Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-04-2014 Ran by Maciek (administrator) on MACIEK-ASUS on 15-04-2014 13:52:31 Running from C:\Users\Maciek\Downloads\aa\laptop\frst Windows 7 Professional Service Pack 1 (X64) OS Language: Polish Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Nero AG) C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Prolific Technology Inc.) C:\Windows\SysWOW64\IoctlSvc.exe () C:\Windows\SysWOW64\PnkBstrA.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Nero AG) C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe (Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [165872 2013-04-09] (Intel Corporation) HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe [407536 2013-04-09] (Intel Corporation) HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe [441840 2013-04-09] (Intel Corporation) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1179576 2014-02-05] (NVIDIA Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-02-22] (Intel Corporation) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [NBKeyScan] => C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2221352 2008-06-08] (Nero AG) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-25] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [180304 2014-04-01] (Avira Operations GmbH & Co. KG) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-19\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-21] (Microsoft Corporation) HKU\S-1-5-20\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-21] (Microsoft Corporation) HKU\S-1-5-21-4290132301-2688213890-8098309-1000\...\Run: [GG] => C:\Users\Maciek\AppData\Local\GG\Application\gghub.exe [4047424 2013-12-10] (GG Network S.A.) HKU\S-1-5-21-4290132301-2688213890-8098309-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd) HKU\S-1-5-21-4290132301-2688213890-8098309-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1821888 2014-02-25] (Valve Corporation) HKU\S-1-5-21-4290132301-2688213890-8098309-1000\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe [1840424 2008-06-24] (Nero AG) AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [174296 2014-02-08] (NVIDIA Corporation) AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [148528 2014-02-08] (NVIDIA Corporation) AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [148528 2014-02-08] (NVIDIA Corporation) AppInit_DLLs-x32: ,C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [148528 2014-02-08] (NVIDIA Corporation) ==================== Internet (Whitelisted) ==================== BHO: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.) Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox: ======== FF ProfilePath: C:\Users\Maciek\AppData\Roaming\Mozilla\Firefox\Profiles\4w779nij.default FF SelectedSearchEngine: Google FF Homepage: about:home FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll (Adobe Systems, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Maciek\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) ==================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG) S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1017424 2014-02-25] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [122448 2014-04-01] (Avira Operations GmbH & Co. KG) R2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [877864 2008-06-08] (Nero AG) R3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [537896 2008-06-24] (Nero AG) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation) R2 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2013-07-04] () ==================== Drivers (Whitelisted) ==================== R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2014-03-15] () R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-02-25] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-02-25] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-04-09] (DT Soft Ltd) R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2014-03-15] () R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-14 13:54 - 2014-04-14 13:54 - 1881729024 _____ () C:\Users\Maciek\Downloads\Insurgency 2.iso 2014-04-14 13:53 - 2014-04-14 13:53 - 00018418 _____ () C:\Users\Maciek\Downloads\[www.tnt24.info] Insurgency 2 (2013) [ENG-RUS] RePack SuperMario.torrent 2014-04-12 16:11 - 2014-04-12 16:11 - 00000000 ____D () C:\ProgramData\Lightmare Studio 2014-04-12 15:21 - 2014-04-12 15:21 - 00019355 _____ () C:\Users\Maciek\Downloads\[www.tnt24.info] Beware Planet Earth (2012).torrent 2014-04-09 11:26 - 2014-03-31 03:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-04-09 11:26 - 2014-03-31 03:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-04-09 11:26 - 2014-03-31 02:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-04-09 11:26 - 2014-03-31 01:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-04-09 11:24 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2014-04-09 11:24 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2014-04-09 11:24 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2014-04-09 11:24 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2014-04-09 11:24 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2014-04-09 11:24 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2014-04-09 11:24 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2014-04-09 11:24 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2014-04-09 11:24 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2014-04-09 11:24 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2014-04-09 11:24 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2014-04-09 11:24 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys 2014-04-09 11:24 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys 2014-04-09 11:24 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys 2014-04-09 11:24 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll 2014-04-09 11:24 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll 2014-04-09 11:24 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys 2014-04-06 21:11 - 2014-04-06 21:11 - 00000000 ____D () C:\Users\Maciek\AppData\Local\ModManager 2014-04-06 19:54 - 2014-04-07 22:27 - 00000000 ____D () C:\Users\Maciek\Downloads\Deadwood sezon 3 [Lucky] 2014-04-06 19:54 - 2014-04-06 19:54 - 00018157 _____ () C:\Users\Maciek\Downloads\[www.tnt24.info] Deadwood - Sezon 3 _2006_ [DVDRip.XviD-RedCoders] [Lektor PL].torrent 2014-04-04 12:55 - 2014-04-04 12:55 - 00000832 _____ () C:\Users\Public\Desktop\Total War ROME II.lnk 2014-04-04 12:01 - 2014-04-14 13:55 - 00000000 ____D () C:\Program Files (x86)\Total War ROME II 2014-04-03 17:43 - 2014-04-03 17:43 - 00001985 _____ () C:\Users\Public\Desktop\Age of Wonders III.lnk 2014-04-03 17:39 - 2014-04-03 17:43 - 00000000 ____D () C:\Program Files (x86)\Age of Wonders III 2014-04-03 16:54 - 2014-04-03 17:06 - 00000000 ____D () C:\Users\Maciek\Downloads\Age of Wonders III [RePack] 2014-03-29 20:34 - 2014-03-29 20:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-29 19:41 - 2014-03-29 19:41 - 00000000 ____D () C:\Users\Maciek\Documents\Tribute Games 2014-03-28 11:28 - 2014-03-28 18:23 - 00000000 ____D () C:\Users\Maciek\Downloads\Total.War.ROME.II.Hannibal.at.the.Gates-RELOADED 2014-03-26 21:12 - 2014-03-26 21:14 - 00000000 ____D () C:\Users\Maciek\Documents\Dolphin Emulator 2014-03-23 23:03 - 2014-03-23 23:11 - 00000000 ____D () C:\Users\Maciek\Downloads\The Croods 2013 PLDUB 720p BRRip AC3 XviD CiNEMAET-SAVED [TnT24.Info] 2014-03-22 20:24 - 2014-03-22 20:24 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2014-03-22 14:54 - 2014-03-22 14:54 - 00000000 ____D () C:\Users\Maciek\AppData\Roaming\Avira 2014-03-22 14:22 - 2014-02-25 12:41 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2014-03-22 14:22 - 2014-02-25 12:41 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2014-03-22 14:22 - 2014-02-25 12:41 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2014-03-22 13:52 - 2014-04-15 10:04 - 00001133 _____ () C:\Users\Public\Desktop\Avira.lnk 2014-03-22 13:52 - 2014-04-15 10:04 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-03-22 13:52 - 2014-03-22 14:22 - 00000000 ____D () C:\ProgramData\Avira 2014-03-22 13:51 - 2014-03-22 13:51 - 00000000 ____D () C:\Users\Maciek\Desktop\logi 2014-03-22 13:50 - 2014-03-22 13:51 - 04050888 _____ (Avira Operations GmbH & Co. KG) C:\Users\Maciek\Downloads\avira_en_av___ws.exe 2014-03-22 12:36 - 2014-04-15 13:52 - 00000000 ____D () C:\FRST 2014-03-21 22:54 - 2014-03-21 22:54 - 00000000 ____D () C:\ProgramData\3DMGAME 2014-03-19 12:19 - 2014-03-19 12:19 - 00000000 ____D () C:\Users\Maciek\AppData\Roaming\.mono 2014-03-19 12:19 - 2014-03-19 12:19 - 00000000 ____D () C:\ProgramData\.mono 2014-03-19 11:23 - 2014-03-19 11:24 - 00000219 _____ () C:\Users\Maciek\Desktop\Dota 2.url 2014-03-18 21:24 - 2014-03-18 21:24 - 00000000 ____D () C:\Program Files (x86)\Paradox Interactive 2014-03-18 20:53 - 2014-03-18 20:53 - 00000000 ____D () C:\ProgramData\Firefly Studios 2014-03-18 20:52 - 2014-03-18 20:57 - 00000000 ____D () C:\Users\Maciek\Documents\Stronghold 2 2014-03-16 11:09 - 2014-04-01 19:55 - 00000000 ____D () C:\Users\Maciek\Documents\Gothic3 ==================== One Month Modified Files and Folders ======= 2014-04-15 13:52 - 2014-03-22 12:36 - 00000000 ____D () C:\FRST 2014-04-15 13:31 - 2009-07-14 06:45 - 00024704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-15 13:31 - 2009-07-14 06:45 - 00024704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-15 13:30 - 2011-04-12 15:21 - 00750342 _____ () C:\Windows\system32\perfh015.dat 2014-04-15 13:30 - 2011-04-12 15:21 - 00161762 _____ () C:\Windows\system32\perfc015.dat 2014-04-15 13:30 - 2009-07-14 07:13 - 01699448 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-15 13:24 - 2013-04-09 22:24 - 00000000 ____D () C:\Users\Maciek\AppData\Roaming\GG 2014-04-15 13:23 - 2013-08-13 12:38 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-04-15 13:22 - 2013-04-09 23:23 - 01345883 _____ () C:\Windows\WindowsUpdate.log 2014-04-15 13:22 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-15 13:22 - 2009-07-14 06:51 - 00099341 _____ () C:\Windows\setupact.log 2014-04-15 12:54 - 2013-04-09 18:51 - 00000930 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-04-15 10:04 - 2014-03-22 13:52 - 00001133 _____ () C:\Users\Public\Desktop\Avira.lnk 2014-04-15 10:04 - 2014-03-22 13:52 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-04-15 10:04 - 2014-03-13 15:14 - 00000000 ____D () C:\ProgramData\Package Cache 2014-04-15 00:20 - 2014-02-19 14:00 - 00000000 ____D () C:\Users\Maciek\AppData\Roaming\uTorrent 2014-04-14 13:55 - 2014-04-04 12:01 - 00000000 ____D () C:\Program Files (x86)\Total War ROME II 2014-04-14 13:54 - 2014-04-14 13:54 - 1881729024 _____ () C:\Users\Maciek\Downloads\Insurgency 2.iso 2014-04-14 13:53 - 2014-04-14 13:53 - 00018418 _____ () C:\Users\Maciek\Downloads\[www.tnt24.info] Insurgency 2 (2013) [ENG-RUS] RePack SuperMario.torrent 2014-04-12 16:11 - 2014-04-12 16:11 - 00000000 ____D () C:\ProgramData\Lightmare Studio 2014-04-12 15:21 - 2014-04-12 15:21 - 00019355 _____ () C:\Users\Maciek\Downloads\[www.tnt24.info] Beware Planet Earth (2012).torrent 2014-04-11 21:21 - 2013-04-09 22:44 - 00000000 ____D () C:\Users\Maciek\AppData\Roaming\vlc 2014-04-10 16:56 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-04-09 23:43 - 2013-05-21 23:18 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-04-09 23:42 - 2013-08-23 10:12 - 00000000 ____D () C:\Windows\system32\MRT 2014-04-09 23:41 - 2013-08-23 10:12 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-04-08 15:34 - 2013-05-25 11:04 - 00000000 ____D () C:\Users\Maciek\Downloads\S.o.D 2014-04-07 22:27 - 2014-04-06 19:54 - 00000000 ____D () C:\Users\Maciek\Downloads\Deadwood sezon 3 [Lucky] 2014-04-07 09:48 - 2013-12-18 20:01 - 00000000 ____D () C:\Users\Maciek\Downloads\aa 2014-04-06 21:11 - 2014-04-06 21:11 - 00000000 ____D () C:\Users\Maciek\AppData\Local\ModManager 2014-04-06 19:54 - 2014-04-06 19:54 - 00018157 _____ () C:\Users\Maciek\Downloads\[www.tnt24.info] Deadwood - Sezon 3 _2006_ [DVDRip.XviD-RedCoders] [Lektor PL].torrent 2014-04-04 12:57 - 2013-04-10 00:04 - 00506643 _____ () C:\Windows\DirectX.log 2014-04-04 12:55 - 2014-04-04 12:55 - 00000832 _____ () C:\Users\Public\Desktop\Total War ROME II.lnk 2014-04-03 18:17 - 2013-04-22 10:39 - 00000000 ____D () C:\Windows\system32\appmgmt 2014-04-03 17:48 - 2013-06-01 12:54 - 00000000 ____D () C:\Users\Maciek\Documents\My Games 2014-04-03 17:43 - 2014-04-03 17:43 - 00001985 _____ () C:\Users\Public\Desktop\Age of Wonders III.lnk 2014-04-03 17:43 - 2014-04-03 17:39 - 00000000 ____D () C:\Program Files (x86)\Age of Wonders III 2014-04-03 17:06 - 2014-04-03 16:54 - 00000000 ____D () C:\Users\Maciek\Downloads\Age of Wonders III [RePack] 2014-04-01 19:55 - 2014-03-16 11:09 - 00000000 ____D () C:\Users\Maciek\Documents\Gothic3 2014-03-31 09:21 - 2013-04-10 00:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-03-31 03:16 - 2014-04-09 11:26 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-03-31 03:13 - 2014-04-09 11:26 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-03-31 02:13 - 2014-04-09 11:26 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-03-31 01:57 - 2014-04-09 11:26 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-03-29 20:34 - 2014-03-29 20:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-29 20:07 - 2014-03-09 14:16 - 00001593 _____ () C:\Windows\KB893803v2.log 2014-03-29 19:41 - 2014-03-29 19:41 - 00000000 ____D () C:\Users\Maciek\Documents\Tribute Games 2014-03-29 19:41 - 2013-04-10 00:37 - 00000000 ____D () C:\Users\Maciek\AppData\Local\SKIDROW 2014-03-29 19:39 - 2014-01-12 22:47 - 00000090 _____ () C:\Users\Maciek\AppData\Roaming\default.pls 2014-03-29 19:34 - 2013-06-25 19:38 - 00000000 ____D () C:\Users\Maciek\AppData\Roaming\Milestone 2014-03-28 18:23 - 2014-03-28 11:28 - 00000000 ____D () C:\Users\Maciek\Downloads\Total.War.ROME.II.Hannibal.at.the.Gates-RELOADED 2014-03-26 21:14 - 2014-03-26 21:12 - 00000000 ____D () C:\Users\Maciek\Documents\Dolphin Emulator 2014-03-23 23:11 - 2014-03-23 23:03 - 00000000 ____D () C:\Users\Maciek\Downloads\The Croods 2013 PLDUB 720p BRRip AC3 XviD CiNEMAET-SAVED [TnT24.Info] 2014-03-23 12:10 - 2013-10-02 20:32 - 00000000 ____D () C:\Users\Maciek\Desktop\Dokumenty 2014-03-23 10:07 - 2010-11-21 05:47 - 00123138 _____ () C:\Windows\PFRO.log 2014-03-22 20:24 - 2014-03-22 20:24 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2014-03-22 14:54 - 2014-03-22 14:54 - 00000000 ____D () C:\Users\Maciek\AppData\Roaming\Avira 2014-03-22 14:22 - 2014-03-22 13:52 - 00000000 ____D () C:\ProgramData\Avira 2014-03-22 13:51 - 2014-03-22 13:51 - 00000000 ____D () C:\Users\Maciek\Desktop\logi 2014-03-22 13:51 - 2014-03-22 13:50 - 04050888 _____ (Avira Operations GmbH & Co. KG) C:\Users\Maciek\Downloads\avira_en_av___ws.exe 2014-03-21 22:54 - 2014-03-21 22:54 - 00000000 ____D () C:\ProgramData\3DMGAME 2014-03-21 11:01 - 2014-02-28 16:42 - 00000000 ____D () C:\Users\Maciek\Downloads\Game Of Bones_ Winter Is Cumming (Zero Tolerance) NEW 2013 (Split Scenes) 2014-03-19 18:17 - 2013-10-08 16:42 - 00000000 ____D () C:\Users\Maciek\Desktop\pentagram 2014-03-19 12:19 - 2014-03-19 12:19 - 00000000 ____D () C:\Users\Maciek\AppData\Roaming\.mono 2014-03-19 12:19 - 2014-03-19 12:19 - 00000000 ____D () C:\ProgramData\.mono 2014-03-19 11:24 - 2014-03-19 11:23 - 00000219 _____ () C:\Users\Maciek\Desktop\Dota 2.url 2014-03-18 21:24 - 2014-03-18 21:24 - 00000000 ____D () C:\Program Files (x86)\Paradox Interactive 2014-03-18 20:57 - 2014-03-18 20:52 - 00000000 ____D () C:\Users\Maciek\Documents\Stronghold 2 2014-03-18 20:53 - 2014-03-18 20:53 - 00000000 ____D () C:\ProgramData\Firefly Studios 2014-03-18 20:46 - 2013-04-09 23:52 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-03-18 20:44 - 2014-03-09 14:34 - 00000000 ____D () C:\Users\Maciek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2014-03-18 16:59 - 2013-04-09 18:58 - 00000000 ____D () C:\Users\Maciek\AppData\Roaming\Macromedia 2014-03-18 16:43 - 2013-08-04 17:41 - 00000000 ____D () C:\Users\Maciek\Desktop\NUMERY DLA DARKA Some content of TEMP: ==================== C:\Users\Maciek\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-09 11:17 ==================== End Of Log ============================