Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-04-2015 Ran by samsung (administrator) on SAMSUNG-SAMSUNG on 14-04-2015 21:00:16 Running from C:\Users\samsung\Downloads Loaded Profiles: samsung (Available profiles: UpdatusUser & samsung) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Polski (Polska) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (HP) C:\Windows\System32\HPSIsvc.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe () C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Samsung Electronics) C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\SCCSpeedBoot.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Easy Support Center\SamoyedAgent.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12460136 2012-03-29] (Realtek Semiconductor) HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [1020064 2012-02-13] (Atheros Communications) HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [800416 2012-02-13] (Atheros Commnucations) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2816816 2012-03-12] (ELAN Microelectronics Corp.) HKLM\...\Run: [VDownloader] => C:\Program Files\VDownloader\VDownloader.exe [881664 2012-09-27] (Vitzo) HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation) Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-4209209786-2917733824-1122995674-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-4209209786-2917733824-1122995674-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation) AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [260928 2012-02-25] (NVIDIA Corporation) AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [215360 2012-02-25] (NVIDIA Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) SearchScopes: HKU\S-1-5-21-4209209786-2917733824-1122995674-1001 -> DefaultScope {1D6AF95F-BAC4-4F15-A9F5-582D1DC80F5D} URL = https://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-4209209786-2917733824-1122995674-1001 -> {1D6AF95F-BAC4-4F15-A9F5-582D1DC80F5D} URL = https://www.google.com/search?q={searchTerms} BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-02-13] (Atheros Commnucations) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 FireFox: ======== Chrome: ======= CHR HomePage: Default -> https://www.google.pl/ CHR Profile: C:\Users\samsung\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (YouTube) - C:\Users\samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-10-26] CHR Extension: (Adblock Plus) - C:\Users\samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-05-20] CHR Extension: (Google Search) - C:\Users\samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-26] CHR Extension: (Website Blocker (Beta)) - C:\Users\samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hclgegipaehbigmbhdpfapmjadbaldib [2015-01-11] CHR Extension: (Google Wallet) - C:\Users\samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24] CHR Extension: (Gmail) - C:\Users\samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-10-26] CHR HKU\S-1-5-21-4209209786-2917733824-1122995674-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\samsung\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-10] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 Boonty Games; C:\Program Files (x86)\Common Files\BOONTY Shared\Service\Boonty.exe [69120 2014-12-05] (BOONTY) [File not signed] R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2266296 2014-04-15] (Microsoft Corporation) S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [347200 2014-12-29] (WildTangent) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-08] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-08] (Intel Corporation) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1930608 2015-03-28] (Electronic Arts) R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] () [File not signed] R2 SamsungDeviceConfigurationWinService; C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [31624 2012-02-13] () [File not signed] S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [158880 2012-02-13] (Atheros) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [16512 2009-12-15] (Bytemobile, Inc.) [File not signed] R0 BMLoad; C:\Windows\SysWOW64\drivers\BMLoad.sys [16512 2009-12-15] (Bytemobile, Inc.) [File not signed] S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2010-04-28] (Marvell Semiconductor, Inc.) R1 tcpipBM; C:\windows\system32\drivers\tcpipBM.sys [39552 2009-12-15] (Bytemobile, Inc.) [File not signed] R1 tcpipBM; C:\windows\SysWOW64\drivers\tcpipBM.sys [39552 2009-12-15] (Bytemobile, Inc.) [File not signed] S3 zte_cdc_acm; C:\Windows\System32\DRIVERS\zte_cdc_acm.sys [79872 2011-08-10] (ZTE) S3 zte_cpo; C:\Windows\System32\DRIVERS\zte_cpo.sys [14336 2011-08-10] (ZTE) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-14 20:58 - 2015-04-14 20:58 - 00000000 ___RD () C:\Users\samsung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2015-04-14 20:51 - 2015-04-14 20:51 - 02096640 _____ (Farbar) C:\Users\samsung\Downloads\FRST64.exe 2015-04-14 20:51 - 2015-04-14 20:51 - 00000000 ____D () C:\Users\samsung\Downloads\FRST-OlderVersion 2015-04-14 20:42 - 2015-04-14 20:42 - 00896048 _____ () C:\Users\samsung\Downloads\Norton_Removal_Tool.exe 2015-04-14 01:20 - 2015-04-14 01:21 - 02941736 _____ (LSoft Technologies Inc ) C:\Users\samsung\Downloads\IsoBurner-Setup.exe 2015-04-14 01:10 - 2015-04-14 01:16 - 142546944 _____ () C:\Users\samsung\Downloads\rescue-cd-3.16-63801.iso 2015-04-13 10:19 - 2015-04-13 10:50 - 00000000 ____D () C:\Users\samsung\Desktop\sprzatanie świata 2015-04-10 17:17 - 2015-04-10 17:17 - 00002562 _____ () C:\Users\samsung\Desktop\gmer1.log 2015-04-10 15:27 - 2015-04-10 15:27 - 00000857 _____ () C:\Users\samsung\Desktop\Szczegóły bluescreena.txt 2015-04-10 15:26 - 2015-04-10 15:26 - 00280960 _____ () C:\windows\Minidump\041015-48219-01.dmp 2015-04-10 15:07 - 2015-04-10 15:08 - 00280960 _____ () C:\windows\Minidump\041015-72056-01.dmp 2015-04-09 10:43 - 2015-04-09 10:43 - 00000000 ____D () C:\Users\samsung\Desktop\DCIM 2015-04-07 23:23 - 2015-04-07 23:23 - 00001255 _____ () C:\Users\samsung\Desktop\plan lekcji — skrót.lnk 2015-04-06 03:09 - 2015-04-06 03:09 - 00000017 _____ () C:\windows\SysWOW64\shortcut_ex.dat 2015-04-05 14:55 - 2015-04-05 14:55 - 00003449 _____ () C:\Users\samsung\Downloads\gmer.txt 2015-04-05 02:46 - 2015-04-05 02:47 - 00000000 ___SD () C:\windows\system32\GWX 2015-04-05 02:46 - 2015-04-05 02:46 - 00000000 ___SD () C:\windows\SysWOW64\GWX 2015-04-01 23:44 - 2015-04-01 23:44 - 00000000 ____D () C:\Users\samsung\Desktop\TCP 2015-04-01 17:39 - 2015-04-01 17:41 - 00000000 ____D () C:\Users\samsung\Desktop\Karta zdj. 1.4.15 2015-03-30 14:36 - 2015-04-14 21:00 - 00000000 ____D () C:\FRST 2015-03-30 00:59 - 2015-04-10 17:41 - 00002562 _____ () C:\Users\samsung\Desktop\GMER.txt 2015-03-27 12:12 - 2015-03-27 12:22 - 00000642 _____ () C:\Users\samsung\Desktop\Zaginiony 34-latek.txt 2015-03-27 01:25 - 2015-03-27 01:25 - 00033439 _____ () C:\Users\samsung\AppData\Local\recently-used.xbel 2015-03-26 16:11 - 2015-03-26 16:11 - 00380416 _____ () C:\Users\samsung\Downloads\9jrsmv0f.exe 2015-03-26 14:57 - 2015-03-26 14:58 - 00000000 ____D () C:\Users\samsung\Documents\FIFA World 2015-03-25 22:16 - 2015-03-25 22:16 - 00000000 ____D () C:\Users\samsung\AppData\Local\Origin 2015-03-25 21:46 - 2015-03-28 09:01 - 00000000 ____D () C:\Program Files (x86)\Origin 2015-03-25 14:23 - 2015-03-11 06:06 - 00943616 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll 2015-03-25 14:23 - 2015-03-11 06:06 - 00760832 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll 2015-03-25 14:23 - 2015-03-11 06:06 - 00677888 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll 2015-03-25 14:23 - 2015-03-11 06:06 - 00414720 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll 2015-03-25 14:23 - 2015-03-11 06:05 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll 2015-03-25 14:23 - 2015-03-11 06:05 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll 2015-03-25 14:23 - 2015-03-11 06:05 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll 2015-03-25 14:23 - 2015-03-11 06:02 - 01107456 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll 2015-03-24 19:16 - 2015-04-02 20:38 - 00000000 ____D () C:\Users\samsung\AppData\Roaming\Wise Game Booster 2015-03-24 19:16 - 2015-03-24 19:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Game Booster 2015-03-24 19:16 - 2015-03-24 19:16 - 00000000 ____D () C:\Program Files (x86)\Wise 2015-03-23 20:39 - 2006-10-09 21:04 - 01807026 _____ () C:\Users\samsung\Desktop\MVI_0015.AVI 2015-03-23 20:39 - 2006-10-09 20:44 - 10794020 _____ () C:\Users\samsung\Desktop\MVI_0011.AVI 2015-03-18 20:00 - 2015-03-18 20:00 - 00000000 ____D () C:\Users\samsung\Documents\Action! 2015-03-18 20:00 - 2015-03-18 20:00 - 00000000 ____D () C:\Program Files (x86)\Mirillis 2015-03-18 17:55 - 2014-05-16 20:06 - 32743696 _____ () C:\Users\samsung\Desktop\winceimg.bin 2015-03-15 14:29 - 2015-03-15 14:29 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-14 21:01 - 2014-04-06 12:25 - 00010515 _____ () C:\Users\samsung\Downloads\FRST.txt 2015-04-14 20:58 - 2012-05-11 15:01 - 00000828 _____ () C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job 2015-04-14 20:58 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2015-04-14 20:57 - 2012-05-12 06:57 - 01735728 _____ () C:\windows\WindowsUpdate.log 2015-04-14 20:57 - 2010-11-21 05:47 - 00594398 _____ () C:\windows\PFRO.log 2015-04-14 20:57 - 2009-07-14 06:51 - 00107305 _____ () C:\windows\setupact.log 2015-04-14 20:57 - 2009-07-14 06:45 - 00028848 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-04-14 20:57 - 2009-07-14 06:45 - 00028848 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-04-14 20:55 - 2012-05-12 06:29 - 00740792 _____ () C:\windows\system32\perfh015.dat 2015-04-14 20:55 - 2012-05-12 06:29 - 00156076 _____ () C:\windows\system32\perfc015.dat 2015-04-14 20:55 - 2009-07-14 07:13 - 01670766 _____ () C:\windows\system32\PerfStringBackup.INI 2015-04-14 20:53 - 2013-02-18 22:14 - 00000000 ___RD () C:\Users\samsung\Desktop\Programiki [RÓŻNIASTE] 2015-04-14 20:50 - 2012-10-26 04:06 - 00001048 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-04-14 20:47 - 2012-05-11 15:18 - 00000000 ____D () C:\ProgramData\Norton 2015-04-14 20:43 - 2013-06-26 23:02 - 00000000 ____D () C:\Users\samsung\AppData\Roaming\vlc 2015-04-14 19:39 - 2012-05-11 15:01 - 00000830 _____ () C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job 2015-04-14 18:20 - 2012-10-27 18:11 - 00000000 ____D () C:\Users\samsung\AppData\Roaming\Skype 2015-04-13 19:34 - 2012-10-27 17:17 - 00000000 ____D () C:\Users\samsung\Documents\BabasChess 2015-04-13 00:30 - 2012-10-30 16:59 - 00000000 ____D () C:\Users\samsung\AppData\Roaming\SoftGrid Client 2015-04-12 01:06 - 2015-01-08 20:39 - 00000000 ____D () C:\Program Files (x86)\Steam 2015-04-11 18:41 - 2013-07-07 14:55 - 00000000 ____D () C:\Users\samsung\AppData\Roaming\TS3Client 2015-04-10 22:48 - 2015-02-13 18:19 - 00000000 ____D () C:\Users\samsung\Desktop\260_0602 2015-04-10 22:43 - 2012-12-21 20:16 - 00000000 ___RD () C:\Users\samsung\Desktop\GRY 2015-04-10 15:26 - 2014-01-01 12:25 - 00000000 ____D () C:\windows\Minidump 2015-04-10 13:08 - 2014-04-06 12:26 - 00084754 _____ () C:\Users\samsung\Downloads\Shortcut.txt 2015-04-10 13:08 - 2014-04-06 12:25 - 00039858 _____ () C:\Users\samsung\Downloads\Addition.txt 2015-04-10 10:31 - 2012-09-28 20:59 - 00001425 _____ () C:\Users\samsung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-04-10 09:36 - 2009-07-14 07:09 - 00000000 ____D () C:\windows\System32\Tasks\WPD 2015-04-09 23:37 - 2015-03-11 00:01 - 00000000 ____D () C:\Users\samsung\Downloads\Urodzeni Mordercy 2015-04-09 23:25 - 2012-10-27 18:29 - 00000000 ____D () C:\Program Files\VDownloader 2015-04-09 09:53 - 2013-09-14 11:35 - 00014336 _____ () C:\Users\samsung\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-04-05 15:36 - 2012-11-27 21:10 - 00000000 ____D () C:\Users\samsung\Documents\Youcam 2015-04-04 21:57 - 2013-10-02 15:16 - 00000000 ____D () C:\ProgramData\Origin 2015-04-04 21:53 - 2015-01-20 22:57 - 00004448 _____ () C:\windows\windefendam.log 2015-04-04 21:53 - 2015-01-20 22:57 - 00000020 _____ () C:\windows\capsys184523.log 2015-03-27 06:25 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\rescache 2015-03-27 01:31 - 2015-01-27 19:57 - 00000000 ____D () C:\Users\samsung\.gimp-2.8 2015-03-27 01:25 - 2015-01-28 20:37 - 00000000 ____D () C:\Users\samsung\AppData\Local\gtk-2.0 2015-03-25 21:46 - 2013-10-03 17:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin 2015-03-25 18:51 - 2014-12-11 13:53 - 00000000 ____D () C:\windows\system32\appraiser 2015-03-25 18:51 - 2014-05-06 16:58 - 00000000 ___SD () C:\windows\system32\CompatTel 2015-03-18 20:00 - 2015-01-20 22:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mirillis 2015-03-15 23:24 - 2014-11-27 04:14 - 00000270 _____ () C:\Users\samsung\Desktop\shutdown -s -t 7200.txt 2015-03-15 12:55 - 2015-01-27 20:49 - 00000000 ____D () C:\Users\samsung\AppData\Roaming\Audacity ==================== Files in the root of some directories ======= 2013-09-14 11:35 - 2015-04-09 09:53 - 0014336 _____ () C:\Users\samsung\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-03-27 01:25 - 2015-03-27 01:25 - 0033439 _____ () C:\Users\samsung\AppData\Local\recently-used.xbel ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-04-14 02:52 ==================== End Of Log ============================