Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-01-2014 02 Ran by Grześ (administrator) on GRZEŚ-KOMPUTER on 26-01-2014 15:58:36 Running from C:\Users\Grześ\Desktop\Antywirusy Windows 7 Ultimate Service Pack 1 (X64) OS Language: Polish Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\stacsv64.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe () C:\Program Files (x86)\Common Files\PERI Software Shared\Service\ElposServiceFile.exe () C:\ProgramData\DatacardService\HWDeviceService64.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe () C:\ProgramData\PLAY ONLINE\OnlineUpdate\ouc.exe () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (CyberLink) C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe (CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe (Akamai Technologies, Inc.) C:\Users\Grześ\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) C:\Users\Grześ\AppData\Local\Akamai\netsession_win.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (Autodesk, Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe (Opera Software) C:\Program Files (x86)\Opera\18.0.1284.68\opera.exe () C:\Program Files (x86)\Opera\18.0.1284.68\opera_crashreporter.exe (Opera Software) C:\Program Files (x86)\Opera\18.0.1284.68\opera.exe (Opera Software) C:\Program Files (x86)\Opera\18.0.1284.68\opera.exe (Opera Software) C:\Program Files (x86)\Opera\18.0.1284.68\opera.exe (Opera Software) C:\Program Files (x86)\Opera\18.0.1284.68\opera.exe (Opera Software) C:\Program Files (x86)\Opera\18.0.1284.68\opera.exe (Opera Software) C:\Program Files (x86)\Opera\18.0.1284.68\opera.exe (Opera Software) C:\Program Files (x86)\Opera\18.0.1284.68\opera.exe (Opera Software) C:\Program Files (x86)\Opera\18.0.1284.68\opera.exe (Opera Software) C:\Program Files (x86)\Opera\18.0.1284.68\opera.exe (Opera Software) C:\Program Files (x86)\Opera\18.0.1284.68\opera.exe (Opera Software) C:\Program Files (x86)\Opera\18.0.1284.68\opera.exe (Opera Software) C:\Program Files (x86)\Opera\18.0.1284.68\opera.exe (Opera Software) C:\Program Files (x86)\Opera\18.0.1284.68\opera.exe (Opera Software) C:\Program Files (x86)\Opera\18.0.1284.68\opera.exe (Opera Software) C:\Program Files (x86)\Opera\18.0.1284.68\opera.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe (Opera Software) C:\Program Files (x86)\Opera\18.0.1284.68\opera.exe (Opera Software) C:\Program Files (x86)\Opera\18.0.1284.68\opera.exe (Ghisler Software GmbH) C:\totalcmd\TOTALCMD64.EXE (Opera Software) C:\Program Files (x86)\Opera\18.0.1284.68\opera.exe (Opera Software) C:\Program Files (x86)\Opera\18.0.1284.68\opera.exe (Opera Software) C:\Program Files (x86)\Opera\18.0.1284.68\opera.exe (Opera Software) C:\Program Files (x86)\Opera\18.0.1284.68\opera.exe (Opera Software) C:\Program Files (x86)\Opera\18.0.1284.68\opera.exe (Opera Software) C:\Program Files (x86)\Opera\18.0.1284.68\opera.exe (Opera Software) C:\Program Files (x86)\Opera\18.0.1284.68\opera.exe ==================== Registry (Whitelisted) ================== HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2013-06-26] (RealNetworks, Inc.) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [ADSK DLMSession] - C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe [1641368 2013-02-01] (Autodesk, Inc.) HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2013-12-27] (AVAST Software) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.) HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-01-14] (Hewlett-Packard) HKCU\...\Run: [ccleaner] - C:\Program Files\CCleaner\CCleaner64.exe [6025496 2013-03-25] (Piriform Ltd) HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Grześ\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.) HKCU\...\Run: [ChomikBox] - C:\Program Files (x86)\ChomikBox\chomikbox.exe [5979648 2012-11-19] ( ) HKCU\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.) HKCU\...\Run: [AppleIEDAV] - C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1326408 2013-11-15] (Apple Inc.) HKCU\...\Policies\Explorer: [] MountPoints2: {0f36ca3b-bd00-11e1-832d-001e101f82a0} - E:\AutoRun.exe MountPoints2: {50368412-b08e-11e1-864e-0027133b2cd4} - E:\AutoRun.exe MountPoints2: {5fbf203d-ad66-11e1-9794-0027133b2cd4} - G:\AutoRun.exe MountPoints2: {6c6ce16c-cdce-11e2-ab8c-0027133b2cd4} - F:\Autorun.exe MountPoints2: {ce251a98-b0a5-11e1-a1fd-0027133b2cd4} - E:\AutoRun.exe HKU\Default\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1715768 2010-09-28] (Hewlett-Packard) HKU\Default User\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1715768 2010-09-28] (Hewlett-Packard) HKU\TEMP\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1715768 2010-09-28] (Hewlett-Packard) HKU\UpdatusUser\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1715768 2010-09-28] (Hewlett-Packard) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.pl/ HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKLM-x32 - {6690D530-C092-B39A-2873-75EF78EE0F01} URL = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10005&barid={746BC366-EF90-11E1-8BC8-0027133B2CD4} SearchScopes: HKCU - {6690D530-C092-B39A-2873-75EF78EE0F01} URL = https://isearch.avg.com/search?cid={ADE11D00-A148-4797-BF83-081CE5D58486}&mid=742f8ff3f04747d0a1e0d16e55dfc527-5285be68680837480636019b7212dba186569e4b&lang=pl&ds=xn011&pr=sa&d=2012-10-16 23:06:04&v=13.0.0.7&sap=dsp&q={searchTerms} SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard) BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 62.179.1.63 62.179.1.62 Tcpip\..\Interfaces\{151A8FF0-DC5A-49EE-A61A-C83EBFF60488}: [NameServer]89.108.202.20 89.108.195.20 Tcpip\..\Interfaces\{30DDE8B7-9802-4B42-BCAD-9ABD8FB81450}: [NameServer]89.108.202.20 89.108.195.20 Chrome: ======= CHR HomePage: hxxp://www.google.com CHR RestoreOnStartup: "hxxp://www.google.com" CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll No File CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer) CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) CHR Plugin: (RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) CHR Plugin: (RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File CHR Extension: (Dokumenty Google) - C:\Users\Grześ\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-03-06] CHR Extension: (Dysk Google) - C:\Users\Grześ\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-03-06] CHR Extension: (YouTube) - C:\Users\Grześ\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-03-06] CHR Extension: (Szukaj w Google) - C:\Users\Grześ\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-06] CHR Extension: (Flash Player) - C:\Users\Grześ\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdfefplnnlhbkhiblpnnmkphejpmjodf [2013-09-01] CHR Extension: (RealDownloader) - C:\Users\Grześ\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-03-06] CHR Extension: (Chrome In-App Payments service) - C:\Users\Grześ\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-11] CHR Extension: (Gmail) - C:\Users\Grześ\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-06] CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2012-11-29] ==================== Services (Whitelisted) ================= R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation) R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-12-27] (AVAST Software) R2 Elpos Service; C:\Program Files (x86)\Common Files\PERI Software Shared\Service\ElposServiceFile.exe [68096 2013-06-06] () R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] () R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH) R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH) S2 PLAY ONLINE. RunOuc; C:\Program Files (x86)\PLAY ONLINE\UpdateDog\ouc.exe [246112 2012-06-03] () R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] () R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\STacSV64.exe [247808 2010-03-23] (IDT, Inc.) S2 vToolbarUpdater13.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [x] ==================== Drivers (Whitelisted) ==================== R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2013-12-27] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-11-19] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-11-19] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1034464 2013-12-27] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [422216 2013-12-27] (AVAST Software) R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [79672 2013-12-27] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2013-12-27] () R3 AVerAF15; C:\Windows\System32\Drivers\AVerAF15.sys [311424 2009-05-22] (AVerMedia TECHNOLOGIES, Inc.) R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [30568 2012-11-08] (AVG Technologies) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-06-06] (DT Soft Ltd) S2 Kmm4xNT; C:\Windows\SysWow64\Drivers\Kmm4xNT.sys [95484 2002-04-26] (DATOM Dariusz Cielebąk) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) U3 Sffpvertgrw; No ImagePath R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2009-09-09] (CyberLink Corp.) S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x] S3 tsusbhub; system32\drivers\tsusbhub.sys [x] S3 VGPU; System32\drivers\rdvgkmd.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-01-26 15:58 - 2014-01-26 15:58 - 00000000 ____D C:\FRST 2014-01-26 14:19 - 2014-01-26 14:19 - 00003154 _____ C:\Windows\System32\Tasks\{0244333C-5AFB-445A-8852-E190E3E0FB2A} 2014-01-26 14:18 - 2014-01-26 14:18 - 00132597 _____ C:\Users\Grześ\Downloads\Flash_Disinfector.exe 2014-01-26 12:42 - 2014-01-26 12:43 - 02791327 _____ C:\Users\Grześ\Downloads\materiayzebu.zip 2014-01-26 08:48 - 2014-01-26 08:48 - 00200900 _____ C:\Windows\msxml4-KB954430-enu.LOG 2014-01-25 19:17 - 2014-01-26 13:05 - 01016751 _____ C:\Users\Grześ\Desktop\Rysunek1_recover.bak 2014-01-25 18:43 - 2014-01-25 18:43 - 00000000 ____D C:\ProgramData\Doctor Web 2014-01-25 18:36 - 2014-01-25 18:36 - 00666648 _____ C:\Users\Grześ\Downloads\Dr.WEB-CureIt(12976).exe 2014-01-24 19:55 - 2014-01-24 19:55 - 00000000 ____D C:\Users\Grześ\Desktop\Nowy folder2 2014-01-23 12:25 - 2014-01-26 15:22 - 00759095 _____ C:\Users\Grześ\Desktop\Rysunek1_recover.dwg 2014-01-20 21:40 - 2014-01-20 21:40 - 00000200 ____H C:\Users\Grześ\Documents\Rysunek1.dwl2 2014-01-20 21:40 - 2014-01-20 21:40 - 00000048 ____H C:\Users\Grześ\Documents\Rysunek1.dwl 2014-01-20 20:14 - 2014-01-20 20:15 - 06207534 _____ C:\Users\Grześ\Downloads\wytrz_mat.pptx 2014-01-19 11:26 - 2014-01-19 11:26 - 00000090 _____ C:\Users\Grześ\Downloads\Historia transferow zetonow.txt 2014-01-17 20:52 - 2014-01-17 20:52 - 01763328 _____ C:\Users\Grześ\Desktop\Grzegorz Wiącek - plyta.rtd 2014-01-17 20:24 - 2014-01-17 20:25 - 00413597 _____ C:\Users\Grześ\Downloads\solver zadania z lab + rozwiązanie.zip 2014-01-17 15:03 - 2014-01-17 14:52 - 00872448 _____ C:\Users\Grześ\Desktop\dach.bak 2014-01-17 14:52 - 2014-01-17 15:03 - 01933312 _____ C:\Users\Grześ\Desktop\dach.rtd 2014-01-17 14:28 - 2014-01-17 14:40 - 01265664 _____ C:\Users\Grześ\Downloads\dach.rtd 2014-01-16 09:20 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2014-01-16 09:20 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2014-01-16 09:20 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys 2014-01-16 09:20 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2014-01-16 09:20 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2014-01-16 09:20 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys 2014-01-16 09:20 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2014-01-16 09:20 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2014-01-16 09:20 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-01-12 14:58 - 2014-01-12 14:58 - 00401736 _____ (Softonic ) C:\Users\Grześ\Downloads\SoftonicDownloader_dla_microsoft-project.exe 2014-01-12 13:50 - 2014-01-12 12:38 - 02834944 _____ C:\Users\Grześ\Desktop\Piotr Maks.bak 2014-01-12 13:05 - 2014-01-16 22:55 - 02379776 _____ C:\Users\Grześ\Desktop\Konstrukcja.bak 2014-01-12 12:57 - 2014-01-17 14:40 - 02371584 _____ C:\Users\Grześ\Desktop\Grzegorz Wiącek - więźba.rtd 2014-01-12 12:38 - 2014-01-12 13:50 - 02809344 _____ C:\Users\Grześ\Desktop\Piotr Maks.rtd 2014-01-12 12:26 - 2014-01-12 12:26 - 00507074 _____ C:\Users\Grześ\Downloads\CRACK.zip 2014-01-12 12:22 - 2014-01-12 12:22 - 01409024 _____ C:\Users\Grześ\Downloads\Konstrukcja.rtd 2014-01-09 19:13 - 2014-01-09 19:13 - 00097040 _____ C:\Users\Grześ\Downloads\egzaminyWM.rar.exe 2014-01-09 18:38 - 2014-01-09 18:39 - 167765485 _____ C:\Users\Grześ\Desktop\Nowy WinRAR archive.rar 2014-01-08 23:16 - 2014-01-08 23:16 - 00000000 ____D C:\Users\Grześ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup 2014-01-07 18:48 - 2014-01-07 19:58 - 00054477 _____ C:\Users\Grześ\Desktop\gosia.dwg 2014-01-06 20:23 - 2014-01-06 20:23 - 04558848 _____ (Google Inc.) C:\Windows\SysWOW64\GPhotos.scr 2014-01-06 14:27 - 2014-01-06 14:27 - 00031156 _____ C:\Users\Grześ\Downloads\Grzegorz Wiącek B1B4N1.KST 2014-01-06 09:05 - 2014-01-26 15:58 - 01835314 _____ C:\Windows\WindowsUpdate.log 2014-01-04 12:29 - 2013-12-30 13:13 - 02791327 _____ C:\Users\Grześ\Desktop\materiayzwykadwebutematy14g_jakubowski.zip 2014-01-03 16:04 - 2014-01-03 16:04 - 01957626 _____ C:\Users\Grześ\Downloads\Algorytm zbierania obciążeń wiatrowych na ściany.pptx 2014-01-03 10:00 - 2014-01-03 10:01 - 94502650 _____ C:\Users\Grześ\Downloads\PN-EN 1995-1-12010 Eurokod 5 Projektowanie konstrukcji drewnianych Część 1-1 Postanowienia ogólne Reguły ogólne i reguły dotyczace budynków.zip 2014-01-02 17:24 - 2014-01-02 17:24 - 00401752 _____ (Softonic ) C:\Users\Grześ\Downloads\SoftonicDownloader_dla_anybizsoft-pdf-to-word.exe 2014-01-02 09:40 - 2014-01-02 09:40 - 00808384 _____ C:\Users\Grześ\Downloads\rysunek-22 (1).dwg 2014-01-02 09:39 - 2014-01-02 09:40 - 00808384 _____ C:\Users\Grześ\Downloads\rysunek-22.dwg 2014-01-02 09:39 - 2014-01-02 09:39 - 00809472 _____ C:\Users\Grześ\Downloads\rysunek-24.dwg 2014-01-02 09:39 - 2014-01-02 09:39 - 00808736 _____ C:\Users\Grześ\Downloads\rysunek-23.dwg 2014-01-02 09:34 - 2014-01-02 09:34 - 00047965 _____ C:\Users\Grześ\Downloads\282564_282565_Izolacja plyty fundamentowej - Detal.dwg 2014-01-02 09:22 - 2014-01-02 09:22 - 00136658 _____ C:\Users\Grześ\Downloads\plyta-fundamentowa.rar 2014-01-02 09:22 - 2014-01-02 09:22 - 00038489 _____ C:\Users\Grześ\Downloads\FS001.dwg 2014-01-02 09:21 - 2014-01-02 09:21 - 00071776 _____ C:\Users\Grześ\Downloads\DACH002.dwg 2014-01-02 00:17 - 2014-01-02 00:17 - 00249275 _____ C:\Users\Grześ\Downloads\466378_466380_Ocieplenie z uksztaltowaniem spadku stropodachu o konstrukcji masywnej w systemie klejonym na zimno oraz sciany dwuwarstwowej - Detal.dwg 2013-12-29 11:44 - 2013-12-29 11:44 - 00012379 _____ C:\Users\Grześ\Downloads\ARCH_front_079.dwg 2013-12-29 11:38 - 2013-12-29 11:38 - 00030892 _____ C:\Users\Grześ\Downloads\CARS_side_005.dwg 2013-12-27 20:16 - 2013-12-27 20:16 - 00079672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys 2013-12-27 08:54 - 2013-12-27 08:54 - 00903832 _____ C:\Users\Grześ\Downloads\yet_another_cleaner.exe ==================== One Month Modified Files and Folders ======= 2014-01-26 15:58 - 2014-01-26 15:58 - 00000000 ____D C:\FRST 2014-01-26 15:58 - 2014-01-06 09:05 - 01835314 _____ C:\Windows\WindowsUpdate.log 2014-01-26 15:58 - 2013-01-30 09:58 - 00000000 ____D C:\Users\Grześ\Desktop\Antywirusy 2014-01-26 15:22 - 2014-01-23 12:25 - 00759095 _____ C:\Users\Grześ\Desktop\Rysunek1_recover.dwg 2014-01-26 15:21 - 2012-11-01 23:45 - 00000000 ____D C:\Users\Grześ\AppData\Local\ChomikBox 2014-01-26 14:19 - 2014-01-26 14:19 - 00003154 _____ C:\Windows\System32\Tasks\{0244333C-5AFB-445A-8852-E190E3E0FB2A} 2014-01-26 14:18 - 2014-01-26 14:18 - 00132597 _____ C:\Users\Grześ\Downloads\Flash_Disinfector.exe 2014-01-26 14:06 - 2009-07-14 05:45 - 00017168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-01-26 14:06 - 2009-07-14 05:45 - 00017168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-01-26 13:05 - 2014-01-25 19:17 - 01016751 _____ C:\Users\Grześ\Desktop\Rysunek1_recover.bak 2014-01-26 12:43 - 2014-01-26 12:42 - 02791327 _____ C:\Users\Grześ\Downloads\materiayzebu.zip 2014-01-26 08:48 - 2014-01-26 08:48 - 00200900 _____ C:\Windows\msxml4-KB954430-enu.LOG 2014-01-26 08:41 - 2013-03-05 09:48 - 00000000 ____D C:\Users\Grześ\.gstreamer-0.10 2014-01-26 08:41 - 2012-08-01 18:29 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2014-01-26 08:38 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2014-01-25 18:43 - 2014-01-25 18:43 - 00000000 ____D C:\ProgramData\Doctor Web 2014-01-25 18:42 - 2013-12-08 20:06 - 00000000 ____D C:\Users\Grześ\Doctor Web 2014-01-25 18:40 - 2012-07-04 20:05 - 140871552 _____ C:\Users\Grześ\Downloads\launch.exe 2014-01-25 18:36 - 2014-01-25 18:36 - 00666648 _____ C:\Users\Grześ\Downloads\Dr.WEB-CureIt(12976).exe 2014-01-25 18:30 - 2009-07-14 18:55 - 01466358 _____ C:\Windows\system32\perfh015.dat 2014-01-25 18:30 - 2009-07-14 18:55 - 00406948 _____ C:\Windows\system32\perfc015.dat 2014-01-25 18:30 - 2009-07-14 06:13 - 00006264 _____ C:\Windows\system32\PerfStringBackup.INI 2014-01-24 19:55 - 2014-01-24 19:55 - 00000000 ____D C:\Users\Grześ\Desktop\Nowy folder2 2014-01-23 20:20 - 2012-06-07 12:02 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt 2014-01-23 20:20 - 2012-05-30 19:44 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log 2014-01-22 07:23 - 2013-12-04 17:39 - 00003218 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-652464747-3625734179-45599384-1001 2014-01-22 07:23 - 2013-12-04 17:38 - 00003352 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-652464747-3625734179-45599384-1001 2014-01-20 21:40 - 2014-01-20 21:40 - 00000200 ____H C:\Users\Grześ\Documents\Rysunek1.dwl2 2014-01-20 21:40 - 2014-01-20 21:40 - 00000048 ____H C:\Users\Grześ\Documents\Rysunek1.dwl 2014-01-20 20:15 - 2014-01-20 20:14 - 06207534 _____ C:\Users\Grześ\Downloads\wytrz_mat.pptx 2014-01-19 11:26 - 2014-01-19 11:26 - 00000090 _____ C:\Users\Grześ\Downloads\Historia transferow zetonow.txt 2014-01-17 20:52 - 2014-01-17 20:52 - 01763328 _____ C:\Users\Grześ\Desktop\Grzegorz Wiącek - plyta.rtd 2014-01-17 20:25 - 2014-01-17 20:24 - 00413597 _____ C:\Users\Grześ\Downloads\solver zadania z lab + rozwiązanie.zip 2014-01-17 15:03 - 2014-01-17 14:52 - 01933312 _____ C:\Users\Grześ\Desktop\dach.rtd 2014-01-17 14:52 - 2014-01-17 15:03 - 00872448 _____ C:\Users\Grześ\Desktop\dach.bak 2014-01-17 14:40 - 2014-01-17 14:28 - 01265664 _____ C:\Users\Grześ\Downloads\dach.rtd 2014-01-17 14:40 - 2014-01-12 12:57 - 02371584 _____ C:\Users\Grześ\Desktop\Grzegorz Wiącek - więźba.rtd 2014-01-17 14:19 - 2012-05-30 20:17 - 00000000 ____D C:\ProgramData\Microsoft Help 2014-01-17 13:54 - 2009-07-14 05:45 - 00502168 _____ C:\Windows\system32\FNTCACHE.DAT 2014-01-16 23:31 - 2013-07-31 23:29 - 00000000 ____D C:\Windows\system32\MRT 2014-01-16 23:29 - 2012-06-07 15:53 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-01-16 23:18 - 2013-11-13 18:30 - 00000000 ____D C:\Pakiet SPECBUD 2014-01-16 22:55 - 2014-01-12 13:05 - 02379776 _____ C:\Users\Grześ\Desktop\Konstrukcja.bak 2014-01-12 14:58 - 2014-01-12 14:58 - 00401736 _____ (Softonic ) C:\Users\Grześ\Downloads\SoftonicDownloader_dla_microsoft-project.exe 2014-01-12 13:50 - 2014-01-12 12:38 - 02809344 _____ C:\Users\Grześ\Desktop\Piotr Maks.rtd 2014-01-12 12:38 - 2014-01-12 13:50 - 02834944 _____ C:\Users\Grześ\Desktop\Piotr Maks.bak 2014-01-12 12:26 - 2014-01-12 12:26 - 00507074 _____ C:\Users\Grześ\Downloads\CRACK.zip 2014-01-12 12:22 - 2014-01-12 12:22 - 01409024 _____ C:\Users\Grześ\Downloads\Konstrukcja.rtd 2014-01-09 19:13 - 2014-01-09 19:13 - 00097040 _____ C:\Users\Grześ\Downloads\egzaminyWM.rar.exe 2014-01-09 18:39 - 2014-01-09 18:38 - 167765485 _____ C:\Users\Grześ\Desktop\Nowy WinRAR archive.rar 2014-01-08 23:16 - 2014-01-08 23:16 - 00000000 ____D C:\Users\Grześ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup 2014-01-07 19:58 - 2014-01-07 18:48 - 00054477 _____ C:\Users\Grześ\Desktop\gosia.dwg 2014-01-06 20:23 - 2014-01-06 20:23 - 04558848 _____ (Google Inc.) C:\Windows\SysWOW64\GPhotos.scr 2014-01-06 14:27 - 2014-01-06 14:27 - 00031156 _____ C:\Users\Grześ\Downloads\Grzegorz Wiącek B1B4N1.KST 2014-01-05 20:58 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD 2014-01-05 15:51 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\system32\FxsTmp 2014-01-03 16:04 - 2014-01-03 16:04 - 01957626 _____ C:\Users\Grześ\Downloads\Algorytm zbierania obciążeń wiatrowych na ściany.pptx 2014-01-03 10:35 - 2013-04-14 19:01 - 00006242 _____ C:\Users\Grześ\Documents\plot.log 2014-01-03 10:01 - 2014-01-03 10:00 - 94502650 _____ C:\Users\Grześ\Downloads\PN-EN 1995-1-12010 Eurokod 5 Projektowanie konstrukcji drewnianych Część 1-1 Postanowienia ogólne Reguły ogólne i reguły dotyczace budynków.zip 2014-01-02 17:24 - 2014-01-02 17:24 - 00401752 _____ (Softonic ) C:\Users\Grześ\Downloads\SoftonicDownloader_dla_anybizsoft-pdf-to-word.exe 2014-01-02 09:40 - 2014-01-02 09:40 - 00808384 _____ C:\Users\Grześ\Downloads\rysunek-22 (1).dwg 2014-01-02 09:40 - 2014-01-02 09:39 - 00808384 _____ C:\Users\Grześ\Downloads\rysunek-22.dwg 2014-01-02 09:39 - 2014-01-02 09:39 - 00809472 _____ C:\Users\Grześ\Downloads\rysunek-24.dwg 2014-01-02 09:39 - 2014-01-02 09:39 - 00808736 _____ C:\Users\Grześ\Downloads\rysunek-23.dwg 2014-01-02 09:34 - 2014-01-02 09:34 - 00047965 _____ C:\Users\Grześ\Downloads\282564_282565_Izolacja plyty fundamentowej - Detal.dwg 2014-01-02 09:22 - 2014-01-02 09:22 - 00136658 _____ C:\Users\Grześ\Downloads\plyta-fundamentowa.rar 2014-01-02 09:22 - 2014-01-02 09:22 - 00038489 _____ C:\Users\Grześ\Downloads\FS001.dwg 2014-01-02 09:21 - 2014-01-02 09:21 - 00071776 _____ C:\Users\Grześ\Downloads\DACH002.dwg 2014-01-02 00:17 - 2014-01-02 00:17 - 00249275 _____ C:\Users\Grześ\Downloads\466378_466380_Ocieplenie z uksztaltowaniem spadku stropodachu o konstrukcji masywnej w systemie klejonym na zimno oraz sciany dwuwarstwowej - Detal.dwg 2013-12-31 09:26 - 2013-03-05 17:13 - 00000000 ____D C:\Users\Grześ\AppData\Roaming\Apple Computer 2013-12-31 09:24 - 2012-12-30 16:45 - 00000000 ____D C:\Users\Grześ\AppData\Local\Apple 2013-12-31 09:07 - 2012-12-30 16:45 - 00000000 ____D C:\Users\Grześ\AppData\Local\Apple Computer 2013-12-30 13:13 - 2014-01-04 12:29 - 02791327 _____ C:\Users\Grześ\Desktop\materiayzwykadwebutematy14g_jakubowski.zip 2013-12-29 11:44 - 2013-12-29 11:44 - 00012379 _____ C:\Users\Grześ\Downloads\ARCH_front_079.dwg 2013-12-29 11:38 - 2013-12-29 11:38 - 00030892 _____ C:\Users\Grześ\Downloads\CARS_side_005.dwg 2013-12-27 20:16 - 2013-12-27 20:16 - 00079672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys 2013-12-27 20:16 - 2013-03-13 20:52 - 00207904 _____ C:\Windows\system32\Drivers\aswVmm.sys 2013-12-27 20:16 - 2012-05-30 23:27 - 01034464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2013-12-27 20:16 - 2012-05-30 23:27 - 00422216 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2013-12-27 20:16 - 2012-05-30 23:27 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2013-12-27 20:16 - 2012-05-30 23:27 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2013-12-27 20:16 - 2012-05-30 23:25 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2013-12-27 08:54 - 2013-12-27 08:54 - 00903832 _____ C:\Users\Grześ\Downloads\yet_another_cleaner.exe Some content of TEMP: ==================== C:\Users\Grześ\AppData\Local\Temp\nircmd.exe C:\Users\Grześ\AppData\Local\Temp\pv.exe C:\Users\Grześ\AppData\Local\Temp\vfind.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-01-19 14:48 ==================== End Of Log ============================