Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013 Ran by Bartosz (administrator) on BERT50L on 12-10-2013 22:50:57 Running from C:\Users\Bartosz\Desktop\frs Windows 7 Home Premium Service Pack 1 (X64) OS Language: Polish Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe (AMD) C:\Windows\system32\atieclxx.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_11_9_900_117_ActiveX.exe (Microsoft Corporation) c:\Program Files\Microsoft Security Client\MpCmdRun.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-08-12] (Microsoft Corporation) HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation) HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\steam.exe [1813928 2013-10-05] (Valve Corporation) HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1476104 2012-12-20] (Samsung) HKCU\...\Run: [KiesPDLR] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844296 2012-12-20] (Samsung) HKCU\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844296 2012-12-20] (Samsung) HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd) MountPoints2: {3156d424-758a-11e1-adab-00112fa6f7db} - G:\Setup.exe MountPoints2: {89aab74d-6a9a-11e1-a961-806e6f6e6963} - F:\autorun.exe HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310280 2012-12-20] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Pomocnik logowania za pomocą identyfikatora Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: HKLM-x32 {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} https://www.bph.pl/sezam/components/SignActivX.cab DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Tcpip\Parameters: [DhcpNameServer] 192.168.0.100 FireFox: ======== FF ProfilePath: C:\Users\Bartosz\AppData\Roaming\Mozilla\Firefox\Profiles\5t33e7g3.default-1381610331267 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @real.com/nppl3260;version=6.0.11.2061 - C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.1059 - C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) ==================== Services (Whitelisted) ================= R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-08-12] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-08-12] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13368 2009-04-06] () R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13368 2009-04-06] () R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] () R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation) S3 Processor; C:\Windows\system32\DRIVERS\processr.sys [60416 2009-07-14] () R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) S3 SiSRaid2; C:\Windows\system32\DRIVERS\SiSRaid2.sys [43584 2009-07-14] () R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-06-17] (Duplex Secure Ltd.) S3 ss_bserd; C:\Windows\System32\DRIVERS\ss_bserd.sys [128000 2010-12-21] (MCCI Corporation) U3 agvpldec; C:\Windows\System32\Drivers\agvpldec.sys [0 ] (Advanced Micro Devices) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-12 22:49 - 2013-10-12 22:50 - 00000000 ____D C:\Users\Bartosz\Desktop\FIX 2013-10-12 22:46 - 2013-10-12 22:46 - 00448512 _____ (OldTimer Tools) C:\Users\Bartosz\Desktop\TFC.exe 2013-10-12 22:41 - 2013-10-12 22:50 - 00000000 ____D C:\AdwCleaner 2013-10-12 22:38 - 2013-10-12 22:38 - 00000000 ____D C:\Users\Bartosz\Desktop\Stare dane programu Firefox 2013-10-12 22:33 - 2013-10-12 22:33 - 00000000 _____ C:\Users\Bartosz\Desktop\Nowy dokument tekstowy.txt 2013-10-12 22:29 - 2013-10-12 22:29 - 00000000 ____D C:\Users\Bartosz\AppData\Roaming\OpenOffice 2013-10-12 22:27 - 2013-10-12 22:27 - 00001142 _____ C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk 2013-10-12 22:27 - 2013-10-12 22:27 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4 2013-10-11 20:08 - 2013-10-11 20:08 - 00300460 _____ C:\Users\Bartosz\Desktop\photo.php 2013-10-11 19:54 - 2013-10-11 19:54 - 00000000 ____D C:\Users\Bartosz\AppData\Local\{906DA510-A523-470D-8A40-D5FC7FC62EA4} 2013-10-10 17:12 - 2013-10-10 17:12 - 00000000 ____D C:\Users\Bartosz\AppData\Local\{031C7DCA-2ADB-4B29-9DFC-563EF6F303B1} 2013-10-09 17:44 - 2013-09-23 01:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-10-09 17:44 - 2013-09-23 01:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-10-09 17:44 - 2013-09-23 01:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-10-09 17:44 - 2013-09-23 01:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-10-09 17:44 - 2013-09-23 01:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-10-09 17:44 - 2013-09-23 01:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-10-09 17:44 - 2013-09-23 01:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-10-09 17:44 - 2013-09-23 01:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-10-09 17:44 - 2013-09-23 01:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-10-09 17:44 - 2013-09-23 01:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-10-09 17:44 - 2013-09-23 01:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-10-09 17:44 - 2013-09-23 01:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-10-09 17:44 - 2013-09-23 01:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-10-09 17:44 - 2013-09-23 00:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-10-09 17:44 - 2013-09-23 00:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-10-09 17:44 - 2013-09-23 00:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-10-09 17:44 - 2013-09-23 00:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-10-09 17:44 - 2013-09-23 00:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-10-09 17:44 - 2013-09-23 00:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-10-09 17:44 - 2013-09-23 00:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-10-09 17:44 - 2013-09-23 00:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-10-09 17:44 - 2013-09-23 00:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-10-09 17:44 - 2013-09-23 00:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-10-09 17:44 - 2013-09-23 00:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-10-09 17:44 - 2013-09-23 00:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-10-09 17:44 - 2013-09-23 00:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-10-09 17:44 - 2013-09-23 00:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-10-09 17:44 - 2013-09-21 05:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-10-09 17:44 - 2013-09-21 05:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-10-09 17:44 - 2013-09-21 04:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-10-09 17:44 - 2013-09-21 04:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-10-09 17:42 - 2013-10-09 17:42 - 00000000 ____D C:\Users\Bartosz\AppData\Local\{5DFCF99F-41AD-4721-87D5-68BE73C1A71B} 2013-10-09 17:31 - 2013-09-14 03:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2013-10-09 17:31 - 2013-09-08 04:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2013-10-09 17:31 - 2013-09-08 04:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll 2013-10-09 17:31 - 2013-09-08 04:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll 2013-10-09 17:31 - 2013-09-04 14:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2013-10-09 17:31 - 2013-09-04 14:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2013-10-09 17:31 - 2013-09-04 14:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys 2013-10-09 17:31 - 2013-09-04 14:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2013-10-09 17:31 - 2013-09-04 14:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2013-10-09 17:31 - 2013-09-04 14:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys 2013-10-09 17:31 - 2013-09-04 14:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2013-10-09 17:31 - 2013-08-29 04:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2013-10-09 17:31 - 2013-08-29 04:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2013-10-09 17:31 - 2013-08-29 04:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2013-10-09 17:31 - 2013-08-29 04:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2013-10-09 17:31 - 2013-08-29 04:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2013-10-09 17:31 - 2013-08-29 03:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2013-10-09 17:31 - 2013-08-29 03:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2013-10-09 17:31 - 2013-08-29 03:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2013-10-09 17:31 - 2013-08-29 03:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll 2013-10-09 17:31 - 2013-08-29 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2013-10-09 17:31 - 2013-08-29 03:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2013-10-09 17:31 - 2013-08-29 02:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2013-10-09 17:31 - 2013-08-29 02:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2013-10-09 17:31 - 2013-08-29 02:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2013-10-09 17:31 - 2013-08-29 02:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2013-10-09 17:31 - 2013-08-28 03:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-10-09 17:31 - 2013-08-28 03:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll 2013-10-09 17:31 - 2013-08-01 14:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2013-10-09 17:31 - 2013-07-20 12:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2013-10-09 17:31 - 2013-07-20 12:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2013-10-09 17:31 - 2013-07-12 12:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys 2013-10-09 17:31 - 2013-07-12 12:40 - 00109824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys 2013-10-09 17:31 - 2013-07-04 14:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll 2013-10-09 17:31 - 2013-07-04 14:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll 2013-10-09 17:31 - 2013-07-04 14:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll 2013-10-09 17:31 - 2013-07-04 13:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll 2013-10-09 17:31 - 2013-07-04 13:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll 2013-10-09 17:31 - 2013-07-04 13:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll 2013-10-09 17:31 - 2013-07-04 12:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2013-10-09 17:31 - 2013-07-03 06:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys 2013-10-09 17:31 - 2013-07-03 06:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys 2013-10-09 17:31 - 2013-06-26 00:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys 2013-10-09 17:31 - 2013-06-06 07:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2013-10-09 17:31 - 2013-06-06 07:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2013-10-09 17:31 - 2013-06-06 07:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2013-10-09 17:31 - 2013-06-06 07:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2013-10-09 17:31 - 2013-06-06 06:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2013-10-09 17:31 - 2013-06-06 06:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2013-10-09 17:31 - 2013-06-06 06:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll 2013-10-09 17:31 - 2013-06-06 05:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2013-10-09 17:31 - 2013-06-06 05:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2013-10-09 17:31 - 2013-06-06 05:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2013-10-08 20:37 - 2013-10-08 20:37 - 00000000 ____D C:\Users\Bartosz\AppData\Local\{3E58D0A0-2BD6-47AD-9E01-5B9ED41B5A2B} 2013-10-07 18:01 - 2013-10-07 18:01 - 00000000 ____D C:\Users\Bartosz\AppData\Local\{43981D9B-6FD9-4E5C-8586-134879D72C53} 2013-10-06 22:27 - 2013-10-06 22:27 - 00000000 ____D C:\Users\Bartosz\AppData\Local\{28A86218-B08E-4460-8A01-EB0CE2F1DDF9} 2013-10-06 19:39 - 2013-10-12 22:36 - 00000000 ____D C:\FRST 2013-10-06 19:38 - 2013-10-12 22:49 - 00000000 ____D C:\Users\Bartosz\Desktop\frs 2013-10-06 18:58 - 2013-10-06 18:58 - 00075556 _____ C:\Users\Bartosz\Desktop\Extras.Txt 2013-10-06 18:57 - 2013-10-06 18:57 - 00101494 _____ C:\Users\Bartosz\Desktop\OTL.Txt 2013-10-06 18:49 - 2013-10-06 18:49 - 00602112 _____ (OldTimer Tools) C:\Users\Bartosz\Desktop\OTL.exe 2013-10-06 18:44 - 2013-10-06 18:44 - 00000257 _____ C:\Windows\wininit.ini 2013-10-06 18:28 - 2013-10-12 22:42 - 00000971 _____ C:\Users\Bartosz\Desktop\Internet Explorer.lnk 2013-10-06 18:17 - 2013-10-06 18:17 - 00000000 ____D C:\Windows\ERUNT 2013-10-06 17:50 - 2013-10-12 22:35 - 00003034 _____ C:\Windows\PFRO.log 2013-10-06 17:39 - 2013-10-06 17:39 - 00000000 ____D C:\ProgramData\Google 2013-10-06 17:39 - 2013-10-06 17:39 - 00000000 ____D C:\Program Files\Google 2013-10-06 17:37 - 2013-10-06 17:37 - 07912440 _____ (Adobe Systems Inc.) C:\Users\Bartosz\Downloads\Shockwave_Installer_Slim(2).exe 2013-10-06 16:06 - 2013-10-06 16:06 - 00000837 _____ C:\Users\Public\Desktop\µTorrent.lnk 2013-10-06 16:04 - 2013-10-06 16:04 - 01037648 _____ (BitTorrent Inc.) C:\Users\Bartosz\Downloads\utorrent-64-bit [1].exe 2013-10-05 22:52 - 2013-10-05 22:52 - 00001044 _____ C:\Users\Bartosz\Desktop\NapiProjekt.lnk 2013-10-02 19:56 - 2013-10-03 20:02 - 00011505 _____ C:\Users\Bartosz\Desktop\gdyby drzewa miały usta.odt 2013-10-01 23:07 - 2013-10-05 22:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-10-01 19:45 - 2013-10-01 19:45 - 00035260 _____ C:\Users\Bartosz\Desktop\liść dębu.odt 2013-09-26 17:10 - 2013-09-26 17:27 - 00000000 ____D C:\Users\Bartosz\Desktop\Mati 2013-09-22 19:42 - 2013-09-22 19:42 - 00000000 ____D C:\Users\Bartosz\AppData\Roaming\Media Player Classic 2013-09-22 19:37 - 2013-08-22 19:09 - 00256088 _____ C:\Windows\system32\unrar64.dll 2013-09-22 19:36 - 2013-09-22 19:36 - 26560076 _____ ( ) C:\Users\Bartosz\Downloads\K-Lite_Codec_Pack_1005_Full(dobreprogramy.pl).exe 2013-09-18 19:59 - 2013-09-20 22:57 - 00710031 _____ C:\Users\Bartosz\Desktop\daga ściąga.odt 2013-09-17 21:57 - 2013-10-12 22:43 - 00002912 _____ C:\Windows\setupact.log 2013-09-17 21:57 - 2013-09-17 21:57 - 00000000 _____ C:\Windows\setuperr.log 2013-09-15 20:15 - 2013-09-15 20:19 - 00000000 ____D C:\Users\Bartosz\AppData\Roaming\Audacity 2013-09-15 20:15 - 2013-09-15 20:15 - 00001011 _____ C:\Users\Public\Desktop\Audacity.lnk 2013-09-15 20:14 - 2013-09-15 20:15 - 00000000 ____D C:\Program Files (x86)\Audacity 2013-09-15 20:14 - 2013-09-15 20:14 - 22308174 _____ (Audacity Team ) C:\Users\Bartosz\Downloads\audacity-win-2.0.4.exe ==================== One Month Modified Files and Folders ======= 2013-10-12 22:50 - 2013-10-12 22:49 - 00000000 ____D C:\Users\Bartosz\Desktop\FIX 2013-10-12 22:50 - 2013-10-12 22:41 - 00000000 ____D C:\AdwCleaner 2013-10-12 22:50 - 2009-07-14 06:45 - 00015152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-10-12 22:50 - 2009-07-14 06:45 - 00015152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-10-12 22:49 - 2013-10-06 19:38 - 00000000 ____D C:\Users\Bartosz\Desktop\frs 2013-10-12 22:48 - 2009-07-14 19:55 - 00697896 _____ C:\Windows\system32\perfh015.dat 2013-10-12 22:48 - 2009-07-14 19:55 - 00135006 _____ C:\Windows\system32\perfc015.dat 2013-10-12 22:48 - 2009-07-14 07:13 - 01549932 _____ C:\Windows\system32\PerfStringBackup.INI 2013-10-12 22:46 - 2013-10-12 22:46 - 00448512 _____ (OldTimer Tools) C:\Users\Bartosz\Desktop\TFC.exe 2013-10-12 22:46 - 2012-03-10 12:22 - 01219580 _____ C:\Windows\WindowsUpdate.log 2013-10-12 22:44 - 2012-08-11 15:04 - 00000000 ____D C:\Program Files (x86)\Steam 2013-10-12 22:43 - 2013-09-17 21:57 - 00002912 _____ C:\Windows\setupact.log 2013-10-12 22:43 - 2012-11-13 22:11 - 00001046 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-10-12 22:43 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-10-12 22:42 - 2013-10-06 18:28 - 00000971 _____ C:\Users\Bartosz\Desktop\Internet Explorer.lnk 2013-10-12 22:42 - 2012-05-07 20:09 - 00001053 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2013-10-12 22:42 - 2012-03-10 12:31 - 00001001 _____ C:\Users\Bartosz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2013-10-12 22:38 - 2013-10-12 22:38 - 00000000 ____D C:\Users\Bartosz\Desktop\Stare dane programu Firefox 2013-10-12 22:36 - 2013-10-06 19:39 - 00000000 ____D C:\FRST 2013-10-12 22:35 - 2013-10-06 17:50 - 00003034 _____ C:\Windows\PFRO.log 2013-10-12 22:35 - 2012-03-10 15:32 - 00064768 _____ C:\Users\Bartosz\AppData\Local\GDIPFONTCACHEV1.DAT 2013-10-12 22:35 - 2009-07-14 06:45 - 00297944 _____ C:\Windows\system32\FNTCACHE.DAT 2013-10-12 22:33 - 2013-10-12 22:33 - 00000000 _____ C:\Users\Bartosz\Desktop\Nowy dokument tekstowy.txt 2013-10-12 22:32 - 2012-11-13 22:11 - 00001050 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-10-12 22:29 - 2013-10-12 22:29 - 00000000 ____D C:\Users\Bartosz\AppData\Roaming\OpenOffice 2013-10-12 22:27 - 2013-10-12 22:27 - 00001142 _____ C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk 2013-10-12 22:27 - 2013-10-12 22:27 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4 2013-10-12 22:27 - 2012-03-10 21:46 - 00000000 ____D C:\Program Files (x86)\OpenOffice.org 3 2013-10-12 22:25 - 2012-03-10 12:31 - 00000000 ___RD C:\Users\Bartosz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-10-12 17:00 - 2012-04-01 08:59 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-10-11 20:54 - 2012-03-14 19:58 - 00000000 ____D C:\Users\Bartosz\AppData\Roaming\uTorrent 2013-10-11 20:08 - 2013-10-11 20:08 - 00300460 _____ C:\Users\Bartosz\Desktop\photo.php 2013-10-11 19:54 - 2013-10-11 19:54 - 00000000 ____D C:\Users\Bartosz\AppData\Local\{906DA510-A523-470D-8A40-D5FC7FC62EA4} 2013-10-10 17:12 - 2013-10-10 17:12 - 00000000 ____D C:\Users\Bartosz\AppData\Local\{031C7DCA-2ADB-4B29-9DFC-563EF6F303B1} 2013-10-09 19:09 - 2012-04-01 08:59 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-10-09 19:09 - 2012-04-01 08:59 - 00003868 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-10-09 19:09 - 2012-03-10 15:28 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-10-09 18:48 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2013-10-09 18:13 - 2013-03-14 00:57 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-10-09 18:13 - 2013-03-14 00:57 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2013-10-09 18:13 - 2012-03-10 12:19 - 00000000 ____D C:\Windows\Panther 2013-10-09 17:42 - 2013-10-09 17:42 - 00000000 ____D C:\Users\Bartosz\AppData\Local\{5DFCF99F-41AD-4721-87D5-68BE73C1A71B} 2013-10-09 17:38 - 2013-07-14 23:20 - 00000000 ____D C:\Windows\system32\MRT 2013-10-09 17:37 - 2012-03-10 12:46 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-10-09 17:33 - 2012-03-10 21:49 - 00001912 _____ C:\Windows\epplauncher.mif 2013-10-09 17:32 - 2012-03-10 21:48 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client 2013-10-09 17:32 - 2012-03-10 21:47 - 00000000 ____D C:\Program Files\Microsoft Security Client 2013-10-08 20:37 - 2013-10-08 20:37 - 00000000 ____D C:\Users\Bartosz\AppData\Local\{3E58D0A0-2BD6-47AD-9E01-5B9ED41B5A2B} 2013-10-07 18:01 - 2013-10-07 18:01 - 00000000 ____D C:\Users\Bartosz\AppData\Local\{43981D9B-6FD9-4E5C-8586-134879D72C53} 2013-10-06 22:27 - 2013-10-06 22:27 - 00000000 ____D C:\Users\Bartosz\AppData\Local\{28A86218-B08E-4460-8A01-EB0CE2F1DDF9} 2013-10-06 18:58 - 2013-10-06 18:58 - 00075556 _____ C:\Users\Bartosz\Desktop\Extras.Txt 2013-10-06 18:57 - 2013-10-06 18:57 - 00101494 _____ C:\Users\Bartosz\Desktop\OTL.Txt 2013-10-06 18:49 - 2013-10-06 18:49 - 00602112 _____ (OldTimer Tools) C:\Users\Bartosz\Desktop\OTL.exe 2013-10-06 18:44 - 2013-10-06 18:44 - 00000257 _____ C:\Windows\wininit.ini 2013-10-06 18:29 - 2012-04-18 23:13 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy 2013-10-06 18:17 - 2013-10-06 18:17 - 00000000 ____D C:\Windows\ERUNT 2013-10-06 17:52 - 2013-02-16 11:31 - 00000424 _____ C:\Windows\SysWOW64\OSSService.log 2013-10-06 17:43 - 2012-11-13 22:11 - 00000000 ____D C:\Users\Bartosz\AppData\Local\Google 2013-10-06 17:43 - 2012-11-13 22:11 - 00000000 ____D C:\Program Files (x86)\Google 2013-10-06 17:39 - 2013-10-06 17:39 - 00000000 ____D C:\ProgramData\Google 2013-10-06 17:39 - 2013-10-06 17:39 - 00000000 ____D C:\Program Files\Google 2013-10-06 17:37 - 2013-10-06 17:37 - 07912440 _____ (Adobe Systems Inc.) C:\Users\Bartosz\Downloads\Shockwave_Installer_Slim(2).exe 2013-10-06 16:14 - 2012-03-14 19:35 - 00000000 ____D C:\Program Files (x86)\Metin2 2013-10-06 16:06 - 2013-10-06 16:06 - 00000837 _____ C:\Users\Public\Desktop\µTorrent.lnk 2013-10-06 16:04 - 2013-10-06 16:04 - 01037648 _____ (BitTorrent Inc.) C:\Users\Bartosz\Downloads\utorrent-64-bit [1].exe 2013-10-05 22:52 - 2013-10-05 22:52 - 00001044 _____ C:\Users\Bartosz\Desktop\NapiProjekt.lnk 2013-10-05 22:52 - 2013-10-01 23:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-10-05 22:52 - 2012-03-16 22:07 - 00000000 ____D C:\Program Files (x86)\NapiProjekt 2013-10-03 20:02 - 2013-10-02 19:56 - 00011505 _____ C:\Users\Bartosz\Desktop\gdyby drzewa miały usta.odt 2013-10-03 19:12 - 2012-05-12 16:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-10-02 19:37 - 2012-05-07 20:09 - 00000000 ____D C:\Users\Bartosz\AppData\Local\Mozilla 2013-10-01 19:45 - 2013-10-01 19:45 - 00035260 _____ C:\Users\Bartosz\Desktop\liść dębu.odt 2013-09-26 17:27 - 2013-09-26 17:10 - 00000000 ____D C:\Users\Bartosz\Desktop\Mati 2013-09-26 17:07 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF 2013-09-23 01:28 - 2013-10-09 17:44 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-09-23 01:28 - 2013-10-09 17:44 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-09-23 01:27 - 2013-10-09 17:44 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-09-23 01:27 - 2013-10-09 17:44 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-09-23 01:27 - 2013-10-09 17:44 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-09-23 01:27 - 2013-10-09 17:44 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-09-23 01:27 - 2013-10-09 17:44 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-09-23 01:27 - 2013-10-09 17:44 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-09-23 01:27 - 2013-10-09 17:44 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-09-23 01:27 - 2013-10-09 17:44 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-09-23 01:27 - 2013-10-09 17:44 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-09-23 01:27 - 2013-10-09 17:44 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-09-23 01:27 - 2013-10-09 17:44 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-09-23 00:55 - 2013-10-09 17:44 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-09-23 00:55 - 2013-10-09 17:44 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-09-23 00:55 - 2013-10-09 17:44 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-09-23 00:54 - 2013-10-09 17:44 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-09-23 00:54 - 2013-10-09 17:44 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-09-23 00:54 - 2013-10-09 17:44 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-09-23 00:54 - 2013-10-09 17:44 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-09-23 00:54 - 2013-10-09 17:44 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-09-23 00:54 - 2013-10-09 17:44 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-09-23 00:54 - 2013-10-09 17:44 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-09-23 00:54 - 2013-10-09 17:44 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-09-23 00:54 - 2013-10-09 17:44 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-09-23 00:54 - 2013-10-09 17:44 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-09-23 00:54 - 2013-10-09 17:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-09-22 19:42 - 2013-09-22 19:42 - 00000000 ____D C:\Users\Bartosz\AppData\Roaming\Media Player Classic 2013-09-22 19:37 - 2012-04-28 21:36 - 00000000 ____D C:\Program Files (x86)\K-Lite Codec Pack 2013-09-22 19:36 - 2013-09-22 19:36 - 26560076 _____ ( ) C:\Users\Bartosz\Downloads\K-Lite_Codec_Pack_1005_Full(dobreprogramy.pl).exe 2013-09-21 05:38 - 2013-10-09 17:44 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-09-21 05:30 - 2013-10-09 17:44 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-09-21 04:48 - 2013-10-09 17:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-09-21 04:39 - 2013-10-09 17:44 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-09-20 22:57 - 2013-09-18 19:59 - 00710031 _____ C:\Users\Bartosz\Desktop\daga ściąga.odt 2013-09-19 18:53 - 2013-09-02 11:35 - 00000000 ____D C:\Users\Bartosz\Desktop\Miki 2013-09-17 21:57 - 2013-09-17 21:57 - 00000000 _____ C:\Windows\setuperr.log 2013-09-15 20:19 - 2013-09-15 20:15 - 00000000 ____D C:\Users\Bartosz\AppData\Roaming\Audacity 2013-09-15 20:15 - 2013-09-15 20:15 - 00001011 _____ C:\Users\Public\Desktop\Audacity.lnk 2013-09-15 20:15 - 2013-09-15 20:14 - 00000000 ____D C:\Program Files (x86)\Audacity 2013-09-15 20:14 - 2013-09-15 20:14 - 22308174 _____ (Audacity Team ) C:\Users\Bartosz\Downloads\audacity-win-2.0.4.exe 2013-09-14 03:10 - 2013-10-09 17:31 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-10-11 19:22 ==================== End Of Log ============================