Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-10-2014 Ran by Mateusz (administrator) on TOMEK-KOMPUTER on 30-10-2014 17:23:47 Running from C:\Users\Mateusz\Desktop Loaded Profile: Mateusz (Available profiles: Tomek & Mateusz) Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Polski (Polska) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (Microsoft Corporation) C:\Windows\System32\audiodg.exe () C:\Programy\360\Total Security\safemon\QHActiveDefense.exe (AMD) C:\Windows\System32\atieclxx.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (MICRO-STAR INTERNATIONAL CO., LTD.) C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe () C:\Windows\System32\PnkBstrA.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe (Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe () C:\Programy\360\Total Security\safemon\QHSafeTray.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7174728 2013-03-29] (Realtek Semiconductor) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated) HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-11] (Intel Corporation) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation) HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated) HKLM-x32\...\Run: [QHSafeTray] => C:\Programy\360\Total Security\safemon\QHSafeTray.exe [1791816 2014-10-21] () HKU\S-1-5-21-606281877-1479866930-3929170589-1003\...\Run: [Windows(R) Statistics Service] => C:\ProgramData\WinSTAT\WinSTAT.exe HKU\S-1-5-21-606281877-1479866930-3929170589-1003\...\MountPoints2: {34fa0274-23c9-11e4-a651-806e6f6e6963} - E:\cda_menu.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://pl.msn.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB8D0B2FEDDB7CF01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pl-PL BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Mateusz\AppData\Roaming\Mozilla\Firefox\Profiles\pvnf0h59.default FF Homepage: google.pl FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB) FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-09-25] FF HKLM-x32\...\Firefox\Extensions: [WebProtection@360safe.com] - C:\Programy\360\Total Security\safemon\webprotection_firefox FF Extension: 360网页保护 - C:\Programy\360\Total Security\safemon\webprotection_firefox [2014-10-29] Chrome: ======= ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) R2 MSI_Trigger_Service; C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe [30240 2013-04-18] (MICRO-STAR INTERNATIONAL CO., LTD.) R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-09-13] () R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2014-09-13] () R2 QHActiveDefense; C:\Programy\360\Total Security\safemon\QHActiveDefense.exe [707184 2014-10-21] () S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] S2 jhi_service; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker64.sys [100424 2014-10-21] (360.cn) R3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [77896 2014-10-21] (360.cn) R1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [305736 2014-10-21] (360.cn) S3 360Camera; C:\Windows\System32\Drivers\360Camera64.sys [40520 2014-10-21] (360.cn) R1 360FsFlt; C:\Windows\System32\DRIVERS\360FsFlt.sys [312400 2014-10-21] (Qihu 360 Software Co., Ltd.) R1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [180816 2014-10-21] (Qihu 360 Software Co., Ltd.) R2 mi2c; C:\Windows\system32\drivers\mi2c.sys [20784 2014-09-03] (Nicomsoft Ltd.) S3 RTCore64; C:\Programy\MSI Afterburner\RTCore64.sys [13368 2013-03-11] () R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) S3 xb1usb; C:\Windows\System32\DRIVERS\xb1usb.sys [34016 2014-05-27] (Microsoft Corporation) S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-30 17:24 - 2014-10-30 17:24 - 00000000 ____D () C:\Users\Mateusz\Desktop\Stare dane programu Firefox 2014-10-30 17:23 - 2014-10-30 17:25 - 00009525 _____ () C:\Users\Mateusz\Desktop\FRST.txt 2014-10-30 17:23 - 2014-10-30 17:11 - 02113536 _____ (Farbar) C:\Users\Mateusz\Desktop\FRST64.exe 2014-10-30 17:21 - 2014-10-30 17:21 - 00019134 _____ () C:\Users\Tomek\Desktop\Addition.txt 2014-10-30 17:20 - 2014-10-30 17:21 - 00019815 _____ () C:\Users\Tomek\Desktop\FRST.txt 2014-10-30 17:18 - 2014-10-30 17:18 - 00000000 ____D () C:\Users\Tomek\Desktop\Stare dane programu Firefox 2014-10-30 17:11 - 2014-10-30 17:23 - 00000000 ____D () C:\FRST 2014-10-30 17:11 - 2014-10-30 17:11 - 02113536 _____ (Farbar) C:\Users\Tomek\Desktop\FRST64.exe 2014-10-30 13:43 - 2014-10-30 13:43 - 00000000 ____D () C:\Users\Mateusz\AppData\Roaming\360safe 2014-10-29 23:29 - 2014-10-30 17:21 - 00000000 __SHD () C:\ProgramData\360Quarant 2014-10-29 23:29 - 2014-10-30 17:21 - 00000000 __SHD () C:\$360Section 2014-10-29 21:54 - 2014-10-29 21:54 - 00000000 ____D () C:\Windows\Tasks\360Disabled 2014-10-29 21:46 - 2014-10-29 21:54 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\360safe 2014-10-29 21:46 - 2014-10-29 21:54 - 00000000 ____D () C:\ProgramData\360safe 2014-10-29 21:46 - 2014-10-21 16:52 - 00077896 _____ (360.cn) C:\Windows\system32\Drivers\360AvFlt.sys 2014-10-29 21:46 - 2014-10-21 16:52 - 00023752 _____ (360安全中心) C:\Windows\system32\Drivers\efimon.sys 2014-10-29 21:45 - 2014-10-29 21:45 - 00000887 _____ () C:\Users\Tomek\Desktop\360 Total Security.lnk 2014-10-29 21:45 - 2014-10-29 21:45 - 00000000 _RSHD () C:\360SANDBOX 2014-10-29 21:45 - 2014-10-29 21:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\360 Security Center 2014-10-29 21:45 - 2014-10-21 16:52 - 00312400 _____ (Qihu 360 Software Co., Ltd.) C:\Windows\system32\Drivers\360fsflt.sys 2014-10-29 21:45 - 2014-10-21 16:52 - 00305736 _____ (360.cn) C:\Windows\system32\Drivers\360Box64.sys 2014-10-29 21:45 - 2014-10-21 16:52 - 00180816 _____ (Qihu 360 Software Co., Ltd.) C:\Windows\system32\Drivers\BAPIDRV64.SYS 2014-10-29 21:45 - 2014-10-21 16:52 - 00100424 _____ (360.cn) C:\Windows\system32\Drivers\360AntiHacker64.sys 2014-10-29 21:45 - 2014-10-21 16:52 - 00040520 _____ (360.cn) C:\Windows\system32\Drivers\360Camera64.sys 2014-10-27 21:02 - 2014-10-27 21:02 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-10-27 19:20 - 2014-10-27 19:20 - 00000000 ____D () C:\Users\Tomek\Desktop\Transformers.Age.of.Extinction..2014..PL.480p.BRRip.XViD.AC3.OzW 2014-10-26 21:57 - 2014-10-26 21:57 - 00078303 _____ () C:\Users\Mateusz\Desktop\bookfile.jar 2014-10-26 21:57 - 2014-10-26 21:57 - 00000363 _____ () C:\Users\Mateusz\Desktop\bookfile.jad 2014-10-26 18:36 - 2014-10-26 13:38 - 00001529 _____ () C:\Users\Tomek\Desktop\hardware_settings_config.xml 2014-10-26 15:25 - 2014-10-26 15:26 - 03300110 _____ () C:\Users\Mateusz\Downloads\DAR_Protractor09303.zip 2014-10-25 20:13 - 2014-10-25 20:15 - 15299383 _____ () C:\Users\Mateusz\Downloads\R15_S-51_23_70599.rar 2014-10-23 13:47 - 2014-10-23 13:47 - 00000000 ____D () C:\Users\Mateusz\AppData\Local\Red 5 Studios 2014-10-23 13:46 - 2014-10-23 13:46 - 00000000 ____D () C:\Users\Mateusz\Documents\Firefall 2014-10-23 09:30 - 2014-10-23 09:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Red 5 Studios 2014-10-22 15:00 - 2014-10-22 15:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xiph.Org 2014-10-22 14:59 - 2014-10-22 14:59 - 00000000 ____D () C:\Program Files (x86)\Xiph.Org 2014-10-22 14:56 - 2014-10-22 14:57 - 18474128 _____ () C:\Users\Mateusz\Downloads\FirefallInstaller.exe 2014-10-21 17:42 - 2014-10-22 17:35 - 00000000 ____D () C:\Users\Tomek\Documents\wmd_symbol_cache 2014-10-21 17:42 - 2014-10-21 18:56 - 00000000 ____D () C:\Users\Tomek\Documents\CARS 2014-10-20 21:04 - 2014-10-20 21:04 - 00276608 _____ () C:\Windows\Minidump\102014-17846-01.dmp 2014-10-19 18:52 - 2014-10-26 21:56 - 00012285 _____ () C:\Users\Mateusz\Desktop\Bitwa pod grunwaldem, Tadeusz Borowski.txt 2014-10-19 09:35 - 2014-10-20 21:04 - 449755390 _____ () C:\Windows\MEMORY.DMP 2014-10-19 09:35 - 2014-10-20 21:04 - 00000000 ____D () C:\Windows\Minidump 2014-10-19 09:35 - 2014-10-19 09:35 - 00276664 _____ () C:\Windows\Minidump\101914-25755-01.dmp 2014-10-19 07:27 - 2014-10-19 07:27 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner 2014-10-19 07:25 - 2014-10-19 07:25 - 00001234 _____ () C:\Users\Tomek\Desktop\Ryder PSSG Editor — skrót.lnk 2014-10-18 14:18 - 2014-10-18 14:22 - 109199252 _____ () C:\Users\Mateusz\Downloads\RP.zip 2014-10-17 18:33 - 2014-10-22 17:20 - 00000000 ____D () C:\Users\Tomek\Desktop\Lotus, nico Original Gloves 2014-10-17 15:05 - 2014-10-17 15:05 - 00001628 _____ () C:\Users\Tomek\Desktop\F1 2014 — skrót.lnk 2014-10-16 16:19 - 2014-10-16 16:38 - 00000000 ____D () C:\Users\Tomek\Documents\Assetto Corsa 2014-10-16 15:54 - 2014-10-16 15:54 - 00000000 ____D () C:\Program Files (x86)\Steam Games 2014-10-16 14:53 - 2014-10-16 14:56 - 26943021 _____ () C:\Users\Mateusz\Downloads\G17_JagdPzIV_62_MuleMobile_Hommer.rar 2014-10-14 16:18 - 2014-10-14 16:18 - 00000000 ____D () C:\Users\Tomek\.ka0sdashboard 2014-10-14 11:39 - 2014-10-14 12:31 - 00000000 ____D () C:\Users\Mateusz\AppData\Roaming\tor 2014-10-14 08:54 - 2014-10-14 08:54 - 00000000 ____D () C:\Users\Mateusz\Desktop\audio 2014-10-14 08:33 - 2014-10-14 08:43 - 192860373 _____ () C:\Users\Mateusz\Downloads\GnomeFathers engines 0.581.zip 2014-10-10 16:52 - 2014-10-10 16:52 - 00000000 ____D () C:\Users\Mateusz\AppData\Roaming\Wargaming.net 2014-10-05 11:12 - 2014-10-05 11:12 - 00000000 ____D () C:\Users\Mateusz\Documents\NinjaBlade 2014-10-04 14:05 - 2014-10-07 15:01 - 00000000 ____D () C:\Users\Mateusz\Desktop\Zuwaka_First_Demo 2014-10-04 10:39 - 2014-10-04 14:03 - 00000000 ____D () C:\Users\Mateusz\Documents\My Games ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-30 17:22 - 2014-08-14 16:46 - 01077565 _____ () C:\Windows\WindowsUpdate.log 2014-10-30 17:22 - 2014-05-16 17:06 - 00049815 _____ () C:\Windows\setupact.log 2014-10-30 17:22 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-10-30 17:21 - 2014-08-16 14:18 - 00003012 _____ () C:\Windows\System32\Tasks\MSIAfterburner 2014-10-30 17:19 - 2011-04-12 14:21 - 00739694 _____ () C:\Windows\system32\perfh015.dat 2014-10-30 17:19 - 2011-04-12 14:21 - 00155268 _____ () C:\Windows\system32\perfc015.dat 2014-10-30 17:19 - 2009-07-14 06:13 - 01668226 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-10-30 17:14 - 2014-08-14 18:01 - 00000930 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-10-30 17:14 - 2010-11-21 04:47 - 00032406 _____ () C:\Windows\PFRO.log 2014-10-29 23:29 - 2014-09-11 16:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 4 2014-10-29 23:29 - 2014-09-09 20:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 15 Demo 2014-10-29 23:29 - 2014-09-07 12:43 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\vlc 2014-10-29 23:29 - 2014-08-16 18:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam 2014-10-29 21:54 - 2009-07-14 04:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy 2014-10-29 21:54 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy 2014-10-29 21:45 - 2014-08-14 21:26 - 00000000 ____D () C:\Programy 2014-10-27 21:16 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system 2014-10-27 19:23 - 2009-07-14 05:45 - 00016640 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-10-27 19:23 - 2009-07-14 05:45 - 00016640 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-10-26 21:58 - 2014-08-21 18:41 - 03484422 _____ () C:\Users\Mateusz\Downloads\tcbr-2.2.27-2.3.5.zip 2014-10-23 07:05 - 2014-08-14 17:36 - 00000000 ____D () C:\Windows\System32\Tasks\Games 2014-10-22 19:19 - 2014-08-16 12:48 - 00000000 ___RD () C:\Users\Tomek\Desktop\GRY 2014-10-22 14:59 - 2014-08-15 18:23 - 00000000 ____D () C:\Windows\SysWOW64\directx 2014-10-21 02:16 - 2014-08-14 20:52 - 00000000 ____D () C:\Users\Tomek\AppData\Local\JDownloader v2.0 2014-10-19 07:25 - 2014-08-14 17:14 - 00000000 ____D () C:\Users\Tomek\Desktop\Sounds 2014-10-19 07:25 - 2014-08-14 17:12 - 00000000 ____D () C:\Users\Tomek\Desktop\Inne 2014-10-17 15:47 - 2014-09-07 07:03 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\tor 2014-10-17 14:03 - 2014-08-16 18:39 - 00000000 ____D () C:\Users\Tomek\Documents\My Games 2014-10-17 14:03 - 2014-08-16 18:39 - 00000000 ____D () C:\ProgramData\Codemasters 2014-10-16 19:22 - 2014-08-16 18:29 - 00000000 ____D () C:\Users\Tomek\Desktop\RPE 2.0.2012.0919 2014-10-14 16:18 - 2014-08-14 16:45 - 00000000 ____D () C:\Users\Tomek 2014-10-11 15:27 - 2014-08-15 07:37 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\Skype 2014-10-09 18:11 - 2014-09-05 15:08 - 00000000 ____D () C:\Program Files (x86)\Origin 2014-10-08 16:37 - 2009-07-14 06:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-10-07 14:16 - 2014-08-14 18:08 - 00000000 ____D () C:\Users\Mateusz\Downloads\Gameforge Live 2014-10-04 14:51 - 2014-08-14 16:50 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-10-04 14:51 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-26 17:49 ==================== End Of Log ============================