Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-10-2014 01 Ran by Czeczen (administrator) on DEMON on 11-10-2014 00:24:57 Running from D:\Downloads Loaded Profile: Czeczen (Available profiles: Czeczen) Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Polski (Polska) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (ESET) C:\Program Files\ESET\x86\ekrn.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe (ESET) C:\Program Files\ESET\egui.exe (AIMP DevTeam) C:\Program Files (x86)\AIMP3\AIMP3.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [egui] => C:\Program Files\ESET\egui.exe [5581888 2014-02-24] (ESET) HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-21-2136822903-1617746219-2212688325-1000\...\Run: [AIMP3] => C:\Program Files (x86)\AIMP3\AIMP3.exe [1703880 2014-09-12] (AIMP DevTeam) HKU\S-1-5-21-2136822903-1617746219-2212688325-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-2136822903-1617746219-2212688325-1000\...\MountPoints2: {a16f22a5-3855-11e4-895f-806e6f6e6963} - E:\DVDSetup.exe BootExecute: autocheck autochk * ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4 FireFox: ======== FF ProfilePath: C:\Users\Czeczen\AppData\Roaming\Mozilla\Firefox\Profiles\gpkziuq9.default FF Homepage: https://www.google.pl/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: Bitdefender QuickScan - C:\Users\Czeczen\AppData\Roaming\Mozilla\Firefox\Profiles\gpkziuq9.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2014-10-02] FF Extension: NASA Night Launch - C:\Users\Czeczen\AppData\Roaming\Mozilla\Firefox\Profiles\gpkziuq9.default\Extensions\nasanightlaunch@example.com.xpi [2014-09-10] FF Extension: Stylish - C:\Users\Czeczen\AppData\Roaming\Mozilla\Firefox\Profiles\gpkziuq9.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2014-09-10] FF Extension: YouTube High Definition - C:\Users\Czeczen\AppData\Roaming\Mozilla\Firefox\Profiles\gpkziuq9.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2014-09-10] FF Extension: Adblock Plus - C:\Users\Czeczen\AppData\Roaming\Mozilla\Firefox\Profiles\gpkziuq9.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-09-10] FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\Mozilla Thunderbird FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\Mozilla Thunderbird [2014-09-10] FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\Mozilla Thunderbird Chrome: ======= ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ekrn; C:\Program Files\ESET\x86\ekrn.exe [1343408 2014-02-24] (ESET) R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed] R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed] R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [149032 2012-10-22] () R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed] R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed] R2 Themes; C:\Windows\system32\themeservice.dll [44544 2014-09-13] (Microsoft Corporation) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 Cam3820; C:\Windows\System32\Drivers\cam3820a.sys [433536 2010-08-25] (CamVendor) R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET) U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [239296 2013-09-17] (ESET) R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET) R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [157432 2013-09-17] (ESET) R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20672 2014-09-10] (Glarysoft Ltd) R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [20968 2012-10-22] () R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [19944 2012-10-22] () R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46016 2012-10-22] () R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2014-10-10] () S3 NTIOLib_1_0_4; \??\C:\Program Files (x86)\MSI\Live Update\NTIOLib_X64.sys [X] S3 NTIOLib_MSISMB_CC; \??\C:\Program Files (x86)\MSI\ControlCenter\Sleep\NTIOLib_X64.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] U3 axldapog; \??\C:\Users\Czeczen\AppData\Local\Temp\axldapog.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-10 21:34 - 2014-10-11 00:24 - 00000000 ____D () C:\FRST 2014-10-10 12:30 - 2014-10-10 23:17 - 00000224 _____ () C:\Windows\setupact.log 2014-10-10 12:30 - 2014-10-10 21:14 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp 2014-10-10 12:30 - 2014-10-10 12:30 - 00000000 _____ () C:\Windows\setuperr.log 2014-10-10 12:28 - 2014-10-10 21:14 - 00000914 _____ () C:\Windows\PFRO.log 2014-10-10 09:17 - 2014-10-10 21:23 - 00000000 ____D () C:\AdwCleaner 2014-10-09 22:35 - 2014-10-09 22:35 - 00000000 ____D () C:\Program Files (x86)\Origin Games 2014-10-09 21:58 - 2014-10-09 22:35 - 00000000 ____D () C:\Users\Czeczen\AppData\Roaming\Origin 2014-10-09 21:58 - 2014-10-09 22:35 - 00000000 ____D () C:\Users\Czeczen\AppData\Local\Origin 2014-10-09 21:52 - 2014-10-09 22:36 - 00000000 ____D () C:\ProgramData\Origin 2014-10-09 21:52 - 2014-10-09 21:58 - 00000000 ____D () C:\Program Files (x86)\Origin 2014-10-09 21:52 - 2014-10-09 21:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin 2014-10-09 21:52 - 2014-10-09 21:52 - 00000000 ____D () C:\ProgramData\Electronic Arts 2014-10-08 23:58 - 2014-10-08 23:58 - 00000011 ____R () C:\Windows\amunres.lsl 2014-10-02 20:56 - 2014-10-10 21:14 - 00034752 _____ () C:\Windows\system32\Drivers\WPRO_41_2001.sys 2014-10-02 20:56 - 2014-10-02 20:56 - 00000000 ____D () C:\ProgramData\Intel 2014-10-02 20:56 - 2014-10-02 20:56 - 00000000 ____D () C:\Program Files\Intel 2014-10-02 20:34 - 2014-10-02 20:34 - 00000000 ____D () C:\Users\Czeczen\AppData\Roaming\VideoCap 2014-10-02 20:34 - 2014-10-02 20:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SW72011 2014-10-02 20:34 - 2014-10-02 20:34 - 00000000 ____D () C:\Program Files (x86)\SW72011 2014-10-02 20:34 - 2011-01-17 14:40 - 00000155 _____ () C:\Windows\system32\CoCam.ini 2014-10-02 20:34 - 2009-08-26 17:19 - 00000059 _____ () C:\Windows\system32\cam3820.ini 2014-10-02 20:24 - 2014-10-02 20:24 - 00000000 ____D () C:\Users\Czeczen\AppData\Roaming\QuickScan 2014-10-01 06:54 - 2014-09-25 04:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2014-10-01 06:54 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2014-09-30 13:55 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll 2014-09-30 13:55 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll 2014-09-30 13:55 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll 2014-09-30 13:55 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll 2014-09-30 13:55 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll 2014-09-30 13:55 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll 2014-09-30 13:55 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll 2014-09-30 13:55 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll 2014-09-30 13:55 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll 2014-09-30 13:55 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll 2014-09-30 13:54 - 2014-09-30 13:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xplosiv 2014-09-30 13:52 - 2014-09-30 13:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes 2014-09-30 13:52 - 2014-09-30 13:52 - 00000000 ____D () C:\Program Files (x86)\VirtualCloneDrive 2014-09-27 23:09 - 2014-09-27 23:09 - 00003510 _____ () C:\Users\Czeczen\AppData\Local\recently-used.xbel 2014-09-27 23:09 - 2014-09-27 23:09 - 00000000 ____D () C:\Users\Czeczen\AppData\Local\gtk-2.0 2014-09-25 06:18 - 2014-09-25 06:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-09-24 16:39 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-09-24 16:39 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-09-22 12:39 - 2014-09-22 12:39 - 00000795 _____ () C:\Users\Czeczen\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk 2014-09-22 12:38 - 2014-10-10 09:28 - 00000000 ____D () C:\Users\Czeczen\AppData\Roaming\uTorrent 2014-09-21 19:44 - 2014-09-21 19:44 - 00000000 ____D () C:\Users\Czeczen\.thumbnails 2014-09-21 19:43 - 2014-09-27 23:09 - 00000000 ____D () C:\Users\Czeczen\.gimp-2.8 2014-09-21 19:43 - 2014-09-21 19:43 - 00001120 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk 2014-09-21 19:43 - 2014-09-21 19:43 - 00000000 ____D () C:\Users\Czeczen\AppData\Local\gegl-0.2 2014-09-21 19:42 - 2014-09-21 19:43 - 00000000 ____D () C:\Program Files\GIMP 2 2014-09-18 15:42 - 2014-09-18 15:42 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0 2014-09-18 14:38 - 2014-10-10 09:28 - 00000000 ____D () C:\Users\Czeczen\AppData\Local\CrashDumps 2014-09-18 00:01 - 2014-09-18 00:01 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-09-18 00:00 - 2014-09-18 00:00 - 00000000 ____D () C:\Windows\pss 2014-09-17 14:58 - 2014-09-17 14:58 - 00000000 ____D () C:\Users\Czeczen\Documents\Camtasia Studio 2014-09-17 14:58 - 2014-09-17 14:58 - 00000000 ____D () C:\Users\Czeczen\AppData\Roaming\TechSmith 2014-09-17 14:58 - 2014-09-17 14:58 - 00000000 ____D () C:\Users\Czeczen\AppData\Local\TechSmith 2014-09-17 14:54 - 2014-09-17 14:54 - 00000000 ____D () C:\ProgramData\TechSmith 2014-09-17 14:54 - 2014-09-17 14:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith 2014-09-17 14:54 - 2014-09-17 14:54 - 00000000 ____D () C:\Program Files (x86)\QuickTime 2014-09-17 14:54 - 2014-09-17 14:54 - 00000000 ____D () C:\Program Files (x86)\Camtasia Studio 8 2014-09-17 09:05 - 2014-09-17 09:05 - 00000000 ____D () C:\Users\Czeczen\AppData\Local\HP 2014-09-17 09:03 - 2014-09-17 09:05 - 00000000 ____D () C:\Users\Czeczen\AppData\Roaming\HP 2014-09-17 09:03 - 2014-09-17 09:03 - 00000000 ____D () C:\ProgramData\WEBREG 2014-09-17 09:01 - 2014-09-17 09:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP 2014-09-17 09:01 - 2014-09-17 09:01 - 00001387 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Centrum obsługi HP.lnk 2014-09-17 09:01 - 2014-09-17 09:01 - 00000000 ____D () C:\ProgramData\HP Product Assistant 2014-09-17 08:59 - 2014-09-17 09:03 - 00001837 _____ () C:\ProgramData\hpzinstall.log 2014-09-17 08:59 - 2014-09-17 09:02 - 00177269 _____ () C:\Windows\hpoins14.dat 2014-09-17 08:59 - 2014-09-17 09:02 - 00000000 ____D () C:\ProgramData\HP 2014-09-17 08:59 - 2014-09-17 09:02 - 00000000 ____D () C:\Program Files (x86)\HP 2014-09-17 08:59 - 2009-10-08 04:00 - 00001498 ____N () C:\Windows\hpomdl14.dat 2014-09-17 08:59 - 2009-07-08 12:51 - 00861184 _____ (Hewlett-Packard) C:\Windows\system32\hpowiax3.dll 2014-09-17 08:59 - 2009-07-08 12:51 - 00729600 _____ (Hewlett-Packard Co.) C:\Windows\system32\hpotscl3.dll 2014-09-17 08:59 - 2009-07-08 12:51 - 00642360 _____ (Hewlett-Packard) C:\Windows\system32\hpzids40.dll 2014-09-17 08:59 - 2009-07-08 12:51 - 00540672 _____ (Hewlett-Packard) C:\Windows\system32\hppldcoi.dll 2014-09-17 08:59 - 2009-07-08 12:51 - 00497664 _____ (Hewlett-Packard Co.) C:\Windows\system32\hpovst10.dll 2014-09-17 08:48 - 2014-10-11 00:10 - 00000000 ____D () C:\Users\Czeczen\AppData\Roaming\Skype 2014-09-17 08:48 - 2014-09-17 08:48 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-09-17 08:48 - 2014-09-17 08:48 - 00000000 ____D () C:\Users\Czeczen\AppData\Local\Skype 2014-09-17 08:48 - 2014-09-17 08:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2014-09-17 08:47 - 2014-09-17 08:48 - 00000000 ____D () C:\ProgramData\Skype 2014-09-16 10:48 - 2014-09-16 10:49 - 00000000 ____D () C:\Users\Czeczen\.screenshooter 2014-09-16 10:48 - 2014-09-16 10:48 - 00000000 ____D () C:\Users\Czeczen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ScreenShooter 2014-09-16 10:48 - 2014-09-16 10:48 - 00000000 ____D () C:\Program Files (x86)\ScreenShooter 2014-09-16 10:46 - 2014-09-16 10:46 - 00000000 ____D () C:\Users\Czeczen\AppData\Local\ESET 2014-09-15 21:33 - 2014-09-15 21:33 - 00000000 ____D () C:\Users\Czeczen\AppData\Roaming\VOS 2014-09-13 22:36 - 2010-11-21 05:24 - 02755072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themeui.dll.backup 2014-09-13 22:36 - 2009-07-14 03:11 - 00245760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll.backup 2014-09-13 22:34 - 2010-11-21 05:23 - 02851840 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll.backup 2014-09-13 22:34 - 2009-07-14 03:41 - 00332288 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll.backup 2014-09-13 22:34 - 2009-07-14 03:41 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\themeservice.dll.backup 2014-09-12 23:47 - 2014-09-22 21:22 - 00000000 ____D () C:\Users\Czeczen\AppData\Roaming\vlc 2014-09-12 23:43 - 2014-09-12 23:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2014-09-12 23:43 - 2014-09-12 23:43 - 00000000 ____D () C:\Program Files (x86)\VideoLAN 2014-09-12 17:39 - 2014-10-10 15:20 - 00000000 ____D () C:\Users\Czeczen\AppData\Local\Microsoft Games 2014-09-12 12:41 - 2014-10-10 21:24 - 00000000 ____D () C:\Users\Czeczen\AppData\Roaming\AIMP3 2014-09-12 12:41 - 2014-09-12 12:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP3 2014-09-12 12:41 - 2014-09-12 12:41 - 00000000 ____D () C:\Program Files (x86)\AIMP3 2014-09-11 09:18 - 2014-09-11 09:18 - 00000000 ____D () C:\ProgramData\Hewlett-Packard ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-11 00:12 - 2014-09-09 22:21 - 00000930 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-10-10 21:21 - 2009-07-14 06:45 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-10-10 21:21 - 2009-07-14 06:45 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-10-10 21:18 - 2010-11-21 14:53 - 00740422 _____ () C:\Windows\system32\perfh015.dat 2014-10-10 21:18 - 2010-11-21 14:53 - 00155996 _____ () C:\Windows\system32\perfc015.dat 2014-10-10 21:18 - 2009-07-14 07:13 - 01670518 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-10-10 21:15 - 2014-09-09 21:18 - 01286301 _____ () C:\Windows\WindowsUpdate.log 2014-10-10 21:14 - 2014-09-10 12:20 - 00000336 _____ () C:\Windows\Tasks\GlaryInitialize 5.job 2014-10-10 21:14 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-10-10 09:29 - 2014-09-10 12:20 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 5 2014-10-10 09:19 - 2009-07-14 07:08 - 00032520 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-09-30 13:54 - 2014-09-09 21:23 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-09-26 22:00 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-09-25 15:58 - 2014-09-09 21:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-09-21 19:44 - 2014-09-09 21:20 - 00000000 ____D () C:\Users\Czeczen 2014-09-17 13:32 - 2009-07-14 06:45 - 00268832 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-09-17 09:04 - 2014-09-09 22:23 - 00058400 _____ () C:\Users\Czeczen\AppData\Local\GDIPFONTCACHEV1.DAT 2014-09-17 09:02 - 2009-07-14 04:34 - 00000438 _____ () C:\Windows\win.ini 2014-09-13 22:36 - 2010-11-21 05:24 - 02755072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themeui.dll 2014-09-13 22:36 - 2009-07-14 01:39 - 00245760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll 2014-09-13 22:34 - 2010-11-21 05:23 - 02851840 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll 2014-09-13 22:34 - 2009-07-14 01:55 - 00332288 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll 2014-09-13 22:34 - 2009-07-14 01:54 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\themeservice.dll 2014-09-11 09:12 - 2014-09-10 23:36 - 00000000 ____D () C:\ProgramData\Adobe Some content of TEMP: ==================== C:\Users\Czeczen\AppData\Local\Temp\gusetup6.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-06 15:35 ==================== End Of Log ============================