawienia lokalne\Dane aplikacji\fst_pl_207\upfst_pl_207.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe (Super PC Tools Ltd) C:\Documents and Settings\All Users\Dane aplikacji\{649bc223-64bd-806a-649b-bc22364b088d}\superpc_soft_partner.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [FingerPrintSoftware] => C:\Program Files\Lenovo Fingerprint Software\fpapp.exe [933888 2007-03-02] (Authentec,Inc) HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16116224 2007-01-30] (Realtek Semiconductor Corp.) HKLM\...\Run: [SkyTel] => C:\WINDOWS\SkyTel.EXE [2879488 2006-05-16] (Realtek Semiconductor Corp.) HKLM\...\Run: [AzMixerSel] => C:\Program Files\Realtek\InstallShield\AzMixerSel.exe [53248 2006-01-25] (Realtek Semiconductor Corp.) HKLM\...\Run: [AGRSMMSG] => C:\WINDOWS\AGRSMMSG.exe [89542 2006-08-30] (Agere Systems) HKLM\...\Run: [TPWAUDAP] => C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe [54560 2008-03-11] (Lenovo Group Limited) HKLM\...\Run: [PMHandler] => C:\Program Files\Lenovo\PM Driver\PMHandler.exe [31840 2007-03-16] (Lenovo) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [774233 2006-05-19] (Synaptics, Inc.) HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\WINDOWS\system32\WLTRAY.exe [1282048 2006-10-12] (Broadcom Corporation) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKLM\...\Run: [upfst_pl_207.exe] => C:\Documents and Settings\Patrycja\Ustawienia lokalne\Dane aplikacji\fst_pl_207\upfst_pl_207.exe [3303928 2014-09-25] () HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) Winlogon\Notify\ATFUS: C:\WINDOWS\system32\FpWinLogonNp.dll (AuthenTec,Inc) Winlogon\Notify\tphotkey: C:\Program Files\Lenovo\HOTKEY\tphklock.dll (Lenovo Group Limited) HKU\S-1-5-21-790525478-861567501-682003330-1004\...\Run: [Akamai NetSession Interface] => "C:\Documents and Settings\Patrycja\Ustawienia lokalne\Dane aplikacji\Akamai\netsession_win.exe" HKU\S-1-5-21-790525478-861567501-682003330-1004\...\Run: [AlcoholAutomount] => C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team) HKU\S-1-5-21-790525478-861567501-682003330-1004\...\Run: [Mobile Partner] => C:\Program Files\Wi-Fi Modem\Wi-Fi Modem HKU\S-1-5-21-790525478-861567501-682003330-1004\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd) HKU\S-1-5-21-790525478-861567501-682003330-1004\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-790525478-861567501-682003330-1004\...\MountPoints2: {069701c0-559e-11e3-b4da-001f3c4395d3} - F:\AutoRun.exe HKU\S-1-5-21-790525478-861567501-682003330-1004\...\MountPoints2: {08e9e0c0-501f-11e3-8c37-001f3c4395d3} - F:\AutoRun.exe HKU\S-1-5-21-790525478-861567501-682003330-1004\...\MountPoints2: {08e9e0c1-501f-11e3-8c37-001f3c4395d3} - F:\AutoRun.exe HKU\S-1-5-21-790525478-861567501-682003330-1004\...\MountPoints2: {52960b40-46b0-11e3-8a98-001f3c4395d3} - F:\AutoRun.exe HKU\S-1-5-21-790525478-861567501-682003330-1004\...\MountPoints2: {65c0ddc0-4779-11e3-8320-001f3c4395d3} - F:\AutoRun.exe HKU\S-1-5-21-790525478-861567501-682003330-1004\...\MountPoints2: {69c12540-527a-11e3-a157-001f3c4395d3} - F:\AutoRun.exe HKU\S-1-5-21-790525478-861567501-682003330-1004\...\MountPoints2: {72698440-4130-11e3-9a43-001f3c4395d3} - F:\AutoRun.exe HKU\S-1-5-21-790525478-861567501-682003330-1004\...\MountPoints2: {72698441-4130-11e3-9a43-001f3c4395d3} - F:\AutoRun.exe HKU\S-1-5-21-790525478-861567501-682003330-1004\...\MountPoints2: {73ec7240-4801-11e4-8fdf-001f3c4395d3} - F:\AutoRun.exe HKU\S-1-5-21-790525478-861567501-682003330-1004\...\MountPoints2: {915bcac0-4842-11e3-9351-001f3c4395d3} - F:\AutoRun.exe HKU\S-1-5-21-790525478-861567501-682003330-1004\...\MountPoints2: {915bcac1-4842-11e3-9351-001f3c4395d3} - F:\AutoRun.exe HKU\S-1-5-21-790525478-861567501-682003330-1004\...\MountPoints2: {ae4891c0-45e7-11e3-a6fb-001f3c4395d3} - F:\AutoRun.exe HKU\S-1-5-21-790525478-861567501-682003330-1004\...\MountPoints2: {ae4891c2-45e7-11e3-a6fb-001f3c4395d3} - F:\AutoRun.exe HKU\S-1-5-21-790525478-861567501-682003330-1004\...\MountPoints2: {b0863040-a2fc-11e4-9c56-806d6172696f} - F:\SETUP.EXE HKU\S-1-5-21-790525478-861567501-682003330-1004\...\MountPoints2: {b483af40-c8a3-11e3-8baa-001f3c4395d3} - F:\iLinker.exe HKU\S-1-5-21-790525478-861567501-682003330-1004\...\MountPoints2: {b8d24dc0-461e-11e3-ae88-001f3c4395d3} - F:\AutoRun.exe HKU\S-1-5-21-790525478-861567501-682003330-1004\...\MountPoints2: {b8d24dc1-461e-11e3-ae88-001f3c4395d3} - F:\AutoRun.exe HKU\S-1-5-21-790525478-861567501-682003330-1004\...\MountPoints2: {b8d24dc3-461e-11e3-ae88-001f3c4395d3} - F:\AutoRun.exe HKU\S-1-5-21-790525478-861567501-682003330-1004\...\MountPoints2: {c09ef140-50f8-11e3-a4a5-001f3c4395d3} - F:\AutoRun.exe HKU\S-1-5-21-790525478-861567501-682003330-1004\...\MountPoints2: {e8398dc0-50e7-11e3-b44d-001f3c4395d3} - F:\AutoRun.exe HKU\S-1-5-21-790525478-861567501-682003330-1004\...\MountPoints2: {fdce4240-4cf8-11e3-ad0b-001f3c4395d3} - F:\AutoRun.exe HKU\S-1-5-21-790525478-861567501-682003330-1004\...\MountPoints2: {fdce4242-4cf8-11e3-ad0b-001f3c4395d3} - F:\AutoRun.exe HKU\S-1-5-21-790525478-861567501-682003330-1004\...\MountPoints2: {fdce4243-4cf8-11e3-ad0b-001f3c4395d3} - F:\AutoRun.exe HKU\S-1-5-21-790525478-861567501-682003330-1004\...\MountPoints2: {fdce4244-4cf8-11e3-ad0b-befb1791fc93} - F:\AutoRun.exe AppInit_DLLs: c:\docume~1\alluse~1\daneap~1\bitguard\271832~1.68\{c16c1~1\bitguard.dll => c:\docume~1\alluse~1\daneap~1\bitguard\271832~1.68\{c16c1~1\bitguard.dll File Not Found AppInit_DLLs: c:\progra~1\suppor~1\suppor~1.dll => c:\progra~1\suppor~1\suppor~1.dll File Not Found Startup: C:\Documents and Settings\Patrycja\Menu Start\Programy\Autostart\superpc_soft_partner.lnk ShortcutTarget: superpc_soft_partner.lnk -> C:\Documents and Settings\All Users\Dane aplikacji\{649bc223-64bd-806a-649b-bc22364b088d}\superpc_soft_partner.exe (Super PC Tools Ltd) ShellIconOverlayIdentifiers: [GGDriveOverlay1] -> {E68D0A50-3C40-4712-B90D-DCFA93FF2534} => C:\Documents and Settings\All Users\Dane aplikacji\GG\ggdrive\ggdrive-overlay.dll (GG Network S.A.) ShellIconOverlayIdentifiers: [GGDriveOverlay2] -> {E68D0A51-3C40-4712-B90D-DCFA93FF2534} => C:\Documents and Settings\All Users\Dane aplikacji\GG\ggdrive\ggdrive-overlay.dll (GG Network S.A.) ShellIconOverlayIdentifiers: [GGDriveOverlay3] -> {E68D0A52-3C40-4712-B90D-DCFA93FF2534} => C:\Documents and Settings\All Users\Dane aplikacji\GG\ggdrive\ggdrive-overlay.dll (GG Network S.A.) ShellIconOverlayIdentifiers: [GGDriveOverlay4] -> {E68D0A53-3C40-4712-B90D-DCFA93FF2534} => C:\Documents and Settings\All Users\Dane aplikacji\GG\ggdrive\ggdrive-overlay.dll (GG Network S.A.) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=ds&ts=1424287421&from=brd&uid=HITACHIXHTS542512K9SA00_080407BB0202WBJW33EAX&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=ds&ts=1424287421&from=brd&uid=HITACHIXHTS542512K9SA00_080407BB0202WBJW33EAX&q={searchTerms} HKU\S-1-5-21-790525478-861567501-682003330-1004\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.delta-homes.com/web/?type=ds&ts=1418980592&from=wpm12173&uid=HITACHIXHTS542512K9SA00_080407BB0202WBJW33EAX&q={searchTerms} HKU\S-1-5-21-790525478-861567501-682003330-1004\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.delta-homes.com/web/?type=ds&ts=1418980592&from=wpm12173&uid=HITACHIXHTS542512K9SA00_080407BB0202WBJW33EAX&q={searchTerms} URLSearchHook: HKLM - Default Value = {FE69C007-C452-4d3e-86D2-1730DF8BC871} URLSearchHook: HKU\S-1-5-21-790525478-861567501-682003330-1004 - Default Value = {FE69C007-C452-4d3e-86D2-1730DF8BC871} SearchScopes: HKLM -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms} SearchScopes: HKLM -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-790525478-861567501-682003330-1004 -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-790525478-861567501-682003330-1004 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms} BHO: BlockAndSurf -> {08DB7275-1643-E608-A596-F0D5D89AB9A0} -> C:\Program Files\ver4BlockAndSurf\179.dll No File BHO: browseandshop -> {44e61e69-2845-4e6c-b785-88e009eb6a78} -> C:\Documents and Settings\All Users\Dane aplikacji\browseandshop\Znrq1pVpJDoDIi.dll No File BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKU\S-1-5-21-790525478-861567501-682003330-1004 -> No Name - {4F524A2D-5350-4500-76A7-7A786E7484D7} - No File Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 62.21.99.94 62.21.99.95 FireFox: ======== FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: Adobe Reader -> E:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-790525478-861567501-682003330-1004: signiant.com/SigniantTransfer -> C:\Documents and Settings\Patrycja\Dane aplikacji\SigniantInc\SigniantTransfer\5.3.1.54363\npSigniantTransfer.dll (Signiant Inc.) FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-10-03] Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR Profile: C:\Documents and Settings\Patrycja\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default CHR Extension: (PriceLess) - C:\Documents and Settings\Patrycja\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\anjldmfkbiegfpbjpidafkpbipoochkn [2014-11-11] CHR Extension: (Google Drive) - C:\Documents and Settings\Patrycja\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-07] CHR Extension: (YouTube) - C:\Documents and Settings\Patrycja\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-07] CHR Extension: (Google Search) - C:\Documents and Settings\Patrycja\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-07] CHR Extension: (Share link via email) - C:\Documents and Settings\Patrycja\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\ejdbkikfbnnhmachnnomjfgjbgkcnjkb [2014-12-22] CHR Extension: (Delta Toolbar) - C:\Documents and Settings\Patrycja\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde [2013-08-29] CHR Extension: (No Name) - C:\Documents and Settings\Patrycja\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\mdidiniljhdpnhnompdmdkodccheamci [2014-10-01] CHR Extension: (Gmail) - C:\Documents and Settings\Patrycja\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-07] CHR HKLM\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Documents and Settings\Patrycja\Dane aplikacji\BabSolution\CR\Delta.crx [Not Found] CHR HKLM\...\Chrome\Extension: [hidjnkeodmholilgafgdlgmgggbhnigl] - C:\Documents and Settings\Patrycja\Dane aplikacji\SimilarSites\similarsites.crx [Not Found] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 AxAutoMntSrv; C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team) R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe [266295 2006-11-11] (Broadcom Corporation.) [File not signed] R2 FingerprintServer; C:\WINDOWS\system32\FpLogonServ.exe [61440 2007-01-19] (AuthenTec,Inc) [File not signed] R2 FNF5SVC; C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe [54560 2008-03-14] (Lenovo.) R2 HWDeviceService.exe; C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\HWDeviceService.exe [271712 2011-03-14] () R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-09-26] (Oracle Corporation) R2 PMSveH; C:\Program Files\Lenovo\PM Driver\PMSveH.exe [57344 2007-03-16] (Lenovo) [File not signed] R2 rpcnet; C:\WINDOWS\system32\rpcnet.exe [69792 2013-09-24] (Absolute Software Corp.) S3 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed] R2 wltrysvc; C:\WINDOWS\System32\bcmwltry.exe [1134592 2006-10-12] (Broadcom Corporation) [File not signed] S2 MaintainerSvc2.65.3980626; "C:\Documents and Settings\All Users\Dane aplikacji\ee70f246-63a3-464e-a2ed-28bc4d8db631\maintainer.exe" [X] S2 Update Browser Good; "C:\Program Files\Browser Good\updateBrowserGood.exe" [X] S2 winzipersvc; C:\Program Files\WinZipper\winzipersvc.exe [X] <==== ATTENTION ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 ATSWPDRV; C:\WINDOWS\System32\DRIVERS\ATSwpDrv.sys [140808 2007-04-10] (AuthenTec, Inc.) R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [862922 2006-11-13] (Broadcom Corporation.) S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation) S3 huawei_cdcacm; C:\WINDOWS\System32\DRIVERS\ew_jucdcacm.sys [90368 2011-02-25] (Huawei Technologies Co., Ltd.) S3 huawei_cdcecm; C:\WINDOWS\System32\DRIVERS\ew_jucdcecm.sys [64384 2011-01-30] (Huawei Technologies Co., Ltd.) S3 huawei_ext_ctrl; C:\WINDOWS\System32\DRIVERS\ew_juextctrl.sys [26624 2011-01-30] (Huawei Technologies Co., Ltd.) S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation) R3 NETw4x32; C:\WINDOWS\System32\DRIVERS\NETw4x32.sys [2206976 2007-04-30] (Intel Corporation) R1 PMHler; C:\WINDOWS\System32\drivers\PMHler.sys [10240 2006-05-24] (Lenovo ) S3 SNP325; C:\WINDOWS\System32\DRIVERS\snp325.sys [451456 2009-01-13] (Sonix Co. Ltd.) R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [320120 2015-01-23] (Duplex Secure Ltd.) R1 {3cee21b8-f45f-4b81-8601-1f2cae0a9621}t; C:\WINDOWS\System32\drivers\{3cee21b8-f45f-4b81-8601-1f2cae0a9621}t.sys [55832 2015-02-19] (StdLib) R1 {6d550375-e98e-48ce-8260-daa7e461d495}t; C:\WINDOWS\System32\drivers\{6d550375-e98e-48ce-8260-daa7e461d495}t.sys [55824 2014-10-02] (StdLib) R1 {dcd044e6-adb7-46c3-8ece-3d3a0a33bf3a}t; C:\WINDOWS\System32\drivers\{dcd044e6-adb7-46c3-8ece-3d3a0a33bf3a}t.sys [55832 2015-02-15] (StdLib) R1 {e4a6645a-3f85-4e1f-aa41-8367978844db}t; C:\WINDOWS\System32\drivers\{e4a6645a-3f85-4e1f-aa41-8367978844db}t.sys [55872 2014-10-16] (StdLib) R1 {e65048d8-bd76-44ed-ac28-c25d339ab590}t; C:\WINDOWS\System32\drivers\{e65048d8-bd76-44ed-ac28-c25d339ab590}t.sys [55832 2015-02-09] (StdLib) U3 a850ljwc; C:\WINDOWS\system32\Drivers\a850ljwc.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero size file/folder) U3 ao40n8f3; C:\WINDOWS\system32\Drivers\ao40n8f3.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero size file/folder) U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [235392 2010-12-24] (Huawei Technologies Co., Ltd.) S4 IntelIde; No ImagePath S1 iSafeKrnlMon; \??\C:\Program Files\Elex-tech\YAC\iSafeKrnlMon.sys [X] S1 rfqoveiv; \??\C:\WINDOWS\system32\drivers\rfqoveiv.sys [X] U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation) U1 WS2IFSL; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-20 11:04 - 2015-02-20 11:05 - 00020702 _____ () C:\Documents and Settings\Patrycja\Moje dokumenty\FRST.txt 2015-02-20 10:50 - 2015-02-20 10:50 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\2b87154c00004f54 2015-02-20 09:19 - 2015-02-19 12:46 - 00055832 _____ (StdLib) C:\WINDOWS\system32\Drivers\{3cee21b8-f45f-4b81-8601-1f2cae0a9621}t.sys 2015-02-19 21:57 - 2015-02-19 21:57 - 00000116 _____ () C:\Documents and Settings\Patrycja\Pulpit\COBEN.txt 2015-02-19 12:59 - 2015-02-19 12:59 - 00380416 _____ () C:\Documents and Settings\Patrycja\Moje dokumenty\kmko7qnh.exe 2015-02-19 12:56 - 2015-02-20 11:04 - 00000000 ____D () C:\FRST 2015-02-19 12:55 - 2015-02-19 12:55 - 01126400 _____ (Farbar) C:\Documents and Settings\Patrycja\Moje dokumenty\FRST.exe 2015-02-19 12:55 - 2015-02-19 12:55 - 01126400 _____ (Farbar) C:\Documents and Settings\Patrycja\Moje dokumenty\FRST (1).exe 2015-02-19 07:54 - 2015-02-19 07:54 - 00000000 ___RD () C:\Documents and Settings\NetworkService\Ulubione 2015-02-18 20:23 - 2015-02-20 10:44 - 00000000 ____D () C:\Documents and Settings\Patrycja\Dane aplikacji\istartsurf 2015-02-18 20:22 - 2015-02-19 07:53 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\{649bc223-64bd-806a-649b-bc22364b088d} 2015-02-16 16:59 - 2015-02-20 11:02 - 00002446 _____ () C:\WINDOWS\Tasks\e01f31b0-ec5e-4b84-821b-062247fa9655-5.job 2015-02-15 20:58 - 2015-02-15 20:58 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\couponcheapchea 2015-02-15 20:22 - 2015-02-15 04:42 - 00055832 _____ (StdLib) C:\WINDOWS\system32\Drivers\{dcd044e6-adb7-46c3-8ece-3d3a0a33bf3a}t.sys 2015-02-10 23:23 - 2015-02-10 23:23 - 00164812 _____ () C:\Documents and Settings\Patrycja\Moje dokumenty\MPP ekonomiczna polityka zagraniczna Turcji.odp 2015-02-10 22:12 - 2015-02-10 22:13 - 01011485 _____ () C:\Documents and Settings\Patrycja\Moje dokumenty\2147495168 (2).zip 2015-02-10 22:12 - 2015-02-10 22:13 - 01011485 _____ () C:\Documents and Settings\Patrycja\Moje dokumenty\2147495168 (1).zip 2015-02-10 22:12 - 2015-02-10 22:12 - 01011485 _____ () C:\Documents and Settings\Patrycja\Moje dokumenty\2147495168.zip 2015-02-10 10:15 - 2015-02-09 20:52 - 00055832 _____ (StdLib) C:\WINDOWS\system32\Drivers\{e65048d8-bd76-44ed-ac28-c25d339ab590}t.sys 2015-02-05 21:21 - 2015-02-05 21:21 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\17484233891940776556 2015-02-05 20:48 - 2015-02-05 20:48 - 00021699 _____ () C:\Documents and Settings\Patrycja\Moje dokumenty\GRAFIK.xlsx 2015-02-01 21:44 - 2015-02-01 21:44 - 00000000 ____D () C:\Documents and Settings\Default User\Ustawienia lokalne\Dane aplikacji\Microsoft Help 2015-01-23 17:42 - 2015-01-23 17:42 - 00030945 _____ () C:\Documents and Settings\Patrycja\Moje dokumenty\635424142508780000.swf 2015-01-23 17:42 - 2015-01-23 17:42 - 00030945 _____ () C:\Documents and Settings\Patrycja\Moje dokumenty\635424142508780000 (2).swf 2015-01-23 17:42 - 2015-01-23 17:42 - 00030945 _____ () C:\Documents and Settings\Patrycja\Moje dokumenty\635424142508780000 (1).swf 2015-01-23 17:24 - 2012-06-02 15:18 - 00275696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mucltui.dll 2015-01-23 17:24 - 2012-06-02 15:18 - 00214256 _____ (Microsoft Corporation) C:\WINDOWS\system32\muweb.dll 2015-01-23 17:24 - 2012-06-02 15:18 - 00018160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mucltui.dll.mui 2015-01-23 17:23 - 2015-02-20 11:03 - 00000330 _____ () C:\WINDOWS\Tasks\AutoKMS.job 2015-01-23 17:23 - 2015-01-25 21:18 - 00000000 ____D () C:\WINDOWS\AutoKMS 2015-01-23 17:17 - 2015-01-23 17:17 - 00243128 _____ (Disc Soft Ltd) C:\WINDOWS\system32\Drivers\dtsoftbus01.sys 2015-01-23 17:15 - 2015-01-23 17:15 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Toolkit 2015-01-23 17:03 - 2015-01-23 17:03 - 00889416 _____ (Microsoft Corporation) C:\Documents and Settings\Patrycja\Moje dokumenty\dotNetFx40_Full_setup.exe 2015-01-23 16:48 - 2015-01-23 16:48 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER 2015-01-23 16:09 - 2015-02-10 23:40 - 00065536 _____ () C:\WINDOWS\system32\config\OAlerts.evt 2015-01-23 16:07 - 2015-01-23 16:07 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\SharePoint 2015-01-23 16:07 - 2015-01-23 16:07 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Microsoft Office 2015-01-23 16:04 - 2015-01-23 16:04 - 00000000 ____D () C:\Program Files\Microsoft Synchronization Services 2015-01-23 16:03 - 2015-01-23 17:05 - 00000000 ____D () C:\Program Files\Microsoft.NET 2015-01-23 16:03 - 2015-01-23 16:03 - 00000000 ____D () C:\Program Files\Microsoft Sync Framework 2015-01-23 16:03 - 2015-01-23 16:03 - 00000000 ____D () C:\Program Files\Microsoft SQL Server Compact Edition 2015-01-23 16:01 - 2015-01-23 16:01 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 8 2015-01-23 15:59 - 2015-01-23 16:07 - 00000000 ____D () C:\WINDOWS\SHELLNEW 2015-01-23 15:59 - 2015-01-23 15:59 - 00000000 ____D () C:\Program Files\Microsoft Analysis Services 2015-01-23 15:58 - 2015-02-19 07:55 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help 2015-01-23 15:58 - 2015-01-23 16:03 - 00000000 ____D () C:\Program Files\Microsoft Office 2015-01-23 15:58 - 2015-01-23 15:58 - 00000000 ____D () C:\Documents and Settings\Patrycja\Ustawienia lokalne\Dane aplikacji\Microsoft Help 2015-01-23 15:57 - 2015-01-23 15:57 - 00000000 __RHD () C:\MSOCache 2015-01-23 15:52 - 2015-01-23 15:52 - 00000000 ____D () C:\Documents and Settings\Patrycja\Pulpit\office 2015-01-23 12:15 - 2015-01-23 12:15 - 00000042 _____ () C:\Documents and Settings\NetworkService\Dane aplikacji\WB.CFG 2015-01-23 11:35 - 2015-01-23 15:42 - 1441215316 _____ () C:\Documents and Settings\Patrycja\Moje dokumenty\LordZed-012-Biuro10Lis14_32.rar 2015-01-23 10:37 - 2015-01-23 10:37 - 00001613 _____ () C:\Documents and Settings\All Users\Pulpit\DAEMON Tools Lite.lnk 2015-01-23 10:37 - 2015-01-23 10:37 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\DAEMON Tools Lite 2015-01-23 10:36 - 2015-01-23 17:17 - 00000000 ____D () C:\Program Files\DAEMON Tools Lite 2015-01-23 10:36 - 2015-01-23 15:57 - 00000000 ____D () C:\Documents and Settings\Patrycja\Dane aplikacji\DAEMON Tools Lite 2015-01-23 10:35 - 2015-01-23 10:35 - 00015870 _____ () C:\Documents and Settings\Patrycja\Moje dokumenty\pobrany plik 2015-01-22 23:29 - 2015-01-23 15:57 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite 2015-01-22 23:15 - 2015-02-20 09:15 - 00000432 _____ () C:\WINDOWS\Tasks\At1.job 2015-01-22 23:15 - 2015-01-11 11:28 - 00003966 _____ () C:\{b6a94784-0ffb-4121-88c6-435139067ee2}.xpi 2015-01-22 23:13 - 2015-01-22 23:13 - 00730528 _____ ( ) C:\Documents and Settings\Patrycja\Moje dokumenty\DAEMON-Tools-Lite(12708)-dp.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-20 11:05 - 2014-10-01 13:31 - 00000000 ____D () C:\Documents and Settings\Patrycja\Ustawienia lokalne\Dane aplikacji\fst_pl_207 2015-02-20 11:05 - 2013-01-02 14:07 - 00000000 ____D () C:\Documents and Settings\Patrycja\Ustawienia lokalne\Temp 2015-02-20 11:04 - 2013-01-02 14:07 - 00000000 ___RD () C:\Documents and Settings\Patrycja\Moje dokumenty 2015-02-20 11:04 - 2013-01-02 13:59 - 01089389 _____ () C:\WINDOWS\WindowsUpdate.log 2015-02-20 11:02 - 2014-06-06 09:48 - 00000444 _____ () C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1399765219.job 2015-02-20 11:02 - 2013-09-24 18:13 - 00017408 _____ () C:\WINDOWS\system32\rpcnetp.exe 2015-02-20 11:02 - 2013-01-02 14:52 - 00000159 _____ () C:\WINDOWS\wiadebug.log 2015-02-20 11:02 - 2013-01-02 14:52 - 00000050 _____ () C:\WINDOWS\wiaservc.log 2015-02-20 11:02 - 2013-01-02 14:07 - 00000000 ____D () C:\Documents and Settings\Patrycja\Pulpit 2015-02-20 11:01 - 2013-09-24 18:19 - 00069792 _____ (Absolute Software Corp.) C:\WINDOWS\system32\rpcnet.dll 2015-02-20 11:01 - 2013-01-02 14:05 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-02-20 10:59 - 2013-01-02 14:05 - 00032588 _____ () C:\WINDOWS\SchedLgU.Txt 2015-02-20 10:58 - 2013-01-02 14:07 - 00000188 ___SH () C:\Documents and Settings\Patrycja\ntuser.ini 2015-02-20 10:52 - 2014-12-19 10:16 - 00000000 ____D () C:\Program Files\WinZipper 2015-02-20 10:51 - 2013-01-02 14:49 - 00000000 ___RD () C:\Documents and Settings\All Users\Menu Start\Programy 2015-02-20 10:50 - 2013-01-02 14:49 - 00000000 __RHD () C:\Documents and Settings\All Users\Dane aplikacji 2015-02-20 10:49 - 2014-08-14 14:00 - 00001604 _____ () C:\Documents and Settings\All Users\Pulpit\QuickTime Player.lnk 2015-02-20 10:49 - 2014-08-14 14:00 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\QuickTime 2015-02-20 10:49 - 2014-08-14 13:59 - 00000000 ____D () C:\Program Files\QuickTime 2015-02-20 10:49 - 2013-01-02 14:49 - 00000000 ____D () C:\Documents and Settings\All Users\Pulpit 2015-02-20 10:31 - 2013-01-02 14:00 - 00002596 _____ () C:\WINDOWS\system32\CONFIG.NT 2015-02-20 10:30 - 2013-01-02 14:07 - 00000000 __RHD () C:\Documents and Settings\Patrycja\Dane aplikacji 2015-02-20 10:30 - 2004-08-04 13:00 - 00000684 _____ () C:\WINDOWS\win.ini 2015-02-20 10:29 - 2013-01-02 14:49 - 00000000 ___RD () C:\Documents and Settings\All Users\Menu Start 2015-02-20 09:18 - 2014-08-18 18:55 - 00072704 ___SH () C:\Documents and Settings\Patrycja\Moje dokumenty\Thumbs.db 2015-02-20 09:15 - 2013-01-02 14:07 - 00000000 ___HD () C:\Documents and Settings\Patrycja\Ustawienia lokalne 2015-02-19 07:54 - 2013-01-02 14:03 - 00000000 __SHD () C:\Documents and Settings\NetworkService 2015-02-18 20:22 - 2013-01-02 14:07 - 00000000 ___RD () C:\Documents and Settings\Patrycja\Menu Start\Programy\Autostart 2015-02-18 20:11 - 2004-08-04 13:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl 2015-02-16 21:48 - 2013-01-02 14:07 - 00000000 ____D () C:\Documents and Settings\Patrycja 2015-02-16 21:18 - 2015-01-04 15:05 - 00000000 ___RD () C:\Documents and Settings\Patrycja\Pulpit\tłumaczenia 2015-02-16 18:18 - 2014-10-01 13:19 - 00000000 ____D () C:\WINDOWS\Microsoft.NET 2015-02-16 17:29 - 2013-01-02 14:50 - 01210392 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2015-02-16 17:29 - 2004-08-04 13:00 - 00556668 _____ () C:\WINDOWS\system32\perfh015.dat 2015-02-16 17:29 - 2004-08-04 13:00 - 00105660 _____ () C:\WINDOWS\system32\perfc015.dat 2015-02-16 16:50 - 2014-05-11 00:40 - 00000000 ____D () C:\Program Files\Opera 2015-02-04 21:46 - 2013-07-16 11:05 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2015-02-01 23:03 - 2013-01-02 14:50 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared 2015-02-01 21:44 - 2013-01-02 14:49 - 00000000 ___HD () C:\Documents and Settings\Default User\Ustawienia lokalne\Dane aplikacji 2015-02-01 21:42 - 2013-07-16 11:05 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Microsoft Silverlight 2015-01-25 21:16 - 2013-01-02 14:48 - 00272576 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2015-01-23 17:30 - 2013-01-02 14:07 - 00000000 ___HD () C:\Documents and Settings\Patrycja\Ustawienia lokalne\Dane aplikacji 2015-01-23 17:29 - 2013-01-02 14:07 - 00000000 ___RD () C:\Documents and Settings\Patrycja\Menu Start\Programy 2015-01-23 17:15 - 2013-01-02 15:08 - 00070240 _____ () C:\Documents and Settings\Patrycja\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2015-01-23 17:13 - 2014-02-21 21:35 - 00000000 ____D () C:\WINDOWS\system32\pl-pl 2015-01-23 16:55 - 2013-01-02 13:57 - 00000000 ____D () C:\Program Files\Common Files\System 2015-01-23 16:06 - 2014-10-03 10:20 - 00000000 ____D () C:\Program Files\MSBuild 2015-01-23 15:52 - 2014-12-19 10:16 - 00000000 ____D () C:\Documents and Settings\Patrycja\Dane aplikacji\WinZipper 2015-01-23 12:15 - 2013-01-02 14:03 - 00000000 ____D () C:\Documents and Settings\NetworkService\Dane aplikacji 2015-01-23 10:37 - 2013-08-29 20:24 - 00320120 _____ (Duplex Secure Ltd.) C:\WINDOWS\system32\Drivers\sptd.sys ==================== Files in the root of some directories ======= 2014-04-22 17:41 - 2014-04-22 17:41 - 1678496 _____ (Skype Technologies S.A.) C:\Program Files\SkypeSetup.exe 2013-02-05 18:06 - 2014-11-17 20:56 - 0028160 _____ () C:\Documents and Settings\Patrycja\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-10-01 13:33 - 2014-10-01 13:32 - 0612096 _____ (ClickMeIn Limited) C:\Documents and Settings\Patrycja\Ustawienia lokalne\Dane aplikacji\nsx45.tmp Files to move or delete: ==================== C:\Windows\Tasks\At1.job Some content of TEMP: ==================== C:\Documents and Settings\Patrycja\Ustawienia lokalne\Temp\ose00000.exe C:\Documents and Settings\Patrycja\Ustawienia lokalne\Temp\supoptsetup.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================