Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015 Ran by olila (administrator) on OLILA-KOMPUTER on 10-04-2015 20:54:13 Running from J:\FIXPC Loaded Profiles: olila (Available profiles: olila) Platform: Windows 7 Ultimate (X64) OS Language: Polski (Polska) Internet Explorer Version 8 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe () C:\Program Files (x86)\SecurStar\DriveCrypt 5\DCRServ.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\ToolbarUpdater.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\loggingserver.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe (Microsoft Corporation) C:\Windows\System32\cmd.exe (Microsoft Corporation) C:\Windows\System32\PING.EXE (BitTorrent Inc.) C:\Users\olila\AppData\Roaming\uTorrent\uTorrent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe () C:\Program Files (x86)\AVG Web TuneUp\vprot.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3723728 2015-03-25] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2662424 2014-10-07] () HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\S-1-5-21-3236243999-3144956723-4226996683-1000\...\Run: [uTorrent] => C:\Users\olila\AppData\Roaming\uTorrent\uTorrent.exe [1442384 2015-03-26] (BitTorrent Inc.) HKU\S-1-5-21-3236243999-3144956723-4226996683-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd) HKU\S-1-5-21-3236243999-3144956723-4226996683-1000\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-3236243999-3144956723-4226996683-1000\...\Policies\Explorer: [NoLogOff] 0 Startup: C:\Users\olila\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.vbs () BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-3236243999-3144956723-4226996683-1000\Software\Microsoft\Internet Explorer\Main,Start Page =,0.html?p=166 BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\3.2.0\ViProtocol.dll [2014-09-08] (AVG Secure Search) Tcpip\Parameters: [DhcpNameServer] FireFox: ======== FF ProfilePath: C:\Users\olila\AppData\Roaming\Mozilla\Firefox\Profiles\a96bqy1f.default-1426709548372 FF Plugin: -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] () FF Plugin:,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin:,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN) FF Plugin-x32: -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] () FF Plugin-x32: SiteSafety plugin,version=,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\3.2.0\\npsitesafety.dll No File FF Plugin-x32:,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation) FF Plugin-x32:,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32:,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2014-10-07] FF Extension: Adblock Plus - C:\Users\olila\AppData\Roaming\Mozilla\Firefox\Profiles\a96bqy1f.default-1426709548372\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-03-28] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3416016 2015-03-25] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [309232 2015-03-25] (AVG Technologies CZ, s.r.o.) R2 DriveCryptService; C:\Program Files (x86)\SecurStar\DriveCrypt 5\DCRServ.exe [96680 2014-09-06] () S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [520416 2014-01-28] (Futuremark) S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2015-03-11] () [File not signed] R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2014-04-28] (Hewlett-Packard) [File not signed] R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2014-04-28] (Hewlett-Packard) [File not signed] R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] R2 vToolbarUpdater3.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\ToolbarUpdater.exe [1843736 2014-09-08] (AVG Secure Search) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation) S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [281056 2015-03-25] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [341472 2015-02-03] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [133088 2015-02-05] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [284128 2015-02-25] (AVG Technologies CZ, s.r.o.) R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-09-08] (AVG Technologies) S3 CT_QUALCOMM_U_drv; C:\Windows\System32\DRIVERS\CT_QUALCOMM_U_drv.sys [118016 2009-04-27] (QUALCOMM Incorporated) [File not signed] R0 DCR; C:\Windows\System32\Drivers\DCR.sys [333832 2014-09-06] () R0 DCVP; C:\Windows\System32\Drivers\DCVP.sys [25288 2014-09-06] () R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-09-08] (Disc Soft Ltd) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] () S3 PortTalk; C:\Windows\SysWOW64\Drivers\PortTalk.sys [3567 2002-01-12] (Beyond Logic [File not signed] S3 cpuz136; \??\C:\Users\olila\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X] S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X] S3 IT9135BDA; System32\Drivers\IT9135BDA.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-10 20:54 - 2015-04-10 20:54 - 00000000 ____D () C:\FRST 2015-04-10 20:49 - 2015-04-10 20:49 - 00000000 ____D () C:\Users\olila\Desktop\S 2015-04-08 20:41 - 2015-04-08 20:41 - 00000987 _____ () C:\Users\olila\Desktop\TOTALCMD.EXE — skrót.lnk 2015-04-08 20:26 - 2015-04-08 20:26 - 00001251 _____ () C:\Users\olila\Desktop\SpyDLLRemover.lnk 2015-04-08 20:26 - 2015-04-08 20:26 - 00000000 ____D () C:\Program Files (x86)\SecurityXploded 2015-04-08 17:12 - 2015-04-08 17:12 - 00000000 ____D () C:\Windows\pss 2015-04-08 14:19 - 2015-04-08 20:41 - 00000000 ____D () C:\Kopia totalcmd 2015-04-07 18:23 - 2015-04-07 18:23 - 00001153 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\BS.Player PRO.lnk 2015-04-07 18:23 - 2015-04-07 18:23 - 00001147 _____ () C:\Users\Public\Desktop\BS.Player PRO.lnk 2015-04-07 18:23 - 2015-04-07 18:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webteh 2015-04-07 18:22 - 2015-04-07 18:28 - 00000000 ____D () C:\Users\olila\AppData\Roaming\BSplayer PRO 2015-04-07 18:22 - 2015-04-07 18:22 - 00000000 ____D () C:\Program Files (x86)\Webteh 2015-04-07 18:21 - 2015-04-07 18:21 - 10973784 _____ () C:\Users\olila\AppData\Roaming\bsplayerpro.exe 2015-04-07 18:21 - 2015-04-07 18:21 - 00672029 _____ () C:\Users\olila\AppData\Roaming\update.vbs 2015-04-07 06:09 - 2015-04-07 06:09 - 00000806 _____ () C:\Windows\PFRO.log 2015-04-06 17:40 - 2015-04-06 17:40 - 00001403 _____ () C:\Users\olila\Desktop\GSpot.exe — skrót.lnk 2015-04-06 16:58 - 2015-04-10 20:52 - 00000762 _____ () C:\Windows\setupact.log 2015-04-06 16:58 - 2015-04-06 16:58 - 00000000 _____ () C:\Windows\setuperr.log 2015-04-06 16:52 - 2015-04-02 17:50 - 00489706 _____ () C:\Users\olila\Desktop\ 2015-04-06 16:34 - 2015-04-06 16:34 - 00000529 _____ () C:\Windows\SysWOW64\FLSINST.LOG 2015-04-06 16:30 - 2015-04-06 16:30 - 00002802 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC 2015-04-06 16:30 - 2015-04-06 16:30 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2015-04-06 16:30 - 2015-04-06 16:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2015-04-06 16:30 - 2015-04-06 16:30 - 00000000 ____D () C:\Program Files\CCleaner 2015-04-05 09:18 - 2015-04-05 09:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-04-05 08:44 - 2015-04-05 08:44 - 00000001 _____ () C:\Users\olila\AppData\Local\llftool.4.40.agreement 2015-04-02 19:46 - 2015-04-02 20:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2015-04-02 18:56 - 2015-04-08 18:08 - 00000000 ____D () C:\Users\olila\Desktop\slub fryz makijaz 2015-03-31 20:15 - 2015-03-31 20:18 - 00000000 __SHD () C:\Users\Public\DRM 2015-03-31 20:15 - 2015-03-31 20:15 - 00002163 _____ () C:\Users\olila\Desktop\Hex Editor Neo.lnk 2015-03-31 20:15 - 2015-03-31 20:15 - 00000000 ____D () C:\Users\olila\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HHD Hex Editor Neo 2015-03-31 20:15 - 2015-03-31 20:15 - 00000000 ____D () C:\Users\olila\AppData\Local\HHD Software 2015-03-31 19:39 - 2015-03-31 20:54 - 00000000 ____D () C:\Users\olila\Downloads\nokia 2015-03-31 19:30 - 2015-03-31 19:30 - 00000000 ____D () C:\Users\olila\AppData\Roaming\Nokia 2015-03-31 18:59 - 2015-03-31 18:59 - 00000000 ____D () C:\Users\olila\AppData\Local\Nokia 2015-03-31 18:32 - 2015-03-31 18:32 - 00000000 ____D () C:\Users\olila\AppData\Roaming\PC Suite 2015-03-31 17:23 - 2015-03-31 17:23 - 00000485 _____ () C:\Users\olila\Desktop\System — skrót.lnk 2015-03-31 17:17 - 2015-03-31 17:17 - 00000000 ____D () C:\Program Files\DIFX 2015-03-31 17:17 - 2008-08-28 12:44 - 00025600 _____ (Nokia) C:\Windows\system32\Drivers\pccsmcfdx64.sys 2015-03-31 17:16 - 2015-04-06 16:35 - 00000000 ____D () C:\Program Files (x86)\Nokia 2015-03-31 17:16 - 2013-01-23 11:31 - 00057856 _____ (Nokia) C:\Windows\system32\nmwcdclsX64.dll 2015-03-31 17:16 - 2005-08-03 16:05 - 00035892 _____ (Prolific Technology Inc.) C:\Windows\SysWOW64\SER9PL.sys 2015-03-31 17:16 - 2005-08-03 16:04 - 00026719 _____ () C:\Windows\SysWOW64\SERSPL.VXD 2015-03-31 17:15 - 2015-03-31 19:30 - 00000000 ____D () C:\ProgramData\Nokia 2015-03-31 17:14 - 2015-03-31 17:14 - 00000000 ____D () C:\ProgramData\Package Cache 2015-03-31 17:12 - 2015-03-31 17:13 - 01636610 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2015-03-31 17:06 - 2009-11-25 12:47 - 01942856 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll 2015-03-31 17:06 - 2009-11-25 12:47 - 01130824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll 2015-03-31 17:06 - 2009-11-25 12:47 - 00444752 _____ (Microsoft Corporation) C:\Windows\system32\mscoree.dll 2015-03-31 17:06 - 2009-11-25 12:47 - 00320352 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHost.exe 2015-03-31 17:06 - 2009-11-25 12:47 - 00297808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscoree.dll 2015-03-31 17:06 - 2009-11-25 12:47 - 00295264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationHost.exe 2015-03-31 17:06 - 2009-11-25 12:47 - 00109912 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHostProxy.dll 2015-03-31 17:06 - 2009-11-25 12:47 - 00099176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationHostProxy.dll 2015-03-31 17:06 - 2009-11-25 12:47 - 00049472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netfxperf.dll 2015-03-31 17:06 - 2009-11-25 12:47 - 00048960 _____ (Microsoft Corporation) C:\Windows\system32\netfxperf.dll 2015-03-25 11:21 - 2015-03-25 11:21 - 00281056 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys 2015-03-23 18:46 - 2014-01-28 19:36 - 00380416 _____ () C:\Users\olila\Desktop\gmer.exe 2015-03-19 21:21 - 2015-03-19 21:23 - 01054912 _____ (Adobe) C:\Users\olila\Downloads\install_flashplayer17x32au_mssd_aaa_aih.exe 2015-03-11 21:34 - 2007-09-04 18:03 - 00033280 _____ () C:\Users\olila\Desktop\zużycie paliwa.xls ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-10 20:53 - 2014-09-08 21:01 - 00000000 ____D () C:\Users\olila\AppData\Roaming\uTorrent 2015-04-10 20:53 - 2014-09-07 10:14 - 00000000 ____D () C:\ProgramData\MFAData 2015-04-10 20:52 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-04-10 20:50 - 2014-09-05 18:39 - 01925595 _____ () C:\Windows\WindowsUpdate.log 2015-04-10 07:19 - 2014-09-06 09:02 - 00000930 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-04-10 06:40 - 2009-07-14 06:45 - 00010208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-04-10 06:40 - 2009-07-14 06:45 - 00010208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-04-10 06:38 - 2009-07-14 19:55 - 00737242 _____ () C:\Windows\system32\perfh015.dat 2015-04-10 06:38 - 2009-07-14 19:55 - 00153930 _____ () C:\Windows\system32\perfc015.dat 2015-04-10 06:38 - 2009-07-14 07:13 - 01661232 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-04-09 21:32 - 2014-09-06 16:28 - 00000000 ____D () C:\Users\olila\AppData\Roaming\TS3Client 2015-04-09 20:04 - 2014-09-15 18:51 - 00000000 ____D () C:\Users\olila\.gimp-2.8 2015-04-08 21:19 - 2014-09-08 21:06 - 00000000 ____D () C:\Users\olila\AppData\Roaming\DAEMON Tools Lite 2015-04-08 20:32 - 2014-09-20 13:34 - 00000000 ____D () C:\Users\olila\AppData\Roaming\vlc 2015-04-06 16:40 - 2014-09-21 14:23 - 00000000 ___DC () C:\Users\olila\AppData\Local\MigWiz 2015-04-06 16:40 - 2014-09-07 10:59 - 00000000 ____D () C:\Windows\Minidump 2015-04-06 16:40 - 2014-09-05 19:35 - 00000000 ____D () C:\Windows\Panther 2015-04-06 15:12 - 2014-09-06 09:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-04-05 08:24 - 2014-12-08 19:51 - 00000408 __RSH () C:\ProgramData\ntuser.pol 2015-04-05 07:31 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF 2015-04-03 07:18 - 2014-09-06 18:37 - 00000000 ____D () C:\ProgramData\TEMP 2015-04-02 16:48 - 2014-09-08 08:46 - 00000000 ____D () C:\Users\olila\AppData\Local\Viber 2015-04-02 15:31 - 2014-09-08 08:47 - 00000000 ____D () C:\Users\olila\AppData\Roaming\ViberPC 2015-04-01 07:15 - 2009-07-14 06:45 - 05044288 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-03-31 21:10 - 2014-09-07 10:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2015-03-31 19:30 - 2014-09-06 09:13 - 00111960 _____ () C:\Users\olila\AppData\Local\GDIPFONTCACHEV1.DAT 2015-03-31 17:16 - 2014-09-06 09:27 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2015-03-25 18:05 - 2009-07-14 07:08 - 00032604 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-03-11 21:46 - 2014-09-08 21:19 - 00008192 _____ () C:\Windows\SysWOW64\srvany.exe ==================== Files in the root of some directories ======= 2015-04-07 18:21 - 2015-04-07 18:21 - 10973784 _____ () C:\Users\olila\AppData\Roaming\bsplayerpro.exe 2014-12-20 18:58 - 2014-12-20 18:58 - 0000268 ___RH () C:\Users\olila\AppData\Roaming\Dance Kit 2014-12-20 18:59 - 2014-12-20 18:59 - 0000268 ___RH () C:\Users\olila\AppData\Roaming\Database 2014-12-20 18:58 - 2014-12-20 18:58 - 0000268 ___RH () C:\Users\olila\AppData\Roaming\Definition Bundle 2015-04-07 18:21 - 2015-04-07 18:21 - 0672029 _____ () C:\Users\olila\AppData\Roaming\update.vbs 2014-10-11 02:59 - 2014-10-11 02:59 - 0003584 _____ () C:\Users\olila\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-04-05 08:44 - 2015-04-05 08:44 - 0000001 _____ () C:\Users\olila\AppData\Local\llftool.4.40.agreement 2014-11-10 21:32 - 2014-11-10 21:32 - 0000975 _____ () C:\Users\olila\AppData\Local\recently-used.xbel 2014-09-07 16:18 - 2015-03-01 21:43 - 0007620 _____ () C:\Users\olila\AppData\Local\resmon.resmoncfg 2015-01-25 10:47 - 2015-01-25 15:32 - 0000000 _____ () C:\ProgramData\dat.bmp 2014-12-20 18:58 - 2014-12-20 18:58 - 0000268 ___RH () C:\ProgramData\Developer Tools 2014-12-20 18:59 - 2014-12-20 18:59 - 0000268 ___RH () C:\ProgramData\Devices 2014-12-20 18:58 - 2014-12-20 18:58 - 0000268 ___RH () C:\ProgramData\Dialogs 2014-12-20 18:58 - 2014-12-20 18:58 - 0000012 ___RH () C:\ProgramData\Drums 2014-12-20 18:59 - 2014-12-20 18:59 - 0000012 ___RH () C:\ProgramData\Echo 2014-12-20 18:58 - 2014-12-20 18:58 - 0000012 ___RH () C:\ProgramData\Electric Clav 2014-12-20 18:59 - 2014-12-20 18:59 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT 2014-12-20 18:58 - 2014-12-20 19:01 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT 2014-12-20 18:58 - 2014-12-20 18:58 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-04-04 18:57 ==================== End Of Log ============================