Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-04-2014 02 Ran by Kamil (administrator) on Kamil-Komputer on 21-04-2014 16:22:50 Running from C:\Users\Kamil\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: Polish Internet Explorer Version 10 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE (Microsoft Corporation) C:\Windows\system32\WLANExt.exe (Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe () C:\Program Files\Acer\Empowering Technology\Service\ETService.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe () C:\ProgramData\MobileBrServ\mbbservice.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Realtek) C:\Program Files (x86)\OEM\Wireless LAN Driver and Utility\RtlService.exe (Realtek Semiconductor Corp.) C:\Program Files (x86)\OEM\Wireless LAN Driver and Utility\RtWlan.exe (Microsoft Corporation) C:\Windows\System32\alg.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe () C:\Program Files (x86)\screenSHU\screenSHU.exe (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe (Intel Corporation) C:\Windows\system32\igfxext.exe (Intel Corporation) C:\Windows\system32\igfxsrvc.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Egis Technology Inc.) C:\Program Files\EgisTec IPS\PMMUpdate.exe (Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12343400 2011-12-27] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-15] (Realtek Semiconductor) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2821936 2012-03-07] (ELAN Microelectronics Corp.) HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe [7138816 2012-05-23] (Broadcom Corporation) HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-07-27] (NVIDIA Corporation) HKLM\...\Run: [ePower_DMC] => C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe [486912 2008-09-23] (Acer Inc.) HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.) HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [296984 2012-01-05] (NTI Corporation) HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.) HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1105488 2012-03-23] (Dritek System Inc.) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640 2014-04-15] (AVAST Software) HKLM-x32\...\Winlogon: [Shell] explorer.exe, [2616320 ] () <=== ATTENTION Winlogon\Notify\igfxcui: C:\Windows\SYSTEM32\igfxdev.dll (Intel Corporation) HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid} HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid} HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid} HKU\S-1-5-21-3467520611-1501154299-2061691939-1001\...\Run: [screenSHU] => C:\Program Files (x86)\screenSHU\screenSHU.exe [2112000 2013-09-04] () HKU\S-1-5-21-3467520611-1501154299-2061691939-1001\...\MountPoints2: F - F:\LaunchU3.exe -a HKU\S-1-5-21-3467520611-1501154299-2061691939-1001\...\MountPoints2: G - G:\LaunchU3.exe -a HKU\S-1-5-21-3467520611-1501154299-2061691939-1001\...\MountPoints2: {25f2159c-a031-11e2-bf11-b888e305d7ad} - F:\setup.exe HKU\S-1-5-21-3467520611-1501154299-2061691939-1001\...\MountPoints2: {82028374-16c4-11e2-b31d-b888e305d7ad} - F:\LaunchU3.exe -a HKU\S-1-5-21-3467520611-1501154299-2061691939-1001\...\MountPoints2: {b07a6a2d-e989-11e2-882a-f95f796eb8da} - E:\S3\Autorun.exe AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [214448 2013-06-21] (NVIDIA Corporation) AppInit_DLLs: , C:\PROGRA~2\NVIDIA~1\NVSTRE~1\rxinput.dll => C:\Program Files (x86)\NVIDIA Corporation\NvStreamSrv\rxinput.dll [593696 2013-07-27] (NVIDIA Corporation) AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [266448 2013-06-21] (NVIDIA Corporation) AppInit_DLLs: , C:\PROGRA~1\NVIDIA~1\NVSTRE~1\rxinput.dll => C:\Program Files\NVIDIA Corporation\NvStreamSrv\rxinput.dll [653600 2013-07-27] (NVIDIA Corporation) AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [214448 2013-06-21] (NVIDIA Corporation) AppInit_DLLs-x32: , c:\progra~2\nvidia~1\nvstre~1\rxinput.dll => C:\Program Files (x86)\NVIDIA Corporation\NvStreamSrv\rxinput.dll [593696 2013-07-27] (NVIDIA Corporation) ==================== Internet (Whitelisted) ==================== StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: ALLYouTubeDownloader - {61DB16C5-B733-43F4-872E-B20DC9E72740} - C:\Program Files (x86)\ALLYouTubeDownloader\ALLYouTubeDownloader64.dll () BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: ALLYouTubeDownloader - {61DB16C5-B733-43F4-872E-B20DC9E72740} - C:\Program Files (x86)\ALLYouTubeDownloader\ALLYouTubeDownloader.dll (ALLCinema Ltd.) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: IplexToALLPlayer - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - C:\Program Files (x86)\ALLPlayer\Iplex\IplexToALLPlayer.dll (ALLCinema Ltd.) Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) Hosts: Hosts file not detected in the default directory Tcpip\Parameters: [DhcpNameServer] 88.156.222.92 82.139.8.40 95.160.170.92 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-01-29] FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK Chrome: ======= CHR HomePage: hxxp://www.google.com CHR StartupUrls: "hxxp://www.google.com" CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (Uplay PC) - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll No File CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll No File CHR Extension: (AdBlock) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-10-21] CHR Extension: (Auto HD For YouTube™) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\koiaokdomkpjdgniimnkhgbilbjgpeak [2014-02-04] CHR Extension: (Google Wallet) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-18] ==================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-15] (AVAST Software) R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2009-08-13] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-08] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [232288 2012-03-12] () R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation) S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4204272 2012-08-28] (INCA Internet Co., Ltd.) R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256536 2012-01-05] (NTI Corporation) S3 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14984480 2013-07-27] (NVIDIA Corporation) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2012-12-01] () R2 Realtek87B; C:\Program Files (x86)\OEM\Wireless LAN Driver and Utility\RtlService.exe [40960 2009-12-07] (Realtek) R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe [5824512 2012-05-23] (Broadcom Corporation) ==================== Drivers (Whitelisted) ==================== R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-15] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-15] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-15] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-04-15] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-04-15] (AVAST Software) R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [84816 2014-04-15] (AVAST Software) R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-12-19] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208928 2014-04-15] () S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [303616 2013-06-17] () S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [35328 2013-06-17] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39712 2013-05-14] (NVIDIA Corporation) S3 bcbtums; system32\drivers\bcbtums.sys [X] S3 btwampfl; \??\C:\Windows\system32\drivers\btwampfl.sys [X] S3 btwaudio; system32\drivers\btwaudio.sys [X] S3 btwavdt; system32\DRIVERS\btwavdt.sys [X] S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X] S3 btwrchid; system32\DRIVERS\btwrchid.sys [X] S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X] S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X] U3 uxdcaaog; \??\C:\Users\Kamil\AppData\Local\Temp\uxdcaaog.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-21 16:22 - 2014-04-21 16:22 - 00019186 _____ () C:\Users\Kamil\Desktop\FRST.txt 2014-04-21 16:21 - 2014-04-21 16:22 - 00000000 ____D () C:\FRST 2014-04-21 16:21 - 2014-04-21 16:21 - 02056704 _____ (Farbar) C:\Users\Kamil\Desktop\FRST64.exe 2014-04-21 16:10 - 2014-04-21 16:11 - 00120039 _____ () C:\Users\Kamil\Downloads\GMER.txt 2014-04-21 15:00 - 2014-04-21 15:00 - 00194864 _____ () C:\Users\Kamil\Downloads\Extras.Txt 2014-04-21 14:59 - 2014-04-21 14:59 - 00113096 _____ () C:\Users\Kamil\Downloads\OTL.Txt 2014-04-21 14:46 - 2014-04-21 14:46 - 00001588 _____ () C:\Windows\PFRO.log 2014-04-21 14:46 - 2014-04-21 14:46 - 00000056 _____ () C:\Windows\setupact.log 2014-04-21 14:46 - 2014-04-21 14:46 - 00000000 _____ () C:\Windows\setuperr.log 2014-04-21 14:44 - 2014-04-21 14:45 - 00623224 _____ (Duplex Secure Ltd.) C:\Users\Kamil\Downloads\SPTDinst-v186-x64.exe 2014-04-21 14:44 - 2014-04-21 14:44 - 00380416 _____ () C:\Users\Kamil\Downloads\v605iujl.exe 2014-04-21 14:43 - 2014-04-21 14:43 - 00602112 _____ (OldTimer Tools) C:\Users\Kamil\Downloads\OTL_[www.programosy.pl].exe 2014-04-21 14:36 - 2014-04-21 14:36 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC 2014-04-21 14:36 - 2014-04-21 14:36 - 00000826 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-04-21 14:36 - 2014-04-21 14:36 - 00000000 ____D () C:\Program Files\CCleaner 2014-04-21 14:34 - 2014-04-21 14:34 - 04787368 _____ (Piriform Ltd) C:\Users\Kamil\Downloads\ccsetup412.exe 2014-04-19 19:20 - 2014-04-19 19:20 - 00000875 _____ () C:\Users\Public\Desktop\e-Deklaracje.lnk 2014-04-19 19:20 - 2014-04-19 19:20 - 00000000 ____D () C:\Users\Kamil\AppData\Roaming\e-Deklaracje.A1909296681C7ACEFE45687D3A64758C8659BF46.1 2014-04-19 19:20 - 2014-04-19 19:20 - 00000000 ____D () C:\Users\Kamil\AppData\Roaming\e-Deklaracje 2014-04-19 19:20 - 2014-04-19 19:20 - 00000000 ____D () C:\Program Files (x86)\e-Deklaracje 2014-04-19 19:19 - 2014-04-19 19:19 - 00011761 _____ () C:\Users\Kamil\AppData\Local\unins000.msg 2014-04-19 19:19 - 2014-04-19 19:19 - 00003264 _____ () C:\Users\Kamil\AppData\Local\unins000.dat 2014-04-19 19:19 - 2014-04-19 19:18 - 00707504 _____ () C:\Users\Kamil\AppData\Local\unins000.exe 2014-04-16 01:30 - 2014-04-16 01:30 - 00004100 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b13.log 2014-04-16 01:30 - 2014-03-17 22:11 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-04-16 01:30 - 2014-03-17 22:02 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-04-16 01:30 - 2014-03-17 22:02 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-04-16 01:30 - 2014-03-17 22:02 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-04-16 01:29 - 2014-04-16 01:29 - 00921512 _____ (Oracle Corporation) C:\Users\Kamil\Downloads\chromeinstall-7u55.exe 2014-04-16 01:28 - 2014-04-16 01:28 - 00000000 ____D () C:\Users\Kamil\AppData\Roaming\Oracle 2014-04-15 17:04 - 2014-04-15 17:04 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-04-15 02:03 - 2014-04-15 02:03 - 00000000 ____D () C:\Users\Kamil\AppData\Local\Blizzard 2014-04-15 01:21 - 2014-04-18 20:53 - 00000000 ____D () C:\Users\Kamil\AppData\Local\Battle.net 2014-04-15 01:21 - 2014-04-15 01:26 - 00000000 ____D () C:\Users\Kamil\AppData\Roaming\Battle.net 2014-04-15 01:21 - 2014-04-15 01:21 - 00000000 ____D () C:\Users\Kamil\AppData\Local\Blizzard Entertainment 2014-04-15 01:21 - 2014-04-15 01:21 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment 2014-04-15 01:17 - 2014-04-15 01:17 - 00000000 ____D () C:\ProgramData\Battle.net 2014-04-15 00:36 - 2014-04-15 01:17 - 00000000 ____D () C:\Users\Kamil\dbv 2014-04-09 19:13 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2014-04-09 19:13 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2014-04-09 19:13 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2014-04-09 19:13 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2014-04-09 19:13 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2014-04-09 19:13 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2014-04-09 19:13 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2014-04-09 19:13 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2014-04-09 19:13 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2014-04-09 19:13 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2014-04-09 19:13 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2014-04-09 19:13 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys 2014-04-09 19:13 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys 2014-04-09 19:13 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys 2014-04-09 19:13 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll 2014-04-09 19:13 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll 2014-04-09 19:13 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys 2014-04-06 18:45 - 2014-04-06 18:45 - 00000000 ____D () C:\Users\Kamil\AppData\Roaming\Hex-Rays 2014-03-31 23:30 - 2014-04-16 02:40 - 00000000 ____D () C:\Users\Kamil\AppData\Roaming\MPC-HC 2014-03-31 23:13 - 2014-03-31 23:13 - 00003584 _____ () C:\Users\Kamil\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-03-31 23:12 - 2014-03-31 23:12 - 00000000 ____D () C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVIcodec 2014-03-31 23:12 - 2014-03-31 23:12 - 00000000 ____D () C:\Program Files (x86)\AVIcodec 2014-03-31 23:08 - 2014-03-31 23:08 - 00000000 ____D () C:\Program Files\MPC-HC 2014-03-24 16:29 - 2014-03-24 16:32 - 00000000 ____D () C:\Users\Kamil\Desktop\Nowy folder 2014-03-23 19:54 - 2014-04-21 16:06 - 00000945 _____ () C:\Users\Kamil\Desktop\Nowy dokument tekstowy.txt ==================== One Month Modified Files and Folders ======= 2014-04-21 16:22 - 2014-04-21 16:22 - 00019186 _____ () C:\Users\Kamil\Desktop\FRST.txt 2014-04-21 16:22 - 2014-04-21 16:21 - 00000000 ____D () C:\FRST 2014-04-21 16:21 - 2014-04-21 16:21 - 02056704 _____ (Farbar) C:\Users\Kamil\Desktop\FRST64.exe 2014-04-21 16:11 - 2014-04-21 16:10 - 00120039 _____ () C:\Users\Kamil\Downloads\GMER.txt 2014-04-21 16:06 - 2014-03-23 19:54 - 00000945 _____ () C:\Users\Kamil\Desktop\Nowy dokument tekstowy.txt 2014-04-21 15:29 - 2012-05-23 04:15 - 01991910 _____ () C:\Windows\WindowsUpdate.log 2014-04-21 15:00 - 2014-04-21 15:00 - 00194864 _____ () C:\Users\Kamil\Downloads\Extras.Txt 2014-04-21 14:59 - 2014-04-21 14:59 - 00113096 _____ () C:\Users\Kamil\Downloads\OTL.Txt 2014-04-21 14:54 - 2009-07-14 06:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-21 14:54 - 2009-07-14 06:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-21 14:48 - 2014-03-16 14:29 - 00000000 ____D () C:\Users\Kamil\AppData\Local\screenSHU 2014-04-21 14:47 - 2012-10-11 23:16 - 00000440 _____ () C:\Windows\system32\Drivers\etc\hosts.ics 2014-04-21 14:47 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-21 14:46 - 2014-04-21 14:46 - 00001588 _____ () C:\Windows\PFRO.log 2014-04-21 14:46 - 2014-04-21 14:46 - 00000056 _____ () C:\Windows\setupact.log 2014-04-21 14:46 - 2014-04-21 14:46 - 00000000 _____ () C:\Windows\setuperr.log 2014-04-21 14:46 - 2012-10-21 19:57 - 00000000 ____D () C:\Users\Kamil\AppData\Roaming\BitTorrent 2014-04-21 14:45 - 2014-04-21 14:44 - 00623224 _____ (Duplex Secure Ltd.) C:\Users\Kamil\Downloads\SPTDinst-v186-x64.exe 2014-04-21 14:44 - 2014-04-21 14:44 - 00380416 _____ () C:\Users\Kamil\Downloads\v605iujl.exe 2014-04-21 14:43 - 2014-04-21 14:43 - 00602112 _____ (OldTimer Tools) C:\Users\Kamil\Downloads\OTL_[www.programosy.pl].exe 2014-04-21 14:37 - 2013-10-21 08:10 - 00000000 ____D () C:\Program Files (x86)\PDFCreator 2014-04-21 14:37 - 2012-10-14 02:48 - 00000000 ____D () C:\Users\Kamil\AppData\Roaming\DAEMON Tools Lite 2014-04-21 14:37 - 2007-07-12 03:49 - 00000000 ____D () C:\Windows\Panther 2014-04-21 14:36 - 2014-04-21 14:36 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC 2014-04-21 14:36 - 2014-04-21 14:36 - 00000826 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-04-21 14:36 - 2014-04-21 14:36 - 00000000 ____D () C:\Program Files\CCleaner 2014-04-21 14:34 - 2014-04-21 14:34 - 04787368 _____ (Piriform Ltd) C:\Users\Kamil\Downloads\ccsetup412.exe 2014-04-21 13:56 - 2012-10-12 22:51 - 00000000 ____D () C:\GRY 2014-04-21 13:35 - 2012-10-14 01:12 - 00000000 ____D () C:\Users\Kamil\Downloads\Filmy 2014-04-21 13:35 - 2012-10-13 19:03 - 00000000 ____D () C:\Users\Kamil\Downloads\Gry 2014-04-21 13:31 - 2012-11-17 22:56 - 00000000 ____D () C:\Users\Kamil\Desktop\Nowy folder (3) 2014-04-21 13:27 - 2013-09-14 11:39 - 00000000 ____D () C:\Users\Kamil\AppData\Roaming\GG 2014-04-21 13:25 - 2012-10-11 15:36 - 00000000 ____D () C:\Users\Kamil 2014-04-20 09:44 - 2012-10-13 19:17 - 00000000 ____D () C:\Users\Kamil\AppData\Roaming\foobar2000 2014-04-19 19:20 - 2014-04-19 19:20 - 00000875 _____ () C:\Users\Public\Desktop\e-Deklaracje.lnk 2014-04-19 19:20 - 2014-04-19 19:20 - 00000000 ____D () C:\Users\Kamil\AppData\Roaming\e-Deklaracje.A1909296681C7ACEFE45687D3A64758C8659BF46.1 2014-04-19 19:20 - 2014-04-19 19:20 - 00000000 ____D () C:\Users\Kamil\AppData\Roaming\e-Deklaracje 2014-04-19 19:20 - 2014-04-19 19:20 - 00000000 ____D () C:\Program Files (x86)\e-Deklaracje 2014-04-19 19:19 - 2014-04-19 19:19 - 00011761 _____ () C:\Users\Kamil\AppData\Local\unins000.msg 2014-04-19 19:19 - 2014-04-19 19:19 - 00003264 _____ () C:\Users\Kamil\AppData\Local\unins000.dat 2014-04-19 19:18 - 2014-04-19 19:19 - 00707504 _____ () C:\Users\Kamil\AppData\Local\unins000.exe 2014-04-18 20:53 - 2014-04-15 01:21 - 00000000 ____D () C:\Users\Kamil\AppData\Local\Battle.net 2014-04-16 12:13 - 2013-01-29 22:52 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-04-16 12:12 - 2012-03-26 09:06 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-04-16 02:40 - 2014-03-31 23:30 - 00000000 ____D () C:\Users\Kamil\AppData\Roaming\MPC-HC 2014-04-16 01:37 - 2014-03-18 00:01 - 00000000 ____D () C:\Users\Kamil\AppData\Roaming\Media Player Classic 2014-04-16 01:30 - 2014-04-16 01:30 - 00004100 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b13.log 2014-04-16 01:30 - 2013-10-30 21:08 - 00000000 ____D () C:\ProgramData\Oracle 2014-04-16 01:30 - 2013-08-10 11:13 - 00000000 ____D () C:\Program Files (x86)\Java 2014-04-16 01:29 - 2014-04-16 01:29 - 00921512 _____ (Oracle Corporation) C:\Users\Kamil\Downloads\chromeinstall-7u55.exe 2014-04-16 01:29 - 2012-03-26 09:06 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-04-16 01:29 - 2012-03-26 09:06 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-04-16 01:29 - 2012-03-26 09:06 - 00003770 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-04-16 01:28 - 2014-04-16 01:28 - 00000000 ____D () C:\Users\Kamil\AppData\Roaming\Oracle 2014-04-16 01:24 - 2012-10-13 19:59 - 00000000 ____D () C:\Users\Kamil\Desktop\Gry 2014-04-16 01:23 - 2012-03-26 08:37 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-04-15 17:05 - 2014-02-17 01:43 - 00001970 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-04-15 17:04 - 2014-04-15 17:04 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-04-15 17:04 - 2014-01-26 09:45 - 00084816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2014-04-15 17:04 - 2013-03-04 16:34 - 00208928 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-04-15 17:04 - 2013-03-04 16:34 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-04-15 17:04 - 2013-01-29 22:52 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2014-04-15 17:04 - 2013-01-29 22:51 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2014-04-15 17:04 - 2013-01-29 22:51 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2014-04-15 17:04 - 2013-01-29 22:51 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-04-15 17:04 - 2012-12-29 19:20 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-04-15 02:20 - 2012-05-23 05:08 - 00744058 _____ () C:\Windows\system32\perfh015.dat 2014-04-15 02:20 - 2012-05-23 05:08 - 00157508 _____ () C:\Windows\system32\perfc015.dat 2014-04-15 02:20 - 2009-07-14 07:13 - 01679362 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-15 02:03 - 2014-04-15 02:03 - 00000000 ____D () C:\Users\Kamil\AppData\Local\Blizzard 2014-04-15 01:26 - 2014-04-15 01:21 - 00000000 ____D () C:\Users\Kamil\AppData\Roaming\Battle.net 2014-04-15 01:21 - 2014-04-15 01:21 - 00000000 ____D () C:\Users\Kamil\AppData\Local\Blizzard Entertainment 2014-04-15 01:21 - 2014-04-15 01:21 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment 2014-04-15 01:17 - 2014-04-15 01:17 - 00000000 ____D () C:\ProgramData\Battle.net 2014-04-15 01:17 - 2014-04-15 00:36 - 00000000 ____D () C:\Users\Kamil\dbv 2014-04-14 16:09 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-04-12 00:08 - 2013-10-28 15:10 - 00000000 ____D () C:\ProgramData\MoorHunt 2014-04-10 01:39 - 2012-11-01 02:17 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-04-10 01:38 - 2013-08-14 12:05 - 00000000 ____D () C:\Windows\system32\MRT 2014-04-10 01:35 - 2012-10-11 18:04 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-04-07 10:50 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-04-06 18:45 - 2014-04-06 18:45 - 00000000 ____D () C:\Users\Kamil\AppData\Roaming\Hex-Rays 2014-04-05 11:28 - 2013-09-14 11:39 - 00000000 ____D () C:\Users\Kamil\AppData\Local\GG 2014-03-31 23:13 - 2014-03-31 23:13 - 00003584 _____ () C:\Users\Kamil\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-03-31 23:12 - 2014-03-31 23:12 - 00000000 ____D () C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVIcodec 2014-03-31 23:12 - 2014-03-31 23:12 - 00000000 ____D () C:\Program Files (x86)\AVIcodec 2014-03-31 23:08 - 2014-03-31 23:08 - 00000000 ____D () C:\Program Files\MPC-HC 2014-03-31 09:35 - 2010-11-21 05:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-03-30 20:18 - 2012-10-13 20:01 - 00000000 ____D () C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2014-03-30 19:09 - 2014-03-14 23:46 - 00000000 ____D () C:\Program Files (x86)\K-Lite Codec Pack 2014-03-30 18:28 - 2012-10-14 19:19 - 00000000 ____D () C:\Users\Kamil\Documents\My Games 2014-03-24 16:32 - 2014-03-24 16:29 - 00000000 ____D () C:\Users\Kamil\Desktop\Nowy folder 2014-03-23 19:54 - 2013-11-24 19:06 - 00000151 _____ () C:\Users\Kamil\Desktop\koment.txt Files to move or delete: ==================== C:\Users\Kamil\m2.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-21 15:23 ==================== End Of Log ============================