Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-09-2013 Ran by T9 (administrator) on T9K on 08-09-2013 20:59:15 Running from D:\Users\T9\Desktop\logs Windows 7 Professional Service Pack 1 (X64) OS Language: Polish Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Ericsson AB) C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe (Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe () C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe (Ericsson AB) C:\Program Files (x86)\Dell\Dell Mobile Broadband Manager\WirelessManager.exe (Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe (Dropbox, Inc.) D:\Users\T9\AppData\Roaming\Dropbox\bin\Dropbox.exe (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe (Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Mozilla Corporation) D:\PProgram Files\FirefoxPortable\App\Firefox 4 rc\firefox.exe (Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.beta.2110\Agent.exe (Blizzard Entertainment) D:\Games\Battle.net\Battle.net.3618\Battle.net.exe (AIMP DevTeam) D:\PProgram Files\Aimp3\AIMP3.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [611192 2011-07-20] (Alps Electric Co., Ltd.) HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.) HKLM\...\Run: [FreeFallProtection] - C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2011-07-25] () Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) HKLM\...\Policies\Explorer: [NoActiveDesktop] 1 HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1 HKLM\...\Policies\Explorer: [NoCDBurning] 1 HKCU\...\Run: [WirelessManager] - C:\Program Files (x86)\Dell\Dell Mobile Broadband Manager\WirelessManager.exe [20480 2011-09-19] (Ericsson AB) HKCU\...\Policies\Explorer: [NoCDBurning] 1 HKCU\...\Policies\Explorer: [HideSCAPower] 0 HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation) HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [112408 2011-08-08] (Intel Corporation) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) AppInit_DLLs: C:\Windows\system32\nvinitx.dll [97280 2009-07-14] () AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [ ] () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell System Manager.lnk ShortcutTarget: Dell System Manager.lnk -> C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe (Dell Inc.) Startup: d:\Users\T9\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> D:\Users\T9\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell.com/systemprofiler/SysProExe.CAB Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 217.172.224.170 217.172.224.160 Tcpip\..\Interfaces\{89FAB3F0-076A-445C-B69D-00F679949C0C}: [NameServer]8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{A9E7C3C5-2795-4385-A6FC-DBE095CC7B70}: [NameServer]217.116.104.104 217.116.100.100 FireFox: ======== FF ProfilePath: d:\Users\T9\AppData\Roaming\Mozilla\Firefox\Path=D:\PProgram Files\FirefoxPortable\T-9_Profil FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll () FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF StartMenuInternet: FIREFOX.EXE - D:\PProgram Files\FirefoxPortable\App\Firefox 4 rc\firefox.exe ==================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software) S4 O2SDIOAssist; C:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] () S4 PuranDefrag; C:\Windows\system32\PuranDefragS.exe [289792 2011-12-26] (Puran Software) R2 WMCoreService; C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe [652328 2011-09-13] (Ericsson AB) ==================== Drivers (Whitelisted) ==================== R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software) R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] () R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-28] (AVAST Software) R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-28] (AVAST Software) R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-28] () R3 d554gps; C:\Windows\System32\DRIVERS\d554gps64.sys [102440 2011-09-06] (Ericsson AB) R3 d554scard; C:\Windows\System32\DRIVERS\d554scard.sys [61992 2011-08-17] (Ericsson AB) R3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2011-09-05] (Ericsson AB) R3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [29736 2011-09-05] (Ericsson AB) S1 fanio; C:\Windows\system32\drivers\fanio.sys [22528 2007-02-16] (Christian Diefer) R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [31136 2013-06-17] (REALiX(tm)) R3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [419400 2011-08-22] (MCCI Corporation) R3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [430664 2011-08-22] (MCCI Corporation) R3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [19528 2011-08-22] (MCCI Corporation) R3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [483400 2011-08-22] (MCCI Corporation) S3 SliceDisk5; C:\Program Files\A-FF Find and Mount\slicedisk-x64.sys [31824 2011-02-25] (Atola) S3 SliceDisk5; C:\Program Files\A-FF Find and Mount\slicedisk-x64.sys [31824 2011-02-25] (Atola) R3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [279080 2011-09-07] (Ericsson AB) S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [x] S3 GPU-Z; \??\C:\Users\T9\AppData\Local\Temp\GPU-Z.sys [x] S4 nvkflt; system32\DRIVERS\nvkflt.sys [x] S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [x] S4 nvpciflt; \SystemRoot\system32\DRIVERS\nvpciflt.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-09-05 19:38 - 2013-09-05 19:53 - 00000000 ____D d:\Users\T9\Desktop\levis 2013-09-04 14:53 - 2013-09-08 19:39 - 00000616 _____ C:\Windows\setupact.log 2013-09-04 14:53 - 2013-09-04 14:53 - 00000000 _____ C:\Windows\setuperr.log 2013-09-02 21:06 - 2013-09-02 21:07 - 00000000 ____D d:\Users\T9\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BZ2 - Forgotten Enemies 2013-08-27 10:35 - 2013-08-27 10:35 - 00000000 ____D C:\Program Files (x86)\I8kfanGUI 2013-08-27 10:35 - 2007-02-16 15:42 - 00022528 _____ (Christian Diefer) C:\Windows\system32\Drivers\fanio.sys 2013-08-26 23:14 - 2013-08-26 23:15 - 00000000 ____D d:\Users\T9\Desktop\dysk hdd 2013-08-26 14:42 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2013-08-26 14:42 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2013-08-26 14:42 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2013-08-26 14:41 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2013-08-26 14:41 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2013-08-26 14:41 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2013-08-26 14:41 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2013-08-26 14:41 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2013-08-26 14:41 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2013-08-26 14:41 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2013-08-26 14:41 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2013-08-26 14:26 - 2013-08-26 14:36 - 00000000 ____D d:\Users\T9\Desktop\m6600 battery allegro 2013-08-26 14:06 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-08-26 14:06 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-08-26 14:06 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-08-26 14:06 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-08-26 14:06 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-08-26 14:06 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-08-26 14:06 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-08-26 14:06 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-08-26 14:06 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-08-26 14:06 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-08-26 14:06 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-08-26 14:06 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-08-26 14:06 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-08-26 14:06 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-08-26 14:06 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-08-26 14:06 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-08-26 14:06 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-08-26 14:06 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-08-26 14:06 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-08-26 14:06 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-08-26 14:06 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-08-26 14:06 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-08-26 14:06 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-08-26 14:06 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-08-26 14:06 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-08-26 14:06 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-08-26 14:06 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-08-26 14:06 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-08-26 14:06 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-08-26 14:06 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-08-26 14:06 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-08-26 14:03 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2013-08-26 14:03 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2013-08-26 14:03 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2013-08-26 14:03 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2013-08-26 14:03 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2013-08-26 14:03 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2013-08-26 14:03 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2013-08-26 14:03 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2013-08-26 14:03 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2013-08-26 14:03 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2013-08-26 14:03 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2013-08-26 14:03 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-08-26 14:03 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2013-08-26 14:03 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-08-26 14:03 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2013-08-26 14:03 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2013-08-26 13:53 - 2013-08-26 13:54 - 00000000 ____D d:\Users\T9\Desktop\sufit led 2013-08-25 17:47 - 2013-09-08 20:57 - 00000000 ____D C:\Users\T9\AppData\Local\Battle.net 2013-08-25 17:47 - 2013-08-25 17:49 - 00000000 ____D d:\Users\T9\AppData\Roaming\Battle.net 2013-08-25 17:47 - 2013-08-25 17:47 - 00000751 _____ C:\Users\Public\Desktop\Battle.net.lnk 2013-08-25 17:47 - 2013-08-25 17:47 - 00000000 ____D C:\Users\T9\AppData\Local\Blizzard Entertainment 2013-08-22 22:27 - 2013-08-22 22:27 - 00003572 _____ d:\Users\T9\Documents\Install Dragon Age 2.log 2013-08-15 19:58 - 2013-08-15 19:58 - 00000000 ____D C:\ProgramData\EA Core 2013-08-15 18:26 - 2013-08-15 18:26 - 00000000 ____D d:\Users\T9\Desktop\battlefield3_ost_mp3_1376097014 2013-08-15 00:31 - 2013-08-15 00:31 - 00000000 ____D C:\Program Files (x86)\Origin Games 2013-08-15 00:25 - 2013-08-15 00:36 - 00000000 ____D d:\Users\T9\AppData\Roaming\Origin 2013-08-15 00:25 - 2013-08-15 00:31 - 00000000 ____D C:\Users\T9\AppData\Local\Origin 2013-08-15 00:24 - 2013-09-05 22:33 - 00000000 ____D C:\Program Files (x86)\Origin 2013-08-15 00:24 - 2013-08-15 14:45 - 00000000 ____D C:\ProgramData\Origin 2013-08-15 00:24 - 2013-08-15 00:24 - 00000983 _____ C:\Users\Public\Desktop\Origin.lnk 2013-08-15 00:24 - 2013-08-15 00:24 - 00000000 ____D C:\ProgramData\Electronic Arts 2013-08-12 22:03 - 2013-08-12 22:03 - 00000000 ____D d:\Users\T9\AppData\Roaming\atitray 2013-08-12 22:02 - 2013-08-12 22:02 - 00000000 ____D d:\Users\T9\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ATI Tray Tools 2013-08-12 22:02 - 2013-08-12 22:02 - 00000000 ____D C:\Program Files (x86)\Ray Adams ==================== One Month Modified Files and Folders ======= 2013-09-08 20:57 - 2013-08-25 17:47 - 00000000 ____D C:\Users\T9\AppData\Local\Battle.net 2013-09-08 20:25 - 2012-10-30 12:56 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-09-08 19:46 - 2009-07-14 06:45 - 00021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-09-08 19:46 - 2009-07-14 06:45 - 00021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-09-08 19:44 - 2012-02-26 01:12 - 06936362 _____ C:\Windows\system32\perfh015.dat 2013-09-08 19:44 - 2012-02-26 01:12 - 02329792 _____ C:\Windows\system32\perfc015.dat 2013-09-08 19:44 - 2009-07-14 07:13 - 00006462 _____ C:\Windows\system32\PerfStringBackup.INI 2013-09-08 19:42 - 2013-04-15 18:31 - 01961975 _____ C:\Windows\WindowsUpdate.log 2013-09-08 19:41 - 2012-03-02 18:44 - 00000000 ____D C:\Users\T9\AppData\Local\Deployment 2013-09-08 19:40 - 2012-12-22 00:07 - 00000000 ____D d:\Users\T9\AppData\Roaming\Dropbox 2013-09-08 19:39 - 2013-09-04 14:53 - 00000616 _____ C:\Windows\setupact.log 2013-09-08 19:39 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-09-08 09:22 - 2012-12-22 00:07 - 00000000 ____D d:\Users\T9\AppData\Roaming\WirelessManager 2013-09-08 09:21 - 2012-12-22 00:07 - 00000000 ____D d:\Users\T9\AppData\Roaming\vlc 2013-09-07 19:24 - 2012-12-22 00:07 - 00000000 ____D d:\Users\T9\AppData\Roaming\WMCore 2013-09-07 19:17 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF 2013-09-07 18:30 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Public\Libraries 2013-09-06 16:26 - 2012-12-22 00:08 - 00000000 ____D d:\Users\T9\Documents\Bandicam 2013-09-06 16:03 - 2012-02-25 18:00 - 00108272 _____ C:\Users\T9\AppData\Local\GDIPFONTCACHEV1.DAT 2013-09-06 15:57 - 2009-07-14 06:45 - 00400584 _____ C:\Windows\system32\FNTCACHE.DAT 2013-09-05 22:33 - 2013-08-15 00:24 - 00000000 ____D C:\Program Files (x86)\Origin 2013-09-05 22:33 - 2012-12-22 00:07 - 00000000 ____D d:\Users\T9\AppData\Roaming\Skype 2013-09-05 19:53 - 2013-09-05 19:38 - 00000000 ____D d:\Users\T9\Desktop\levis 2013-09-05 19:49 - 2012-12-22 00:07 - 00000000 ____D d:\Users\T9\AppData\Roaming\Adobe 2013-09-05 19:49 - 2012-03-05 19:04 - 00000000 ____D C:\ProgramData\Adobe 2013-09-04 14:53 - 2013-09-04 14:53 - 00000000 _____ C:\Windows\setuperr.log 2013-09-02 21:07 - 2013-09-02 21:06 - 00000000 ____D d:\Users\T9\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BZ2 - Forgotten Enemies 2013-09-02 21:04 - 2012-12-22 00:07 - 00000000 ____D d:\Users\T9\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2013-08-30 17:28 - 2012-02-25 16:22 - 00000000 ____D C:\Users\T9 2013-08-27 14:20 - 2012-12-22 00:07 - 00000000 ____D d:\Users\T9\AppData\Roaming\XnView 2013-08-27 10:35 - 2013-08-27 10:35 - 00000000 ____D C:\Program Files (x86)\I8kfanGUI 2013-08-26 23:15 - 2013-08-26 23:14 - 00000000 ____D d:\Users\T9\Desktop\dysk hdd 2013-08-26 19:03 - 2012-02-26 01:13 - 00000000 ____D C:\Windows\Panther 2013-08-26 14:42 - 2012-11-05 00:33 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2013-08-26 14:42 - 2012-02-25 20:00 - 00000000 _____ C:\Windows\SysWOW64\config.nt 2013-08-26 14:36 - 2013-08-26 14:26 - 00000000 ____D d:\Users\T9\Desktop\m6600 battery allegro 2013-08-26 14:35 - 2012-12-22 00:07 - 00000000 ____D d:\Users\T9\AppData\Roaming\BatteryCare 2013-08-26 14:35 - 2012-03-06 14:27 - 00000000 ____D C:\Program Files (x86)\BatteryCare 2013-08-26 14:04 - 2013-07-24 22:58 - 00000000 ____D C:\Windows\system32\MRT 2013-08-26 14:03 - 2012-02-25 21:09 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-08-26 13:54 - 2013-08-26 13:53 - 00000000 ____D d:\Users\T9\Desktop\sufit led 2013-08-25 17:49 - 2013-08-25 17:47 - 00000000 ____D d:\Users\T9\AppData\Roaming\Battle.net 2013-08-25 17:47 - 2013-08-25 17:47 - 00000751 _____ C:\Users\Public\Desktop\Battle.net.lnk 2013-08-25 17:47 - 2013-08-25 17:47 - 00000000 ____D C:\Users\T9\AppData\Local\Blizzard Entertainment 2013-08-24 21:17 - 2009-07-14 07:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-08-22 22:27 - 2013-08-22 22:27 - 00003572 _____ d:\Users\T9\Documents\Install Dragon Age 2.log 2013-08-21 15:27 - 2012-10-30 12:56 - 00003868 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-08-21 15:27 - 2012-04-02 18:03 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-08-21 15:27 - 2012-02-25 22:07 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-08-15 19:58 - 2013-08-15 19:58 - 00000000 ____D C:\ProgramData\EA Core 2013-08-15 18:26 - 2013-08-15 18:26 - 00000000 ____D d:\Users\T9\Desktop\battlefield3_ost_mp3_1376097014 2013-08-15 14:45 - 2013-08-15 00:24 - 00000000 ____D C:\ProgramData\Origin 2013-08-15 00:36 - 2013-08-15 00:25 - 00000000 ____D d:\Users\T9\AppData\Roaming\Origin 2013-08-15 00:31 - 2013-08-15 00:31 - 00000000 ____D C:\Program Files (x86)\Origin Games 2013-08-15 00:31 - 2013-08-15 00:25 - 00000000 ____D C:\Users\T9\AppData\Local\Origin 2013-08-15 00:24 - 2013-08-15 00:24 - 00000983 _____ C:\Users\Public\Desktop\Origin.lnk 2013-08-15 00:24 - 2013-08-15 00:24 - 00000000 ____D C:\ProgramData\Electronic Arts 2013-08-12 22:03 - 2013-08-12 22:03 - 00000000 ____D d:\Users\T9\AppData\Roaming\atitray 2013-08-12 22:02 - 2013-08-12 22:02 - 00000000 ____D d:\Users\T9\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ATI Tray Tools 2013-08-12 22:02 - 2013-08-12 22:02 - 00000000 ____D C:\Program Files (x86)\Ray Adams Files to move or delete: ==================== C:\Users\T9\StrongRecovery.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit nointegritychecks: ==> Integrity Checks is disabled <===== ATTENTION! LastRegBack: 2013-09-01 16:44 ==================== End Of Log ============================