Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-08-2014 Ran by Marcin (administrator) on ARKA-MARCIN on 26-08-2014 07:49:27 Running from C:\Users\Marcin\Downloads Platform: Windows 8.1 (X64) OS Language: Polski (Polska) Internet Explorer Version 11 Boot Mode: Safe Mode (with Networking) The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\UserAccountControlSettings.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2862448 2012-08-06] (ELAN Microelectronics Corp.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191312 2012-08-07] (Realtek Semiconductor) HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [764032 2012-08-10] (Qualcomm Atheros) HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-08-10] (Atheros Communications) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2014-05-08] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation) HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-15] (Symantec Corporation) HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink) HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.) HKLM-x32\...\Run: [UIExec] => C:\Program Files (x86)\blueconnect\UIExec.exe [138072 2010-08-02] () HKLM-x32\...\RunOnce: [upfst_pl_164.exe] => C:\Users\Marcin\AppData\Local\fst_pl_164\upfst_pl_164.exe -runonce Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-4125748422-692980318-1900824796-1002\...\Run: [Trans] => C:\Program Files (x86)\Trans\trans.exe [3990960 2012-06-01] () HKU\S-1-5-21-4125748422-692980318-1900824796-1002\...\Run: [uTorrent] => C:\Users\Marcin\AppData\Roaming\uTorrent\uTorrent.exe [1266520 2014-04-23] (BitTorrent Inc.) HKU\S-1-5-21-4125748422-692980318-1900824796-1002\...\MountPoints2: {06108506-df20-11e3-bed3-50b7c381962d} - "E:\AutoRun.exe" HKU\S-1-5-21-4125748422-692980318-1900824796-1002\...\MountPoints2: {22aa12c7-cd30-11e3-becf-50b7c381962d} - "E:\AutoRun.exe" HKU\S-1-5-21-4125748422-692980318-1900824796-1002\...\MountPoints2: {6fd6d95a-f8c2-11e3-bede-50b7c3bb83b2} - "E:\Startme.exe" HKU\S-1-5-21-4125748422-692980318-1900824796-1002\...\MountPoints2: {9f13ef6d-f6ac-11e3-bedd-50b7c3bb83b2} - "E:\AutoRun.exe" HKU\S-1-5-21-4125748422-692980318-1900824796-1002\...\MountPoints2: {d8346564-ada0-11e3-bec8-50b7c381962d} - "E:\AutoRun.exe" HKU\S-1-5-21-4125748422-692980318-1900824796-1002\...\MountPoints2: {d834704a-ada0-11e3-bec8-50b7c381962d} - "E:\AutoRun.exe" AppInit_DLLs: C:\Program Files (x86)\Movies => C:\Program Files (x86)\Movies File Not Found GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie URLSearchHook: HKLM-x32 - Default Value = {CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D} URLSearchHook: HKLM-x32 - SiteFinder - {CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D} - C:\Program Files (x86)\SiteFinder\SiteFinder.dll (Site Finder) StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - {A2206F64-B6D0-4E2D-874F-B4E42F8823FD} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS SearchScopes: HKLM-x32 - {A2206F64-B6D0-4E2D-874F-B4E42F8823FD} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language} SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language} SearchScopes: HKCU - {A2206F64-B6D0-4E2D-874F-B4E42F8823FD} URL = BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations) BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\IPS\IPSBHO.DLL (Symantec Corporation) Toolbar: HKLM-x32 - SiteFinder - {CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D} - C:\Program Files (x86)\SiteFinder\SiteFinder.dll (Site Finder) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{529ED694-D272-4724-9C79-6D01724D1A34}: [NameServer] 213.158.199.1 213.158.199.5 FireFox: ======== FF ProfilePath: C:\Users\Marcin\AppData\Roaming\Mozilla\Firefox\Profiles\690cvunm.default FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Marcin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF user.js: detected! => C:\Users\Marcin\AppData\Roaming\Mozilla\Firefox\Profiles\690cvunm.default\user.js FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npBitCometAgent.dll (BitComet) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Marcin\AppData\Roaming\Mozilla\Firefox\Profiles\690cvunm.default\searchplugins\metaCrawler.xml FF SearchPlugin: C:\Users\Marcin\AppData\Roaming\Mozilla\Firefox\Profiles\690cvunm.default\searchplugins\searchgol.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\delta-homes.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\webssearches.xml FF Extension: Plus-HD-V1.6c - C:\Users\Marcin\AppData\Roaming\Mozilla\Firefox\Profiles\690cvunm.default\Extensions\CUFCV96103896@VLCZ37079202.com [2014-08-25] FF Extension: No Name - C:\Users\Marcin\AppData\Roaming\Mozilla\Firefox\Profiles\690cvunm.default\Extensions\staged [2014-08-25] FF Extension: New tab - C:\Users\Marcin\AppData\Roaming\Mozilla\Firefox\Profiles\690cvunm.default\Extensions\{669E7F40-B964-7100-9E2C-16C6DAA58A01} [2013-11-28] FF Extension: Zapp - C:\Users\Marcin\AppData\Roaming\Mozilla\Firefox\Profiles\690cvunm.default\Extensions\{c22c1a80-3af2-449c-a94e-e15e7686e0ed} [2014-05-18] FF Extension: SmileysWeLove: Smileys for use with Facebook, GMail, and more - C:\Users\Marcin\AppData\Roaming\Mozilla\Firefox\Profiles\690cvunm.default\Extensions\jid1-FB1bBgFMk5H6Wg@jetpack.xpi [2014-07-10] FF Extension: ToggleMark - C:\Users\Marcin\AppData\Roaming\Mozilla\Firefox\Profiles\690cvunm.default\Extensions\{9a9157bb-003e-4fef-8bd1-c09bc4586a28}.xpi [2014-07-22] FF Extension: LeechBlock - C:\Users\Marcin\AppData\Roaming\Mozilla\Firefox\Profiles\690cvunm.default\Extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}.xpi [2014-07-21] FF Extension: BonanzaDeals - C:\Users\Marcin\AppData\Roaming\Mozilla\Firefox\Profiles\690cvunm.default\Extensions\{f9d03c26-0575-497e-821d-f7956d23e0ca}.xpi [2013-12-21] FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn [2014-08-26] FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFFPlgn FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFFPlgn [2013-03-26] FF Extension: No Name - C:\Users\Marcin\AppData\Roaming\Mozilla\Firefox\Profiles\690cvunm.default\extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}.xpi [2014-07-21] FF Extension: Plus-HD-V1.6c - C:\Users\Marcin\AppData\Roaming\Mozilla\Firefox\Profiles\690cvunm.default\extensions\CUFCV96103896@VLCZ37079202.com [2014-08-25] Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com/ CHR DefaultSearchKeyword: Default -> webssearches CHR DefaultSearchProvider: Default -> webssearches CHR DefaultSearchURL: Default -> http://istart.webssearches.com/web/?type=ds&ts=1404975726&from=pjr&uid=ST500LM012XHN-M500MBB_S2RSJ9KCB12145&q={searchTerms} CHR DefaultSuggestURL: Default -> CHR Profile: C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Dokumenty Google) - C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-07] CHR Extension: (Dysk Google) - C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-07] CHR Extension: (YouTube) - C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-07] CHR Extension: (Szukaj w Google) - C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-07] CHR Extension: (Google Wallet) - C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-07] CHR Extension: (Gmail) - C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-07] CHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\Exts\Chrome.crx [2014-05-02] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211584 2012-08-10] (Qualcomm Atheros Commnucations) S2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593976 2012-09-05] (Samsung Electronics CO., LTD.) S2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] () S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation) S2 Internet Manager. RunOuc; C:\Program Files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [224096 2011-06-17] () S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation) S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation) S2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-15] (Symantec Corporation) S3 RaMediaServer; C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [1863680 2012-07-06] (Ralink) [File not signed] S2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG PC TuneUp 2014\TuneUpUtilitiesService64.exe [2099000 2013-10-12] (AVG) S2 UI Assistant Service; C:\Program Files (x86)\blueconnect\AssistantServices.exe [247152 2010-08-02] () S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation) S2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-08-10] (Atheros) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20130515.001\BHDrvx64.sys [1390680 2013-04-13] (Symantec Corporation) S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-10] (Qualcomm Atheros) S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation) S1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation) S3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1405000.01C\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation) S1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink) S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-03-26] (Symantec Corporation) S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2013-03-26] (Symantec Corporation) S3 huawei_wwanecm; C:\Windows\system32\DRIVERS\ew_juwwanecm.sys [239104 2012-09-18] (Huawei Technologies Co., Ltd.) S3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20130522.001\IDSvia64.sys [513184 2013-03-23] (Symantec Corporation) S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20130523.003\ENG64.SYS [126040 2013-05-22] (Symantec Corporation) S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20130523.003\EX64.SYS [2098776 2013-05-22] (Symantec Corporation) R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider) S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2012-11-29] (Windows (R) 2003 DDK 3790 provider) S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1405000.01C\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation) S3 SRTSPX; C:\Windows\system32\drivers\NISx64\1405000.01C\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation) S3 SymDS; C:\Windows\system32\drivers\NISx64\1405000.01C\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation) S3 SymEFA; C:\Windows\system32\drivers\NISx64\1405000.01C\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation) S4 SymELAM; C:\Windows\system32\drivers\NISx64\1405000.01C\SymELAM.sys [23448 2012-06-20] (Symantec Corporation) S3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-20] (Symantec Corporation) S3 SymIRON; C:\Windows\system32\drivers\NISx64\1405000.01C\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation) S3 SymNetS; C:\Windows\System32\Drivers\NISx64\1405000.01C\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation) S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG PC TuneUp 2014\TuneUpUtilitiesDriver64.sys [14112 2013-09-18] (TuneUp Software) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-25 16:39 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-26 07:44 - 2013-11-26 12:00 - 00000000 ____D () C:\Users\Marcin 2014-08-26 07:43 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI 2014-08-26 07:40 - 2013-11-26 19:14 - 00004000 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{2FE4D77E-862C-42C9-96FE-BCCC63E8EA7C} 2014-08-26 07:26 - 2013-11-26 12:18 - 02035495 _____ () C:\WINDOWS\WindowsUpdate.log 2014-08-26 07:16 - 2013-03-26 09:46 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4125748422-692980318-1900824796-1002 2014-08-25 19:48 - 2013-09-29 21:06 - 00103834 _____ () C:\WINDOWS\PFRO.log 2014-08-25 19:37 - 2013-09-30 06:15 - 01825074 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-08-25 19:37 - 2013-09-30 06:00 - 00807160 _____ () C:\WINDOWS\system32\perfh015.dat 2014-08-25 19:37 - 2013-09-30 06:00 - 00163478 _____ () C:\WINDOWS\system32\perfc015.dat 2014-08-25 19:36 - 2013-08-22 16:46 - 00362855 _____ () C:\WINDOWS\setupact.log 2014-08-23 13:08 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM 2014-08-22 07:09 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2014-07-31 23:26 - 2013-03-26 12:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-08-26 07:16 ==================== End Of Log ============================