Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-04-2015 Ran by PiotrC (administrator) on PIOTRC-PC on 25-04-2015 20:17:58 Running from C:\Users\PiotrC\Downloads Loaded Profiles: PiotrC (Available profiles: PiotrC) Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (Stardock Corporation) C:\Program Files (x86)\Stardock\WindowBlinds\WBSrv.exe (Stardock Software, Inc) C:\Program Files (x86)\Stardock\WindowBlinds\WBCore.exe (AMD) C:\Windows\System32\atieclxx.exe (Comodo Security Solutions, Inc.) D:\Programy\Comodo\Dragon\dragon_updater.exe (Valve Corporation) D:\Gry\Steam\Steam.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Advanced Micro Devices Inc.) D:\Programy\AMD\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) D:\Programy\AMD\ATI.ACE\Core-Static\CCC.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Valve Corporation) D:\Gry\Steam\bin\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Comodo) D:\Programy\Comodo\Dragon\dragon.exe (Comodo) D:\Programy\Comodo\Dragon\dragon.exe (AIMP DevTeam) D:\ProgramyAIMP3\AIMP3.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe (Comodo) D:\Programy\Comodo\Dragon\dragon.exe (Comodo) D:\Programy\Comodo\Dragon\dragon.exe (Comodo) D:\Programy\Comodo\Dragon\dragon.exe (Comodo) D:\Programy\Comodo\Dragon\dragon.exe (Comodo) D:\Programy\Comodo\Dragon\dragon.exe (Comodo) D:\Programy\Comodo\Dragon\dragon.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated) HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2716216 2009-09-29] (ESET) HKLM-x32\...\Run: [StartCCC] => D:\Programy\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-21] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-03-07] (Oracle Corporation) HKU\S-1-5-21-2562658416-2256838758-2862498726-1000\...\Run: [Steam] => D:\Gry\Steam\steam.exe [2889408 2015-04-14] (Valve Corporation) HKU\S-1-5-21-2562658416-2256838758-2862498726-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd) HKU\S-1-5-21-2562658416-2256838758-2862498726-1000\...\Run: [DAEMON Tools Lite] => D:\Programy\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd) Startup: C:\Users\PiotrC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-04-14] ShortcutTarget: Dropbox.lnk -> C:\Users\PiotrC\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\PiotrC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2015-03-27] ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe () ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PiotrC\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PiotrC\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PiotrC\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PiotrC\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PiotrC\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PiotrC\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PiotrC\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PiotrC\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PiotrC\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PiotrC\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PiotrC\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PiotrC\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PiotrC\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PiotrC\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PiotrC\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PiotrC\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-05] (Dropbox, Inc.) CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-2562658416-2256838758-2862498726-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-2562658416-2256838758-2862498726-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices) Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices) Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices) Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-17] () FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2013-03-21] (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-17] () FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-04-12] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-04-12] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2013-03-21] (Adobe Systems) FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird FF Extension: Eset Plugin - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2015-04-25] Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 DragonUpdater; D:\Programy\Comodo\Dragon\dragon_updater.exe [2370240 2014-11-27] (Comodo Security Solutions, Inc.) S3 EhttpSrv; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [23296 2009-09-29] (ESET) R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [735960 2009-09-29] (ESET) S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 WindowBlinds; C:\Program Files (x86)\Stardock\WindowBlinds\wbsrv.exe [89600 2014-03-10] (Stardock Corporation) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [312480 2015-03-06] () R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2015-02-18] (Disc Soft Ltd) R2 eamon; C:\Windows\System32\DRIVERS\eamon.sys [144824 2009-09-29] (ESET) R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [136584 2009-09-29] (ESET) R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [123200 2009-09-29] (ESET) R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43168 2015-03-06] () S3 Andbus; system32\DRIVERS\lgandbus64.sys [X] S3 AndDiag; system32\DRIVERS\lganddiag64.sys [X] S3 AndGps; system32\DRIVERS\lgandgps64.sys [X] S3 ANDModem; system32\DRIVERS\lgandmodem64.sys [X] U3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-25 20:17 - 2015-04-25 20:18 - 00013028 _____ () C:\Users\PiotrC\Downloads\FRST.txt 2015-04-25 20:17 - 2015-04-25 20:17 - 02099712 _____ (Farbar) C:\Users\PiotrC\Downloads\FRST64.exe 2015-04-25 20:17 - 2015-04-25 20:17 - 00000000 ____D () C:\FRST 2015-04-25 17:26 - 2015-04-25 17:26 - 00020052 _____ () C:\ComboFix.txt 2015-04-25 17:19 - 2015-04-25 17:26 - 00000000 ____D () C:\Qoobox 2015-04-25 17:19 - 2015-04-25 17:25 - 00000000 ____D () C:\Windows\erdnt 2015-04-25 17:19 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2015-04-25 17:19 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2015-04-25 17:19 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-04-25 17:19 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-04-25 17:19 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-04-25 17:19 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2015-04-25 17:19 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2015-04-25 17:19 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2015-04-25 17:18 - 2015-04-25 17:19 - 05619466 ____R (Swearware) C:\Users\PiotrC\Downloads\ComboFix.exe 2015-04-25 13:52 - 2015-04-25 13:52 - 00000000 ____D () C:\Users\PiotrC\AppData\Local\ESET 2015-04-25 13:34 - 2015-04-25 13:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET 2015-04-25 13:34 - 2015-04-25 13:34 - 00000000 ____D () C:\ProgramData\ESET 2015-04-25 13:34 - 2015-04-25 13:34 - 00000000 ____D () C:\Program Files\ESET 2015-04-21 17:10 - 2015-04-21 17:27 - 433885740 _____ () C:\Users\PiotrC\Downloads\gta4_realistic_car_pack_ogiogi93_v4.rar 2015-04-21 16:47 - 2015-04-22 16:32 - 00000000 ____D () C:\Users\PiotrC\Documents\Rockstar Games 2015-04-21 16:44 - 2015-04-21 16:44 - 00297362 _____ () C:\Users\PiotrC\Downloads\ivcarspawner14.zip 2015-04-21 16:44 - 2015-04-15 16:33 - 00000000 ____D () C:\Users\PiotrC\AppData\Local\Rockstar Games 2015-04-21 16:43 - 2015-04-21 16:43 - 05286299 _____ () C:\Users\PiotrC\Downloads\CVPV6_DataFiles.rar 2015-04-21 16:41 - 2015-04-21 16:41 - 00051394 _____ () C:\Users\PiotrC\Downloads\asiloader1020b.zip 2015-04-21 16:38 - 2015-04-21 16:38 - 00178800 _____ (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt_x64.dll 2015-04-21 16:38 - 2015-04-21 16:38 - 00000000 ____D () C:\Windows\SysWOW64\xlive 2015-04-21 16:38 - 2015-04-21 16:38 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games for Windows - LIVE 2015-04-21 16:37 - 2015-04-21 16:37 - 00001067 _____ () C:\Users\Public\Desktop\Grand Theft Auto IV.lnk 2015-04-21 16:22 - 2015-04-21 16:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games 2015-04-20 21:04 - 2015-04-20 21:04 - 00000205 _____ () C:\Users\PiotrC\Desktop\Risen 2 - Dark Waters.url 2015-04-20 21:01 - 2015-04-20 21:01 - 00000203 _____ () C:\Users\PiotrC\Desktop\Dota 2.url 2015-04-18 21:43 - 2015-04-18 21:44 - 45142720 _____ (Microsoft Corporation) C:\Users\PiotrC\Downloads\Windows-KB890830-x64-V5.23.exe 2015-04-18 20:56 - 2015-04-18 20:56 - 00000000 ____D () C:\Users\PiotrC\AppData\Roaming\LavasoftStatistics 2015-04-18 20:50 - 2015-04-18 20:50 - 02057008 _____ () C:\Users\PiotrC\Downloads\Adaware_Installer.exe 2015-04-18 20:20 - 2015-04-18 20:20 - 00000000 _____ () C:\autoexec.bat 2015-04-18 20:18 - 2015-04-18 20:18 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\PiotrC\Downloads\SpyHunter-Installer.exe 2015-04-18 18:22 - 2015-04-18 18:22 - 00000000 ____D () C:\Windows\system32\appmgmt 2015-04-18 18:17 - 2015-04-18 18:18 - 00000000 ____D () C:\AdwCleaner 2015-04-18 17:49 - 2015-04-18 18:22 - 00000000 ____D () C:\Program Files (x86)\Chromemote - Remote for Google TV 2015-04-17 13:26 - 2015-04-17 13:26 - 00484169 _____ () C:\Users\PiotrC\Downloads\GTA100savegame.zip 2015-04-16 16:27 - 2015-04-16 16:27 - 00001089 _____ () C:\Users\PiotrC\Desktop\Cheat Engine.lnk 2015-04-16 16:26 - 2015-04-16 16:27 - 09056784 _____ (Cheat Engine ) C:\Users\PiotrC\Downloads\CheatEngine64.exe 2015-04-16 16:06 - 2015-04-16 16:06 - 00000000 ____D () C:\ProgramData\Yellow AdBlocker 2015-04-16 15:31 - 2015-04-18 10:41 - 00000448 _____ () C:\Windows\setupact.log 2015-04-16 15:31 - 2015-04-16 15:31 - 00000000 _____ () C:\Windows\setuperr.log 2015-04-15 18:18 - 2015-04-15 18:18 - 00000566 _____ () C:\Users\PiotrC\Desktop\Launcher.exe - Shortcut.lnk 2015-04-15 16:53 - 2015-04-15 17:32 - 00000080 _____ () C:\Users\PiotrC\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦 2015-04-15 16:34 - 2015-04-15 16:34 - 00000000 ____D () C:\Program Files\Rockstar Games 2015-04-15 16:34 - 2015-04-15 16:34 - 00000000 ____D () C:\Program Files (x86)\Rockstar Games 2015-04-13 19:21 - 2015-04-13 19:21 - 00000000 ____D () C:\Users\PiotrC\AppData\Local\Overwolf 2015-04-12 09:30 - 2015-04-12 09:30 - 00067728 _____ () C:\Users\PiotrC\Downloads\SEUS-v10.1-Standard.zip 2015-04-12 09:28 - 2015-04-12 09:28 - 00037534 _____ () C:\Users\PiotrC\Downloads\Robobo1221s Shaders V 4.2 lite.zip 2015-04-12 09:18 - 2015-04-12 09:18 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2015-04-12 09:18 - 2015-04-12 09:18 - 00000000 ____D () C:\ProgramData\Sun 2015-04-12 09:18 - 2015-04-12 09:18 - 00000000 ____D () C:\ProgramData\Oracle 2015-04-12 09:18 - 2015-04-12 09:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-04-12 09:18 - 2015-04-12 09:18 - 00000000 ____D () C:\Program Files (x86)\Java 2015-04-12 09:16 - 2015-04-12 09:16 - 00561064 _____ (Oracle Corporation) C:\Users\PiotrC\Downloads\chromeinstall-8u40.exe 2015-04-11 18:43 - 2015-04-11 18:43 - 00000000 ____D () C:\ProgramData\{963bacb8-53c9-ab71-963b-bacb853cb2e1} 2015-04-11 15:44 - 2015-04-25 17:16 - 00000000 ____D () C:\Program Files (x86)\AppendInit 2015-04-11 15:43 - 2015-04-11 15:43 - 00000000 ____D () C:\Program Files (x86)\DiscountBomb 2015-04-11 09:56 - 2015-04-11 09:56 - 00002177 _____ () C:\Users\PiotrC\Desktop\Action!.lnk 2015-04-11 09:56 - 2015-04-11 09:56 - 00000000 ____D () C:\Users\PiotrC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mirillis 2015-04-11 09:56 - 2015-04-11 09:56 - 00000000 ____D () C:\Program Files (x86)\Mirillis 2015-04-10 13:09 - 2015-04-25 16:52 - 00000000 ____D () C:\ProgramData\{8b808ee0-1e0f-d7ac-8b80-08ee01e03b80} 2015-04-09 18:51 - 2015-04-13 18:22 - 00275360 _____ (Microsoft Corporation) C:\Windows\system32\DreamScene.dll 2015-04-09 18:51 - 2015-04-09 18:51 - 00275360 _____ (Microsoft Corporation) C:\Windows\system32\DreamScene.dll.0 2015-04-09 18:51 - 2015-04-09 18:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DreamScene Seven 2015-04-09 18:51 - 2015-04-09 18:51 - 00000000 ____D () C:\Program Files (x86)\DreamScene Seven 2015-04-09 13:17 - 2015-04-09 13:19 - 00000000 ____D () C:\Users\PiotrC\AppData\Local\Ori and the Blind Forest 2015-04-09 13:17 - 2015-04-09 13:17 - 00000000 ____D () C:\Users\PiotrC\AppData\Local\SKIDROW 2015-04-08 19:37 - 2015-04-08 19:37 - 00000611 _____ () C:\Users\PiotrC\Desktop\Ori and the Blind Forest.lnk 2015-04-08 19:37 - 2015-04-08 19:37 - 00000000 ____D () C:\Users\PiotrC\AppData\Roaming\Ori and the Blind Forest 2015-04-08 19:37 - 2015-04-08 19:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics 2015-04-08 17:58 - 2015-04-08 17:58 - 00000000 ____D () C:\Users\PiotrC\AppData\Roaming\Python-Eggs 2015-04-07 18:56 - 2015-04-12 09:23 - 00000000 ____D () C:\Users\PiotrC\AppData\Roaming\.minecraft 2015-04-07 18:56 - 2015-04-07 18:56 - 00000000 ____D () C:\Users\PiotrC\AppData\Roaming\java 2015-04-07 18:55 - 2015-04-07 18:55 - 00000602 _____ () C:\Users\Public\Desktop\Minecraft.lnk 2015-04-07 18:55 - 2015-04-07 18:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft 2015-04-06 16:31 - 2015-04-06 16:32 - 00000000 ____D () C:\Users\PiotrC\Documents\Witcher 2 2015-04-06 16:31 - 2015-04-06 16:31 - 00000000 ____D () C:\Users\PiotrC\AppData\Local\The Witcher 2 2015-04-06 09:55 - 2015-04-25 16:52 - 00000000 ____D () C:\ProgramData\{18722e4c-82fd-1f63-1872-22e4c82fb932} 2015-04-06 09:55 - 2015-04-25 16:52 - 00000000 ____D () C:\ProgramData\{0b776249-34b3-9941-0b77-7624934b8924} 2015-04-05 12:18 - 2015-04-05 13:45 - 00000000 ____D () C:\Users\PiotrC\Desktop\WOLF 2015-04-05 10:18 - 2015-04-05 10:18 - 00013140 _____ () C:\Users\PiotrC\Downloads\[www.tnt24.info] Snajper - American Sniper -2014- [720p WEB-DL.XviD.AC3-EVO] [Napisy PL].torrent 2015-04-05 10:15 - 2015-04-05 10:15 - 00056490 _____ () C:\Users\PiotrC\Downloads\[www.tnt24.info] Iron Man 3 (2013) [DVDRip] [XviD-GR4PE] [Dubbing PL].torrent 2015-04-04 15:22 - 2015-04-04 15:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atari 2015-04-04 14:06 - 2015-04-04 14:06 - 00000000 ____D () C:\ProgramData\Test Drive Unlimited 2015-04-04 13:57 - 2015-04-04 13:57 - 00000000 ____D () C:\Users\PiotrC\AppData\Local\Stardock 2015-04-04 13:57 - 2015-04-04 13:57 - 00000000 ____D () C:\ProgramData\Stardock 2015-04-04 13:56 - 2015-04-04 13:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock 2015-04-04 13:55 - 2015-04-04 13:55 - 00000000 ____D () C:\Users\Public\Documents\Stardock 2015-04-04 13:55 - 2015-04-04 13:55 - 00000000 ____D () C:\Users\PiotrC\Downloads\Stardock 2015-04-04 13:55 - 2015-04-04 13:55 - 00000000 ____D () C:\Program Files (x86)\Stardock 2015-03-31 19:18 - 2015-03-31 19:18 - 00000000 ____D () C:\Users\Public\Witryna 2015-03-31 19:11 - 2015-04-18 10:42 - 00000000 ___RD () C:\Users\PiotrC\Dropbox 2015-03-31 19:11 - 2015-04-17 07:52 - 00000982 _____ () C:\Users\PiotrC\Desktop\Dropbox.lnk 2015-03-31 19:09 - 2015-04-17 07:52 - 00000000 ____D () C:\Users\PiotrC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-03-31 19:08 - 2015-04-18 10:42 - 00000000 ____D () C:\Users\PiotrC\AppData\Roaming\Dropbox 2015-03-31 17:44 - 2015-03-31 19:11 - 00000000 ____D () C:\Users\PiotrC\Desktop\page 2015-03-29 18:34 - 2015-04-25 16:52 - 00000000 ____D () C:\ProgramData\{bfc81d9b-c477-68ed-bfc8-81d9bc47766f} 2015-03-28 20:14 - 2015-04-11 18:55 - 00000000 ____D () C:\Windows\pss 2015-03-28 14:05 - 2015-03-28 14:05 - 00000000 ____D () C:\Users\PiotrC\Documents\The Forest V0.14 Trainer +9 2015-03-28 13:44 - 2015-03-28 13:45 - 04197674 _____ () C:\Users\PiotrC\Documents\The Forest V0.14 Trainer +9.rar 2015-03-28 13:43 - 2015-03-28 13:43 - 00015568 _____ () C:\Users\PiotrC\Documents\[kickass.to]the.forest.v0.14.windows.viruz.torrent 2015-03-28 13:41 - 2015-04-25 16:52 - 00000000 ____D () C:\ProgramData\{992954e7-a8f1-e719-9929-954e7a8f539e} 2015-03-27 17:54 - 2015-03-27 17:54 - 01996756 _____ () C:\Users\PiotrC\Documents\sapphire_1_0_by_darkeagle2011-d8mvjsm.rmskin 2015-03-27 17:53 - 2015-03-27 17:53 - 01680871 _____ () C:\Users\PiotrC\Documents\_updated__stepris_v1_3_for_rainmeter_by_t_projects-d8cxv8v.rmskin 2015-03-27 17:50 - 2015-03-27 17:50 - 02330992 _____ () C:\Users\PiotrC\Documents\Rainmeter-3.2.1.exe 2015-03-27 17:50 - 2015-03-27 17:50 - 00001706 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rainmeter.lnk 2015-03-27 17:50 - 2015-03-27 17:50 - 00000000 ____D () C:\Users\PiotrC\Documents\Rainmeter 2015-03-27 17:50 - 2015-03-27 17:50 - 00000000 ____D () C:\Users\PiotrC\AppData\Roaming\Rainmeter 2015-03-27 17:50 - 2015-03-27 17:50 - 00000000 ____D () C:\Program Files\Rainmeter 2015-03-27 17:49 - 2015-03-27 17:49 - 00002221 _____ () C:\Users\PiotrC\Documents\s_h_i_e_l_d_os____jarvis_iron_man_like_theme__by_eapathy-d6sagwb.rmskin 2015-03-27 17:49 - 2015-03-27 17:49 - 00000000 ___HD () C:\Users\PiotrC\Desktop\Ikony 2015-03-27 17:05 - 2015-03-27 17:05 - 00013606 _____ () C:\Users\PiotrC\Documents\[www.tnt24.info] Kapitan Ameryka- Zimowy żołnierz - Captain America- The Winter Soldier (2014) [1080p.AC3.BDRip.x264-gix] [Dubbing PL].torrent 2015-03-26 16:51 - 2015-03-26 16:51 - 00000000 ____D () C:\ProgramData\IsolatedStorage ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-25 17:38 - 2015-03-07 09:36 - 00964125 _____ () C:\Windows\WindowsUpdate.log 2015-04-25 17:28 - 2015-02-17 13:21 - 00000000 ____D () C:\Users\PiotrC\AppData\Roaming\AIMP3 2015-04-25 17:26 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default 2015-04-25 17:24 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini 2015-04-25 16:45 - 2015-02-17 12:36 - 00000000 ____D () C:\Users\PiotrC\AppData\Roaming\uTorrent 2015-04-25 13:46 - 2009-07-14 06:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-04-25 13:46 - 2009-07-14 06:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-04-21 16:37 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2015-04-21 16:23 - 2015-02-17 21:18 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2015-04-18 18:25 - 2015-03-24 18:25 - 00000000 ____D () C:\Windows\UXBackup 2015-04-18 18:24 - 2015-03-24 18:25 - 00000000 ____D () C:\Program Files (x86)\UX Pack 2015-04-18 18:24 - 2009-07-14 05:20 - 00000000 __RSD () C:\Windows\Media 2015-04-18 18:22 - 2015-02-28 21:41 - 00000000 ____D () C:\Program Files (x86)\LG Electronics 2015-04-18 18:16 - 2015-03-20 14:12 - 00000000 ____D () C:\Users\PiotrC\AppData\Roaming\TS3Client 2015-04-18 17:47 - 2015-02-28 23:50 - 00000000 ____D () C:\Users\PiotrC\Documents\Euro Truck Simulator 2 2015-04-18 10:47 - 2009-07-14 07:13 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-04-18 10:41 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-04-17 20:28 - 2015-02-18 00:09 - 00065536 _____ () C:\Windows\system32\spu_storage.bin 2015-04-16 16:27 - 2015-03-21 12:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.4 2015-04-16 16:27 - 2015-03-21 12:13 - 00000000 ____D () C:\Program Files (x86)\Cheat Engine 6.4 2015-04-16 15:31 - 2009-07-14 07:08 - 00032634 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-04-15 18:17 - 2015-02-18 16:05 - 00000000 ____D () C:\Users\PiotrC\AppData\Roaming\DAEMON Tools Lite 2015-04-11 18:58 - 2015-02-20 19:58 - 00000000 ____D () C:\Program Files\Adobe 2015-04-11 09:59 - 2015-02-20 19:58 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe 2015-04-11 09:56 - 2015-02-20 20:17 - 00000000 ____D () C:\Users\PiotrC\AppData\Local\Mirillis 2015-04-01 11:16 - 2014-11-15 02:33 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-03-31 19:11 - 2015-02-17 20:52 - 00000000 ____D () C:\Users\PiotrC ==================== Files in the root of some directories ======= 2015-02-17 13:51 - 2015-02-17 13:51 - 0000000 ____H () C:\ProgramData\DP45977C.lfl ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-04-25 15:19 ==================== End Of Log ============================