Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-06-2015 Ran by Mad_Egg (administrator) on MAD_PC on 20-06-2015 15:26:13 Running from C:\Users\Mad_Egg\Downloads Loaded Profiles: Mad_Egg (Available Profiles: Mad_Egg & UpdatusUser & Rodzice) Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Polski (Polska) Internet Explorer Version 11 (Default browser path: "C:\Program Files\Light\light.exe" -osint -url "%1") Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe () C:\Program Files\Rainmeter\Rainmeter.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation) C:\Windows\System32\vds.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12021464 2014-05-09] (Realtek Semiconductor) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-11] (Avast Software s.r.o.) HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-21-703950910-948677305-527190612-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5489944 2015-01-24] (Piriform Ltd) HKU\S-1-5-21-703950910-948677305-527190612-1001\...\MountPoints2: {5cedbd15-a3d3-11e4-8672-806e6f6e6963} - E:\Autorun.exe HKU\S-1-5-21-703950910-948677305-527190612-1001\...\MountPoints2: {5d1e0af1-a70a-11e4-a60c-0019db4c7965} - J:\OblivionLauncher.exe HKU\S-1-5-21-703950910-948677305-527190612-1001\...\MountPoints2: {8715d613-d95c-11e4-aa77-0019db4c7965} - J:\OblivionLauncher.exe HKU\S-1-5-21-703950910-948677305-527190612-1001\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2616320 2015-01-26] (Microsoft Corporation) <==== ATTENTION HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2015-01-26] (Microsoft Corporation) Startup: C:\Users\Mad_Egg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2015-01-24] ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe () ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-05-10] (Avast Software s.r.o.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-703950910-948677305-527190612-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.pl/?gws_rd=ssl HKU\S-1-5-21-703950910-948677305-527190612-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/pl-pl/?ocid=iehp SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-703950910-948677305-527190612-1001 -> DefaultScope {736C902C-C1EC-408D-BCEC-79C8A3806B0F} URL = https://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-703950910-948677305-527190612-1001 -> {736C902C-C1EC-408D-BCEC-79C8A3806B0F} URL = https://www.google.com/search?q={searchTerms} BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-25] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-25] (Oracle Corporation) ATTENTION: There are more than 99 Catalog9 entries. Turn off the whitelisting to see all the entries. You may check Device Manager for presence of unusual amount of "Microsoft 6to4 Adapter" devices. Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4 FireFox: ======== FF ProfilePath: C:\Users\Mad_Egg\AppData\Roaming\Mozilla\Firefox\Profiles\2kgo30i2.default FF Homepage: https://www.google.pl/?gws_rd=ssl FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-17] () FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-25] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-25] (Oracle Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-22] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-22] (Google Inc.) FF Plugin HKU\S-1-5-21-703950910-948677305-527190612-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Mad_Egg\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-02-24] (Unity Technologies ApS) FF Extension: μ Adblock - C:\Users\Mad_Egg\AppData\Roaming\Mozilla\Firefox\Profiles\2kgo30i2.default\Extensions\jid1-yIDO6R3DGl4u2Q@jetpack.xpi [2015-02-03] FF Extension: Fasterfox - C:\Users\Mad_Egg\AppData\Roaming\Mozilla\Firefox\Profiles\2kgo30i2.default\Extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}.xpi [2015-02-03] FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found] Chrome: ======= CHR Profile: C:\Users\Mad_Egg\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Mad_Egg\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-22] CHR Extension: (Google Drive) - C:\Users\Mad_Egg\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-22] CHR Extension: (YouTube) - C:\Users\Mad_Egg\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-22] CHR Extension: (Google Search) - C:\Users\Mad_Egg\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-22] CHR Extension: (No Name) - C:\Users\Mad_Egg\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-03-22] CHR Extension: (Google Wallet) - C:\Users\Mad_Egg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-22] CHR Extension: (Gmail) - C:\Users\Mad_Egg\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-22] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-10] (Avast Software s.r.o.) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2015-01-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-05-10] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [74976 2015-05-10] (Avast Software s.r.o.) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-05-10] (Avast Software s.r.o.) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-05-10] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787760 2015-05-10] (Avast Software s.r.o.) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427992 2015-05-10] (Avast Software s.r.o.) S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [106912 2015-05-10] (Avast Software s.r.o.) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [209048 2015-05-10] () S4 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [278984 2015-03-01] () R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [30616 2013-03-04] (Elaborate Bytes AG) R3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd6.sys [44032 2009-07-14] (VIA Technologies, Inc. ) S4 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [18048 2015-03-01] () [File not signed] R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2013-04-10] (Samsung Electronics) [File not signed] S4 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-20 15:26 - 2015-06-20 15:27 - 00009719 _____ C:\Users\Mad_Egg\Downloads\FRST.txt 2015-06-20 15:24 - 2015-06-20 15:26 - 00000000 ____D C:\FRST 2015-06-20 14:00 - 2015-06-20 14:01 - 01148416 _____ (Farbar) C:\Users\Mad_Egg\Downloads\FRST.exe 2015-06-20 13:58 - 2015-06-20 15:25 - 00000691 _____ C:\Users\Mad_Egg\Documents\problem.txt 2015-06-20 13:07 - 2015-05-10 17:41 - 00291312 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe 2015-06-17 20:55 - 2015-06-17 20:56 - 01472865 _____ ( ) C:\Users\test\Downloads\cenega_poland_oblivion_pl.exe.er2qb88.partial 2015-06-16 16:48 - 2015-06-16 16:50 - 10073065 _____ C:\Users\Mad_Egg\Downloads\100.tmp.kpkbyyz.partial 2015-06-15 16:56 - 2015-06-15 17:01 - 03459568 _____ ( ) C:\Users\Mad_Egg\Downloads\cenega_poland_oblivion_pl.exe 2015-06-15 15:31 - 2015-06-15 15:31 - 00000218 _____ C:\Users\Mad_Egg\AppData\Local\recently-used.xbel 2015-06-15 07:56 - 2015-06-15 07:56 - 00000000 ____D C:\Users\test\AppData\Local\Microsoft Games 2015-06-15 06:36 - 2015-06-15 06:36 - 00000000 ____D C:\Users\test\AppData\Roaming\Xerox 2015-06-14 15:37 - 2015-06-14 15:37 - 00000000 ____D C:\Users\test\AppData\Roaming\Macromedia 2015-06-14 15:35 - 2015-06-14 15:35 - 00000000 ____D C:\Users\test\AppData\Roaming\Mozilla 2015-06-14 15:33 - 2015-06-14 15:34 - 00000000 ____D C:\Users\test\AppData\Roaming\Light 2015-06-14 15:33 - 2015-06-14 15:33 - 00000000 ____D C:\Users\test\AppData\Local\Light 2015-06-14 14:53 - 2015-06-14 15:01 - 14288914 _____ ( ) C:\Users\test\Downloads\cenega_poland_oblivion_pl.46q943p.partial 2015-06-14 14:46 - 2015-06-14 14:46 - 00000000 __SHD C:\Users\test\AppData\Local\EmieUserList 2015-06-14 14:46 - 2015-06-14 14:46 - 00000000 __SHD C:\Users\test\AppData\Local\EmieSiteList 2015-06-14 14:46 - 2015-06-14 14:46 - 00000000 __SHD C:\Users\test\AppData\Local\EmieBrowserModeList 2015-06-14 14:44 - 2015-06-14 14:44 - 00000000 ____D C:\Users\test\AppData\Roaming\AVAST Software 2015-06-14 14:43 - 2015-06-14 14:43 - 00000000 ____D C:\Users\test\AppData\Local\Google 2015-06-14 14:42 - 2015-06-14 14:42 - 00000000 _SHDL C:\Users\test\Ustawienia lokalne 2015-06-14 14:42 - 2015-06-14 14:42 - 00000000 _SHDL C:\Users\test\Szablony 2015-06-14 14:42 - 2015-06-14 14:42 - 00000000 _SHDL C:\Users\test\Moje dokumenty 2015-06-14 14:42 - 2015-06-14 14:42 - 00000000 _SHDL C:\Users\test\Menu Start 2015-06-14 14:42 - 2015-06-14 14:42 - 00000000 _SHDL C:\Users\test\Dane aplikacji 2015-06-14 14:42 - 2015-06-14 14:42 - 00000000 _SHDL C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programy 2015-06-14 14:42 - 2015-06-14 14:42 - 00000000 _SHDL C:\Users\test\AppData\Local\Historia 2015-06-14 14:42 - 2015-06-14 14:42 - 00000000 _SHDL C:\Users\test\AppData\Local\Dane aplikacji 2015-06-14 14:42 - 2015-06-14 14:42 - 00000000 ____D C:\Users\test\AppData\Roaming\Adobe 2015-06-14 14:41 - 2015-06-20 13:04 - 00000000 ____D C:\Users\test 2015-06-14 14:41 - 2015-06-20 13:02 - 00000000 ___RD C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-06-14 11:00 - 2015-06-14 11:07 - 00474351 _____ C:\Users\Mad_Egg\Downloads\rough_typewriter.zip 2015-06-13 21:33 - 2015-06-20 13:17 - 00094488 _____ C:\Users\Mad_Egg\AppData\Local\GDIPFONTCACHEV1.DAT 2015-06-13 18:25 - 2015-06-20 13:02 - 00000000 ____D C:\Program Files\Youtube Downloader HD 2015-06-13 16:09 - 2015-06-13 16:09 - 00000000 ____D C:\Users\Mad_Egg\AppData\Roaming\Awesomium 2015-06-13 15:58 - 2015-06-13 15:58 - 00000000 ____D C:\ProgramData\Hi-Rez Studios 2015-06-13 15:57 - 2015-06-20 13:02 - 00000000 ____D C:\Program Files\Hi-Rez Studios 2015-06-13 14:06 - 2015-06-13 14:06 - 00000000 ____D C:\Users\Mad_Egg\AppData\Roaming\Opera Software 2015-06-13 14:06 - 2015-06-13 14:06 - 00000000 ____D C:\Users\Mad_Egg\AppData\Local\Opera Software 2015-06-13 13:15 - 2015-06-13 13:15 - 00000423 _____ C:\Windows\DirectX.log 2015-06-13 12:48 - 2015-06-13 12:50 - 00024810 _____ C:\Windows\DPINST.LOG 2015-06-13 12:47 - 2015-06-13 12:47 - 00687824 _____ (Opera Software) C:\Users\Mad_Egg\Downloads\Opera_NI_stable.exe 2015-06-09 18:31 - 2015-06-09 18:31 - 00131072 _____ C:\Windows\Minidump\060915-25937-01.dmp 2015-06-07 21:34 - 2015-06-07 21:34 - 00131072 _____ C:\Windows\Minidump\060715-29421-01.dmp 2015-06-02 20:10 - 2015-06-20 13:02 - 00000000 ____D C:\Users\Mad_Egg\AppData\Local\Ubisoft 2015-06-02 19:58 - 2015-06-02 19:58 - 00038913 _____ C:\Users\Mad_Egg\AppData\Local\Perfmon.PerfmonCfg 2015-06-02 16:52 - 2015-06-02 16:52 - 00000000 ____D C:\Program Files\Microsoft XNA 2015-05-31 13:51 - 2015-06-20 13:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com 2015-05-31 13:47 - 2015-05-31 14:02 - 00000000 ____D C:\Program Files\Technobabylon 2015-05-30 23:01 - 2015-06-20 13:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-05-30 23:01 - 2015-05-30 23:01 - 00000000 ____D C:\Users\Mad_Egg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-05-30 22:30 - 2015-05-30 22:30 - 00000000 ____D C:\Users\Mad_Egg\AppData\Roaming\ScummVM 2015-05-30 21:58 - 2015-05-30 22:02 - 87337746 _____ C:\Users\Mad_Egg\Downloads\Beneath a Steel Sky PL.zip 2015-05-30 21:11 - 2015-06-20 13:03 - 00000000 ____D C:\Windows\Minidump 2015-05-30 21:10 - 2015-06-20 14:25 - 00000678 _____ C:\Windows\PFRO.log 2015-05-30 21:10 - 2015-05-30 21:10 - 00131072 _____ C:\Windows\Minidump\053015-25562-01.dmp 2015-05-30 17:04 - 2015-06-20 14:26 - 00003566 _____ C:\Windows\setupact.log 2015-05-30 17:04 - 2015-05-30 17:04 - 00373488 _____ C:\Windows\system32\FNTCACHE.DAT 2015-05-30 17:04 - 2015-05-30 17:04 - 00000000 _____ C:\Windows\setuperr.log 2015-05-29 19:13 - 2015-05-29 19:13 - 00000000 ____D C:\Users\Mad_Egg\AppData\Roaming\LolClient 2015-05-29 18:19 - 2015-05-29 18:19 - 00000000 ____D C:\ProgramData\Riot Games 2015-05-24 19:04 - 1998-06-18 00:00 - 00089360 _____ (Microsoft Corporation) C:\Windows\system32\VB5DB.DLL 2015-05-24 10:34 - 2015-06-20 13:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Valve 2015-05-24 10:29 - 2015-05-24 10:29 - 00000000 ____D C:\Program Files\Valve 2015-05-24 10:24 - 2015-05-24 10:24 - 00000000 ____D C:\Windows\Sun ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-20 15:25 - 2015-03-07 12:53 - 00000000 ____D C:\Users\Mad_Egg\AppData\Roaming\foobar2000 2015-06-20 15:03 - 2009-07-14 06:34 - 00014368 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-06-20 15:03 - 2009-07-14 06:34 - 00014368 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-06-20 14:52 - 2015-01-24 16:29 - 01874374 _____ C:\Windows\system32\PerfStringBackup.INI 2015-06-20 14:52 - 2009-07-14 10:07 - 00894134 _____ C:\Windows\system32\perfh015.dat 2015-06-20 14:52 - 2009-07-14 10:07 - 00204720 _____ C:\Windows\system32\perfc015.dat 2015-06-20 14:51 - 2015-01-24 16:18 - 01363064 _____ C:\Windows\WindowsUpdate.log 2015-06-20 14:27 - 2009-07-14 06:53 - 00032604 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2015-06-20 14:27 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-06-20 13:10 - 2015-01-24 16:48 - 00000000 ____D C:\Users\Mad_Egg 2015-06-20 13:03 - 2015-04-29 18:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kolekcja Klasyki 2015-06-20 13:03 - 2015-04-21 20:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends 2015-06-20 13:03 - 2015-04-11 17:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack 2015-06-20 13:03 - 2015-04-02 19:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software 2015-06-20 13:03 - 2015-03-22 13:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-06-20 13:03 - 2015-03-11 19:08 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xerox Printers 2015-06-20 13:03 - 2015-03-01 16:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anno 1701 2015-06-20 13:03 - 2015-02-22 12:39 - 00000000 ____D C:\Windows\system32\RTCOM 2015-06-20 13:03 - 2015-02-10 14:51 - 00000000 ____D C:\Users\Mad_Egg\AppData\Local\gtk-2.0 2015-06-20 13:03 - 2015-01-29 16:07 - 00000000 ____D C:\Users\Mad_Egg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2015-06-20 13:03 - 2015-01-25 13:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-06-20 13:03 - 2015-01-25 07:36 - 00000000 ____D C:\Users\Rodzice 2015-06-20 13:03 - 2015-01-24 21:04 - 00000000 ____D C:\Users\Mad_Egg\AppData\Roaming\Rainmeter 2015-06-20 13:03 - 2009-07-14 06:52 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2015-06-20 13:03 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public 2015-06-20 13:03 - 2009-07-14 04:37 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-06-20 13:03 - 2009-07-14 04:37 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2015-06-20 13:03 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\wfp 2015-06-20 13:03 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\AppCompat 2015-06-20 13:02 - 2015-04-30 12:24 - 00000000 ____D C:\Users\Mad_Egg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bethesda Softworks 2015-06-20 13:02 - 2015-01-24 19:03 - 00000000 ____D C:\Users\Mad_Egg\AppData\Roaming\Macromedia 2015-06-20 13:02 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\registration 2015-06-20 13:01 - 2015-03-28 23:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atari 2015-06-20 13:01 - 2015-03-23 12:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda Softworks 2015-06-20 13:01 - 2015-01-24 23:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft 2015-06-20 13:01 - 2015-01-24 17:36 - 00000000 ___HD C:\Program Files\InstallShield Installation Information 2015-06-13 19:10 - 2015-01-29 18:53 - 00007621 _____ C:\Users\Mad_Egg\AppData\Local\resmon.resmoncfg 2015-06-13 19:00 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\LogFiles 2015-06-13 12:52 - 2015-01-25 19:49 - 00000000 ____D C:\Users\Mad_Egg\.gimp-2.8 2015-06-11 20:29 - 2015-01-24 23:18 - 00000000 ____D C:\Program Files\Ubisoft 2015-06-11 20:24 - 2015-03-14 20:11 - 00000023 _____ C:\Windows\BlendSettings.ini 2015-06-10 13:09 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\NDF 2015-06-02 17:00 - 2015-03-14 16:40 - 00000000 ____D C:\Users\Mad_Egg\Documents\My Games 2015-06-02 16:52 - 2009-07-14 04:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared 2015-05-30 23:01 - 2015-03-28 22:55 - 00000000 ____D C:\Program Files\WinRAR 2015-05-30 22:30 - 2015-03-22 13:32 - 00000000 ____D C:\Program Files\Brackets 2015-05-30 17:11 - 2009-07-14 06:53 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU(34).TXT 2015-05-24 05:18 - 2015-05-06 18:45 - 00000000 ____D C:\Users\Rodzice\AppData\Roaming\Light ==================== Files in the root of some directories ======= 2015-06-02 19:58 - 2015-06-02 19:58 - 0038913 _____ () C:\Users\Mad_Egg\AppData\Local\Perfmon.PerfmonCfg 2015-06-15 15:31 - 2015-06-15 15:31 - 0000218 _____ () C:\Users\Mad_Egg\AppData\Local\recently-used.xbel 2015-01-29 18:53 - 2015-06-13 19:10 - 0007621 _____ () C:\Users\Mad_Egg\AppData\Local\resmon.resmoncfg 2015-01-24 17:39 - 2015-01-24 17:39 - 0000000 ____H () C:\ProgramData\DP45977C.lfl ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-06-13 20:32 ==================== End of log ============================