Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-07-2015 Ran by Joanna (administrator) on HP on 16-07-2015 17:52:01 Running from C:\Users\Joanna\Desktop\Nowy folder Loaded Profiles: Joanna (Available Profiles: Joanna) Platform: Windows 8.1 (X64) OS Language: Polski (Polska) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3030256 2013-05-16] (Synaptics Incorporated) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [133248 2013-05-16] (Atheros Communications) HKU\S-1-5-21-2515682888-3305128835-3166960817-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.) HKU\S-1-5-21-2515682888-3305128835-3166960817-1002\...\Run: [Spotify] => C:\Users\Joanna\AppData\Roaming\Spotify\Spotify.exe [7334968 2015-07-15] (Spotify Ltd) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) SearchScopes: HKLM -> {23A0AE0F-606D-418B-B5C5-C1BCA96DC33C} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2515682888-3305128835-3166960817-1002 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) Tcpip\..\Interfaces\{50B133F5-93A7-4BD0-A3F9-D8F75DF82319}: [NameServer] 8.8.8.8,8.8.4.4 FireFox: ======== FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-07-16] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-07-16] (Google Inc.) Chrome: ======= CHR Profile: C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-16] CHR Extension: (Google Docs) - C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-16] CHR Extension: (Google Drive) - C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-16] CHR Extension: (YouTube) - C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-07-16] CHR Extension: (Google Search) - C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-16] CHR Extension: (Google Sheets) - C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-16] CHR Extension: (Google Wallet) - C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-16] CHR Extension: (Gmail) - C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-16] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-07-04] (Advanced Micro Devices, Inc.) [File not signed] R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [310912 2013-05-16] (Windows (R) Win 7 DDK provider) [File not signed] S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [239176 2013-03-05] (Realtek Semiconductor) S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-12-10] (Microsoft Corporation) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation) R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-05-16] (Atheros) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [94208 2013-02-14] (Advanced Micro Devices) R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-05-16] (Qualcomm Atheros) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation) R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [288328 2013-01-24] (Realtek Semiconductor Corp.) S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [29424 2013-05-08] (Synaptics Incorporated) S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [33008 2013-05-08] (Synaptics Incorporated) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation) R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.) U3 pgldipow; \??\C:\Users\Joanna\AppData\Local\Temp\pgldipow.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-16 17:51 - 2015-07-16 17:51 - 00006482 _____ C:\Users\Joanna\Desktop\gmer_log.log 2015-07-16 17:34 - 2015-07-16 17:34 - 00002292 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-07-16 17:34 - 2015-07-16 17:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-07-16 17:24 - 2015-07-16 17:29 - 00001054 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-07-16 17:24 - 2015-07-16 17:29 - 00001050 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-07-16 06:42 - 2015-07-16 06:42 - 00000000 ____D C:\_OTL 2015-07-16 01:40 - 2015-07-16 01:40 - 00000879 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraDefrag.lnk 2015-07-16 01:40 - 2015-07-16 01:40 - 00000867 _____ C:\Users\Public\Desktop\UltraDefrag.lnk 2015-07-16 01:40 - 2015-07-16 01:40 - 00000000 ____D C:\Program Files\UltraDefrag 2015-07-16 01:13 - 2015-07-16 01:13 - 00001795 _____ C:\ipconfig.txt 2015-07-16 01:13 - 2015-07-16 01:13 - 00000468 _____ C:\ping.txt 2015-07-16 01:00 - 2015-07-16 01:00 - 00000928 _____ C:\Users\Public\Desktop\AIMP3.lnk 2015-07-16 01:00 - 2015-07-16 01:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP3 2015-07-16 00:59 - 2015-07-16 01:00 - 00000000 ____D C:\Program Files (x86)\AIMP3 2015-07-16 00:55 - 2015-07-16 17:52 - 00000000 ____D C:\FRST 2015-07-16 00:54 - 2015-07-16 00:54 - 00001209 _____ C:\Users\Joanna\Desktop\CrystalDiskInfo.lnk 2015-07-16 00:54 - 2015-07-16 00:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo 2015-07-16 00:54 - 2015-07-16 00:54 - 00000000 ____D C:\Program Files (x86)\CrystalDiskInfo 2015-07-16 00:50 - 2015-07-16 00:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack 2015-07-16 00:50 - 2014-12-21 15:58 - 03570688 _____ (x264vfw project) C:\WINDOWS\system32\x264vfw64.dll 2015-07-16 00:50 - 2014-12-21 15:57 - 03588608 _____ (x264vfw project) C:\WINDOWS\SysWOW64\x264vfw.dll 2015-07-16 00:50 - 2014-12-05 00:56 - 00729088 _____ C:\WINDOWS\system32\xvidcore.dll 2015-07-16 00:50 - 2014-12-05 00:55 - 00655872 _____ C:\WINDOWS\SysWOW64\xvidcore.dll 2015-07-16 00:50 - 2014-11-14 16:12 - 00254976 _____ C:\WINDOWS\system32\xvidvfw.dll 2015-07-16 00:50 - 2014-11-14 16:11 - 00240128 _____ C:\WINDOWS\SysWOW64\xvidvfw.dll 2015-07-16 00:50 - 2012-07-21 13:55 - 00180736 _____ (fccHandler) C:\WINDOWS\system32\ac3acm.acm 2015-07-16 00:50 - 2012-07-21 13:54 - 00122880 _____ (fccHandler) C:\WINDOWS\SysWOW64\ac3acm.acm 2015-07-16 00:50 - 2011-12-07 20:37 - 00148992 _____ ( ) C:\WINDOWS\system32\lagarith.dll 2015-07-16 00:50 - 2011-12-07 20:32 - 00216064 _____ ( ) C:\WINDOWS\SysWOW64\lagarith.dll 2015-07-16 00:49 - 2015-07-16 00:49 - 00000000 ____D C:\Program Files (x86)\K-Lite Codec Pack 2015-07-16 00:49 - 2015-01-13 20:00 - 00112640 _____ C:\WINDOWS\SysWOW64\ff_vfw.dll 2015-07-16 00:49 - 2014-12-02 16:10 - 00260184 _____ C:\WINDOWS\system32\unrar64.dll 2015-07-16 00:49 - 2014-12-02 16:10 - 00218712 _____ C:\WINDOWS\SysWOW64\unrar.dll 2015-07-16 00:48 - 2015-07-16 01:34 - 00000000 ____D C:\AdwCleaner 2015-07-16 00:47 - 2015-07-16 17:26 - 00000000 ____D C:\Users\Joanna\Desktop\Nowy folder 2015-07-16 00:32 - 2015-07-16 00:32 - 00000886 _____ C:\Users\Joanna\Documents\Pobrane — skrót.lnk 2015-07-15 23:53 - 2015-07-15 23:53 - 00007605 _____ C:\Users\Joanna\AppData\Local\Resmon.ResmonCfg 2015-07-15 22:02 - 2015-07-15 22:15 - 00013029 _____ C:\Users\Joanna\Desktop\fix.txt 2015-07-15 21:30 - 2015-07-15 21:30 - 00380416 _____ C:\Users\Joanna\Downloads\1pekjwqz.exe 2015-06-21 23:20 - 2015-07-16 17:21 - 00000000 ____D C:\Users\Joanna\AppData\Local\Spotify 2015-06-21 23:20 - 2015-06-21 23:53 - 00001825 _____ C:\Users\Joanna\Desktop\Spotify.lnk 2015-06-21 23:20 - 2015-06-21 23:53 - 00001811 _____ C:\Users\Joanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk 2015-06-21 23:19 - 2015-07-16 17:22 - 00000000 ____D C:\Users\Joanna\AppData\Roaming\Spotify 2015-06-20 10:18 - 2015-05-22 15:08 - 00700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2015-06-20 10:18 - 2015-05-21 15:08 - 01119232 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2015-06-20 10:18 - 2015-05-21 15:08 - 01020928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2015-06-20 10:18 - 2015-05-21 15:08 - 00756736 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2015-06-20 10:18 - 2015-05-21 15:08 - 00422912 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2015-06-20 10:18 - 2015-05-21 15:08 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll 2015-06-20 10:18 - 2015-05-21 15:08 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2015-06-20 10:18 - 2015-04-17 00:07 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-16 17:49 - 2014-12-10 21:11 - 01299359 _____ C:\WINDOWS\WindowsUpdate.log 2015-07-16 17:46 - 2013-12-22 19:12 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2515682888-3305128835-3166960817-1002 2015-07-16 17:34 - 2013-12-19 17:58 - 00000000 ____D C:\Users\Joanna\AppData\Local\Google 2015-07-16 17:34 - 2013-12-19 17:58 - 00000000 ____D C:\Program Files (x86)\Google 2015-07-16 17:26 - 2015-02-04 10:01 - 00003964 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{BCB004D3-DE59-483B-AFD9-6290456E718E} 2015-07-16 17:24 - 2015-04-09 17:31 - 00004026 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2015-07-16 17:24 - 2015-04-09 17:31 - 00003790 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2015-07-16 17:24 - 2015-02-10 03:12 - 00000000 ____D C:\Users\Joanna\AppData\Local\Deployment 2015-07-16 17:20 - 2015-04-15 15:20 - 00000000 ___RD C:\Users\Joanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2015-07-16 17:19 - 2015-04-17 12:29 - 00009841 _____ C:\WINDOWS\setupact.log 2015-07-16 17:19 - 2014-12-16 17:35 - 00000342 _____ C:\WINDOWS\Tasks\HPCeeScheduleForJoanna.job 2015-07-16 17:19 - 2014-12-13 11:55 - 00000008 __RSH C:\ProgramData\ntuser.pol 2015-07-16 17:19 - 2014-09-24 07:58 - 00697708 _____ C:\WINDOWS\PFRO.log 2015-07-16 17:19 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2015-07-16 17:18 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI 2015-07-16 17:17 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy 2015-07-16 17:09 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru 2015-07-16 06:42 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\NDF 2015-07-16 06:38 - 2014-12-16 17:35 - 00003158 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForJoanna 2015-07-16 06:38 - 2014-12-10 21:25 - 00000000 ____D C:\Users\Joanna 2015-07-16 01:47 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness 2015-07-16 01:01 - 2013-12-29 15:04 - 00000000 ____D C:\Users\Joanna\AppData\Roaming\AIMP3 2015-07-16 00:42 - 2013-12-17 11:07 - 00000000 ____D C:\Users\Joanna\Documents\Bluetooth Folder 2015-07-16 00:14 - 2013-10-11 14:20 - 00000000 ____D C:\Program Files (x86)\Realtek 2015-07-15 23:45 - 2012-07-26 10:12 - 00000000 ___HD C:\WINDOWS\ELAMBKUP 2015-07-15 23:16 - 2015-05-15 00:12 - 00000000 ____D C:\Program Files\Google 2015-07-15 23:04 - 2013-06-05 19:29 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support 2015-07-15 23:04 - 2013-06-05 19:07 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard 2015-07-15 23:03 - 2013-06-05 19:09 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools 2015-07-15 23:03 - 2013-01-14 21:16 - 00000000 ____D C:\Program Files\Hewlett-Packard 2015-07-15 22:59 - 2013-12-19 09:37 - 00000000 ____D C:\Users\Joanna\AppData\Roaming\hpqlog 2015-07-15 22:58 - 2013-10-11 14:40 - 00000000 ____D C:\ProgramData\CyberLink 2015-07-15 22:58 - 2013-10-11 14:36 - 00000000 ____D C:\Program Files (x86)\CyberLink 2015-07-15 22:58 - 2013-06-05 19:30 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2015-07-15 22:53 - 2013-12-19 16:47 - 00000000 ____D C:\Users\Joanna\AppData\Roaming\CyberLink 2015-07-15 20:33 - 2014-09-24 17:08 - 02026164 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2015-07-15 20:33 - 2014-09-24 16:35 - 00878416 _____ C:\WINDOWS\system32\perfh015.dat 2015-07-15 20:33 - 2014-09-24 16:35 - 00198680 _____ C:\WINDOWS\system32\perfc015.dat 2015-07-15 12:54 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp 2015-07-14 22:20 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM 2015-07-12 20:35 - 2014-11-21 22:31 - 00000052 _____ C:\WINDOWS\SysWOW64\DOErrors.log 2015-07-08 18:40 - 2013-12-17 11:07 - 00000000 ____D C:\Users\Joanna\AppData\Roaming\Atheros 2015-06-21 22:54 - 2015-02-04 10:01 - 00000000 __SHD C:\Users\Joanna\AppData\Local\EmieUserList 2015-06-21 22:54 - 2015-02-04 10:01 - 00000000 __SHD C:\Users\Joanna\AppData\Local\EmieSiteList 2015-06-21 22:54 - 2015-02-04 10:01 - 00000000 __SHD C:\Users\Joanna\AppData\Local\EmieBrowserModeList 2015-06-21 20:07 - 2012-07-26 07:26 - 00000367 _____ C:\WINDOWS\win.ini 2015-06-20 18:17 - 2015-04-17 12:27 - 00000000 ____D C:\WINDOWS\system32\appraiser 2015-06-20 18:17 - 2014-09-24 18:37 - 00000000 ___SD C:\WINDOWS\system32\CompatTel 2015-06-17 18:43 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache 2015-06-17 09:09 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ToastData 2015-06-16 23:45 - 2014-01-11 00:58 - 00000000 ____D C:\WINDOWS\system32\MRT 2015-06-16 23:31 - 2014-01-11 00:57 - 140135120 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe ==================== Files in the root of some directories ======= 2015-07-15 23:53 - 2015-07-15 23:53 - 0007605 _____ () C:\Users\Joanna\AppData\Local\Resmon.ResmonCfg 2014-10-10 13:55 - 2014-10-10 13:56 - 0000199 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-07-16 03:32 ==================== End of log ============================