Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:16-08-2015 Ran by Kanon (administrator) on KANON-HP (17-08-2015 13:42:31) Running from C:\Users\Kanon\Desktop Loaded Profiles: Kanon (Available Profiles: Kanon) Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Polski (Polska) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe (IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\stacsv64.exe (Hewlett-Packard) C:\Windows\System32\hpservice.exe (DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe (Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe (LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe () C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe (ABBYY) C:\Program Files (x86)\ABBYY FineReader 9.0 Sprint\Bonus.ScreenshotReader.exe () C:\Program Files (x86)\screenSHU\screenSHU.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (McAfee, Inc.) C:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [1691192 2010-06-19] (Hewlett-Packard Company) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2174760 2010-06-04] (Synaptics Incorporated) HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-04-05] (Hewlett-Packard) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-17] (IDT, Inc.) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation) HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe [256056 2010-03-01] (Hewlett-Packard Company) Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-4258540652-3167376319-1349578961-1002\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [4287536 2013-08-09] () HKU\S-1-5-21-4258540652-3167376319-1349578961-1002\...\Run: [ABBYY Screenshot Reader Bonus] => C:\Program Files (x86)\ABBYY FineReader 9.0 Sprint\Bonus.ScreenshotReader.exe [939272 2009-11-25] (ABBYY) HKU\S-1-5-21-4258540652-3167376319-1349578961-1002\...\Run: [screenSHU] => C:\Program Files (x86)\screenSHU\screenSHU.exe [2112000 2013-09-04] () HKU\S-1-5-21-4258540652-3167376319-1349578961-1002\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-06-05] (Google Inc.) Lsa: [Notification Packages] DPPassFilter scecli ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-4258540652-3167376319-1349578961-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?ocid=iehp SearchScopes: HKU\S-1-5-21-4258540652-3167376319-1349578961-1002 -> DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.delta-search.com/?q={searchTerms}&affID=119535&babsrc=SP_ss&mntrId=B6BAE02A825A1C08 SearchScopes: HKU\S-1-5-21-4258540652-3167376319-1349578961-1002 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.delta-search.com/?q={searchTerms}&affID=119535&babsrc=SP_ss&mntrId=B6BAE02A825A1C08 BHO: HP ProtectTools Security Manager Extension -> {395610AE-C624-4f58-B89E-23733EA00F9A} -> c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll [2009-12-03] (DigitalPersona, Inc.) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2011-01-26] (SEIKO EPSON CORPORATION) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2014-03-28] (Google Inc.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: File Sanitizer for HP ProtectTools -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll [2009-12-12] (Hewlett-Packard) BHO-x32: HP ProtectTools Security Manager Extension -> {395610AE-C624-4f58-B89E-23733EA00F9A} -> c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll [2009-12-03] (DigitalPersona, Inc.) BHO-x32: Pomocnik logowania za pomocą konta Microsoft -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2014-03-28] (Google Inc.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2011-01-26] (SEIKO EPSON CORPORATION) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2014-03-28] (Google Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2014-03-28] (Google Inc.) DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-04-08] (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{3DFF655C-5B56-4415-A35C-82EC24D235EF}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{CE74BD91-7E68-4BC2-8553-DF9A153B2402}: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll [2013-06-26] (Adobe Systems, Inc.) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-08-09] (Pando Networks) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll [2014-05-10] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll [2014-05-10] (Google Inc.) FF Plugin HKU\S-1-5-21-4258540652-3167376319-1349578961-1002: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-08-09] (Pando Networks) FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt FF Extension: DigitalPersona Extension - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2010-09-03] Chrome: ======= CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll () CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File CHR Plugin: (Bing Bar) - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll No File CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File CHR Profile: C:\Users\Kanon\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (BIODIGITAL HUMAN) - C:\Users\Kanon\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak [2013-01-23] CHR Extension: (Angry Birds) - C:\Users\Kanon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2013-01-23] CHR Extension: (Google Drive) - C:\Users\Kanon\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-15] CHR Extension: (SKiD Racer) - C:\Users\Kanon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhoaojooagiaaiidlnfhkkafjpbbnnno [2013-01-23] CHR Extension: (3D Aerobatics Training) - C:\Users\Kanon\AppData\Local\Google\Chrome\User Data\Default\Extensions\napaodofbddcgpbgepkedckklhcmpilc [2013-01-23] CHR Extension: (Highlight Keywords for Google Search) - C:\Users\Kanon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhahncknpppipmgjchbbhehkfglelepf [2013-01-23] CHR Extension: (Chrome Web Store Payments) - C:\Users\Kanon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY) S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) S3 AESTFilters; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation) R3 DEBridge; c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [704512 2009-12-16] (McAfee, Inc.) [File not signed] R2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [462088 2009-11-25] (DigitalPersona, Inc.) S3 FLCDLOCK; c:\Windows\SysWOW64\flcdlock.exe [362040 2009-11-17] (Hewlett-Packard Ltd) R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [69368 2013-10-23] (Bitdefender) S3 HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [121344 2010-07-01] (Hewlett-Packard Company) [File not signed] S3 HP ProtectTools Service; c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [36864 2009-11-19] (Hewlett-Packard Development Company, L.P) [File not signed] S3 HPDayStarterService; c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe [90112 2010-05-10] (Hewlett-Packard Company) [File not signed] S3 HpFkCryptService; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [281192 2009-12-16] (McAfee, Inc.) R2 HPFSService; C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [297984 2009-12-12] (Hewlett-Packard) [File not signed] R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [264248 2010-03-01] (Hewlett-Packard Company) S3 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-06-17] (Hewlett-Packard Company) [File not signed] S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-08-02] (IObit) S3 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [635416 2009-10-23] (PDF Complete Inc) R2 STacSV; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\STacSV64.exe [244736 2010-03-17] (IDT, Inc.) S3 uArcCapture; C:\windows\system\uArcCapture.exe [506472 2009-12-04] (ArcSoft, Inc.) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 ARCVCAM; C:\Windows\System32\DRIVERS\ArcSoftVCapture.sys [32640 2009-12-04] (ArcSoft, Inc.) R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-04-17] (BitDefender) U5 avchv; C:\Windows\System32\Drivers\avchv.sys [261056 2015-08-09] (BitDefender) R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-04-17] (BitDefender) R1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-07-02] (Bitdefender SRL) S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [40760 2009-10-21] (Hewlett-Packard Development Company L.P.) R1 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC) R1 RsvLock; C:\Windows\System32\Drivers\RsvLock.sys [58184 2009-12-16] (McAfee, Inc.) R1 RsvLock; C:\Windows\SysWow64\Drivers\RsvLock.sys [40088 2009-12-16] (McAfee, Inc.) R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [89216 2009-12-22] (Realtek Semiconductor Corp.) R0 SafeBoot; C:\Windows\System32\Drivers\SafeBoot.sys [56648 2009-12-16] () R0 SafeBoot; C:\Windows\SysWow64\Drivers\SafeBoot.sys [110520 2009-12-16] (McAfee, Inc.) R0 SbAlg; C:\Windows\System32\Drivers\SbAlg.sys [60160 2009-06-04] (McAfee, Inc.) R0 SbAlg; C:\Windows\SysWow64\Drivers\SbAlg.sys [51800 2009-12-16] (McAfee, Inc.) R0 SbFsLock; C:\Windows\System32\Drivers\SbFsLock.sys [15688 2009-12-16] (McAfee, Inc.) R0 SbFsLock; C:\Windows\SysWow64\Drivers\SbFsLock.sys [13256 2009-12-16] (McAfee, Inc.) S3 ss_bserd; C:\Windows\System32\DRIVERS\ss_bserd.sys [128000 2009-09-19] (MCCI Corporation) R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-05-28] (BitDefender S.R.L.) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-08-17 10:56 - 2015-08-17 10:58 - 00000000 ____D C:\Users\Kanon\Desktop\Programy 2015-08-10 09:48 - 2015-08-17 13:43 - 00017664 _____ C:\Users\Kanon\Desktop\FRST.txt 2015-08-10 09:41 - 2015-08-10 09:41 - 03480040 _____ (McAfee, Inc.) C:\Users\Kanon\Desktop\MCPR.exe 2015-08-10 09:38 - 2015-08-17 13:42 - 00000000 ____D C:\Users\Kanon\Desktop\FRST-OlderVersion 2015-08-10 09:30 - 2015-08-17 13:40 - 00001064 _____ C:\windows\setupact.log 2015-08-10 09:30 - 2015-08-10 09:46 - 00001248 _____ C:\windows\PFRO.log 2015-08-10 09:30 - 2015-08-10 09:30 - 00000000 _____ C:\windows\setuperr.log 2015-08-09 15:40 - 2015-08-09 15:40 - 00261056 _____ (BitDefender) C:\windows\system32\Drivers\avchv.sys 2015-08-05 01:23 - 2015-08-05 01:23 - 00203996 _____ C:\ProgramData\1438730240.bdinstall.bin 2015-08-05 01:19 - 2015-08-05 01:19 - 00002176 _____ C:\Users\Public\Desktop\Bitdefender Antivirus Free Edition.lnk 2015-08-05 01:19 - 2015-08-05 01:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus Free Edition 2015-08-05 01:19 - 2013-04-17 14:59 - 00718840 _____ (BitDefender) C:\windows\system32\Drivers\avc3.sys 2015-08-05 01:19 - 2013-04-17 14:59 - 00593144 _____ (BitDefender) C:\windows\system32\Drivers\avckf.sys 2015-08-05 01:17 - 2013-05-28 12:12 - 00382536 _____ (BitDefender S.R.L.) C:\windows\system32\Drivers\trufos.sys 2015-08-05 01:17 - 2013-04-22 13:21 - 00148696 _____ (BitDefender LLC) C:\windows\system32\Drivers\gzflt.sys 2015-08-04 00:40 - 2015-08-04 00:40 - 03224456 _____ (El Desaparecido - SosVirus.net - UsbFix.net) C:\Users\Kanon\Desktop\UsbFix_2015_8.007.exe 2015-08-04 00:19 - 2015-08-04 00:20 - 00017823 _____ C:\Users\Kanon\Desktop\gmer.txt 2015-08-03 10:57 - 2015-08-03 10:57 - 00262144 _____ C:\windows\Minidump\080315-18361-01.dmp 2015-08-02 18:32 - 2015-08-03 10:57 - 479259083 _____ C:\windows\MEMORY.DMP 2015-08-02 17:02 - 2015-08-17 13:42 - 02173440 _____ (Farbar) C:\Users\Kanon\Desktop\FRST64.exe 2015-08-02 16:59 - 2015-08-02 16:59 - 00000000 ____D C:\Users\Public\Documents\PC Faster 2015-08-02 16:43 - 2015-08-02 16:43 - 00000000 ____D C:\Users\Kanon\AppData\Local\SlimWare Utilities Inc 2015-08-02 16:39 - 2015-08-02 16:39 - 02248704 _____ C:\Users\Kanon\Desktop\AdwCleaner_www.INSTALKI.pl.exe 2015-08-02 16:34 - 2015-08-17 13:42 - 00000000 ____D C:\FRST ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-08-17 13:43 - 2013-08-09 15:54 - 00000000 ____D C:\Users\Kanon\AppData\Local\PMB Files 2015-08-17 13:41 - 2013-12-30 12:44 - 00000000 ____D C:\ProgramData\ProductData 2015-08-17 13:40 - 2015-07-11 11:04 - 00000000 ____D C:\Users\Kanon\AppData\Local\screenSHU 2015-08-17 13:40 - 2012-12-15 22:49 - 00001042 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-08-17 13:40 - 2009-07-14 07:08 - 00000006 ____H C:\windows\Tasks\SA.DAT 2015-08-17 13:11 - 2012-12-15 22:49 - 00001046 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-08-17 10:59 - 2014-11-19 15:23 - 00000000 ____D C:\Users\Kanon\Desktop\no exit 2015-08-17 08:58 - 2009-07-14 06:45 - 00022704 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-08-17 08:58 - 2009-07-14 06:45 - 00022704 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-08-11 16:37 - 2012-12-10 17:38 - 00000000 ____D C:\Users\Kanon\Documents\Basia 2015-08-11 09:14 - 2010-09-03 16:59 - 00740688 _____ C:\windows\system32\perfh015.dat 2015-08-11 09:14 - 2010-09-03 16:59 - 00156230 _____ C:\windows\system32\perfc015.dat 2015-08-11 09:14 - 2009-07-14 07:13 - 01670590 _____ C:\windows\system32\PerfStringBackup.INI 2015-08-10 09:46 - 2013-06-01 10:44 - 00000930 _____ C:\windows\Tasks\Adobe Flash Player Updater.job 2015-08-10 09:44 - 2013-12-30 12:43 - 00000000 ____D C:\Program Files (x86)\IObit 2015-08-10 09:44 - 2013-06-01 10:44 - 00778416 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2015-08-10 09:44 - 2013-06-01 10:44 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-08-10 09:44 - 2013-06-01 10:44 - 00003870 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater 2015-08-10 09:44 - 2010-09-03 16:56 - 00000000 ____D C:\ProgramData\PDFC 2015-08-09 19:39 - 2013-03-30 14:39 - 00000000 ____D C:\windows\Minidump 2015-08-08 23:24 - 2014-06-30 09:14 - 01225476 _____ C:\windows\WindowsUpdate.log 2015-08-08 17:59 - 2013-11-17 00:43 - 00000000 ____D C:\Users\Kanon\AppData\Local\Microsoft Games 2015-08-08 11:49 - 2015-05-31 09:51 - 00000000 ____D C:\Users\Kanon\Desktop\skarga stowarzyszenia 2015-08-07 09:16 - 2009-07-14 07:08 - 00032608 _____ C:\windows\Tasks\SCHEDLGU.TXT 2015-08-06 22:20 - 2013-07-25 12:43 - 00000000 ____D C:\Users\Kanon\Desktop\zdjęcia 2015-08-05 01:19 - 2013-06-01 10:59 - 00000000 ____D C:\Program Files\Bitdefender 2015-08-05 01:17 - 2013-06-01 11:06 - 00000000 ____D C:\Users\Kanon\AppData\Roaming\QuickScan 2015-08-05 01:15 - 2015-07-06 09:59 - 00000000 ____D C:\ProgramData\ToolsUpdatePlatform 2015-08-05 01:14 - 2013-12-30 12:43 - 00000000 ____D C:\Users\Kanon\AppData\Roaming\IObit 2015-08-05 01:14 - 2013-12-30 12:43 - 00000000 ____D C:\ProgramData\IObit 2015-08-05 01:13 - 2013-07-31 13:21 - 00000000 ____D C:\ProgramData\Electronic Arts 2015-08-05 01:11 - 2010-09-03 16:38 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2015-08-05 01:02 - 2014-03-05 10:55 - 00000000 ____D C:\ProgramData\Baidu Security 2015-08-05 01:02 - 2014-01-27 21:30 - 00000000 ____D C:\ProgramData\baidu 2015-08-05 01:01 - 2015-03-04 21:32 - 00003124 _____ C:\windows\wininit.ini 2015-08-05 00:57 - 2015-04-29 16:58 - 00019683 _____ C:\windows\system32\HWLook.log 2015-08-04 14:22 - 2015-07-06 09:59 - 00000000 ____D C:\Program Files (x86)\ScreenSnapshotTool 2015-08-04 00:41 - 2015-07-10 16:48 - 00000000 ____D C:\UsbFix 2015-08-02 17:51 - 2015-07-10 16:57 - 00000000 ____D C:\AdwCleaner 2015-08-02 17:00 - 2014-06-13 08:49 - 00000000 ____D C:\Program Files (x86)\baidu 2015-08-02 17:00 - 2014-01-27 21:31 - 00000000 ____D C:\Users\Kanon\AppData\Roaming\Baidu 2015-07-27 16:57 - 2013-03-02 18:22 - 00040960 ____H C:\Users\Kanon\Desktop\photothumb.db ==================== Files in the root of some directories ======= 2013-03-09 23:30 - 2013-09-08 19:08 - 0010752 _____ () C:\Users\Kanon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-06-01 10:59 - 2013-06-01 10:59 - 0215025 _____ () C:\ProgramData\1370077131.bdinstall.bin 2013-06-01 11:00 - 2013-06-01 11:00 - 0059672 _____ () C:\ProgramData\1370077236.bdinstall.bin 2013-06-01 11:13 - 2013-06-01 11:13 - 0661845 _____ () C:\ProgramData\1370077516.bdinstall.bin 2013-10-14 09:13 - 2013-10-14 09:13 - 0489320 _____ () C:\ProgramData\1381734345.bdinstall.bin 2013-10-19 13:51 - 2013-10-19 13:51 - 0225740 _____ () C:\ProgramData\1382183432.bdinstall.bin 2015-08-05 01:23 - 2015-08-05 01:23 - 0203996 _____ () C:\ProgramData\1438730240.bdinstall.bin 2014-05-25 18:44 - 2014-05-25 18:44 - 0000088 __RSH () C:\ProgramData\965614D0CF.sys 2012-12-23 20:52 - 2012-12-23 20:52 - 0000056 ____H () C:\ProgramData\ezsidmv.dat 2014-11-29 19:37 - 2014-11-29 19:37 - 2141763 _____ () C:\ProgramData\GH-H4-125.7z 2014-05-25 18:44 - 2014-05-25 18:44 - 0002516 ___SH () C:\ProgramData\KGyGaAvL.sys ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\windows\system32\winlogon.exe => File is digitally signed C:\windows\system32\wininit.exe => File is digitally signed C:\windows\SysWOW64\wininit.exe => File is digitally signed C:\windows\explorer.exe => File is digitally signed C:\windows\SysWOW64\explorer.exe => File is digitally signed C:\windows\system32\svchost.exe => File is digitally signed C:\windows\SysWOW64\svchost.exe => File is digitally signed C:\windows\system32\services.exe => File is digitally signed C:\windows\system32\User32.dll => File is digitally signed C:\windows\SysWOW64\User32.dll => File is digitally signed C:\windows\system32\userinit.exe => File is digitally signed C:\windows\SysWOW64\userinit.exe => File is digitally signed C:\windows\system32\rpcss.dll => File is digitally signed C:\windows\system32\dnsapi.dll => File is digitally signed C:\windows\SysWOW64\dnsapi.dll => File is digitally signed C:\windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-08-15 12:59 ==================== End of log ============================