Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-01-2014 Ran by As (administrator) on AS-KOMPUTER on 04-01-2014 17:52:28 Running from C:\Users\As\Downloads Windows 7 Ultimate (X64) OS Language: Polish Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe () C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe (Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe (Logitech Inc.) C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe () C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe () C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-07-29] (Realtek Semiconductor) HKLM\...\Run: [COMODO Internet Security] - C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe [1612504 2013-11-11] (COMODO) HKLM-x32\...\Run: [LogitechQuickCamRibbon] - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] () HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated) HKCU\...\Run: [Logitech Vid] - C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe [5458704 2009-07-16] (Logitech Inc.) HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.) HKU\Ja\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.) HKU\Mam\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.) Startup: C:\Users\As\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Rejestracja produktu.lnk ShortcutTarget: Logitech . Rejestracja produktu.lnk -> C:\Program Files\Logitech\Logitech WebCam Software\eReg.exe (Leader Technologies/Logitech) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKCU - {1801672A-6222-4B57-8DAD-11E91FC13604} URL = http://search.us.com/serp?guid={5EA3440B-8DC8-4DBC-8E1B-ED4766039B73}&k={searchTerms} SearchScopes: HKCU - {72CC02D0-621C-4813-BEF7-7CF378841C23} URL = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10513 SearchScopes: HKCU - {90C3BD4D-D058-49A4-878D-83D5ECEF8B82} URL = http://search.us.com/serp?guid={E136845C-F9C5-4876-A67C-8D5AEEC74F25}&k={searchTerms} DPF: HKLM-x32 {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\As\AppData\Roaming\Mozilla\Firefox\Profiles\tjiri1hx.default FF user.js: detected! => C:\Users\As\AppData\Roaming\Mozilla\Firefox\Profiles\tjiri1hx.default\user.js FF NewTab: user_pref("browser.newtab.url", ""); FF DefaultSearchEngine: Search.us.com FF Keyword.URL: hxxp://search.us.com/serp?guid={E136845C-F9C5-4876-A67C-8D5AEEC74F25}&k= FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wolnelektury-pl.xml FF Extension: albrechto - C:\Users\As\AppData\Roaming\Mozilla\Firefox\Profiles\tjiri1hx.default\Extensions\firefox@albrechto.co.xpi ==================== Services (Whitelisted) ================= R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [6254152 2013-10-20] (COMODO) R3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [164056 2013-09-24] (COMODO) R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2098880 2013-11-11] () ==================== Drivers (Whitelisted) ==================== R3 AtcL001; C:\Windows\System32\DRIVERS\l160x64.sys [58368 2009-06-25] (Atheros Communications, Inc.) R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [23168 2013-09-24] (COMODO) R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [709144 2013-11-14] (COMODO) R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [48872 2013-09-24] (COMODO) R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [96800 2013-09-24] (COMODO) R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] () S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] () R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] () S0 vqdtrh; No ImagePath ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-01-04 17:52 - 2014-01-04 17:52 - 00006658 _____ C:\Users\As\Downloads\FRST.txt 2014-01-04 17:51 - 2014-01-04 17:51 - 00000000 ____D C:\FRST 2014-01-04 17:49 - 2014-01-04 17:49 - 01931368 _____ (Farbar) C:\Users\As\Downloads\FRST64.exe 2014-01-04 17:46 - 2014-01-04 17:46 - 00006616 _____ C:\Users\As\Documents\cc_20140104_174636.reg 2014-01-03 18:03 - 2014-01-03 18:03 - 00000000 ____D C:\Users\Mam\Documents\Ashampoo Burning Studio FREE 2014-01-03 18:03 - 2014-01-03 18:03 - 00000000 ____D C:\Users\Mam\AppData\Roaming\Ashampoo 2014-01-03 17:58 - 2014-01-03 17:58 - 00009944 _____ C:\Users\As\Documents\HitmanPro_20140103_1757.log 2014-01-03 17:55 - 2014-01-03 17:55 - 00145704 _____ (SurfRight B.V.) C:\Windows\system32\LnkProtect.dll 2014-01-03 17:54 - 2014-01-03 17:58 - 00000000 ____D C:\ProgramData\HitmanPro 2014-01-03 17:53 - 2014-01-03 17:53 - 10264904 _____ (SurfRight B.V.) C:\Users\Ja\Downloads\HitmanPro_x64.exe 2013-12-29 16:15 - 2013-12-29 16:15 - 00000204 _____ C:\Users\Ja\Desktop\MagicISO Serial.txt 2013-12-29 16:08 - 2013-12-29 16:08 - 00001799 _____ C:\Users\UpdatusUser\Desktop\MagicISO.lnk 2013-12-29 16:08 - 2013-12-29 16:08 - 00001799 _____ C:\Users\Mam\Desktop\MagicISO.lnk 2013-12-29 16:08 - 2013-12-29 16:08 - 00001799 _____ C:\Users\Ja\Desktop\MagicISO.lnk 2013-12-29 16:08 - 2013-12-29 16:08 - 00001799 _____ C:\Users\As\Desktop\MagicISO.lnk 2013-12-29 16:08 - 2013-12-29 16:08 - 00000000 ____D C:\Users\As\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MagicISO 2013-12-29 16:08 - 2013-12-29 16:08 - 00000000 ____D C:\Program Files (x86)\MagicISO 2013-12-29 16:07 - 2013-12-29 16:07 - 03067400 _____ C:\Users\Ja\Downloads\Setup_MagicISO.exe 2013-12-28 17:49 - 2013-12-28 17:44 - 00347440 _____ (Microsoft Corporation) C:\Users\As\Desktop\MicrosoftFixit-portable.exe 2013-12-25 18:17 - 2013-12-25 18:17 - 00000000 ____D C:\Users\Ja\dwhelper 2013-12-25 17:55 - 2009-07-14 01:00 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\beep.sys_old 2013-12-25 17:54 - 2014-01-03 16:57 - 00000000 ____D C:\Users\Ja\Desktop\CLT 2013-12-23 12:23 - 2013-12-25 17:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-12-22 12:07 - 2013-12-22 12:07 - 00000040 _____ C:\Users\Ja\Desktop\SHA wzór.txt 2013-12-22 11:43 - 2013-12-22 11:58 - 1073741824 _____ C:\Users\Ja\Downloads\W7.part3.rar 2013-12-22 11:43 - 2013-12-22 11:44 - 08964135 _____ C:\Users\Ja\Downloads\W7.part4.rar 2013-12-22 11:16 - 2013-12-22 11:37 - 1073741824 _____ C:\Users\Ja\Downloads\W7.part2.rar 2013-12-22 11:14 - 2013-12-22 11:43 - 1073741824 _____ C:\Users\Ja\Downloads\W7.part1.rar 2013-12-21 18:22 - 2013-12-21 18:23 - 04235184 _____ (EZB Systems, Inc. ) C:\Users\Ja\Downloads\uiso9_pe.exe 2013-12-20 11:47 - 2013-12-20 11:47 - 05197469 _____ (Glorylogic ) C:\Users\Ja\Downloads\isoworkshop.exe 2013-12-18 19:28 - 2013-12-18 19:30 - 00000000 ____D C:\Program Files\Mouse 2013-12-18 19:25 - 2008-02-13 16:20 - 00017920 _____ (A4Tech Co.,Ltd.) C:\Windows\system32\Drivers\Amusbx64.sys 2013-12-18 19:25 - 2007-10-15 11:41 - 00012288 _____ ((Standard mouse types)) C:\Windows\system32\Drivers\Arfumx64.sys 2013-12-18 19:25 - 2007-10-15 11:39 - 00021504 _____ ((Standard mouse types)) C:\Windows\system32\Drivers\Amps2x64.sys 2013-12-18 19:25 - 2007-10-15 11:37 - 00012288 _____ ((Standard mouse types)) C:\Windows\system32\Drivers\Amfltx64.sys 2013-12-18 19:25 - 2007-04-07 19:22 - 00032768 _____ C:\Windows\SysWOW64\Amhooker.dll 2013-12-18 19:24 - 2013-12-18 19:24 - 00000000 ____D C:\Users\As\AppData\Roaming\WinRAR 2013-12-18 19:23 - 2013-12-18 19:23 - 00002019 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk 2013-12-18 19:23 - 2013-12-18 19:23 - 00000000 ____D C:\Program Files (x86)\Adobe 2013-12-15 16:05 - 2013-12-15 16:05 - 00009458 _____ C:\Users\As\Documents\cc_20131215_160517.reg 2013-12-15 15:59 - 2013-12-15 15:59 - 00003158 _____ C:\Windows\System32\Tasks\{476214C9-F99D-4C1B-A18B-782D0A24978C} 2013-12-11 11:35 - 2013-12-11 11:35 - 00000017 _____ C:\Users\Ja\AppData\Local\resmon.resmoncfg 2013-12-06 16:01 - 2013-12-06 16:01 - 00000000 ____D C:\Users\As\AppData\Local\GHISLER 2013-12-06 16:00 - 2013-12-06 16:00 - 00000000 ____D C:\Users\Ja\AppData\Local\GHISLER ==================== One Month Modified Files and Folders ======= 2014-01-04 17:52 - 2014-01-04 17:52 - 00006658 _____ C:\Users\As\Downloads\FRST.txt 2014-01-04 17:51 - 2014-01-04 17:51 - 00000000 ____D C:\FRST 2014-01-04 17:50 - 2013-11-27 17:47 - 00000000 ____D C:\Users\As\AppData\Roaming\Skype 2014-01-04 17:49 - 2014-01-04 17:49 - 01931368 _____ (Farbar) C:\Users\As\Downloads\FRST64.exe 2014-01-04 17:46 - 2014-01-04 17:46 - 00006616 _____ C:\Users\As\Documents\cc_20140104_174636.reg 2014-01-04 17:45 - 2013-11-28 16:38 - 13636270 _____ C:\Windows\system32\Drivers\fvstore.dat 2014-01-04 17:44 - 2013-11-27 16:41 - 01474832 _____ C:\Windows\system32\Drivers\sfi.dat 2014-01-04 17:43 - 2013-11-27 16:14 - 00000000 ___RD C:\Users\As\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-01-04 17:39 - 2013-11-28 11:20 - 00000000 ____D C:\Users\Ja\AppData\Roaming\Skype 2014-01-04 17:34 - 2013-11-27 17:54 - 00000000 ____D C:\Users\Mam\AppData\Roaming\Skype 2014-01-04 15:59 - 2013-11-27 16:15 - 00360225 ____N C:\Windows\WindowsUpdate.log 2014-01-04 15:52 - 2009-07-14 05:45 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-01-04 15:52 - 2009-07-14 05:45 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-01-04 15:51 - 2009-07-14 18:55 - 00687590 _____ C:\Windows\system32\perfh015.dat 2014-01-04 15:51 - 2009-07-14 18:55 - 00131176 _____ C:\Windows\system32\perfc015.dat 2014-01-04 15:51 - 2009-07-14 06:13 - 01523412 _____ C:\Windows\system32\PerfStringBackup.INI 2014-01-04 15:44 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2014-01-03 18:03 - 2014-01-03 18:03 - 00000000 ____D C:\Users\Mam\Documents\Ashampoo Burning Studio FREE 2014-01-03 18:03 - 2014-01-03 18:03 - 00000000 ____D C:\Users\Mam\AppData\Roaming\Ashampoo 2014-01-03 17:58 - 2014-01-03 17:58 - 00009944 _____ C:\Users\As\Documents\HitmanPro_20140103_1757.log 2014-01-03 17:58 - 2014-01-03 17:54 - 00000000 ____D C:\ProgramData\HitmanPro 2014-01-03 17:55 - 2014-01-03 17:55 - 00145704 _____ (SurfRight B.V.) C:\Windows\system32\LnkProtect.dll 2014-01-03 17:53 - 2014-01-03 17:53 - 10264904 _____ (SurfRight B.V.) C:\Users\Ja\Downloads\HitmanPro_x64.exe 2014-01-03 16:57 - 2013-12-25 17:54 - 00000000 ____D C:\Users\Ja\Desktop\CLT 2014-01-02 18:29 - 2013-11-27 16:40 - 00000000 ___SD C:\ProgramData\Shared Space 2014-01-02 12:14 - 2013-11-28 11:24 - 00000000 ____D C:\Users\Ja\AppData\Roaming\Adobe 2013-12-29 16:15 - 2013-12-29 16:15 - 00000204 _____ C:\Users\Ja\Desktop\MagicISO Serial.txt 2013-12-29 16:08 - 2013-12-29 16:08 - 00001799 _____ C:\Users\UpdatusUser\Desktop\MagicISO.lnk 2013-12-29 16:08 - 2013-12-29 16:08 - 00001799 _____ C:\Users\Mam\Desktop\MagicISO.lnk 2013-12-29 16:08 - 2013-12-29 16:08 - 00001799 _____ C:\Users\Ja\Desktop\MagicISO.lnk 2013-12-29 16:08 - 2013-12-29 16:08 - 00001799 _____ C:\Users\As\Desktop\MagicISO.lnk 2013-12-29 16:08 - 2013-12-29 16:08 - 00000000 ____D C:\Users\As\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MagicISO 2013-12-29 16:08 - 2013-12-29 16:08 - 00000000 ____D C:\Program Files (x86)\MagicISO 2013-12-29 16:07 - 2013-12-29 16:07 - 03067400 _____ C:\Users\Ja\Downloads\Setup_MagicISO.exe 2013-12-28 17:44 - 2013-12-28 17:49 - 00347440 _____ (Microsoft Corporation) C:\Users\As\Desktop\MicrosoftFixit-portable.exe 2013-12-26 18:06 - 2013-11-27 16:40 - 00000000 ____D C:\ProgramData\Comodo 2013-12-25 18:17 - 2013-12-25 18:17 - 00000000 ____D C:\Users\Ja\dwhelper 2013-12-25 18:17 - 2013-11-28 11:19 - 00000000 ____D C:\Users\Ja 2013-12-25 17:55 - 2013-12-23 12:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-12-25 17:55 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system 2013-12-23 15:20 - 2013-11-27 16:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-12-23 12:22 - 2013-11-28 15:39 - 00000000 ____D C:\ProgramData\Adobe 2013-12-23 12:22 - 2013-11-27 16:36 - 00000000 ____D C:\Users\As\AppData\Local\Mozilla 2013-12-22 12:07 - 2013-12-22 12:07 - 00000040 _____ C:\Users\Ja\Desktop\SHA wzór.txt 2013-12-22 11:58 - 2013-12-22 11:43 - 1073741824 _____ C:\Users\Ja\Downloads\W7.part3.rar 2013-12-22 11:44 - 2013-12-22 11:43 - 08964135 _____ C:\Users\Ja\Downloads\W7.part4.rar 2013-12-22 11:43 - 2013-12-22 11:14 - 1073741824 _____ C:\Users\Ja\Downloads\W7.part1.rar 2013-12-22 11:37 - 2013-12-22 11:16 - 1073741824 _____ C:\Users\Ja\Downloads\W7.part2.rar 2013-12-21 18:23 - 2013-12-21 18:22 - 04235184 _____ (EZB Systems, Inc. ) C:\Users\Ja\Downloads\uiso9_pe.exe 2013-12-21 13:42 - 2013-11-27 17:56 - 00000000 ____D C:\Users\Mam\AppData\Local\Mozilla 2013-12-20 11:47 - 2013-12-20 11:47 - 05197469 _____ (Glorylogic ) C:\Users\Ja\Downloads\isoworkshop.exe 2013-12-18 19:30 - 2013-12-18 19:28 - 00000000 ____D C:\Program Files\Mouse 2013-12-18 19:24 - 2013-12-18 19:24 - 00000000 ____D C:\Users\As\AppData\Roaming\WinRAR 2013-12-18 19:24 - 2013-11-27 18:03 - 00000000 ____D C:\Users\As\AppData\Roaming\Adobe 2013-12-18 19:23 - 2013-12-18 19:23 - 00002019 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk 2013-12-18 19:23 - 2013-12-18 19:23 - 00000000 ____D C:\Program Files (x86)\Adobe 2013-12-18 19:22 - 2013-11-27 18:01 - 00000000 ____D C:\Users\As\AppData\Local\Adobe 2013-12-15 16:05 - 2013-12-15 16:05 - 00009458 _____ C:\Users\As\Documents\cc_20131215_160517.reg 2013-12-15 16:04 - 2013-11-28 15:26 - 00000000 ____D C:\Users\As\AppData\Roaming\AIMP3 2013-12-15 16:04 - 2013-11-28 10:37 - 00000000 ____D C:\Windows\Minidump 2013-12-15 16:04 - 2013-11-27 16:07 - 00000000 ____D C:\Windows\Panther 2013-12-15 15:59 - 2013-12-15 15:59 - 00003158 _____ C:\Windows\System32\Tasks\{476214C9-F99D-4C1B-A18B-782D0A24978C} 2013-12-15 15:57 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD 2013-12-14 15:30 - 2013-11-27 18:01 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-12-14 15:30 - 2013-11-27 18:01 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-12-11 11:35 - 2013-12-11 11:35 - 00000017 _____ C:\Users\Ja\AppData\Local\resmon.resmoncfg 2013-12-09 16:12 - 2013-11-27 16:51 - 00000000 ____D C:\Users\As\AppData\Roaming\Comodo 2013-12-08 11:18 - 2009-07-14 19:09 - 00000000 ___RD C:\Users\Public\Recorded TV 2013-12-08 11:18 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Public\Libraries 2013-12-06 16:01 - 2013-12-06 16:01 - 00000000 ____D C:\Users\As\AppData\Local\GHISLER 2013-12-06 16:01 - 2013-11-28 15:45 - 00000000 ____D C:\Program Files\totalcmd 2013-12-06 16:00 - 2013-12-06 16:00 - 00000000 ____D C:\Users\Ja\AppData\Local\GHISLER Some content of TEMP: ==================== C:\Users\Mam\AppData\Local\Temp\fp_pl_pfs_installer.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-01-02 16:44 ==================== End Of Log ============================