Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-11-2013 Ran by Skiba (administrator) on SKIBA-KOMPUTER on 14-11-2013 20:46:52 Running from C:\Users\Skiba\Downloads Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Polish Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe () C:\Windows\system32\srvany.exe () C:\Windows\KMService.exe (Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe (Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe () D:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe () D:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.191\deploy\LoLLauncher.exe () D:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.57\deploy\LolClient.exe (Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe () D:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.0.251\deploy\League of Legends.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe (Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe (OldTimer Tools) C:\Users\Skiba\Downloads\OTL.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10996368 2012-06-11] (Realtek Semiconductor) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM\...\Run: [NeroFilterCheck] - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [153136 2007-03-01] (Nero AG) HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [995176 2013-08-12] (Microsoft Corporation) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKCU\...\Run: [Overwolf] - C:\Program Files\Overwolf\Overwolf.exe [35256 2013-10-23] (Overwolf) HKCU\...\Run: [Steam] - D:\Program Files\Steam\Steam.exe [1811368 2013-09-06] (Valve Corporation) HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20681584 2013-07-25] (Skype Technologies S.A.) HKCU\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2007-06-27] (Nero AG) MountPoints2: J - J:\Install.exe ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x8802AE5B5EE1CE01 SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: searchgol Helper Object - {8F547BDD-FCD4-48F8-A06F-573D6F404A3C} - C:\Program Files\searchgol\searchgol\1.8.16.19\bh\searchgol.dll (Montera Technologeis LTD) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - searchgol Toolbar - {00078E95-3A4A-4137-8DE7-2824908D1C17} - C:\Program Files\searchgol\searchgol\1.8.16.19\searchgolTlbr.dll (Montera Technologeis LTD) DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} http://download.gigabyte.com.tw/object/Dldrv.ocx DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 46.148.166.31 46.148.166.33 FireFox: ======== FF ProfilePath: C:\Users\Skiba\AppData\Roaming\Mozilla\Firefox\Profiles\7ncar2ai.default FF NewTab: hxxp://www.searchgol.com/?babsrc=NT_ss&mntrId=54AD0015CFE0C4CE&affID=125032&tsp=5028 FF Homepage: hxxp://www.searchgol.com/?babsrc=HP_ss&mntrId=54AD0015CFE0C4CE&affID=125032&tsp=5028 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.) FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Extension: uTorrentControl_v6 - C:\Users\Skiba\AppData\Roaming\Mozilla\Firefox\Profiles\7ncar2ai.default\Extensions\{96f454ea-9d38-474f-b504-56193e00c1a5} FF Extension: gadrm - C:\Users\Skiba\AppData\Roaming\Mozilla\Firefox\Profiles\7ncar2ai.default\Extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi ========================== Services (Whitelisted) ================= R2 KMService; C:\Windows\system32\srvany.exe [8192 2013-09-06] () R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-08-12] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295376 2013-08-12] (Microsoft Corporation) S3 OverwolfUpdaterService; C:\Program Files\Overwolf\OverwolfUpdater.exe [18360 2013-10-23] (Overwolf Ltd) ==================== Drivers (Whitelisted) ==================== S3 athur; C:\Windows\System32\DRIVERS\athur.sys [1570304 2011-04-20] (Atheros Communications, Inc.) R2 Dokan; C:\Windows\system32\drivers\dokan.sys [95744 2011-01-10] (Windows (R) Win 7 DDK provider) R3 L1C; C:\Windows\System32\DRIVERS\L1C62x86.sys [91760 2012-04-25] (Qualcomm Atheros Co., Ltd.) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [211560 2013-06-18] (Microsoft Corporation) R1 SCDEmu; C:\Windows\System32\Drivers\SCDEmu.sys [113336 2013-07-22] (Power Software Ltd) R3 USB_RNDIS; C:\Windows\System32\DRIVERS\usb8023.sys [15872 2013-02-12] (Microsoft Corporation) S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [x] S3 gdrv; \??\C:\Windows\gdrv.sys [x] S1 hsygsqnn; \??\C:\Windows\system32\drivers\hsygsqnn.sys [x] S1 MpKsl0e218c1c; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{345F2B2C-3F54-49BA-9E08-953BB29BD42F}\MpKsl0e218c1c.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-11-14 20:46 - 2013-11-14 20:47 - 00009026 _____ C:\Users\Skiba\Downloads\FRST.txt 2013-11-14 20:46 - 2013-11-14 20:46 - 01090529 _____ (Farbar) C:\Users\Skiba\Downloads\FRST.exe 2013-11-14 20:46 - 2013-11-14 20:46 - 00000000 ____D C:\FRST 2013-11-14 20:45 - 2013-11-14 20:45 - 00065666 _____ C:\Users\Skiba\Downloads\OTL.Txt 2013-11-14 20:45 - 2013-11-14 20:45 - 00041984 _____ C:\Users\Skiba\Downloads\Extras.Txt 2013-11-14 20:38 - 2013-11-14 20:38 - 00602112 _____ (OldTimer Tools) C:\Users\Skiba\Downloads\OTL.exe 2013-11-14 10:18 - 2013-10-12 08:04 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-11-14 10:18 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-11-14 10:18 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-11-14 10:18 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-11-14 10:18 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-11-14 10:18 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-11-14 10:18 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-11-14 10:18 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-11-14 10:18 - 2013-10-12 08:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-11-14 10:18 - 2013-10-12 08:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-11-14 10:18 - 2013-10-12 08:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-11-14 10:18 - 2013-10-12 08:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-11-14 10:18 - 2013-10-12 08:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-11-14 10:18 - 2013-10-12 07:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-11-14 10:18 - 2013-10-12 06:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-11-14 10:17 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-11-14 09:41 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll 2013-11-14 09:41 - 2013-10-12 03:01 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL 2013-11-14 09:41 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL 2013-11-14 09:41 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2013-11-14 09:41 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll 2013-11-14 09:41 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2013-11-14 09:41 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll 2013-11-14 09:41 - 2013-10-03 02:58 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2013-11-14 09:41 - 2013-09-25 03:01 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2013-11-14 09:41 - 2013-09-25 03:01 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2013-11-14 09:41 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2013-11-14 09:41 - 2013-09-25 02:57 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2013-11-14 09:41 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2013-11-14 09:41 - 2013-09-25 02:56 - 01038848 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2013-11-14 09:41 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2013-11-14 09:41 - 2013-09-25 01:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2013-11-14 09:41 - 2013-09-25 01:49 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2013-11-14 09:41 - 2013-07-04 13:16 - 00369848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2013-11-12 18:39 - 2013-11-12 18:39 - 00004734 _____ C:\Windows\system32\jupdate-1.7.0_45-b18.log 2013-11-12 18:39 - 2013-11-12 18:39 - 00000000 ____D C:\ProgramData\Oracle 2013-11-12 18:39 - 2013-11-12 18:39 - 00000000 ____D C:\Program Files\Common Files\Java 2013-11-12 18:39 - 2013-10-08 07:50 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2013-11-12 18:39 - 2013-10-08 07:46 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2013-11-12 18:39 - 2013-10-08 07:46 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2013-11-12 18:39 - 2013-10-08 07:46 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2013-11-12 18:36 - 2013-11-12 18:36 - 00915368 _____ (Oracle Corporation) C:\Users\Skiba\Downloads\jre-7u45-windows-i586-iftw.exe 2013-11-09 22:51 - 2013-11-09 22:51 - 00000000 ____D C:\Users\Skiba\AppData\Roaming\LolClient 2013-11-09 21:02 - 2013-11-09 21:02 - 00000000 __SHD C:\Windows\system32\AI_RecycleBin 2013-11-09 21:02 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll 2013-11-09 21:02 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll 2013-11-09 21:02 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll 2013-11-09 21:02 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll 2013-11-09 21:02 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll 2013-11-09 21:01 - 2013-11-09 21:01 - 00001503 _____ C:\Users\Public\Desktop\Play League of Legends.lnk 2013-11-09 21:00 - 2013-11-14 20:15 - 00000000 ____D C:\Users\Skiba\AppData\Local\PMB Files 2013-11-09 21:00 - 2013-11-14 20:15 - 00000000 ____D C:\ProgramData\PMB Files 2013-11-09 21:00 - 2013-11-09 21:00 - 00000000 ____D C:\Users\Skiba\AppData\Roaming\Riot Games 2013-11-09 21:00 - 2013-11-09 21:00 - 00000000 ____D C:\Program Files\Pando Networks 2013-11-09 20:59 - 2013-11-09 21:00 - 34249488 _____ (Riot Games) C:\Users\Skiba\Downloads\LeagueofLegends_EUNE_Installer_06_17_13.exe 2013-11-06 15:13 - 2013-11-13 20:35 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-11-05 17:23 - 2013-11-05 17:23 - 06498731 _____ (wRR [4SBP] ) C:\Users\Skiba\Downloads\089_xvm.exe 2013-11-05 17:22 - 2013-11-05 17:22 - 13591575 _____ C:\Users\Skiba\Downloads\Loretai mod autoinstaller 0.8.9.ver.2.PL.exe 2013-11-04 19:16 - 2013-11-04 19:16 - 17098292 _____ C:\Users\Skiba\Downloads\res_mods(1).exe 2013-11-04 19:14 - 2013-11-04 19:14 - 13676088 _____ C:\Users\Skiba\Downloads\Loretai mod autoinstaller 0.8.9.ver.4.PL.exe 2013-11-04 15:54 - 2013-11-04 15:54 - 00003386 _____ C:\Users\Skiba\AppData\Local\recently-used.xbel 2013-11-04 15:09 - 2013-11-04 15:09 - 00000082 _____ C:\Users\Skiba\AppData\Roaming\gmic_faves 2013-11-04 15:02 - 2013-11-04 15:02 - 02278063 _____ ( ) C:\Users\Skiba\Downloads\gmic_gimp_win32.exe 2013-11-03 22:36 - 2013-11-03 22:37 - 23939588 _____ C:\Users\Skiba\Downloads\CienPACK(1).rar 2013-11-03 22:27 - 2013-11-03 22:27 - 01297719 _____ C:\Users\Skiba\Downloads\TXT(2).zip 2013-11-03 22:26 - 2013-11-03 22:26 - 01297719 _____ C:\Users\Skiba\Downloads\TXT(1).zip 2013-11-03 22:25 - 2013-11-03 22:25 - 01297719 _____ C:\Users\Skiba\Downloads\TXT.zip 2013-11-03 18:18 - 2013-11-03 18:18 - 00000000 ____D C:\Users\Skiba\Desktop\hahaha 2013-11-03 18:16 - 2013-11-03 18:17 - 23821016 _____ C:\Users\Skiba\Downloads\U grzeska.rar 2013-11-02 10:42 - 2013-11-02 10:42 - 00023994 _____ C:\Users\Skiba\Downloads\hs_err_pid2204.log 2013-10-31 23:20 - 2013-11-01 00:00 - 00000000 ____D C:\Users\Skiba\AppData\Local\PokerStars 2013-10-31 23:16 - 2013-11-09 21:39 - 00000000 ____D C:\Users\Skiba\AppData\Local\PokerStars.EU 2013-10-31 23:16 - 2013-10-31 23:16 - 00000691 _____ C:\Users\Skiba\Desktop\PokerStars.eu.lnk 2013-10-31 23:16 - 2013-10-31 23:16 - 00000691 _____ C:\Users\Skiba\AppData\Roaming\Microsoft\Windows\Start Menu\PokerStars.eu.lnk 2013-10-31 23:16 - 2013-10-31 23:16 - 00000000 ____D C:\Users\Skiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerStars.EU 2013-10-31 22:23 - 2013-10-31 22:30 - 27138576 _____ (PokerStars) C:\Users\Skiba\Downloads\PokerStarsInstallEU.exe 2013-10-30 18:03 - 2013-10-30 18:03 - 10615877 _____ C:\Users\Skiba\Downloads\5.8.9_Config.rar 2013-10-30 18:01 - 2013-10-30 18:03 - 70669049 _____ C:\Users\Skiba\Downloads\HRMOD_Gun_Sounds_v1.85.zip 2013-10-29 16:00 - 2013-10-29 16:00 - 00000000 ____D C:\Program Files\Common Files\Overwolf 2013-10-29 13:36 - 2013-10-29 13:39 - 00000000 ____D C:\Users\Skiba\Documents\TmForever 2013-10-28 15:47 - 2013-10-28 15:47 - 00000000 ____D C:\ProgramData\Overwolf 2013-10-26 19:05 - 2013-11-04 15:29 - 00000000 ____D C:\Users\Skiba\AppData\Local\gtk-2.0 2013-10-25 15:47 - 2013-10-25 15:47 - 00000000 ____D C:\Users\Skiba\.thumbnails 2013-10-25 15:45 - 2013-11-08 15:41 - 00000000 ____D C:\Users\Skiba\.gimp-2.8 2013-10-25 15:45 - 2013-10-25 15:45 - 00000000 ____D C:\Users\Skiba\AppData\Local\gegl-0.2 2013-10-25 15:41 - 2013-10-25 15:43 - 00000000 ____D C:\Program Files\GIMP 2 2013-10-25 15:37 - 2013-10-25 15:38 - 90139696 _____ (The GIMP Team ) C:\Users\Skiba\Downloads\gimp-2.8.6-setup.exe 2013-10-25 11:49 - 2013-10-25 11:49 - 25871672 _____ ( ) C:\Users\Skiba\Downloads\gimp-help-2-2.8.0-pl-setup.exe 2013-10-25 11:48 - 2013-10-26 11:19 - 02421502 _____ C:\Users\Skiba\Downloads\AutoportretDP.xcf 2013-10-21 21:10 - 2013-10-21 21:10 - 04777783 _____ C:\Users\Skiba\Downloads\mody.rar 2013-10-21 19:58 - 2013-11-14 14:42 - 00000000 ____D C:\Users\Skiba\AppData\Roaming\.minecraft 2013-10-21 19:58 - 2013-10-21 19:58 - 00675988 _____ C:\Users\Skiba\Downloads\Minecraft(1).exe 2013-10-16 14:08 - 2013-10-16 14:08 - 00574580 _____ C:\Users\Skiba\Downloads\Zayaz_BI_441_088(1).zip 2013-10-16 14:07 - 2013-10-16 14:07 - 00574580 _____ C:\Users\Skiba\Downloads\Zayaz_BI_441_088.zip 2013-10-15 21:43 - 2013-10-15 21:44 - 13802232 _____ C:\Users\Skiba\Downloads\Wypakuj to do resurcepacks ;3.rar 2013-10-15 14:59 - 2013-10-15 17:00 - 737970940 _____ C:\Users\Skiba\Downloads\3096.dni.2013.PL.BDRip.XviD-BiDA-diabolopk.avi ==================== One Month Modified Files and Folders ======= 2013-11-14 20:47 - 2013-11-14 20:46 - 00009026 _____ C:\Users\Skiba\Downloads\FRST.txt 2013-11-14 20:46 - 2013-11-14 20:46 - 01090529 _____ (Farbar) C:\Users\Skiba\Downloads\FRST.exe 2013-11-14 20:46 - 2013-11-14 20:46 - 00000000 ____D C:\FRST 2013-11-14 20:45 - 2013-11-14 20:45 - 00065666 _____ C:\Users\Skiba\Downloads\OTL.Txt 2013-11-14 20:45 - 2013-11-14 20:45 - 00041984 _____ C:\Users\Skiba\Downloads\Extras.Txt 2013-11-14 20:38 - 2013-11-14 20:38 - 00602112 _____ (OldTimer Tools) C:\Users\Skiba\Downloads\OTL.exe 2013-11-14 20:15 - 2013-11-09 21:00 - 00000000 ____D C:\Users\Skiba\AppData\Local\PMB Files 2013-11-14 20:15 - 2013-11-09 21:00 - 00000000 ____D C:\ProgramData\PMB Files 2013-11-14 20:01 - 2013-09-06 14:45 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-11-14 19:19 - 2013-09-06 20:38 - 01673165 _____ C:\Windows\WindowsUpdate.log 2013-11-14 18:40 - 2013-09-21 16:32 - 00000000 ____D C:\Users\Skiba\AppData\Roaming\Skype 2013-11-14 18:24 - 2013-09-13 19:50 - 00000000 ____D C:\Users\Skiba\AppData\Local\Overwolf 2013-11-14 18:19 - 2009-07-14 05:34 - 00013424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-11-14 18:19 - 2009-07-14 05:34 - 00013424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-11-14 18:16 - 2013-09-06 02:16 - 01671400 _____ C:\Windows\system32\PerfStringBackup.INI 2013-11-14 18:16 - 2009-07-14 09:07 - 00741116 _____ C:\Windows\system32\perfh015.dat 2013-11-14 18:16 - 2009-07-14 09:07 - 00155712 _____ C:\Windows\system32\perfc015.dat 2013-11-14 18:12 - 2013-09-06 14:39 - 00000000 ____D C:\ProgramData\NVIDIA 2013-11-14 18:12 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-11-14 18:12 - 2009-07-14 05:39 - 00030915 _____ C:\Windows\setupact.log 2013-11-14 14:42 - 2013-10-21 19:58 - 00000000 ____D C:\Users\Skiba\AppData\Roaming\.minecraft 2013-11-14 13:58 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\pl-PL 2013-11-14 10:20 - 2013-09-06 16:55 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-11-13 20:59 - 2013-09-13 19:50 - 00000000 ____D C:\Users\Skiba\AppData\Roaming\TS3Client 2013-11-13 20:35 - 2013-11-06 15:13 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-11-13 14:38 - 2013-09-16 07:46 - 00000000 ____D C:\Users\Skiba\AppData\Local\Microsoft Games 2013-11-12 18:39 - 2013-11-12 18:39 - 00004734 _____ C:\Windows\system32\jupdate-1.7.0_45-b18.log 2013-11-12 18:39 - 2013-11-12 18:39 - 00000000 ____D C:\ProgramData\Oracle 2013-11-12 18:39 - 2013-11-12 18:39 - 00000000 ____D C:\Program Files\Common Files\Java 2013-11-12 18:39 - 2013-09-06 14:38 - 00000000 ____D C:\Program Files\Java 2013-11-12 18:36 - 2013-11-12 18:36 - 00915368 _____ (Oracle Corporation) C:\Users\Skiba\Downloads\jre-7u45-windows-i586-iftw.exe 2013-11-11 13:25 - 2013-09-14 09:52 - 00000000 ____D C:\Users\Skiba\AppData\Roaming\uTorrent 2013-11-09 22:51 - 2013-11-09 22:51 - 00000000 ____D C:\Users\Skiba\AppData\Roaming\LolClient 2013-11-09 21:39 - 2013-10-31 23:16 - 00000000 ____D C:\Users\Skiba\AppData\Local\PokerStars.EU 2013-11-09 21:02 - 2013-11-09 21:02 - 00000000 __SHD C:\Windows\system32\AI_RecycleBin 2013-11-09 21:01 - 2013-11-09 21:01 - 00001503 _____ C:\Users\Public\Desktop\Play League of Legends.lnk 2013-11-09 21:00 - 2013-11-09 21:00 - 00000000 ____D C:\Users\Skiba\AppData\Roaming\Riot Games 2013-11-09 21:00 - 2013-11-09 21:00 - 00000000 ____D C:\Program Files\Pando Networks 2013-11-09 21:00 - 2013-11-09 20:59 - 34249488 _____ (Riot Games) C:\Users\Skiba\Downloads\LeagueofLegends_EUNE_Installer_06_17_13.exe 2013-11-08 15:41 - 2013-10-25 15:45 - 00000000 ____D C:\Users\Skiba\.gimp-2.8 2013-11-07 14:39 - 2013-09-06 02:50 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2013-11-06 12:03 - 2013-09-06 20:43 - 00109672 _____ C:\Users\Skiba\AppData\Local\GDIPFONTCACHEV1.DAT 2013-11-06 12:02 - 2009-07-14 05:33 - 00409200 _____ C:\Windows\system32\FNTCACHE.DAT 2013-11-05 17:23 - 2013-11-05 17:23 - 06498731 _____ (wRR [4SBP] ) C:\Users\Skiba\Downloads\089_xvm.exe 2013-11-05 17:22 - 2013-11-05 17:22 - 13591575 _____ C:\Users\Skiba\Downloads\Loretai mod autoinstaller 0.8.9.ver.2.PL.exe 2013-11-04 19:16 - 2013-11-04 19:16 - 17098292 _____ C:\Users\Skiba\Downloads\res_mods(1).exe 2013-11-04 19:14 - 2013-11-04 19:14 - 13676088 _____ C:\Users\Skiba\Downloads\Loretai mod autoinstaller 0.8.9.ver.4.PL.exe 2013-11-04 15:54 - 2013-11-04 15:54 - 00003386 _____ C:\Users\Skiba\AppData\Local\recently-used.xbel 2013-11-04 15:29 - 2013-10-26 19:05 - 00000000 ____D C:\Users\Skiba\AppData\Local\gtk-2.0 2013-11-04 15:09 - 2013-11-04 15:09 - 00000082 _____ C:\Users\Skiba\AppData\Roaming\gmic_faves 2013-11-04 15:02 - 2013-11-04 15:02 - 02278063 _____ ( ) C:\Users\Skiba\Downloads\gmic_gimp_win32.exe 2013-11-03 22:37 - 2013-11-03 22:36 - 23939588 _____ C:\Users\Skiba\Downloads\CienPACK(1).rar 2013-11-03 22:27 - 2013-11-03 22:27 - 01297719 _____ C:\Users\Skiba\Downloads\TXT(2).zip 2013-11-03 22:26 - 2013-11-03 22:26 - 01297719 _____ C:\Users\Skiba\Downloads\TXT(1).zip 2013-11-03 22:25 - 2013-11-03 22:25 - 01297719 _____ C:\Users\Skiba\Downloads\TXT.zip 2013-11-03 18:18 - 2013-11-03 18:18 - 00000000 ____D C:\Users\Skiba\Desktop\hahaha 2013-11-03 18:17 - 2013-11-03 18:16 - 23821016 _____ C:\Users\Skiba\Downloads\U grzeska.rar 2013-11-02 10:42 - 2013-11-02 10:42 - 00023994 _____ C:\Users\Skiba\Downloads\hs_err_pid2204.log 2013-11-01 00:00 - 2013-10-31 23:20 - 00000000 ____D C:\Users\Skiba\AppData\Local\PokerStars 2013-10-31 23:16 - 2013-10-31 23:16 - 00000691 _____ C:\Users\Skiba\Desktop\PokerStars.eu.lnk 2013-10-31 23:16 - 2013-10-31 23:16 - 00000691 _____ C:\Users\Skiba\AppData\Roaming\Microsoft\Windows\Start Menu\PokerStars.eu.lnk 2013-10-31 23:16 - 2013-10-31 23:16 - 00000000 ____D C:\Users\Skiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerStars.EU 2013-10-31 22:30 - 2013-10-31 22:23 - 27138576 _____ (PokerStars) C:\Users\Skiba\Downloads\PokerStarsInstallEU.exe 2013-10-30 18:03 - 2013-10-30 18:03 - 10615877 _____ C:\Users\Skiba\Downloads\5.8.9_Config.rar 2013-10-30 18:03 - 2013-10-30 18:01 - 70669049 _____ C:\Users\Skiba\Downloads\HRMOD_Gun_Sounds_v1.85.zip 2013-10-29 16:00 - 2013-10-29 16:00 - 00000000 ____D C:\Program Files\Common Files\Overwolf 2013-10-29 16:00 - 2013-09-13 19:51 - 00000000 ____D C:\Program Files\Overwolf 2013-10-29 13:39 - 2013-10-29 13:36 - 00000000 ____D C:\Users\Skiba\Documents\TmForever 2013-10-28 15:47 - 2013-10-28 15:47 - 00000000 ____D C:\ProgramData\Overwolf 2013-10-26 11:19 - 2013-10-25 11:48 - 02421502 _____ C:\Users\Skiba\Downloads\AutoportretDP.xcf 2013-10-25 15:47 - 2013-10-25 15:47 - 00000000 ____D C:\Users\Skiba\.thumbnails 2013-10-25 15:47 - 2013-09-06 20:39 - 00000000 ____D C:\Users\Skiba 2013-10-25 15:45 - 2013-10-25 15:45 - 00000000 ____D C:\Users\Skiba\AppData\Local\gegl-0.2 2013-10-25 15:43 - 2013-10-25 15:41 - 00000000 ____D C:\Program Files\GIMP 2 2013-10-25 15:38 - 2013-10-25 15:37 - 90139696 _____ (The GIMP Team ) C:\Users\Skiba\Downloads\gimp-2.8.6-setup.exe 2013-10-25 11:49 - 2013-10-25 11:49 - 25871672 _____ ( ) C:\Users\Skiba\Downloads\gimp-help-2-2.8.0-pl-setup.exe 2013-10-21 21:10 - 2013-10-21 21:10 - 04777783 _____ C:\Users\Skiba\Downloads\mody.rar 2013-10-21 19:58 - 2013-10-21 19:58 - 00675988 _____ C:\Users\Skiba\Downloads\Minecraft(1).exe 2013-10-18 15:26 - 2013-09-06 21:16 - 00000000 ____D C:\Users\Pamela\Desktop\PAM 2013-10-16 14:08 - 2013-10-16 14:08 - 00574580 _____ C:\Users\Skiba\Downloads\Zayaz_BI_441_088(1).zip 2013-10-16 14:07 - 2013-10-16 14:07 - 00574580 _____ C:\Users\Skiba\Downloads\Zayaz_BI_441_088.zip 2013-10-15 22:27 - 2013-09-06 20:45 - 00000000 ____D C:\Program Files\Microsoft Security Client 2013-10-15 22:27 - 2013-09-06 02:51 - 00001912 _____ C:\Windows\epplauncher.mif 2013-10-15 21:44 - 2013-10-15 21:43 - 13802232 _____ C:\Users\Skiba\Downloads\Wypakuj to do resurcepacks ;3.rar 2013-10-15 17:00 - 2013-10-15 14:59 - 737970940 _____ C:\Users\Skiba\Downloads\3096.dni.2013.PL.BDRip.XviD-BiDA-diabolopk.avi Some content of TEMP: ==================== C:\Users\Skiba\AppData\Local\Temp\nsj49DF.tmp.exe C:\Users\Skiba\AppData\Local\Temp\safeguard.exe C:\Users\Skiba\AppData\Local\Temp\swt-win32-3349.dll C:\Users\Skiba\AppData\Local\Temp\uttA31.tmp.exe C:\Users\Skiba\AppData\Local\Temp\vcredist_x86.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-11-10 10:58 ==================== End Of Log ============================