Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015 Ran by Mad_Egg (administrator) on MAD_PC on 31-03-2015 19:30:59 Running from C:\Users\Mad_Egg\Documents\Naprawa Loaded Profiles: Mad_Egg (Available profiles: Mad_Egg & UpdatusUser & Rodzice) Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Polski (Polska) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe () C:\Program Files\Rainmeter\Rainmeter.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Piotr Pawlowski) C:\Program Files\foobar2000\foobar2000.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12021464 2014-05-09] (Realtek Semiconductor) HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-21-703950910-948677305-527190612-1001\...\MountPoints2: {5d1e0af1-a70a-11e4-a60c-0019db4c7965} - J:\OblivionLauncher.exe HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2015-01-26] (Microsoft Corporation) Startup: C:\Users\Mad_Egg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-703950910-948677305-527190612-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.pl/?gws_rd=ssl HKU\S-1-5-21-703950910-948677305-527190612-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/pl-pl/?ocid=iehp SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-703950910-948677305-527190612-1001 -> {736C902C-C1EC-408D-BCEC-79C8A3806B0F} URL = https://www.google.com/search?q={searchTerms} BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-25] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-25] (Oracle Corporation) ATTENTION: There are more than 99 Catalog9 entries. Turn off the whitelisting to see all the entries. You may check Device Manager for presence of unusual amount of "Microsoft 6to4 Adapter" devices. Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4 FireFox: ======== FF ProfilePath: C:\Users\Mad_Egg\AppData\Roaming\Mozilla\Firefox\Profiles\2kgo30i2.default FF Homepage: https://www.google.pl/?gws_rd=ssl FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-10] () FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-25] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-25] (Oracle Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-22] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-22] (Google Inc.) FF Plugin HKU\S-1-5-21-703950910-948677305-527190612-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Mad_Egg\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-02-24] (Unity Technologies ApS) FF Extension: μ Adblock - C:\Users\Mad_Egg\AppData\Roaming\Mozilla\Firefox\Profiles\2kgo30i2.default\Extensions\jid1-yIDO6R3DGl4u2Q@jetpack.xpi [2015-02-03] FF Extension: Fasterfox - C:\Users\Mad_Egg\AppData\Roaming\Mozilla\Firefox\Profiles\2kgo30i2.default\Extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}.xpi [2015-02-03] Chrome: ======= CHR Profile: C:\Users\Mad_Egg\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Mad_Egg\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-22] CHR Extension: (Google Drive) - C:\Users\Mad_Egg\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-22] CHR Extension: (YouTube) - C:\Users\Mad_Egg\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-22] CHR Extension: (Google Search) - C:\Users\Mad_Egg\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-22] CHR Extension: (Bookmark Manager) - C:\Users\Mad_Egg\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-03-22] CHR Extension: (Google Wallet) - C:\Users\Mad_Egg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-22] CHR Extension: (Gmail) - C:\Users\Mad_Egg\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-22] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2015-01-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S4 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [278984 2015-03-01] () R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [30616 2013-03-04] (Elaborate Bytes AG) R3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd6.sys [44032 2009-07-14] (VIA Technologies, Inc. ) S4 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [18048 2015-03-01] () [File not signed] R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2013-04-10] (Samsung Electronics) [File not signed] S4 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-31 19:30 - 2015-03-31 19:31 - 00000000 ____D () C:\FRST 2015-03-31 18:57 - 2015-03-31 18:57 - 00000831 _____ () C:\Users\Mad_Egg\Desktop\JRT.txt 2015-03-31 18:42 - 2015-03-31 18:42 - 00588816 _____ () C:\Users\Mad_Egg\Downloads\Autoruns.zip 2015-03-31 18:10 - 2015-03-31 19:30 - 00000000 ____D () C:\Users\Mad_Egg\Documents\Naprawa 2015-03-31 17:04 - 2015-03-31 17:31 - 335775580 _____ () C:\Users\Mad_Egg\Downloads\Art of Murder Zabjcze sekrety (2011).PL-PROPHET.rar 2015-03-30 18:16 - 2015-03-30 18:16 - 00000000 ____D () C:\Users\Mad_Egg\AppData\Roaming\Unity 2015-03-30 15:44 - 2015-03-30 17:09 - 00093296 _____ () C:\Users\Mad_Egg\AppData\Local\GDIPFONTCACHEV1.DAT 2015-03-30 14:24 - 2015-03-30 15:51 - 00000000 ____D () C:\Program Files\Microsoft IntelliType Pro 2015-03-30 11:08 - 2015-03-30 11:08 - 00000000 ____D () C:\Users\Rodzice\AppData\Roaming\Panda Security 2015-03-29 22:33 - 2015-03-30 16:52 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2015-03-29 21:57 - 2015-03-31 18:10 - 00000000 ____D () C:\AdwCleaner 2015-03-29 21:44 - 2015-03-29 21:45 - 00000000 ____D () C:\Program Files\Panda Security 2015-03-29 21:44 - 2015-03-29 21:44 - 00000000 ____D () C:\Users\Mad_Egg\AppData\Roaming\Panda Security 2015-03-29 18:46 - 2015-03-29 18:46 - 00002101 _____ () C:\Users\Mad_Egg\AppData\Local\recently-used.xbel 2015-03-29 12:12 - 2015-03-29 12:12 - 00000188 _____ () C:\Users\Mad_Egg\Desktop\Goodgame Empire.url 2015-03-28 23:09 - 2015-03-28 23:09 - 00001091 _____ () C:\Users\Mad_Egg\Desktop\Fahrenheit.lnk 2015-03-28 23:09 - 2015-03-28 23:09 - 00000000 ____D () C:\Users\Mad_Egg\Documents\Atari 2015-03-28 23:09 - 2015-03-28 23:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atari 2015-03-28 23:02 - 2015-03-28 23:02 - 00000000 ____D () C:\Program Files\Atari 2015-03-28 22:56 - 2015-03-28 22:56 - 00000000 ____D () C:\Users\Mad_Egg\AppData\Roaming\WinRAR 2015-03-28 22:55 - 2015-03-30 15:51 - 00000000 ____D () C:\Program Files\WinRAR 2015-03-28 20:54 - 2015-03-30 15:51 - 00000000 ____D () C:\Users\Mad_Egg\AppData\Local\Sajjad_Tanha 2015-03-28 20:53 - 2015-03-30 17:04 - 00000000 ____D () C:\Users\Mad_Egg\AppData\Roaming\SD Download Manager 2015-03-23 12:27 - 2007-05-06 13:17 - 07549440 _____ (Bethesda Softworks) C:\Users\Mad_Egg\Documents\Oblivion.exe 2015-03-23 12:26 - 2015-03-23 12:26 - 00026507 _____ () C:\Windows\DirectX.log 2015-03-23 12:26 - 2015-03-23 12:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda Softworks 2015-03-23 12:26 - 2015-03-23 12:26 - 00000000 ____D () C:\Program Files\Bethesda Softworks 2015-03-22 21:05 - 2015-03-23 18:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oblivion Mod Manager 2015-03-22 17:41 - 2015-03-22 17:41 - 00000000 ____D () C:\Users\Rodzice\AppData\Local\Google 2015-03-22 17:40 - 2015-03-22 17:40 - 00373376 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-03-22 17:39 - 2015-03-23 16:40 - 00000960 _____ () C:\Windows\PFRO.log 2015-03-22 13:35 - 2015-03-22 13:36 - 00002203 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-03-22 13:35 - 2015-03-22 13:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-03-22 13:32 - 2015-03-22 13:37 - 00000000 ____D () C:\Program Files\Brackets 2015-03-22 13:32 - 2015-03-22 13:32 - 00000678 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brackets.lnk 2015-03-22 13:31 - 2015-03-31 19:05 - 00001034 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-03-22 13:31 - 2015-03-31 18:38 - 00001038 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-03-22 13:31 - 2015-03-22 13:35 - 00000000 ____D () C:\Users\Mad_Egg\AppData\Local\Google 2015-03-22 13:31 - 2015-03-22 13:34 - 00000000 ____D () C:\Program Files\Google 2015-03-22 13:20 - 2015-03-31 19:03 - 00002793 _____ () C:\Windows\setupact.log 2015-03-22 13:20 - 2015-03-22 13:20 - 00000000 _____ () C:\Windows\setuperr.log 2015-03-22 10:56 - 2015-03-30 15:51 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2015-03-22 10:52 - 2015-03-22 10:52 - 08245515 _____ () C:\Users\Mad_Egg\Documents\ss.xps 2015-03-21 22:13 - 2015-03-21 22:13 - 00000000 ____D () C:\Users\Mad_Egg\AppData\Local\Unity 2015-03-21 16:04 - 2015-03-30 16:59 - 00000000 ____D () C:\Users\Mad_Egg\Documents\AirDroid 2015-03-21 13:07 - 2015-03-30 15:51 - 00000000 ____D () C:\Program Files\Mozilla Firefox.bak 2015-03-15 13:26 - 2015-03-31 16:44 - 00073728 _____ () C:\Windows\system32\tasks.dll 2015-03-14 20:11 - 2015-03-30 20:47 - 00000023 _____ () C:\Windows\BlendSettings.ini 2015-03-14 16:52 - 2015-03-14 16:52 - 02171392 _____ () C:\Users\Mad_Egg\Downloads\AdwCleaner.exe 2015-03-14 16:40 - 2015-03-23 18:03 - 00000000 ____D () C:\Users\Mad_Egg\AppData\Local\Oblivion 2015-03-14 16:40 - 2015-03-14 16:40 - 00000000 ____D () C:\Users\Mad_Egg\Documents\My Games 2015-03-14 12:47 - 2015-03-14 12:48 - 00000000 ____D () C:\Program Files\Techsmart Computer 2015-03-13 18:00 - 2015-03-15 07:01 - 00000000 ____D () C:\Users\Rodzice\AppData\Roaming\Xerox 2015-03-13 15:41 - 2015-03-13 15:41 - 00000000 ____D () C:\Users\Mad_Egg\AppData\Roaming\Xerox 2015-03-13 15:41 - 2015-03-13 15:41 - 00000000 ____D () C:\Program Files\Common Files\Common Desktop Agent 2015-03-11 20:54 - 2015-03-11 20:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2015-03-11 20:50 - 2015-03-11 20:50 - 00000000 ____D () C:\Program Files\Microsoft Works 2015-03-11 20:49 - 2015-03-11 20:49 - 00000000 ____D () C:\Windows\PCHEALTH 2015-03-11 20:49 - 2015-03-11 20:49 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER 2015-03-11 20:45 - 2015-03-11 20:46 - 00000000 ____D () C:\Windows\SHELLNEW 2015-03-11 20:45 - 2015-03-11 20:45 - 00000000 ____D () C:\Users\Mad_Egg\AppData\Local\Microsoft Help 2015-03-11 20:44 - 2015-03-11 20:54 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-03-11 20:44 - 2015-03-11 20:49 - 00000000 ____D () C:\Program Files\Microsoft Office 2015-03-11 20:42 - 2015-03-11 20:42 - 00000000 __RHD () C:\MSOCache 2015-03-11 19:08 - 2015-03-13 15:42 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xerox Printers 2015-03-11 19:07 - 2015-03-13 15:41 - 00000000 ____D () C:\ProgramData\Xerox 2015-03-11 19:07 - 2013-12-10 11:45 - 00000361 _____ () C:\Windows\system32\sxj2mlm.smt 2015-03-11 19:06 - 2015-03-13 15:42 - 00000000 ____D () C:\Program Files\Xerox 2015-03-11 19:06 - 2013-12-10 11:44 - 00151552 _____ (SS) C:\Windows\system32\sxj2mci.exe 2015-03-11 19:06 - 2013-12-10 11:44 - 00065536 _____ (SS) C:\Windows\system32\sxj2mci.dll 2015-03-11 19:06 - 2013-12-10 11:44 - 00024064 _____ () C:\Windows\system32\sxj2mlm.dll 2015-03-10 21:26 - 2015-03-10 21:26 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard 2015-03-07 14:37 - 2010-06-02 05:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll 2015-03-07 14:37 - 2010-06-02 05:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll 2015-03-07 14:37 - 2010-06-02 05:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll 2015-03-07 14:37 - 2010-05-26 12:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll 2015-03-07 14:37 - 2010-05-26 12:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll 2015-03-07 14:37 - 2010-05-26 12:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll 2015-03-07 14:37 - 2010-05-26 12:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll 2015-03-07 14:37 - 2010-05-26 12:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll 2015-03-07 14:36 - 2015-03-07 14:36 - 00000000 ____D () C:\Users\Mad_Egg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gemini Rue 2015-03-07 14:35 - 2015-03-07 14:36 - 00000000 ____D () C:\Program Files\Gemini Rue 2015-03-07 14:35 - 2015-03-07 14:35 - 00000000 ____D () C:\Users\Mad_Egg\AppData\Roaming\InstallShield 2015-03-07 12:53 - 2015-03-31 19:06 - 00000000 ____D () C:\Users\Mad_Egg\AppData\Roaming\foobar2000 2015-03-07 12:53 - 2015-03-07 12:53 - 00001067 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\foobar2000.lnk 2015-03-07 12:53 - 2015-03-07 12:53 - 00000000 ____D () C:\Program Files\foobar2000 2015-03-01 17:44 - 2015-03-01 17:44 - 00000000 ____D () C:\Users\Rodzice\Documents\Rainmeter 2015-03-01 17:44 - 2015-03-01 17:44 - 00000000 ____D () C:\Users\Rodzice\AppData\Roaming\Rainmeter 2015-03-01 16:48 - 2015-03-01 16:50 - 00278984 _____ () C:\Windows\system32\Drivers\atksgt.sys 2015-03-01 16:48 - 2015-03-01 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anno 1701 2015-03-01 16:47 - 2015-03-01 16:47 - 00018048 _____ () C:\Windows\system32\Drivers\lirsgt.sys 2015-03-01 16:44 - 2015-03-02 16:07 - 00000000 ____D () C:\Program Files\Anno 1701 2015-03-01 15:50 - 2015-03-01 15:50 - 00000000 ____D () C:\Windows\system32\appmgmt 2015-03-01 14:19 - 2015-03-22 13:57 - 00000000 ____D () C:\Users\Mad_Egg\AppData\Roaming\Brackets ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-31 19:15 - 2015-01-24 16:18 - 01499479 _____ () C:\Windows\WindowsUpdate.log 2015-03-31 19:12 - 2015-01-24 16:29 - 01874374 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-03-31 19:12 - 2009-07-14 10:07 - 00894134 _____ () C:\Windows\system32\perfh015.dat 2015-03-31 19:12 - 2009-07-14 10:07 - 00204720 _____ () C:\Windows\system32\perfc015.dat 2015-03-31 19:11 - 2009-07-14 06:34 - 00014368 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-03-31 19:11 - 2009-07-14 06:34 - 00014368 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-03-31 19:04 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-03-31 18:32 - 2015-01-24 16:48 - 00000000 ___RD () C:\Users\Mad_Egg\Documents\Maintenance 2015-03-31 15:51 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\LogFiles 2015-03-30 22:32 - 2015-01-25 19:49 - 00000000 ____D () C:\Users\Mad_Egg\.gimp-2.8 2015-03-30 16:55 - 2015-01-24 16:48 - 00000000 ____D () C:\Users\Mad_Egg 2015-03-30 16:52 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\wfp 2015-03-30 15:52 - 2015-01-25 07:36 - 00000000 ____D () C:\Users\Rodzice 2015-03-30 15:51 - 2015-02-17 21:29 - 00000000 ____D () C:\Users\Mad_Egg\AppData\Roaming\Kingosoft 2015-03-30 15:51 - 2015-02-17 21:29 - 00000000 ____D () C:\Users\Mad_Egg\AppData\Local\Kingosoft 2015-03-30 15:51 - 2015-01-30 15:59 - 00000000 ____D () C:\Users\Mad_Egg\AppData\Roaming\MiniGet 2015-03-30 15:51 - 2015-01-24 21:04 - 00000000 ____D () C:\Users\Mad_Egg\AppData\Roaming\Rainmeter 2015-03-30 15:51 - 2015-01-24 18:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2015-03-30 15:51 - 2015-01-24 18:04 - 00000000 ____D () C:\Program Files\7-Zip 2015-03-30 15:51 - 2015-01-24 17:36 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2015-03-30 15:51 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\registration 2015-03-30 15:51 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\AppCompat 2015-03-30 15:51 - 2009-07-14 04:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared 2015-03-30 11:08 - 2015-01-25 11:49 - 00093768 _____ () C:\Users\Rodzice\AppData\Local\GDIPFONTCACHEV1.DAT 2015-03-28 20:17 - 2015-01-25 18:10 - 00000000 ____D () C:\Users\Mad_Egg\AppData\Roaming\BitComet 2015-03-22 17:43 - 2015-02-22 12:39 - 00000000 ____D () C:\Windows\system32\RTCOM 2015-03-22 14:31 - 2015-02-10 14:51 - 00000000 ____D () C:\Users\Mad_Egg\AppData\Local\gtk-2.0 2015-03-22 12:43 - 2015-02-01 15:49 - 00000000 ____D () C:\Program Files\GameforgeLive 2015-03-15 13:28 - 2015-01-24 17:05 - 00001064 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-03-14 17:20 - 2015-01-29 16:07 - 00000000 ____D () C:\Users\Mad_Egg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2015-03-11 20:49 - 2015-01-27 18:33 - 00000000 ____D () C:\Program Files\Microsoft.NET 2015-03-11 17:01 - 2015-01-25 18:24 - 00000000 ____D () C:\ProgramData\Ubisoft 2015-03-11 08:24 - 2009-07-14 06:53 - 00032590 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-03-10 21:41 - 2015-01-24 17:00 - 00000000 ____D () C:\Program Files\NVIDIA Corporation 2015-03-10 21:26 - 2015-01-24 23:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft 2015-03-10 20:57 - 2015-01-24 23:18 - 00000000 ____D () C:\Program Files\Ubisoft 2015-03-07 16:39 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF ==================== Files in the root of some directories ======= 2015-02-03 10:26 - 2015-02-03 10:26 - 0003584 _____ () C:\Users\Mad_Egg\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-03-29 18:46 - 2015-03-29 18:46 - 0002101 _____ () C:\Users\Mad_Egg\AppData\Local\recently-used.xbel 2015-01-29 18:53 - 2015-01-29 18:53 - 0000017 _____ () C:\Users\Mad_Egg\AppData\Local\resmon.resmoncfg 2015-01-24 17:39 - 2015-01-24 17:39 - 0000000 ____H () C:\ProgramData\DP45977C.lfl Some content of TEMP: ==================== C:\Users\Mad_Egg\AppData\Local\Temp\Quarantine.exe C:\Users\Mad_Egg\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-03-26 17:51 ==================== End Of Log ============================