Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-12-2014 Ran by rambo (administrator) on RAMBO_EPKK on 19-12-2014 01:43:44 Running from C:\FIXITPC Loaded Profile: rambo (Available profiles: rambo) Platform: Microsoft Windows 7 Professional N Service Pack 1 (X86) OS Language: Polski (Polska) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe () C:\Program Files\Admin\BufferZone\ClntSvc.exe () C:\Program Files\Admin\BufferZone\BZRpcSs.exe () C:\Program Files\Admin\BufferZone\BZDcomLaunch.exe (Emsisoft GmbH) C:\Program Files\Security\Online Armor\oacat.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Emsisoft GmbH) C:\Program Files\Security\Online Armor\oasrv.exe (Kingsoft Corporation) C:\Program Files\kingsoft\kingsoft antivirus\kxescore.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe (Emsisoft GmbH) C:\Program Files\Security\Online Armor\oaui.exe (Kingsoft Corporation) C:\Program Files\kingsoft\kingsoft antivirus\kxetray.exe (Emsisoft GmbH) C:\Program Files\Security\Online Armor\oahlp.exe () C:\Program Files\Admin\BufferZone\ClientGUI.exe (Apple Inc.) C:\Program Files\Audio\iTunes\iTunesHelper.exe () C:\Program Files\Admin\Launchy\Launchy.exe (Mega Limited) C:\Users\rambo\AppData\Local\MEGAsync\MEGAsync.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Sysinternals - www.sysinternals.com) E:\Programy\Programy portable\Admin\ProcessExplorer\procexp.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Kingsoft Corporation) C:\Program Files\kingsoft\kingsoft antivirus\kupdata.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe () C:\Users\rambo\Downloads\FIXITPC\FRST.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12021464 2014-05-09] (Realtek Semiconductor) HKLM\...\Run: [NVRaidService] => C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe [163944 2010-04-09] (NVIDIA Corporation) HKLM\...\Run: [@OnlineArmor GUI] => C:\Program Files\Security\Online Armor\oaui.exe [7558464 2013-10-11] (Emsisoft GmbH) HKLM\...\Run: [kxesc] => c:\program files\kingsoft\kingsoft antivirus\kxetray.exe [1595056 2014-11-17] (Kingsoft Corporation) HKLM\...\Run: [BufferZone] => C:\Program Files\Admin\BufferZone\CLIENTGUI.EXE [3408808 2013-12-29] () HKLM\...\Run: [iTunesHelper] => C:\Program Files\Audio\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.) HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-21-437592956-270204519-1642714051-1001\...\Run: [Klipfolio] => C:\Program Files\Klipfolio\Klipfolio.exe [1701904 2014-11-06] (Klipfolio Inc.) IFEO\taskmgr.exe: [Debugger] "E:\PROGRAMY\PROGRAMY PORTABLE\ADMIN\PROCESSEXPLORER\PROCEXP.EXE" Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Launchy.lnk ShortcutTarget: Launchy.lnk -> C:\Program Files\Admin\Launchy\Launchy.exe () Startup: C:\Users\rambo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk ShortcutTarget: MEGAsync.lnk -> C:\Users\rambo\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited) ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\rambo\AppData\Local\MEGAsync\ShellExtX32.dll () ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\rambo\AppData\Local\MEGAsync\ShellExtX32.dll () ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\rambo\AppData\Local\MEGAsync\ShellExtX32.dll () ShellIconOverlayIdentifiers: [0_sxBZOverlayIcon] -> {6457FB0A-5C02-4393-909C-2139A5D5571F} => C:\Windows\system32\RlShellExt.dll (TODO: ) ShellIconOverlayIdentifiers: [0_sxConfidentialOIcon] -> {871FE18B-B68D-4437-BC76-6634996CDB97} => C:\Windows\system32\RlShellExt.dll (TODO: ) ShellIconOverlayIdentifiers: [0_sxForbiddenOIcon] -> {1F03249C-6AB2-4E31-8C10-86F7E31E3B4E} => C:\Windows\system32\RlShellExt.dll (TODO: ) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-437592956-270204519-1642714051-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://deon.pl/ SearchScopes: HKU\S-1-5-21-437592956-270204519-1642714051-1001 -> DefaultScope {C78A7758-718E-4E3E-8FEE-F8CF1C37E10F} URL = http://www.google.com/search?hl=pl&q={searchTerms} SearchScopes: HKU\S-1-5-21-437592956-270204519-1642714051-1001 -> {C78A7758-718E-4E3E-8FEE-F8CF1C37E10F} URL = http://www.google.com/search?hl=pl&q={searchTerms} BHO: BufferZone Web Privacy Manager -> {311BA51F-64F2-439D-9A4A-772373D77312} -> C:\Program Files\Admin\BufferZone\BZbho.dll (Trustware) ShellExecuteHooks: OA Shell Helper - {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Security\Online Armor\oaevent.dll [1033968 2013-10-11] (Emsisoft GmbH) Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\rambo\AppData\Roaming\Mozilla\Firefox\Profiles\si0vca03.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_239.dll () FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\Audio\iTunes\Mozilla Plugins\npitunes.dll () FF Extension: WOT - C:\Users\rambo\AppData\Roaming\Mozilla\Firefox\Profiles\si0vca03.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-12-04] FF Extension: anonymoX - C:\Users\rambo\AppData\Roaming\Mozilla\Firefox\Profiles\si0vca03.default\Extensions\client@anonymox.net.xpi [2014-12-03] FF Extension: The Addon Bar (restored) - C:\Users\rambo\AppData\Roaming\Mozilla\Firefox\Profiles\si0vca03.default\Extensions\the-addon-bar@GeekInTraining-GiT.xpi [2014-12-03] FF Extension: Adblock Plus - C:\Users\rambo\AppData\Roaming\Mozilla\Firefox\Profiles\si0vca03.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-05] FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Internet\Mozilla Firefox\firefox.exe Chrome: ======= ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 BufferZoneSvc; C:\Program Files\Admin\BufferZone\CLNTSVC.EXE [3142000 2013-12-29] () R2 kxescore; c:\program files\kingsoft\kingsoft antivirus\kxescore.exe [123992 2014-11-17] (Kingsoft Corporation) R2 OAcat; C:\Program Files\Security\Online Armor\OAcat.exe [584864 2013-10-11] (Emsisoft GmbH) S4 PuranDefrag; C:\Windows\system32\PuranDefragS.exe [260992 2013-08-15] (Puran Software) [File not signed] R2 SvcOnlineArmor; C:\Program Files\Security\Online Armor\oasrv.exe [4457688 2013-10-11] (Emsisoft GmbH) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 cmuda3; C:\Windows\System32\drivers\cmudax3.sys [1569792 2011-03-30] (C-Media Inc) R0 kavbootc; C:\Windows\System32\drivers\kavbootc.sys [27240 2014-11-17] (Kingsoft Corporation) R1 KDHacker; c:\program files\kingsoft\kingsoft antivirus\security\kxescan\kdhacker.sys [125784 2014-11-17] (Kingsoft Corporation) R2 kisknl; C:\Windows\system32\drivers\kisknl.sys [165176 2014-11-17] (Kingsoft Corporation) R3 ksapi; C:\Windows\system32\drivers\ksapi.sys [82264 2014-11-17] (Kingsoft Corporation) R4 KUsbGuard; C:\Program Files\kingsoft\kingsoft antivirus\kusbquery.sys [14200 2014-11-17] (Kingsoft Corporation) R1 OADevice; C:\Windows\system32\drivers\OADriver.sys [210360 2013-10-11] () R1 oahlpXX; C:\Windows\system32\drivers\oahlp32.sys [44984 2013-10-11] () R1 OAmon; C:\Windows\system32\drivers\OAmon.sys [34856 2013-10-11] (Emsisoft) R3 OAnet; C:\Windows\System32\DRIVERS\oanet.sys [31760 2013-10-11] (Emsisoft) S3 PortTalk; C:\Windows\System32\Drivers\PortTalk.sys [3567 2002-01-12] (Beyond Logic http://www.beyondlogic.org) [File not signed] R1 REDLIGHT; C:\Windows\System32\drivers\REDLIGHT.SYS [457120 2013-12-29] (BufferZone) R2 RLMUPFLT; C:\Windows\system32\drivers\RLMUPFLT.sys [14752 2013-12-29] (BufferZone) R2 RLNSIFLTR; C:\Windows\system32\drivers\RLNSIFLTR.sys [13216 2013-12-29] (BufferZone) R3 RLPNFLTR; C:\Windows\system32\drivers\RLPNFLTR.sys [13728 2013-12-29] (Windows (R) Win 7 DDK provider) U5 UnlockerDriver5; C:\Program Files\Admin\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-19 01:42 - 2014-12-19 01:43 - 00000000 ____D () C:\FRST 2014-12-19 01:40 - 2014-12-19 01:43 - 00000000 ____D () C:\FIXITPC 2014-12-19 01:28 - 2014-12-19 01:28 - 00000000 ____D () C:\Users\rambo\AppData\Local\Apps\2.0 2014-12-19 00:54 - 2014-12-19 01:42 - 00000000 ____D () C:\Users\rambo\Downloads\iPod 2014-12-12 22:37 - 2014-12-12 22:38 - 00019099 _____ () C:\Users\rambo\Downloads\car CD.dxp 2014-12-12 14:15 - 2014-12-12 14:15 - 01459408 _____ (IBE Software ) C:\Users\rambo\Downloads\7capture-setup.exe 2014-12-12 13:59 - 2014-12-12 13:59 - 00000000 ____D () C:\Users\rambo\AppData\Roaming\NVIDIA 2014-12-12 13:54 - 2014-12-12 13:55 - 00000000 ____D () C:\Program Files\QuickTime 2014-12-12 13:54 - 2014-12-12 13:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime 2014-12-11 11:32 - 2014-12-19 00:20 - 00000000 ____D () C:\Users\rambo\AppData\Roaming\Thunderbird 2014-12-11 11:30 - 2014-12-11 11:30 - 00001956 _____ () C:\Windows\system32\svchost.exe.virtual.lnk 2014-12-11 11:26 - 2014-12-11 11:26 - 00000000 ____D () C:\ProgramData\Mozilla 2014-12-11 11:26 - 2014-12-11 11:26 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-12-11 03:19 - 2014-12-18 23:11 - 00004330 _____ () C:\PERF.LOG 2014-12-11 03:15 - 2014-12-11 03:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2014-12-11 03:15 - 2012-08-21 13:01 - 00026840 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys 2014-12-11 03:14 - 2014-12-11 03:15 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 2014-12-11 03:14 - 2014-12-11 03:14 - 00000000 ____D () C:\Program Files\iPod 2014-12-11 02:50 - 2014-12-11 02:50 - 00002853 _____ () C:\Windows\system32\COMMAND.COM.virtual.pif 2014-12-11 02:47 - 2014-12-11 11:29 - 00001654 _____ () C:\bzdcom.log.virtual.lnk 2014-12-11 02:47 - 2014-12-11 11:28 - 00001661 _____ () C:\bzrpcss.log.virtual.lnk 2014-12-11 02:44 - 2014-12-11 02:44 - 00000000 ___HD () C:\Windows\PIF 2014-12-11 02:35 - 2014-12-18 23:11 - 00000000 _____ () C:\LongFileName.txt 2014-12-11 02:35 - 2014-12-11 02:35 - 00000000 ____D () C:\Virtual 2014-12-11 02:33 - 2014-12-19 00:06 - 00000000 ____D () C:\ProgramData\BufferZone 2014-12-11 02:33 - 2014-12-11 02:33 - 00000021 _____ () C:\BZInstallComplete.log 2014-12-11 02:33 - 2014-12-11 02:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BufferZone 2014-12-11 02:31 - 2014-12-11 02:32 - 06336871 _____ (Igor Pavlov) C:\Users\rambo\Downloads\geswall.2.9.2.freeware.exe 2014-12-11 02:31 - 2014-12-11 02:31 - 20830720 _____ () C:\Users\rambo\Downloads\BufferZonePro.msi 2014-12-11 02:28 - 2014-12-11 02:28 - 02734600 _____ (Sandboxie Holdings, LLC) C:\Users\rambo\Downloads\SandboxieInstall.exe 2014-12-10 23:31 - 2014-12-10 23:50 - 00000000 ____D () C:\Users\rambo\AppData\Roaming\XnView 2014-12-10 13:53 - 2014-12-12 14:16 - 00000000 ____D () C:\Users\rambo\AppData\Roaming\MediaMonkey 2014-12-10 13:53 - 2014-12-10 13:53 - 00000000 ____D () C:\ProgramData\MediaMonkey 2014-12-10 13:52 - 2014-12-10 13:52 - 00000633 _____ () C:\Users\rambo\rambo — skrót.lnk 2014-12-10 13:31 - 2014-12-10 13:34 - 00000000 ____D () C:\Users\rambo\AppData\Roaming\Mp3tag 2014-12-10 13:20 - 2014-12-10 13:20 - 00000000 ____D () C:\Users\rambo\.config 2014-12-10 13:03 - 2014-12-10 13:06 - 00000000 ____D () C:\Users\rambo\AppData\Roaming\Apple Computer 2014-12-10 13:02 - 2014-12-11 03:14 - 00000000 ____D () C:\ProgramData\Apple Computer 2014-12-10 13:01 - 2014-12-10 13:01 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk 2014-12-10 13:01 - 2014-12-10 13:01 - 00000000 ____D () C:\Program Files\Apple Software Update 2014-12-10 13:00 - 2014-12-11 03:14 - 00000000 ____D () C:\Program Files\Common Files\Apple 2014-12-10 13:00 - 2014-12-10 13:01 - 00000000 ____D () C:\ProgramData\Apple 2014-12-10 13:00 - 2014-12-10 13:00 - 00000000 ____D () C:\Program Files\Bonjour 2014-12-10 12:48 - 2014-12-10 12:48 - 00000000 ____D () C:\Users\rambo\AppData\Roaming\MusicBee 2014-12-10 03:14 - 2014-12-11 03:14 - 00000000 ____D () C:\Program Files\Audio 2014-12-10 03:14 - 2014-12-10 03:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP2 2014-12-08 13:23 - 2014-12-16 02:28 - 00000000 ____D () C:\Users\rambo\AppData\Roaming\AIMP 2014-12-07 01:11 - 2014-12-07 01:11 - 00000000 ____D () C:\ProgramData\Adobe 2014-12-07 01:11 - 2014-12-07 01:11 - 00000000 ____D () C:\Program Files\Common Files\Adobe 2014-12-07 01:09 - 2014-12-09 01:03 - 00000000 ____D () C:\Users\rambo\Desktop\Call of Duty Samochód RC 2014-12-06 13:56 - 2014-12-11 01:59 - 00000000 ____D () C:\Users\rambo\Desktop\allegro 2014-12-03 15:31 - 2014-12-03 15:31 - 00000000 ____D () C:\Users\rambo\AppData\Roaming\Learnpulse 2014-12-03 15:27 - 2014-12-03 15:28 - 11001872 _____ (Learnpulse) C:\Users\rambo\Downloads\Screenpresso.exe 2014-12-02 19:27 - 2014-12-02 19:27 - 00000000 ____D () C:\Users\rambo\Downloads\OperaTor 2014-12-02 19:23 - 2014-12-02 19:23 - 00000000 ____D () C:\Users\rambo\Downloads\Opera 2014-12-02 19:15 - 2014-12-02 19:18 - 10608572 _____ () C:\Users\rambo\Downloads\OperaTor-3.5.zip 2014-12-01 17:35 - 2014-12-02 15:38 - 00000000 ____D () C:\Users\rambo\AppData\Roaming\Skype 2014-12-01 17:35 - 2014-12-01 17:35 - 00000000 ____D () C:\Users\rambo\AppData\Roaming\SkypePM 2014-11-29 00:02 - 2014-11-29 00:05 - 55665215 _____ () C:\Users\rambo\Downloads\sweet spain.mp4 2014-11-27 00:19 - 2014-11-27 00:20 - 44829818 _____ () C:\Users\rambo\Downloads\BibliaTaniegoLatania.mp4 2014-11-26 12:00 - 2014-11-26 12:00 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-11-26 12:00 - 2014-11-26 12:00 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-11-25 10:50 - 2014-11-25 10:50 - 00000000 ____D () C:\Users\rambo\Documents\Pobrane 2014-11-25 10:44 - 2014-11-25 10:44 - 00001252 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-11-25 10:34 - 2014-12-11 11:26 - 00000000 ____D () C:\Program Files\Internet 2014-11-23 16:39 - 2014-11-23 16:39 - 00000000 ____D () C:\Users\rambo\AppData\Roaming\Macromedia 2014-11-23 16:19 - 2014-11-23 16:19 - 00000000 ____D () C:\Windows\system32\Macromed 2014-11-23 15:36 - 2014-11-23 15:36 - 00000000 ____D () C:\Users\rambo\AppData\Roaming\Returnil 2014-11-23 15:21 - 2014-11-28 22:37 - 00000000 ____D () C:\ProgramData\Returnil 2014-11-23 15:03 - 2014-11-25 10:48 - 00000000 ____D () C:\Users\rambo\AppData\Roaming\Mozilla 2014-11-21 20:03 - 2002-01-12 16:30 - 00003567 _____ (Beyond Logic http://www.beyondlogic.org) C:\Windows\system32\Drivers\PortTalk.sys 2014-11-20 13:43 - 2014-11-20 14:41 - 00000884 _____ () C:\Windows\WINCMD.INI 2014-11-20 12:16 - 2014-12-08 13:52 - 00000000 ____D () C:\Users\rambo\Downloads\foobar2000 Portable 2014-11-20 04:16 - 2014-11-20 04:16 - 00000000 ____D () C:\Users\rambo\AppData\Roaming\BESTplayer 2014-11-19 18:43 - 2014-11-26 12:00 - 00000008 _____ () C:\Windows\system32\khackmon.dll.log 2014-11-19 18:43 - 2014-11-19 18:43 - 00000361 _____ () C:\DelFix.txt 2014-11-19 03:45 - 2014-11-19 03:45 - 00000078 _____ () C:\Windows\system32\kisknl.log ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-19 01:44 - 2014-11-05 19:36 - 00000000 ____D () C:\Temp 2014-12-19 00:48 - 2014-11-06 11:33 - 00000000 ____D () C:\Users\rambo\AppData\Roaming\Klipfolio 2014-12-18 23:19 - 2009-07-14 05:02 - 00028160 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-12-18 23:19 - 2009-07-14 05:02 - 00028160 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-12-18 23:12 - 2009-07-14 05:17 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-12-18 13:46 - 2014-11-16 21:35 - 00000000 ____D () C:\Users\rambo\AppData\Roaming\SpiderOak 2014-12-18 00:25 - 2011-04-12 05:45 - 00700612 _____ () C:\Windows\system32\perfh015.dat 2014-12-18 00:25 - 2011-04-12 05:45 - 00146150 _____ () C:\Windows\system32\perfc015.dat 2014-12-18 00:25 - 2010-11-20 22:03 - 01571486 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-12-11 02:35 - 2010-11-20 22:49 - 00010332 _____ () C:\Windows\PFRO.log 2014-12-11 02:33 - 2014-11-05 19:32 - 00000000 ____D () C:\Program Files\Admin 2014-12-10 13:52 - 2014-11-05 19:18 - 00000000 ____D () C:\Users\rambo 2014-12-07 01:30 - 2014-11-05 22:10 - 00000000 ____D () C:\Users\rambo\AppData\Roaming\Adobe 2014-12-07 01:15 - 2014-11-17 01:00 - 00000000 __SHD () C:\KRECYCLE 2014-11-23 19:50 - 2014-11-05 19:12 - 01591688 _____ () C:\Windows\WindowsUpdate.log 2014-11-19 10:51 - 2014-11-05 19:41 - 00000008 __RSH () C:\Users\rambo\ntuser.pol 2014-11-19 10:51 - 2009-07-14 03:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy 2014-11-19 03:21 - 2014-11-18 20:12 - 00000008 __RSH () C:\ProgramData\ntuser.pol ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-06 16:25 ==================== End Of Log ============================