Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-10-2014 01 Ran by XxX (administrator) on PC_1_ON2 on 21-10-2014 21:07:13 Running from C:\Users\XxX\Downloads Loaded Profile: XxX (Available profiles: XxX) Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: Polski (Polska) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (LogMeIn, Inc.) C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe (Prolific Technology Inc.) C:\Windows\System32\IoctlSvc.exe (Razer Inc.) C:\Program Files\Razer\Razer Game Booster\RzKLService.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (GG Network S.A.) C:\Users\XxX\AppData\Local\GG\Application\gghub.exe (GG Network S.A.) C:\Users\XxX\AppData\Local\GG\Application\ggapp.exe (GG Network S.A.) C:\Users\XxX\AppData\Local\GG\Application\ggdrive\ggdrive.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (GG Network S.A.) C:\Users\XxX\AppData\Local\GG\Application\xulrunner\gghub.exe (Microsoft Corporation) C:\Windows\System32\audiodg.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10996368 2012-06-11] (Realtek Semiconductor) HKLM\...\Run: [amd_dc_opt] => D:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM\...\Run: [RazerGameBooster] => C:\Program Files\Razer\Razer Game Booster\RazerGameBooster.exe [61152 2014-02-25] (Razer Inc.) HKLM\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [3802448 2014-09-04] (LogMeIn Inc.) HKU\S-1-5-21-1298052079-2888746343-427970535-1001\...\Run: [uTorrent] => C:\Users\XxX\AppData\Roaming\uTorrent\uTorrent.exe [1270352 2014-04-29] (BitTorrent Inc.) HKU\S-1-5-21-1298052079-2888746343-427970535-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd) HKU\S-1-5-21-1298052079-2888746343-427970535-1001\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.) HKU\S-1-5-21-1298052079-2888746343-427970535-1001\...\MountPoints2: {e7652d1e-c867-11e3-a5fc-001fd034cc74} - J:\setup.exe HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries) HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2014-01-15] (Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) ShellIconOverlayIdentifiers: [GGDriveOverlay1] -> {E68D0A50-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll (GG Network S.A.) ShellIconOverlayIdentifiers: [GGDriveOverlay2] -> {E68D0A51-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll (GG Network S.A.) ShellIconOverlayIdentifiers: [GGDriveOverlay3] -> {E68D0A52-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll (GG Network S.A.) ShellIconOverlayIdentifiers: [GGDriveOverlay4] -> {E68D0A53-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll (GG Network S.A.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\..\Interfaces\{AABBD93A-A278-4E94-80B7-7A1123D195A5}: [NameServer] 8.8.8.8,8.8.4.4 FireFox: ======== FF ProfilePath: C:\Users\XxX\AppData\Roaming\Mozilla\Firefox\Profiles\7pn8z81u.default-1413808677140 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.1.3 -> D:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\XxX\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) Chrome: ======= ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-08-07] (Garmin Ltd or its subsidiaries) R2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1890128 2014-09-04] (LogMeIn Inc.) R2 LMIGuardianSvc; C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe [375056 2014-08-08] (LogMeIn, Inc.) S4 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed] R2 RzKLService; C:\Program Files\Razer\Razer Game Booster\RzKLService.exe [105448 2014-02-25] (Razer Inc.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2014-04-20] (Disc Soft Ltd) S3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd6.sys [44032 2009-07-14] (VIA Technologies, Inc. ) R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation) R3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [204432 2012-06-05] (Realtek Semiconductor Corp.) S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-21 19:50 - 2014-10-21 19:50 - 237924352 _____ () C:\Users\XxX\Downloads\TSR-S7580XXUBNI3-20141020154315.zip.part 2014-10-21 19:50 - 2014-10-21 19:50 - 00000000 _____ () C:\Users\XxX\Downloads\TSR-S7580XXUBNI3-20141020154315.zip 2014-10-21 18:19 - 2014-10-21 18:19 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf 2014-10-21 18:15 - 2014-10-21 18:15 - 00000000 ____D () C:\Users\XxX\Documents\SelfMV 2014-10-21 18:15 - 2014-06-16 08:01 - 01112288 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01007.dll 2014-10-21 18:15 - 2014-06-16 08:01 - 00581192 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller.dll 2014-10-21 18:15 - 2014-06-16 08:01 - 00184192 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudmdm.sys 2014-10-21 18:15 - 2014-06-16 08:01 - 00089856 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys 2014-10-21 18:14 - 2014-10-21 18:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung 2014-10-21 18:14 - 2014-09-24 18:54 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\Windows\system32\secman.dll 2014-10-20 23:32 - 2014-10-21 21:07 - 00009456 _____ () C:\Users\XxX\Downloads\FRST.txt 2014-10-20 22:16 - 2014-10-20 22:16 - 00000000 ____D () C:\Users\XxX\Downloads\FRST-OlderVersion 2014-10-20 14:39 - 2014-10-20 22:16 - 01102336 _____ (Farbar) C:\Users\XxX\Downloads\FRST.exe 2014-10-19 03:24 - 2014-10-20 14:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2014-10-19 03:24 - 2014-10-20 14:01 - 00000000 ____D () C:\Program Files\CCleaner 2014-10-18 11:38 - 2014-10-18 11:38 - 00067464 _____ () C:\ComboFix.txt 2014-10-18 11:16 - 2014-10-20 14:01 - 00000000 ___SD () C:\ComboFix 2014-10-18 01:54 - 2014-10-21 21:07 - 00000000 ____D () C:\FRST 2014-10-18 01:51 - 2014-10-18 01:51 - 00380416 _____ () C:\Users\XxX\Downloads\30pchywh.exe 2014-10-17 23:20 - 2014-10-18 11:41 - 00000000 ____D () C:\Users\XxX\Desktop\skany 2014-10-17 23:10 - 2014-10-17 23:10 - 00602112 _____ (OldTimer Tools) C:\Users\XxX\Downloads\OTL.exe 2014-10-14 00:14 - 2014-10-14 00:14 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-10-08 19:43 - 2014-10-08 19:43 - 00000000 ____D () C:\Users\XxX\Documents\PC_1_ON2 2014-10-08 19:43 - 2014-06-11 16:15 - 00000000 ____D () C:\Users\XxX\Desktop\Enemy.Front.PROPER-CODEX.Crack 2014-10-08 17:01 - 2014-10-08 17:01 - 00000613 _____ () C:\Users\Public\Desktop\Enemy Front.lnk 2014-10-08 17:01 - 2014-10-08 17:01 - 00000613 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Enemy Front.lnk 2014-10-07 14:32 - 2014-10-07 14:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi 2014-10-07 14:32 - 2014-10-07 14:32 - 00000000 ____D () C:\Program Files\LogMeIn Hamachi 2014-10-06 15:11 - 2014-10-06 15:11 - 00000083 _____ () C:\Windows\wwp_game.INI 2014-10-05 20:47 - 2014-10-05 20:50 - 1280340505 _____ () C:\Users\XxX\Documents\Need for Speed - Cały Film PL.mp4 2014-10-05 19:09 - 2014-10-05 19:09 - 00000000 ____D () C:\ProgramData\YTD Video Downloader 2014-10-05 19:08 - 2014-10-05 19:08 - 00001247 _____ () C:\Users\Public\Desktop\YTD Video Downloader.lnk 2014-10-05 19:08 - 2014-10-05 19:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader 2014-10-05 19:08 - 2014-10-05 19:08 - 00000000 ____D () C:\Program Files\GreenTree Applications 2014-10-03 16:04 - 2014-10-03 16:04 - 00000738 _____ () C:\Users\XxX\Documents\warspear.CT 2014-10-03 15:42 - 2014-10-03 15:42 - 00000000 ____D () C:\Users\XxX\Documents\My Cheat Tables 2014-09-30 16:46 - 2014-09-30 16:46 - 00000000 ____D () C:\Users\XxX\Documents\7 Days To Die 2014-09-30 16:25 - 2014-09-30 16:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GMT-MAX.ORG 2014-09-30 16:23 - 2014-09-30 16:23 - 00000000 ____D () C:\Program Files\GMT-MAX.ORG 2014-09-25 20:22 - 2014-09-25 20:22 - 00000681 _____ () C:\Users\Public\Desktop\Dark Crusade.lnk 2014-09-25 20:20 - 2014-09-25 20:20 - 00000000 ____D () C:\Users\XxX\AppData\Roaming\InstallShield 2014-09-25 15:53 - 2014-10-20 14:01 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-09-24 13:02 - 2014-09-24 13:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft 2014-09-24 13:02 - 2003-11-14 16:12 - 00518416 ____R (Microsoft Corporation) C:\Windows\system32\MSXML.DLL 2014-09-23 10:17 - 2014-09-23 10:17 - 00000083 _____ () C:\Windows\wwp.INI 2014-09-23 10:16 - 2014-09-23 10:16 - 00000499 _____ () C:\Users\Public\Desktop\Worms World Party.lnk 2014-09-23 10:16 - 2014-09-23 10:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Team17 ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-21 20:21 - 2014-01-02 20:25 - 00000930 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-10-21 19:35 - 2009-07-14 06:39 - 00105723 _____ () C:\Windows\setupact.log 2014-10-21 18:15 - 2014-05-11 14:32 - 00000000 ____D () C:\Users\XxX\AppData\Roaming\Samsung 2014-10-21 18:15 - 2014-05-11 14:29 - 00000000 ____D () C:\Program Files\Samsung 2014-10-21 18:14 - 2014-01-15 14:09 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2014-10-21 15:58 - 2014-02-12 22:02 - 00000000 ____D () C:\Users\XxX\AppData\Roaming\GG 2014-10-21 13:51 - 2014-01-02 20:13 - 01975750 _____ () C:\Windows\WindowsUpdate.log 2014-10-21 13:49 - 2014-01-12 20:14 - 00000000 ____D () C:\Users\XxX\AppData\Local\LogMeIn Hamachi 2014-10-21 13:49 - 2014-01-03 21:54 - 00000000 ____D () C:\Users\XxX\AppData\Roaming\uTorrent 2014-10-21 13:49 - 2014-01-03 02:30 - 00000000 ____D () C:\Users\XxX\AppData\Roaming\Skype 2014-10-21 13:48 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-10-20 23:32 - 2014-04-14 19:16 - 00000008 __RSH () C:\Users\XxX\ntuser.pol 2014-10-20 23:32 - 2014-01-30 22:56 - 00000008 __RSH () C:\ProgramData\ntuser.pol 2014-10-20 23:32 - 2014-01-02 20:17 - 00000000 ____D () C:\Users\XxX 2014-10-20 23:24 - 2009-07-14 04:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy 2014-10-20 23:03 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\wfp 2014-10-20 23:03 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF 2014-10-20 23:03 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\registration 2014-10-20 14:02 - 2014-06-07 16:40 - 00000000 ____D () C:\Windows\erdnt 2014-10-20 14:02 - 2014-01-02 20:25 - 00000000 ____D () C:\Windows\system32\Macromed 2014-10-20 14:02 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\pl-PL 2014-10-20 14:01 - 2009-07-14 10:28 - 00000000 ___RD () C:\Users\Public\Recorded TV 2014-10-20 14:00 - 2014-01-03 22:46 - 00000000 ____D () C:\Users\XxX\AppData\Roaming\DAEMON Tools Lite 2014-10-20 13:59 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public 2014-10-19 03:28 - 2014-01-02 20:10 - 00000000 ____D () C:\Windows\Panther 2014-10-18 11:47 - 2014-03-10 01:14 - 00000453 _____ () C:\Users\XxX\AppData\Roaming\Microsoft\Windows\Start Menu\Fixitpc.pl.website 2014-10-18 11:42 - 2014-06-07 16:41 - 00000000 ____D () C:\Qoobox 2014-10-15 20:34 - 2014-03-05 16:29 - 00000000 ____D () C:\Users\XxX\AppData\Roaming\vlc 2014-10-15 20:34 - 2014-01-02 20:22 - 01669190 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-10-15 20:34 - 2009-07-14 10:07 - 00740098 _____ () C:\Windows\system32\perfh015.dat 2014-10-15 20:34 - 2009-07-14 10:07 - 00155672 _____ () C:\Windows\system32\perfc015.dat 2014-10-13 22:49 - 2014-03-07 13:46 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR 2014-10-13 19:45 - 2014-01-03 02:30 - 00000000 ___RD () C:\Program Files\Skype 2014-10-13 19:45 - 2014-01-03 02:30 - 00000000 ____D () C:\ProgramData\Skype 2014-10-08 18:07 - 2009-07-14 06:34 - 00010128 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-10-08 18:07 - 2009-07-14 06:34 - 00010128 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-10-07 17:55 - 2014-07-19 13:36 - 00000000 ____D () C:\Users\XxX\AppData\Roaming\TS3Client 2014-10-06 20:24 - 2014-01-03 18:56 - 00000000 ____D () C:\Users\XxX\Documents\VirtualDJ 2014-10-06 11:55 - 2014-01-03 22:52 - 00267314 _____ () C:\Windows\PFRO.log 2014-10-05 05:53 - 2014-05-11 14:32 - 00000000 ____D () C:\Users\XxX\AppData\Local\Samsung 2014-10-05 05:52 - 2014-05-11 14:29 - 00000000 ____D () C:\ProgramData\Samsung 2014-10-05 05:51 - 2014-09-14 12:45 - 00000000 ____D () C:\Program Files\Nitro PDF 2014-10-05 05:50 - 2014-02-15 00:13 - 00000000 ____D () C:\Program Files\Tasker 2014-10-05 05:50 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-10-05 05:49 - 2014-04-14 19:09 - 00000000 ____D () C:\Program Files\Techland 2014-10-05 05:48 - 2014-05-11 17:35 - 00000000 ____D () C:\Users\XxX\AppData\Roaming\Craften Terminal 2014-10-05 05:48 - 2014-01-09 16:29 - 00000000 ____D () C:\Games 2014-10-05 05:46 - 2014-05-19 00:10 - 00000000 ____D () C:\Users\XxX\AppData\Local\Deployment 2014-10-05 05:45 - 2014-03-26 13:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ 2014-10-02 18:42 - 2014-02-12 22:02 - 00000000 ____D () C:\Users\XxX\AppData\Local\GG 2014-09-30 16:26 - 2014-03-14 18:04 - 00000000 ____D () C:\Windows\system32\directx 2014-09-29 15:16 - 2014-01-02 20:25 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-09-29 15:16 - 2014-01-02 20:25 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-09-26 18:20 - 2014-03-10 13:07 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-09-25 20:26 - 2014-01-05 19:09 - 00100054 _____ () C:\Windows\DirectX.log 2014-09-24 13:03 - 2014-01-03 22:56 - 00000000 ____D () C:\Users\XxX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games Some content of TEMP: ==================== C:\Users\XxX\AppData\Local\temp\BingBarSetup-Partner.exe C:\Users\XxX\AppData\Local\temp\EpsonInkjetDriverDownloader.EXE C:\Users\XxX\AppData\Local\temp\ggdrive-menu.exe C:\Users\XxX\AppData\Local\temp\ggdrive-overlay.exe C:\Users\XxX\AppData\Local\temp\installstats.exe C:\Users\XxX\AppData\Local\temp\ochelper.exe C:\Users\XxX\AppData\Local\temp\pyl3B7D.tmp.exe C:\Users\XxX\AppData\Local\temp\pyl79A5.tmp.exe C:\Users\XxX\AppData\Local\temp\Quarantine.exe C:\Users\XxX\AppData\Local\temp\SkypeSetup.exe C:\Users\XxX\AppData\Local\temp\Uninstall.exe C:\Users\XxX\AppData\Local\temp\xmlUpdater.exe C:\Users\XxX\AppData\Local\temp\_is6B48.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-16 15:59 ==================== End Of Log ============================