Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-02-2021 Ran by User (administrator) on ADMIN (TOSHIBA SATELLITE C55-A-1H9) (04-03-2021 17:42:27) Running from F:\naprawa win Loaded Profiles: User Platform: Windows 8.1 (Update) (X64) Language: Polish (Poland) -> English (United States) Default browser: FF Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Apple Inc. -> Apple Inc.) F:\itunes\iTunesHelper.exe (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe <3> (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\BreachGuard\bgsvc.exe (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\BreachGuard\bgui.exe <3> (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Cleanup\TuneupSvc.exe (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\SecureLine VPN\VpnSvc.exe (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrYNSvc.exe (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe (Evernote Corporation -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler64.exe (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <14> (IDT, Inc.) [File not signed] C:\Program Files\IDT\WDM\stacsv64.exe (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel(R) Corporation) [File not signed] C:\Program Files\Intel\iCLS Client\HeciServer.exe (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenu.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2> (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe <2> (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Qualcomm Atheros -> Windows (R) Win 7 DDK provider) [File not signed] C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (SatoshiLabs, s.r.o. -> ) C:\Program Files (x86)\TREZOR Bridge\trezord.exe (TOSHIBA CORPORATION -> ) C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe (TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe (TOSHIBA CORPORATION -> Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe (Toshiba Europe GmbH -> Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296520 2013-09-12] (TOSHIBA CORPORATION -> TOSHIBA Corporation) HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [178016 2013-08-21] (TOSHIBA CORPORATION -> TOSHIBA Corporation) HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [354144 2013-08-14] (TOSHIBA CORPORATION -> TOSHIBA Corporation) HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-08-18] (TOSHIBA CORPORATION -> TOSHIBA Corporation) HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-06] (Microsoft Corporation -> Microsoft Corporation) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2685072 2015-05-01] (NVIDIA Corporation -> NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1570672 2015-05-01] (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [File not signed] HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (Ivaylo Beltchev -> IvoSoft) [File not signed] HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [116960 2021-02-24] (Avast Software s.r.o. -> AVAST Software) HKLM\...\Run: [TuneupUI.exe] => C:\Program Files\Avast Software\Cleanup\TuneupUI.exe [2426080 2021-02-24] (Avast Software s.r.o. -> AVAST Software) HKLM\...\Run: [iTunesHelper] => F:\itunes\iTunesHelper.exe [331064 2020-10-16] (Apple Inc. -> Apple Inc.) HKLM\...\Run: [Avast BreachGuard] => C:\Program Files\Avast Software\BreachGuard\bgui.exe [4974184 2021-01-15] (Avast Software s.r.o. -> AVAST Software) HKLM-x32\...\Run: [1.TPUReg] => C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe [2216800 2013-03-27] (TOSHIBA CORPORATION -> TOSHIBA) HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516512 2013-07-23] (TOSHIBA CORPORATION -> TOSHIBA) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601928 2018-12-15] (Oracle America, Inc. -> Oracle Corporation) HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2013-05-14] (Brother Industries, Ltd.) [File not signed] HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4522496 2012-12-27] (Brother Industries, Ltd.) [File not signed] HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [2009088 2013-01-18] (Brother Industries, Ltd.) [File not signed] HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\88.0.4324.190\Installer\chrmstp.exe [2021-02-26] (Google LLC -> Google LLC) AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [182600 2018-06-06] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [159920 2018-06-06] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast SecureLine VPN.lnk [2021-02-11] ShortcutTarget: Avast SecureLine VPN.lnk -> C:\Program Files\AVAST Software\SecureLine VPN\Vpn.exe (Avast Software s.r.o. -> AVAST Software) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TREZOR Bridge.lnk [2021-01-21] ShortcutTarget: TREZOR Bridge.lnk -> C:\Program Files (x86)\TREZOR Bridge\trezord.exe (SatoshiLabs, s.r.o. -> ) Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2019-07-14] ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corporation -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) BootExecute: autocheck autochk * icarus_rvrt.exe HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {007CE030-DEB4-4046-BED3-60E80BAF7263} - System32\Tasks\NvNotifier_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\GFExperience.Deployer\NvNotifier.exe [2013600 2018-06-06] (NVIDIA Corporation -> ) Task: {00AD5158-3FBE-4C39-AFDA-42D7013228FD} - System32\Tasks\Avast Software\Avast SecureLine VPN Bug Report => C:\Program Files\Avast Software\SecureLine VPN\AvBugReport.exe [4665568 2021-02-10] (Avast Software s.r.o. -> AVAST Software) -> --send "dumps|report" --silent --product 11 --programpath "C:\Program Files\Avast Software\SecureLine VPN" --configpath "C:\ProgramData\Avast Software\SecureLine VPN" --path "C:\ProgramData\Avast Software\SecureLine VPN\log" --path "C:\ProgramData\Avast Software\Icarus\Logs" --guid 85224998-9623-486c-8c99-a59f85212045 Task: {09FEF8E4-ABB4-444D-8855-951BCA86766B} - System32\Tasks\Avast Software\Avast Cleanup BugReport => C:\Program Files\Avast Software\Cleanup\AvBugReport.exe [4665568 2021-02-24] (Avast Software s.r.o. -> AVAST Software) -> --send "dumps|report" --silent --product 62 --programpath "C:\Program Files\Avast Software\Cleanup\Setup\.." --configpath "C:\Program Files\Avast Software\Cleanup\Setup" --path "C:\ProgramData\Avast Software\Cleanup\log" --path "C:\ProgramData\Avast Software\Icarus\Logs" --guid 5f12cebb-1185-4972-8cb9-ed69b2000217 Task: {0A854A7A-DF62-4E8F-BCFA-D6FEFB45EF0D} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [471416 2013-07-19] (Toshiba Europe GmbH -> Toshiba Europe GmbH) Task: {1011EB9F-58A7-4AC3-9119-29089752E47B} - System32\Tasks\Avast Software\Avast BreachGuard Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-bg\icarus.exe [5442656 2020-12-15] (Avast Software s.r.o. -> Avast Software) Task: {297F47F6-1CF3-4B47-96BD-398E37C3F209} - System32\Tasks\{5D02DB6C-196D-413A-B973-273B30C34515} => C:\Windows\system32\pcalua.exe -a C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe -c -uninstall Task: {2E1ED96C-0AA6-4D19-8DAF-D2730D5568B3} - System32\Tasks\Microsoft\Windows\AvastAntiTrackPremium\AvastAntiTrackPremiumStart => C:\Program Files (x86)\AVAST Software\AvastAntiTrackPremium\AvastAntiTrackPremium.exe [22359800 2020-10-06] (Avast Software s.r.o. -> AVAST Software, s.r.o) Task: {50BDC70D-8D0A-4704-B310-E5234BA3249A} - System32\Tasks\Avast SecureLine VPN Update => C:\Program Files\Avast Software\SecureLine VPN\VpnUpdate.exe [1191136 2021-02-10] (Avast Software s.r.o. -> AVAST Software) Task: {51C7B10F-8C2B-40AB-9F2C-1DC011A74BB6} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1791712 2021-02-24] (Avast Software s.r.o. -> Avast Software) Task: {5BA1BD53-BFA9-4417-95D1-8792AA5850D7} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [694752 2021-03-03] (Mozilla Corporation -> Mozilla Foundation) Task: {88416059-29E9-426B-B104-03ECA4870722} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe Task: {89848E66-AD0B-41DD-A80C-2C04C7BD40EE} - System32\Tasks\Avast Software\Avast BreachGuard Crash Reporter => C:\Program Files\Avast Software\BreachGuard\AvBugReport.exe [4665952 2021-01-15] (Avast Software s.r.o. -> AVAST Software) -> --send "dumps|report" --silent --product 135 --path "C:\ProgramData\Avast Software\BreachGuard\log" --configpath "C:\Program Files\Avast Software\BreachGuard\Setup" --programpath "C:\Program Files\Avast Software\BreachGuard" --guid 92a18762-684c-4beb-a4b2-c23de40dca51 Task: {CC82E40B-D164-4BA4-8E1E-F3C6D7D2AA40} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2021-01-16] (Google LLC -> Google LLC) Task: {CD5CE1B7-1D34-420D-B2AC-3944ECCFCA90} - System32\Tasks\Avast Software\Avast Cleanup Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-tu\icarus.exe [5493472 2021-02-12] (Avast Software s.r.o. -> Avast Software) Task: {D51CB068-014E-479C-83C3-ED5EFE3B8268} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.) Task: {D976D25C-3CBF-4098-BD4E-602F236DD405} - System32\Tasks\Resolution+ Setting Task => C:\Program Files\Toshiba\TOSHIBA Smart View Utility\Plugins\ResolutionPlus\TosRegPermissionChg.exe [88576 2013-08-28] (TODO: ) [File not signed] Task: {DAC2E65F-D3C2-4585-A7AC-4B1B8AAA8C39} - System32\Tasks\Avast Software\Avast SecureLine VPN Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-vpn\icarus.exe [5493472 2021-02-08] (Avast Software s.r.o. -> Avast Software) Task: {E92963D2-3052-466F-A109-64433E0FD5B6} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [4682976 2021-02-24] (Avast Software s.r.o. -> AVAST Software) Task: {F1C68C7F-B5BA-4F3D-8098-79B28DE74563} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2021-01-16] (Google LLC -> Google LLC) Task: {F634F243-C910-4210-91B1-B8FB57CF6599} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [655464 2013-07-31] (TOSHIBA CORPORATION -> TOSHIBA Corporation) Task: {F74B592E-F5B6-4D27-B20E-8D0938D7128A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.) Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.) Tcpip\..\Interfaces\{3D28A540-DE70-4AD8-A5FA-AB68B12559DA}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{CC941C63-55A5-4C8E-B977-DB0799908BBE}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{EC6AF4C4-D1A2-4EF3-99F0-319BA952D092}: [NameServer] 100.120.126.1 Edge: ======= Edge DefaultProfile: Default Edge Profile: C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default [2021-03-03] Edge HomePage: Default -> hxxp://www.gazeta.pl/0,0.html?p=190 Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee] FireFox: ======== FF DefaultProfile: c0zeawoi.default-1421700341266 FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\c0zeawoi.default-1421700341266 [2021-03-04] FF Homepage: Mozilla\Firefox\Profiles\c0zeawoi.default-1421700341266 -> hxxp://www.gazeta.pl/0,0.html?p=190 FF Notifications: Mozilla\Firefox\Profiles\c0zeawoi.default-1421700341266 -> hxxps://wrealu24.pl; hxxps://www.smartpassiveincome.com; hxxps://preply.com; hxxps://dorotafilipiuk.pl; hxxps://www.mediaexpert.pl FF Extension: (Grammarly for Firefox) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\c0zeawoi.default-1421700341266\Extensions\87677a2c52b84ad3a151a4a72f5bd3c4@jetpack.xpi [2021-03-02] FF Extension: (Avast AntiTrack Premium) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\c0zeawoi.default-1421700341266\Extensions\antitrack@avast.com.xpi [2021-01-16] FF Extension: (Malwarebytes Browser Guard) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\c0zeawoi.default-1421700341266\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2021-03-02] FF Extension: (BitComet Video Downloader) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\c0zeawoi.default-1421700341266\Extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB} [2016-03-20] [Legacy] [not signed] FF Extension: (Video DownloadHelper) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\c0zeawoi.default-1421700341266\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2020-12-23] FF Extension: (Tpay.com) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\c0zeawoi.default-1421700341266\Extensions\{ed5a5d58-4e89-4ade-903c-34f4b64265cd}.xpi [2017-11-14] FF Plugin: @java.com/DTPlugin,version=11.201.2 -> C:\Program Files\Java\jre1.8.0_201\bin\dtplugin\npDeployJava1.dll [2020-02-02] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.201.2 -> C:\Program Files\Java\jre1.8.0_201\bin\plugin2\npjp2.dll [2020-02-02] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-04] (Intel® Identity Protection Technology Software -> Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-04] (Intel® Identity Protection Technology Software -> Intel Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-25] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @real.com/nppl3260;version=6.0.12.450 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll [2010-02-15] (RealNetworks, Inc. -> RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll [2010-02-15] (RealNetworks, Inc.) [File not signed] FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=3.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=3.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=3.0.10 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=3.0.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=3.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-12] (WildTangent Inc -> ) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-12-07] (Adobe Inc. -> Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2615146530-3253038631-3002819462-1002: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2012-11-19] (Ubisoft Massive -> Ubisoft) Chrome: ======= CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2021-03-04] CHR Notifications: Default -> hxxps://forum.dobreprogramy.pl; hxxps://socialmining.daomaker.com CHR DefaultSearchURL: Default -> hxxps://app.uniswap.org/images/192x192_App_Icon.png CHR Extension: (Uniswap) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaecigpilhpekajnmchaikcadkceoimf [2021-02-18] CHR Extension: (Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-01-16] CHR Extension: (Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-01-16] CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-01-16] CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-01-16] CHR Extension: (BitComet Download Extension for Chrome) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhigneefebkcagnpnpbibganpmfgebnk [2021-02-08] CHR Extension: (Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-01-16] CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-03-02] CHR Extension: (Video DownloadHelper) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2021-03-04] CHR Extension: (polkadot{.js} extension) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mopnmbcafieddcagagdcbnhejhlodfdd [2021-02-10] CHR Extension: (MetaMask) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkbihfbeogaeaoehlefnkodbefgpgknn [2021-03-04] CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-05] CHR Extension: (Web Video Downloader) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\odecbmmehabeloobkgokmfgldaegiflc [2021-01-19] CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-01-16] CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-02-09] CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx CHR HKLM-x32\...\Chrome\Extension: [dhigneefebkcagnpnpbibganpmfgebnk] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2020-09-24] (Apple Inc. -> Apple Inc.) S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [8044056 2021-03-03] (Avast Software s.r.o. -> AVAST Software) R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-08-22] (Qualcomm Atheros -> Windows (R) Win 7 DDK provider) [File not signed] R2 Avast BreachGuard Service; C:\Program Files\Avast Software\BreachGuard\bgsvc.exe [4664424 2021-01-15] (Avast Software s.r.o. -> AVAST Software) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [621608 2021-02-24] (Avast Software s.r.o. -> AVAST Software) R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [1301136 2021-02-24] (Avast Software s.r.o. -> AVAST Software) R2 avast! Tools; C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe [352480 2021-02-24] (Avast Software s.r.o. -> AVAST Software) S3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2013-11-29] (Shanghai Comet Network Technology -> www.BitComet.com) R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed] R2 CleanupPSvc; C:\Program Files\Avast Software\Cleanup\TuneupSvc.exe [12412128 2021-02-24] (Avast Software s.r.o. -> AVAST Software) R2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe [163168 2013-03-27] (TOSHIBA CORPORATION -> ) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel(R) Corporation) [File not signed] S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-03-02] (Malwarebytes Inc -> Malwarebytes) R2 SecureLine; C:\Program Files\Avast Software\SecureLine VPN\VpnSvc.exe [7936736 2021-02-10] (Avast Software s.r.o. -> AVAST Software) R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2013-08-16] (IDT, Inc.) [File not signed] S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116088 2013-07-19] (Toshiba Europe GmbH -> Toshiba Europe GmbH) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation -> Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation -> Microsoft Corporation) S2 dts_apo_service; no ImagePath S2 TODDSrv; no ImagePath ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [208024 2021-02-24] (Avast Software s.r.o. -> AVAST Software) R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [357320 2021-02-24] (Avast Software s.r.o. -> AVAST Software) R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [249304 2021-02-24] (Avast Software s.r.o. -> AVAST Software) R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [98760 2021-02-24] (Avast Software s.r.o. -> AVAST Software) R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [41272 2021-02-24] (Avast Software s.r.o. -> AVAST Software) R1 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [175248 2021-02-24] (Avast Software s.r.o. -> AVAST Software) R1 aswNetHub; C:\Windows\System32\drivers\aswNetHub.sys [521336 2021-02-24] (Avast Software s.r.o. -> AVAST Software) R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [107784 2021-02-24] (Avast Software s.r.o. -> AVAST Software) R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [83360 2021-02-24] (Avast Software s.r.o. -> AVAST Software) R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [850112 2021-02-24] (Avast Software s.r.o. -> AVAST Software) R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [465656 2021-02-24] (Avast Software s.r.o. -> AVAST Software) R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [215328 2021-02-24] (Avast Software s.r.o. -> AVAST Software) S3 aswTap; C:\Windows\system32\DRIVERS\aswTap.sys [53904 2021-01-15] (AVAST Software s.r.o. -> The OpenVPN Project) R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [326976 2021-02-24] (Avast Software s.r.o. -> AVAST Software) R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3858944 2013-10-24] (Microsoft Windows Hardware Compatibility Publisher -> Qualcomm Atheros Communications, Inc.) R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [42256 2020-05-17] (AVB Disc Soft, SIA -> Disc Soft Ltd) R3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [59360 2020-05-17] (AVB Disc Soft, SIA -> Disc Soft Ltd) S3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248992 2021-03-02] (Malwarebytes Inc -> Malwarebytes) S3 Netaapl; C:\Windows\system32\DRIVERS\netaapl64.sys [23040 2016-12-21] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.) R1 netfilter2; C:\Windows\System32\drivers\netfilter2.sys [105280 2020-10-06] (Avast Software s.r.o. -> Windows (R) Win 7 DDK provider) R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\PasswordUtility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON CORPORATION -> PEGATRON) S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) R3 STHDA; C:\Windows\system32\DRIVERS\stwrt64.sys [551936 2013-08-16] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.) S3 SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [25608 2020-08-01] (AVG Technologies CZ, s.r.o. -> SlimWare Utilities, Inc.) R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (TOSHIBA CORPORATION -> Windows (R) Win 7 DDK provider) S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2016-12-21] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2021-03-04 14:57 - 2021-03-04 14:57 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla 2021-03-04 10:59 - 2021-03-04 10:59 - 000030829 _____ C:\Users\User\Downloads\F-Go_001_1_Deklaracja_za_gospodarowanie_odpadami_komunalnymi (1).xlsx 2021-03-04 10:58 - 2021-03-04 10:58 - 000030829 _____ C:\Users\User\Downloads\F-Go_001_1_Deklaracja_za_gospodarowanie_odpadami_komunalnymi.xlsx 2021-03-04 10:34 - 2021-03-04 10:34 - 000059179 _____ C:\Users\User\Downloads\pko_trans_details_20210304_103405.pdf 2021-03-03 23:34 - 2021-03-03 23:34 - 005659583 _____ (Swearware) C:\Users\User\Downloads\ComboFix.exe 2021-03-03 22:41 - 2021-03-04 15:35 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox 2021-03-03 22:39 - 2021-03-03 22:39 - 002539653 _____ (AML SOFTWARE ) C:\Users\User\Downloads\regcleaner.exe 2021-03-03 22:39 - 2021-03-03 22:39 - 000001147 _____ C:\Users\User\Desktop\AML Free Registry Cleaner.lnk 2021-03-03 22:39 - 2021-03-03 22:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AML Free Registry Cleaner 2021-03-03 22:39 - 2021-03-03 22:39 - 000000000 ____D C:\Program Files (x86)\AML Products 2021-03-03 22:39 - 2002-06-06 16:13 - 001077344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscomctl.ocx 2021-03-03 22:39 - 2000-05-22 16:58 - 000608448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.ocx 2021-03-03 22:39 - 1998-12-24 20:23 - 000040960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VBAME.DLL 2021-03-02 16:21 - 2021-03-02 16:23 - 000000000 ____D C:\Users\User\AppData\Roaming\ControlCenter4 2021-03-02 16:03 - 2021-03-02 16:03 - 000002171 _____ C:\Users\Public\Desktop\Brother Creative Center.lnk 2021-03-02 16:03 - 2021-03-02 16:03 - 000002171 _____ C:\ProgramData\Desktop\Brother Creative Center.lnk 2021-03-02 16:03 - 2021-03-02 16:03 - 000002086 _____ C:\Users\Public\Desktop\Brother Utilities.lnk 2021-03-02 16:03 - 2021-03-02 16:03 - 000002086 _____ C:\ProgramData\Desktop\Brother Utilities.lnk 2021-03-02 16:03 - 2021-03-02 16:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother 2021-03-02 16:01 - 2021-03-02 16:01 - 000000000 ____D C:\Brother 2021-03-02 15:59 - 2013-05-09 13:34 - 000002560 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2S.dll 2021-03-02 15:59 - 2013-04-15 10:29 - 000180224 _____ (Brother Industries, Ltd.) C:\Windows\SysWOW64\BROSNMP.DLL 2021-03-02 15:59 - 2013-01-10 13:56 - 000253952 ____N (brother) C:\Windows\SysWOW64\NSSearch.dll 2021-03-02 15:59 - 2010-03-15 19:45 - 000073728 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2.dll 2021-03-02 15:59 - 2007-12-13 22:16 - 000004608 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2L.dll 2021-03-02 15:02 - 2021-03-02 15:03 - 000000000 ____D C:\Users\User\Downloads\install 2021-03-02 14:55 - 2021-03-02 14:59 - 151682776 _____ (A.I.SOFT,INC.) C:\Users\User\Downloads\DCP-J132W-inst-A1-EU3.EXE 2021-03-02 14:00 - 2021-03-02 22:33 - 000000000 ____D C:\Users\User\AppData\Roaming\station-electron 2021-03-02 13:59 - 2021-03-02 13:59 - 000002600 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Terra Station.lnk 2021-03-02 13:59 - 2021-03-02 13:59 - 000002592 _____ C:\Users\User\Desktop\Terra Station.lnk 2021-03-02 13:59 - 2021-03-02 13:59 - 000000000 ____D C:\Users\User\AppData\Local\station-electron-updater 2021-03-02 13:55 - 2021-03-02 13:58 - 071736130 _____ (Terra) C:\Users\User\Downloads\Terra Station Setup 1.1.0 (1).exe 2021-03-02 13:54 - 2021-03-02 13:58 - 071736130 _____ (Terra) C:\Users\User\Downloads\Terra Station Setup 1.1.0.exe 2021-03-02 13:24 - 2021-03-04 17:35 - 000000000 ____D C:\Users\User\AppData\LocalLow\IGDump 2021-03-02 13:12 - 2021-03-02 13:12 - 000248992 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2021-03-02 13:12 - 2021-03-02 13:12 - 000001987 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk 2021-03-02 12:44 - 2021-03-02 12:44 - 001438420 _____ C:\Users\User\Desktop\PIT-37_27__Rusinowska_Danuta_5605310116899075.pdf 2021-03-02 12:43 - 2021-03-02 12:43 - 001438420 _____ C:\Users\User\Downloads\PIT-37_27__Rusinowska_Danuta_5605310116899075.pdf 2021-02-28 18:15 - 2021-02-28 18:18 - 083871745 _____ C:\Users\User\Downloads\TradingView.msix 2021-02-24 14:21 - 2021-02-24 14:20 - 000339680 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2021-02-24 14:21 - 2021-02-24 14:20 - 000215328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2021-02-18 22:14 - 2021-02-18 22:14 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps 2021-02-10 09:43 - 2021-01-12 07:07 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2021-02-10 09:43 - 2021-01-12 06:46 - 002132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2021-02-10 09:43 - 2021-01-12 06:44 - 000073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2021-02-10 09:43 - 2021-01-12 06:31 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2021-02-09 21:39 - 2021-02-10 15:12 - 000009915 _____ C:\Users\User\Desktop\New Arkusz programu Microsoft Excel.xlsx 2021-02-09 20:46 - 2021-02-09 20:46 - 000576956 _____ C:\Users\User\Downloads\export-token-0x8ab7404063ec4dbcfd4598215992dc3f8ec853d7 (1).csv 2021-02-09 20:45 - 2021-02-09 20:45 - 000576956 _____ C:\Users\User\Downloads\export-token-0x8ab7404063ec4dbcfd4598215992dc3f8ec853d7.csv ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2021-03-04 17:43 - 2015-01-19 23:48 - 000000000 ____D C:\FRST 2021-03-04 17:35 - 2018-11-02 21:10 - 000000000 ____D C:\Users\User\AppData\Local\CrashDumps 2021-03-04 17:35 - 2017-02-07 17:20 - 000004168 _____ C:\Windows\system32\Tasks\Avast Emergency Update 2021-03-04 17:33 - 2014-11-18 10:48 - 000000000 ____D C:\ProgramData\AVAST Software 2021-03-04 17:29 - 2021-01-15 22:46 - 000003938 _____ C:\Windows\system32\Tasks\Avast SecureLine VPN Update 2021-03-04 17:29 - 2013-08-22 14:36 - 000000000 ____D C:\Windows\Inf 2021-03-04 17:28 - 2013-12-14 09:51 - 000000000 ____D C:\ProgramData\NVIDIA 2021-03-04 17:28 - 2013-08-22 15:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2021-03-04 17:21 - 2014-11-18 20:51 - 000000000 ____D C:\Users\User\AppData\Roaming\ClassicShell 2021-03-04 17:11 - 2013-08-22 16:36 - 000000000 ____D C:\Windows\LiveKernelReports 2021-03-04 16:10 - 2018-03-30 18:42 - 000000000 ____D C:\Users\User\AppData\Local\AVAST Software 2021-03-04 15:35 - 2014-11-20 08:36 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2021-03-04 15:13 - 2016-11-19 00:46 - 000000000 ____D C:\Users\User\AppData\LocalLow\Mozilla 2021-03-04 15:05 - 2014-11-20 08:36 - 000000000 ____D C:\ProgramData\Mozilla 2021-03-04 15:02 - 2014-11-18 10:41 - 000003598 _____ C:\Windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2615146530-3253038631-3002819462-1002 2021-03-04 14:57 - 2014-12-07 16:24 - 000001088 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2021-03-04 10:47 - 2014-11-20 14:27 - 000015798 _____ C:\Windows\BRRBCOM.INI 2021-03-04 10:21 - 2020-07-15 09:07 - 000003380 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2021-03-04 10:21 - 2020-07-15 09:07 - 000003252 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore 2021-03-03 23:31 - 2014-11-18 10:45 - 000003968 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{90205AC8-8B79-43EF-8077-7EE21DC54505} 2021-03-03 23:08 - 2021-01-20 15:53 - 000000000 ____D C:\Users\User\AppData\Roaming\Ledger Live 2021-03-03 23:08 - 2014-12-07 16:02 - 000000000 ____D C:\Users\User\dwhelper 2021-03-03 23:08 - 2014-11-30 20:03 - 000000000 ____D C:\ProgramData\Skype 2021-03-03 20:08 - 2013-08-22 14:25 - 000262144 ___SH C:\Windows\system32\config\BBI 2021-03-03 15:54 - 2021-01-16 22:47 - 000003332 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA 2021-03-03 15:54 - 2021-01-16 22:47 - 000003204 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore 2021-03-03 15:54 - 2018-09-30 21:40 - 000003574 _____ C:\Windows\system32\Tasks\NvNotifier_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2021-03-03 15:54 - 2015-12-07 22:09 - 000000000 ____D C:\Windows\system32\Tasks\AVAST Software 2021-03-03 15:54 - 2015-08-04 21:11 - 000004476 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task 2021-03-03 15:54 - 2015-01-20 00:16 - 000003136 _____ C:\Windows\system32\Tasks\{5D02DB6C-196D-413A-B973-273B30C34515} 2021-03-03 15:54 - 2013-12-14 10:16 - 000003128 _____ C:\Windows\system32\Tasks\Resolution+ Setting Task 2021-03-03 15:54 - 2013-12-14 09:37 - 000003596 _____ C:\Windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2615146530-3253038631-3002819462-500 2021-03-02 16:33 - 2013-08-22 16:36 - 000000000 ____D C:\Windows\system32\FxsTmp 2021-03-02 16:01 - 2014-11-20 14:25 - 000000000 ____D C:\Program Files (x86)\ControlCenter4 2021-03-02 16:01 - 2014-11-20 14:25 - 000000000 ____D C:\Program Files (x86)\Browny02 2021-03-02 16:01 - 2014-11-20 14:24 - 000000000 ____D C:\Program Files (x86)\Brother 2021-03-02 15:58 - 2013-09-19 18:04 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2021-03-02 15:36 - 2014-11-19 06:52 - 000000000 ____D C:\Users\User\AppData\Roaming\DAEMON Tools Lite 2021-03-02 13:12 - 2019-04-24 08:07 - 000001975 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2021-03-02 13:12 - 2019-04-24 08:07 - 000001975 _____ C:\ProgramData\Desktop\Malwarebytes.lnk 2021-03-02 13:10 - 2019-04-24 08:07 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys 2021-02-27 11:30 - 2020-07-15 09:08 - 000002254 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2021-02-27 11:30 - 2020-07-15 09:08 - 000002213 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk 2021-02-27 11:30 - 2020-07-15 09:08 - 000002213 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk 2021-02-26 07:26 - 2021-01-16 22:51 - 000002201 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2021-02-26 07:26 - 2021-01-16 22:51 - 000002160 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2021-02-26 07:26 - 2021-01-16 22:51 - 000002160 _____ C:\ProgramData\Desktop\Google Chrome.lnk 2021-02-25 16:45 - 2013-09-19 18:02 - 001817498 _____ C:\Windows\system32\PerfStringBackup.INI 2021-02-25 16:45 - 2013-08-28 15:28 - 000800996 _____ C:\Windows\system32\perfh015.dat 2021-02-25 16:45 - 2013-08-28 15:28 - 000160728 _____ C:\Windows\system32\perfc015.dat 2021-02-24 14:31 - 2020-10-13 16:29 - 000175248 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2021-02-24 14:29 - 2014-11-18 20:51 - 000465656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2021-02-24 14:20 - 2020-04-23 13:15 - 000521336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetHub.sys 2021-02-24 14:20 - 2019-01-16 19:45 - 000357320 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriver.sys 2021-02-24 14:20 - 2019-01-16 19:45 - 000249304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsh.sys 2021-02-24 14:20 - 2019-01-16 19:45 - 000098760 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniv.sys 2021-02-24 14:20 - 2018-10-28 11:39 - 000041272 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys 2021-02-24 14:20 - 2017-11-19 22:53 - 000208024 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys 2021-02-24 14:20 - 2014-11-18 20:51 - 000850112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2021-02-24 14:20 - 2014-11-18 20:51 - 000326976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys 2021-02-24 14:20 - 2014-11-18 20:51 - 000107784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2021-02-24 14:20 - 2014-11-18 20:51 - 000083360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys 2021-02-18 18:32 - 2013-08-22 16:36 - 000000000 ___HD C:\Program Files\WindowsApps 2021-02-18 18:32 - 2013-08-22 16:36 - 000000000 ____D C:\Windows\AppReadiness 2021-02-15 17:23 - 2021-01-21 19:47 - 000000000 ____D C:\Users\User\AppData\Roaming\TREZOR Bridge 2021-02-15 11:24 - 2020-10-09 18:01 - 000000696 _____ C:\Users\User\Desktop\ang dla szymka.txt 2021-02-11 15:17 - 2013-08-22 16:36 - 000000000 ____D C:\Windows\rescache 2021-02-11 12:00 - 2021-01-20 15:53 - 000001931 _____ C:\Users\Public\Desktop\Ledger Live.lnk 2021-02-11 12:00 - 2021-01-20 15:53 - 000001931 _____ C:\ProgramData\Desktop\Ledger Live.lnk 2021-02-11 11:59 - 2021-01-20 15:52 - 000000000 ____D C:\Program Files\Ledger Live 2021-02-11 11:56 - 2021-01-20 15:53 - 000000000 ____D C:\Users\User\AppData\Local\ledger-live-desktop-updater 2021-02-11 00:53 - 2013-08-22 16:36 - 000000000 ___RD C:\Windows\ToastData 2021-02-11 00:53 - 2013-08-22 16:36 - 000000000 ____D C:\Windows\PolicyDefinitions 2021-02-11 00:53 - 2013-08-22 16:36 - 000000000 ____D C:\Program Files\Common Files\System 2021-02-11 00:53 - 2013-08-22 16:20 - 000000000 ____D C:\Windows\CbsTemp 2021-02-10 15:22 - 2014-11-20 06:57 - 000000000 ____D C:\Windows\system32\MRT 2021-02-10 15:15 - 2014-11-20 06:57 - 130141752 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2021-02-08 11:56 - 2020-06-17 00:10 - 000081632 _____ (Avast Software) C:\Windows\system32\icarus_rvrt.exe ==================== Files in the root of some directories ======== 2018-11-25 00:07 - 2018-11-25 15:59 - 000001752 _____ () C:\Users\User\AppData\Roaming\HP10bII+State.bin ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) LastRegBack: 2021-02-24 16:35 ==================== End of FRST.txt ========================