Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:30-07-2015 Ran by Roland (administrator) on ROLAND-KOMPUTER (01-08-2015 13:31:10) Running from G:\PROGRAMY Loaded Profiles: Roland (Available Profiles: Roland) Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Polski (Polska) Internet Explorer Version 9 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (AMD) C:\Windows\System32\atieclxx.exe (Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Innova Co S.a r.l.) C:\Program Files (x86)\4game\3.5.5.152\4game-service.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe (Piriform Ltd) C:\Program Files\CCleaner\hkl.exe (Samsung Electronics.) C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe (Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Farbar) G:\PROGRAMY\ytyu.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation) HKU\S-1-5-21-815740013-245853561-3982639562-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\hkl.exe [8418584 2015-07-17] (Piriform Ltd) HKU\S-1-5-18\...\Run: [ZoneAlarm Windows 10 Upgrader] => "C:\ProgramData\CheckPoint\ZoneAlarm\Data\Updates\unpacked==win10=update_win10.zip\upgrade.exe" /delay ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-815740013-245853561-3982639562-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/pl-pl/?ocid=iehp BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-07-20] (Oracle Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-20] (Oracle Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{37C62A53-055B-48BD-B2A0-E3AA9C56FF35}: [DhcpNameServer] 192.168.1.1 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Roland\AppData\Roaming\Mozilla\Firefox\Profiles\l38knw9v.default FF Homepage: google.pl FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-29] () FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-20] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-20] (Oracle Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @4game.com/plugin -> C:\Program Files (x86)\4game\3.5.5.152\npplugin4game.dll [2015-07-29] (Innova Co S.a r.l.) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-29] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.) FF Extension: PEKAO S.A. Sign Plugin - C:\Users\Roland\AppData\Roaming\Mozilla\Firefox\Profiles\l38knw9v.default\Extensions\SignPlugin@pekao.pl [2014-12-09] FF Extension: Adblock Plus - C:\Users\Roland\AppData\Roaming\Mozilla\Firefox\Profiles\l38knw9v.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-28] FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found] Chrome: ======= CHR Profile: C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Profile 5 CHR Extension: (Google Slides) - C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-05] CHR Extension: (Google Docs) - C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05] CHR Extension: (Google Drive) - C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-05] CHR Extension: (Please enter your password) - C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2015-02-05] CHR Extension: (YouTube) - C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-05] CHR Extension: (Google Search) - C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-05] CHR Extension: (Google Sheets) - C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-05] CHR Extension: (HTTPS Everywhere) - C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2015-02-05] CHR Extension: (AdBlock) - C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-02-05] CHR Extension: (Turn Off the Lights) - C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\labjanboighjienkhiabgpefblkbmemd [2015-02-05] CHR Extension: (Stop Autoplay for YouTube.) - C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\lgdfnbpkmkkdhgidgcpdkgpdlfjcgnnh [2015-02-05] CHR Extension: (Chrome Web Store Payments) - C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-05] CHR Extension: (Gmail) - C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-05] CHR Extension: (Browser QuickLinks) - C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\plpjogfhobhpdcmcblieglnoooccfcmm [2015-02-05] Opera: ======= StartMenuInternet: (HKLM) OperaNext - C:\Program Files\Opera Next x64\Opera.exe (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 4game-service; C:\Program Files (x86)\4game\3.5.5.152\4game-service.exe [1504904 2015-07-29] (Innova Co S.a r.l.) R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [423424 2011-10-19] (Creative Technology Ltd) [File not signed] S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6516792 2015-05-21] (GOG.com) R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [133632 2012-02-09] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-21] (Intel Corporation) S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2015-03-10] () [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) S3 Origin Client Service; G:\Origin\OriginClientService.exe [1931632 2015-05-11] (Electronic Arts) R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [3596752 2014-08-13] (Check Point Software Technologies Ltd.) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation) R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [96272 2014-08-13] (Check Point Software Technologies, Ltd.) (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [62152 2014-10-28] (Advanced Micro Devices, Inc.) S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [29184 2014-05-27] (LG Electronics Inc.) S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [36352 2014-05-27] (LG Electronics Inc.) R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [25536 2012-02-09] () R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [25536 2012-02-09] () R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [44992 2012-02-09] () R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [7717984 2014-06-11] (Kaspersky Lab ZAO) U5 klflt; C:\Windows\System32\Drivers\klflt.sys [92768 2014-06-11] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [490592 2014-06-11] (Kaspersky Lab ZAO) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation) R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [450456 2014-08-13] (Check Point Software Technologies Ltd.) R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2015-08-01] () R3 XENfiltv; C:\Windows\System32\drivers\XENfiltv.sys [25600 2009-07-31] (Creative Technology Ltd.) S4 sptd; \SystemRoot\System32\Drivers\sptd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-09-18 17:45 - 2015-06-15 17:13 - 00000000 ____D C:\Program Files (x86)\Altova 2015-08-01 13:30 - 2015-08-01 13:30 - 00000000 ____D C:\Program Files\Common Files\AV 2015-08-01 04:10 - 2015-08-01 13:28 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp 2015-08-01 04:10 - 2015-08-01 13:28 - 00005188 _____ C:\Windows\PFRO.log 2015-08-01 04:10 - 2015-08-01 13:28 - 00000728 _____ C:\Windows\setupact.log 2015-08-01 04:10 - 2015-08-01 04:10 - 00426384 _____ C:\Windows\system32\FNTCACHE.DAT 2015-08-01 04:10 - 2015-08-01 04:10 - 00000000 _____ C:\Windows\setuperr.log 2015-08-01 04:03 - 2015-08-01 04:03 - 00001120 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-08-01 03:55 - 2015-08-01 13:31 - 00000000 ____D C:\FRST 2015-08-01 03:39 - 2015-08-01 03:43 - 00000000 ____D C:\Program Files\CCleaner 2015-08-01 03:39 - 2015-08-01 03:39 - 00002796 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC 2015-08-01 03:32 - 2015-08-01 03:32 - 00001106 _____ C:\Users\Roland\Desktop\ZoneAlarm Security.lnk 2015-07-29 00:52 - 2014-11-28 17:29 - 00000318 _____ C:\Users\Roland\Desktop\Curse Client.appref-ms 2015-07-20 04:05 - 2015-07-26 15:37 - 00000016 _____ C:\Users\Roland\Desktop\roz11 5-30min .txt 2015-07-19 20:32 - 2015-07-19 20:32 - 00001626 _____ C:\Users\Roland\Desktop\Alls.lnk 2015-07-19 20:24 - 2015-07-19 20:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCsoft 2015-07-19 20:24 - 2009-04-06 09:08 - 00005174 _____ C:\Windows\SysWOW64\nppt9x.vxd 2015-07-19 20:24 - 2009-04-06 09:08 - 00004682 _____ (INCA Internet Co., Ltd.) C:\Windows\SysWOW64\npptNT2.sys 2015-07-19 20:22 - 2015-07-26 17:02 - 00000000 ____D C:\Program Files (x86)\NCsoft 2015-07-16 20:05 - 2015-07-16 20:07 - 00000000 ____D C:\Users\Roland\Desktop\pulp 2015-07-15 21:59 - 2015-07-15 21:59 - 00000481 _____ C:\Users\Roland\Desktop\Ekran.lnk 2015-07-13 14:07 - 2015-07-28 18:07 - 00000000 ____D C:\Users\Roland\AppData\Roaming\Awesomium 2015-07-12 23:11 - 2015-07-31 10:43 - 00000000 ____D C:\Program Files (x86)\4game 2015-07-12 23:11 - 2015-07-12 23:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4game 2015-07-12 14:13 - 2015-07-12 14:13 - 00001866 _____ C:\Users\Roland\Desktop\Tyrian 2000.lnk 2015-07-11 02:01 - 2015-07-11 02:01 - 00053443 _____ C:\Windows\SysWOW64\CCCInstall_201507110201495071.log 2015-07-11 02:01 - 2015-07-11 02:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center 2015-07-09 23:39 - 2015-07-09 23:39 - 00000501 _____ C:\Users\Roland\Desktop\Opcje zasilania.lnk 2015-07-06 19:57 - 2015-07-06 19:57 - 00001065 _____ C:\Users\Roland\Desktop\Diablo II.lnk ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-08-01 13:29 - 2014-11-28 00:28 - 00001044 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-08-01 13:28 - 2014-11-28 04:41 - 00034752 _____ C:\Windows\system32\Drivers\WPRO_41_2001.sys 2015-08-01 13:28 - 2014-11-27 21:32 - 01442328 _____ C:\Windows\WindowsUpdate.log 2015-08-01 13:28 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-08-01 13:28 - 2009-07-14 06:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-08-01 13:28 - 2009-07-14 06:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-08-01 10:18 - 2011-04-12 15:21 - 00743042 _____ C:\Windows\system32\perfh015.dat 2015-08-01 10:18 - 2011-04-12 15:21 - 00156524 _____ C:\Windows\system32\perfc015.dat 2015-08-01 10:18 - 2009-07-14 07:13 - 01676910 _____ C:\Windows\system32\PerfStringBackup.INI 2015-08-01 05:03 - 2015-03-12 00:14 - 00000000 ____D C:\Users\Roland\Documents\Rockstar Games 2015-08-01 05:03 - 2014-11-27 22:13 - 00000000 ____D C:\Users\Roland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2015-08-01 04:58 - 2014-11-28 00:28 - 00001048 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-08-01 04:49 - 2015-03-09 16:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicDisc 2015-08-01 04:16 - 2014-12-21 12:45 - 00000000 ____D C:\AdwCleaner 2015-08-01 04:11 - 2015-03-09 18:31 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-08-01 04:09 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\Performance 2015-08-01 04:04 - 2015-03-09 18:31 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-08-01 03:39 - 2014-11-28 03:28 - 00000000 ____D C:\Users\Roland\AppData\Roaming\MPC-HC 2015-08-01 03:39 - 2014-11-28 02:14 - 00000000 ____D C:\Users\Roland\AppData\Roaming\DAEMON Tools Lite 2015-08-01 03:34 - 2015-03-09 19:38 - 00000000 ____D C:\ProgramData\AVG 2015-08-01 03:03 - 2014-11-27 21:45 - 00000000 ____D C:\GRY 2015-07-31 16:36 - 2014-11-27 21:30 - 00000000 ____D C:\Users\Roland 2015-07-31 10:40 - 2014-11-27 23:24 - 00000000 ____D C:\Program Files (x86)\SpeedFan 2015-07-29 18:44 - 2014-11-28 00:28 - 00004054 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-07-29 18:44 - 2014-11-28 00:28 - 00003802 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-07-29 18:36 - 2014-11-28 00:26 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-07-29 18:36 - 2014-11-28 00:26 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-07-29 13:32 - 2015-01-01 22:47 - 00000000 ____D C:\Users\Roland\Documents\My Games 2015-07-29 13:32 - 2014-11-28 02:04 - 00000000 ____D C:\Users\Roland\Documents\Diablo III 2015-07-28 23:10 - 2014-11-28 01:51 - 00000000 ____D C:\Program Files (x86)\Battle.net 2015-07-28 03:12 - 2014-11-28 03:15 - 00000000 ____D C:\Users\Roland\AppData\Roaming\vlc 2015-07-28 02:55 - 2015-04-06 08:55 - 00007066 _____ C:\Windows\system32\--traceoff 2015-07-28 02:55 - 2015-04-06 08:55 - 00000000 ____D C:\Program Files\Sony 2015-07-26 18:24 - 2015-05-19 07:53 - 00000000 ____D C:\Users\Roland\Documents\The Witcher 3 2015-07-23 02:25 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF 2015-07-20 16:39 - 2015-04-20 12:20 - 00003704 _____ C:\Windows\System32\Tasks\Java Platform SE Auto Updater 2015-07-20 16:26 - 2015-04-27 23:34 - 00110688 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2015-07-20 16:26 - 2015-04-27 23:34 - 00000000 ____D C:\Program Files\Java 2015-07-20 16:26 - 2014-11-28 01:31 - 00000000 ____D C:\ProgramData\Oracle 2015-07-19 20:22 - 2014-11-27 21:47 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2015-07-15 18:55 - 2014-11-28 02:36 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2015-07-15 18:54 - 2014-12-29 14:27 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2015-07-14 12:03 - 2009-07-14 07:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2015-07-13 22:40 - 2014-11-28 03:57 - 00000000 ____D C:\ProgramData\Electronic Arts 2015-07-12 14:13 - 2014-12-05 21:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com 2015-07-12 14:13 - 2009-07-14 07:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2015-07-11 02:01 - 2015-05-30 09:50 - 00000000 ____D C:\Program Files\AMD 2015-07-02 22:05 - 2014-12-21 22:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kolekcja Klasyki ==================== Files in the root of some directories ======= 2014-11-28 03:09 - 2014-12-25 14:24 - 0000319 _____ () C:\Users\Roland\AppData\Roaming\burnaware.ini 2015-02-21 07:33 - 2015-02-21 07:33 - 0016384 _____ () C:\Users\Roland\AppData\Roaming\Gossamer.cue 2014-12-25 14:24 - 2014-12-25 14:24 - 0000031 _____ () C:\Users\Roland\AppData\Local\burnaware.ini 2015-05-25 17:36 - 2015-06-08 02:19 - 0003584 _____ () C:\Users\Roland\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-07-23 11:14 ==================== End of log ============================