Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-04-2015 Ran by olila (administrator) on OLILA-KOMPUTER on 14-04-2015 17:18:32 Running from H:\FRST Loaded Profiles: olila (Available profiles: olila) Platform: Windows 7 Ultimate (X64) OS Language: Polski (Polska) Internet Explorer Version 8 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe () C:\Program Files (x86)\SecurStar\DriveCrypt 5\DCRServ.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe (BitTorrent Inc.) C:\Users\olila\AppData\Roaming\uTorrent\uTorrent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3723728 2015-03-25] (AVG Technologies CZ, s.r.o.) HKU\S-1-5-21-3236243999-3144956723-4226996683-1000\...\Run: [uTorrent] => C:\Users\olila\AppData\Roaming\uTorrent\uTorrent.exe [1442384 2015-03-26] (BitTorrent Inc.) HKU\S-1-5-21-3236243999-3144956723-4226996683-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd) BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-3236243999-3144956723-4226996683-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gazeta.pl/0,0.html?p=166 BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\olila\AppData\Roaming\Mozilla\Firefox\Profiles\a96bqy1f.default-1426709548372 FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2014-10-07] FF Extension: Adblock Plus - C:\Users\olila\AppData\Roaming\Mozilla\Firefox\Profiles\a96bqy1f.default-1426709548372\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-03-28] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3416016 2015-03-25] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [309232 2015-03-25] (AVG Technologies CZ, s.r.o.) R2 DriveCryptService; C:\Program Files (x86)\SecurStar\DriveCrypt 5\DCRServ.exe [96680 2014-09-06] () S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [520416 2014-01-28] (Futuremark) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2014-04-28] (Hewlett-Packard) [File not signed] R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2014-04-28] (Hewlett-Packard) [File not signed] S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation) S2 KMService; C:\Windows\system32\srvany.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [281056 2015-03-25] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [341472 2015-02-03] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [133088 2015-02-05] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [284128 2015-02-25] (AVG Technologies CZ, s.r.o.) S3 CT_QUALCOMM_U_drv; C:\Windows\System32\DRIVERS\CT_QUALCOMM_U_drv.sys [118016 2009-04-27] (QUALCOMM Incorporated) [File not signed] R0 DCR; C:\Windows\System32\Drivers\DCR.sys [333832 2014-09-06] () R0 DCVP; C:\Windows\System32\Drivers\DCVP.sys [25288 2014-09-06] () R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-09-08] (Disc Soft Ltd) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] () S3 PortTalk; C:\Windows\SysWOW64\Drivers\PortTalk.sys [3567 2002-01-12] (Beyond Logic http://www.beyondlogic.org) [File not signed] S4 sptd; \SystemRoot\System32\Drivers\sptd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-14 17:08 - 2015-04-14 17:08 - 00000085 _____ () C:\Windows\wininit.ini 2015-04-14 17:02 - 2014-12-20 18:59 - 00000268 ___RH () C:\Users\olila\AppData\Roaming\Database 2015-04-14 17:02 - 2014-12-20 18:58 - 00000268 ___RH () C:\Users\olila\AppData\Roaming\Definition Bundle 2015-04-14 17:02 - 2014-12-20 18:58 - 00000268 ___RH () C:\Users\olila\AppData\Roaming\Dance Kit 2015-04-13 20:05 - 2015-04-13 20:05 - 00000976 _____ () C:\Users\olila\AppData\Roaming\Roaming.rar 2015-04-13 20:04 - 2015-04-13 20:04 - 00014457 _____ () C:\Users\olila\AppData\Roaming\update---.rar 2015-04-11 21:56 - 2015-04-11 21:56 - 00001402 _____ () C:\Users\Public\Desktop\Free Video Editor.lnk 2015-04-11 21:56 - 2015-04-11 21:56 - 00001245 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk 2015-04-11 21:56 - 2015-04-11 21:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft 2015-04-11 21:56 - 2015-04-11 21:56 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft 2015-04-11 21:55 - 2015-04-11 21:57 - 00000000 ____D () C:\Users\olila\AppData\Roaming\DVDVideoSoft 2015-04-11 21:43 - 2015-04-11 21:43 - 00000000 ____D () C:\Users\olila\Documents\ACDSee Video Studio 2015-04-11 21:13 - 2015-04-11 21:13 - 00000000 ____D () C:\Users\olila\AppData\Roaming\Movavi 2015-04-11 21:13 - 2015-04-11 21:13 - 00000000 ____D () C:\Users\olila\AppData\Local\Movavi 2015-04-11 21:13 - 2015-04-11 21:13 - 00000000 ____D () C:\Users\olila\AppData\Local\Deshaker 2015-04-11 21:11 - 2015-04-11 21:30 - 00000000 ____D () C:\ProgramData\Movavi 2015-04-11 21:11 - 2015-04-11 21:11 - 00004966 _____ () C:\ProgramData\wmzddnmb.cix 2015-04-10 20:54 - 2015-04-14 17:18 - 00000000 ____D () C:\FRST 2015-04-08 20:41 - 2015-04-08 20:41 - 00000987 _____ () C:\Users\olila\Desktop\TOTALCMD.EXE — skrót.lnk 2015-04-08 20:26 - 2015-04-08 20:26 - 00001251 _____ () C:\Users\olila\Desktop\SpyDLLRemover.lnk 2015-04-08 20:26 - 2015-04-08 20:26 - 00000000 ____D () C:\Program Files (x86)\SecurityXploded 2015-04-08 17:12 - 2015-04-14 17:10 - 00000000 ____D () C:\Windows\pss 2015-04-08 14:19 - 2015-04-08 20:41 - 00000000 ____D () C:\Kopia totalcmd 2015-04-07 18:23 - 2015-04-07 18:23 - 00001153 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\BS.Player PRO.lnk 2015-04-07 18:23 - 2015-04-07 18:23 - 00001147 _____ () C:\Users\Public\Desktop\BS.Player PRO.lnk 2015-04-07 18:23 - 2015-04-07 18:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webteh 2015-04-07 18:22 - 2015-04-07 18:28 - 00000000 ____D () C:\Users\olila\AppData\Roaming\BSplayer PRO 2015-04-07 18:22 - 2015-04-07 18:22 - 00000000 ____D () C:\Program Files (x86)\Webteh 2015-04-07 06:09 - 2015-04-14 17:15 - 00007678 _____ () C:\Windows\PFRO.log 2015-04-06 17:40 - 2015-04-06 17:40 - 00001403 _____ () C:\Users\olila\Desktop\GSpot.exe — skrót.lnk 2015-04-06 16:58 - 2015-04-14 17:15 - 00001378 _____ () C:\Windows\setupact.log 2015-04-06 16:58 - 2015-04-06 16:58 - 00000000 _____ () C:\Windows\setuperr.log 2015-04-06 16:52 - 2015-04-02 17:50 - 00489706 _____ () C:\Users\olila\Desktop\sharetv.tk.exe 2015-04-06 16:34 - 2015-04-06 16:34 - 00000529 _____ () C:\Windows\SysWOW64\FLSINST.LOG 2015-04-06 16:30 - 2015-04-06 16:30 - 00002802 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC 2015-04-06 16:30 - 2015-04-06 16:30 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2015-04-06 16:30 - 2015-04-06 16:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2015-04-06 16:30 - 2015-04-06 16:30 - 00000000 ____D () C:\Program Files\CCleaner 2015-04-05 09:18 - 2015-04-05 09:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-04-05 08:44 - 2015-04-05 08:44 - 00000001 _____ () C:\Users\olila\AppData\Local\llftool.4.40.agreement 2015-04-02 19:46 - 2015-04-02 20:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2015-04-02 18:56 - 2015-04-13 18:33 - 00000000 ____D () C:\Users\olila\Desktop\slub fryz makijaz 2015-03-31 20:15 - 2015-04-13 20:04 - 00000000 __SHD () C:\Users\Public\DRM 2015-03-31 20:15 - 2015-03-31 20:15 - 00002163 _____ () C:\Users\olila\Desktop\Hex Editor Neo.lnk 2015-03-31 20:15 - 2015-03-31 20:15 - 00000000 ____D () C:\Users\olila\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HHD Hex Editor Neo 2015-03-31 20:15 - 2015-03-31 20:15 - 00000000 ____D () C:\Users\olila\AppData\Local\HHD Software 2015-03-31 19:39 - 2015-03-31 20:54 - 00000000 ____D () C:\Users\olila\Downloads\nokia 2015-03-31 19:30 - 2015-03-31 19:30 - 00000000 ____D () C:\Users\olila\AppData\Roaming\Nokia 2015-03-31 18:59 - 2015-03-31 18:59 - 00000000 ____D () C:\Users\olila\AppData\Local\Nokia 2015-03-31 18:32 - 2015-03-31 18:32 - 00000000 ____D () C:\Users\olila\AppData\Roaming\PC Suite 2015-03-31 17:23 - 2015-03-31 17:23 - 00000485 _____ () C:\Users\olila\Desktop\System — skrót.lnk 2015-03-31 17:17 - 2015-03-31 17:17 - 00000000 ____D () C:\Program Files\DIFX 2015-03-31 17:17 - 2008-08-28 12:44 - 00025600 _____ (Nokia) C:\Windows\system32\Drivers\pccsmcfdx64.sys 2015-03-31 17:16 - 2015-04-06 16:35 - 00000000 ____D () C:\Program Files (x86)\Nokia 2015-03-31 17:16 - 2013-01-23 11:31 - 00057856 _____ (Nokia) C:\Windows\system32\nmwcdclsX64.dll 2015-03-31 17:16 - 2005-08-03 16:05 - 00035892 _____ (Prolific Technology Inc.) C:\Windows\SysWOW64\SER9PL.sys 2015-03-31 17:16 - 2005-08-03 16:04 - 00026719 _____ () C:\Windows\SysWOW64\SERSPL.VXD 2015-03-31 17:15 - 2015-03-31 19:30 - 00000000 ____D () C:\ProgramData\Nokia 2015-03-31 17:14 - 2015-03-31 17:14 - 00000000 ____D () C:\ProgramData\Package Cache 2015-03-31 17:12 - 2015-03-31 17:13 - 01636610 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2015-03-31 17:06 - 2009-11-25 12:47 - 01942856 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll 2015-03-31 17:06 - 2009-11-25 12:47 - 01130824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll 2015-03-31 17:06 - 2009-11-25 12:47 - 00444752 _____ (Microsoft Corporation) C:\Windows\system32\mscoree.dll 2015-03-31 17:06 - 2009-11-25 12:47 - 00320352 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHost.exe 2015-03-31 17:06 - 2009-11-25 12:47 - 00297808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscoree.dll 2015-03-31 17:06 - 2009-11-25 12:47 - 00295264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationHost.exe 2015-03-31 17:06 - 2009-11-25 12:47 - 00109912 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHostProxy.dll 2015-03-31 17:06 - 2009-11-25 12:47 - 00099176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationHostProxy.dll 2015-03-31 17:06 - 2009-11-25 12:47 - 00049472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netfxperf.dll 2015-03-31 17:06 - 2009-11-25 12:47 - 00048960 _____ (Microsoft Corporation) C:\Windows\system32\netfxperf.dll 2015-03-25 11:21 - 2015-03-25 11:21 - 00281056 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys 2015-03-23 18:46 - 2014-01-28 19:36 - 00380416 _____ () C:\Users\olila\Desktop\gmer.exe 2015-03-19 21:21 - 2015-03-19 21:23 - 01054912 _____ (Adobe) C:\Users\olila\Downloads\install_flashplayer17x32au_mssd_aaa_aih.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-14 17:18 - 2014-09-05 18:39 - 01963974 _____ () C:\Windows\WindowsUpdate.log 2015-04-14 17:16 - 2014-09-08 21:01 - 00000000 ____D () C:\Users\olila\AppData\Roaming\uTorrent 2015-04-14 17:15 - 2014-11-02 12:16 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2 2015-04-14 17:15 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-04-14 17:14 - 2009-07-14 06:45 - 00010208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-04-14 17:14 - 2009-07-14 06:45 - 00010208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-04-14 17:09 - 2014-09-07 10:14 - 00000000 ____D () C:\ProgramData\MFAData 2015-04-14 17:08 - 2014-11-02 12:16 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2015-04-14 17:08 - 2009-07-14 19:55 - 00737242 _____ () C:\Windows\system32\perfh015.dat 2015-04-14 17:08 - 2009-07-14 19:55 - 00153930 _____ () C:\Windows\system32\perfc015.dat 2015-04-14 17:08 - 2009-07-14 07:13 - 01661232 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-04-14 17:07 - 2014-09-08 19:58 - 00000000 ____D () C:\Program Files (x86)\AVG Web TuneUp 2015-04-13 20:23 - 2014-09-06 16:28 - 00000000 ____D () C:\Users\olila\AppData\Roaming\TS3Client 2015-04-12 10:30 - 2014-11-09 16:40 - 00000000 ____D () C:\TEMP 2015-04-12 09:02 - 2009-07-14 06:45 - 05044400 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-04-11 21:44 - 2014-11-29 13:38 - 00000000 ____D () C:\Program Files\ACD Systems 2015-04-11 21:44 - 2014-09-06 13:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ACD Systems 2015-04-11 21:43 - 2014-11-29 14:08 - 00000000 ____D () C:\Users\olila\AppData\Local\ACD Systems 2015-04-11 21:13 - 2014-09-06 09:13 - 00113544 _____ () C:\Users\olila\AppData\Local\GDIPFONTCACHEV1.DAT 2015-04-11 09:20 - 2014-12-19 21:47 - 00000000 ____D () C:\Users\olila\AppData\Local\Adobe 2015-04-09 20:04 - 2014-09-15 18:51 - 00000000 ____D () C:\Users\olila\.gimp-2.8 2015-04-08 21:19 - 2014-09-08 21:06 - 00000000 ____D () C:\Users\olila\AppData\Roaming\DAEMON Tools Lite 2015-04-08 20:32 - 2014-09-20 13:34 - 00000000 ____D () C:\Users\olila\AppData\Roaming\vlc 2015-04-06 16:40 - 2014-09-21 14:23 - 00000000 ___DC () C:\Users\olila\AppData\Local\MigWiz 2015-04-06 16:40 - 2014-09-07 10:59 - 00000000 ____D () C:\Windows\Minidump 2015-04-06 16:40 - 2014-09-05 19:35 - 00000000 ____D () C:\Windows\Panther 2015-04-06 15:12 - 2014-09-06 09:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-04-05 08:24 - 2014-12-08 19:51 - 00000408 __RSH () C:\ProgramData\ntuser.pol 2015-04-05 07:31 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF 2015-04-02 16:48 - 2014-09-08 08:46 - 00000000 ____D () C:\Users\olila\AppData\Local\Viber 2015-04-02 15:31 - 2014-09-08 08:47 - 00000000 ____D () C:\Users\olila\AppData\Roaming\ViberPC 2015-03-31 21:10 - 2014-09-07 10:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2015-03-31 17:16 - 2014-09-06 09:27 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2015-03-25 18:05 - 2009-07-14 07:08 - 00032604 _____ () C:\Windows\Tasks\SCHEDLGU.TXT ==================== Files in the root of some directories ======= 2015-04-14 17:02 - 2014-12-20 18:58 - 0000268 ___RH () C:\Users\olila\AppData\Roaming\Dance Kit 2015-04-14 17:02 - 2014-12-20 18:59 - 0000268 ___RH () C:\Users\olila\AppData\Roaming\Database 2015-04-14 17:02 - 2014-12-20 18:58 - 0000268 ___RH () C:\Users\olila\AppData\Roaming\Definition Bundle 2015-04-13 20:05 - 2015-04-13 20:05 - 0000976 _____ () C:\Users\olila\AppData\Roaming\Roaming.rar 2015-04-13 20:04 - 2015-04-13 20:04 - 0014457 _____ () C:\Users\olila\AppData\Roaming\update---.rar 2014-10-11 02:59 - 2014-10-11 02:59 - 0003584 _____ () C:\Users\olila\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-04-05 08:44 - 2015-04-05 08:44 - 0000001 _____ () C:\Users\olila\AppData\Local\llftool.4.40.agreement 2014-11-10 21:32 - 2014-11-10 21:32 - 0000975 _____ () C:\Users\olila\AppData\Local\recently-used.xbel 2014-09-07 16:18 - 2015-03-01 21:43 - 0007620 _____ () C:\Users\olila\AppData\Local\resmon.resmoncfg 2014-12-20 18:58 - 2014-12-20 18:58 - 0000268 ___RH () C:\ProgramData\Developer Tools 2014-12-20 18:59 - 2014-12-20 18:59 - 0000268 ___RH () C:\ProgramData\Devices 2014-12-20 18:58 - 2014-12-20 18:58 - 0000268 ___RH () C:\ProgramData\Dialogs 2014-12-20 18:58 - 2014-12-20 18:58 - 0000012 ___RH () C:\ProgramData\Drums 2014-12-20 18:59 - 2014-12-20 18:59 - 0000012 ___RH () C:\ProgramData\Echo 2014-12-20 18:58 - 2014-12-20 18:58 - 0000012 ___RH () C:\ProgramData\Electric Clav 2014-12-20 18:59 - 2014-12-20 18:59 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT 2014-12-20 18:58 - 2014-12-20 19:01 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT 2014-12-20 18:58 - 2014-12-20 18:58 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT 2015-04-11 21:11 - 2015-04-11 21:11 - 0004966 _____ () C:\ProgramData\wmzddnmb.cix ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-04-04 18:57 ==================== End Of Log ============================