Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-02-2014 Ran by sandoz (administrator) on SANDOZ on 06-02-2014 14:11:46 Running from C:\Users\sandoz\Desktop\06.02.2014 Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Polish Internet Explorer Version 9 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) =================== (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe () C:\Program Files\ATK Hotkey\AsLdrSrv.exe (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe (Lenovo Group Limited) C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe () C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe () C:\Windows\System32\PnkBstrA.exe (Microsoft Corporation) C:\Windows\System32\IgrsSvcs.exe (Lenovo Group Limited) C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe (ATK0100) C:\Program Files\ATK Hotkey\HControl.exe () C:\Program Files\ATK Hotkey\MsgTranAgt.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Motorola) C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe () C:\Program Files\ATK Hotkey\HControlUser.exe (Lenovo (Beijing) Limited) C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe () C:\Program Files\ATK Hotkey\ATKOSD.exe (Google Inc.) C:\Program Files\Google\Update\1.3.22.3\GoogleCrashHandler.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe () C:\Program Files\ATK Hotkey\WDC.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Maxthon International ltd.) C:\Program Files\Maxthon\Bin\Maxthon.exe (Maxthon International ltd.) C:\Program Files\Maxthon\Bin\Maxthon.exe (Maxthon International ltd.) C:\Program Files\Maxthon\Bin\Maxthon.exe (Maxthon International ltd.) C:\Program Files\Maxthon\Bin\Maxthon.exe (Maxthon International ltd.) C:\Program Files\Maxthon\Bin\Maxthon.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation) HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1111336 2008-05-29] (Synaptics, Inc.) HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [13560352 2009-01-15] (NVIDIA Corporation) HKLM\...\Run: [NvMediaCenter] - C:\Windows\system32\NvMcTray.dll [92704 2009-01-15] (NVIDIA Corporation) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [HControlUser] - C:\Program Files\ATK Hotkey\HcontrolUser.exe [98304 2008-01-11] () HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM\...\Run: [Energy Management] - C:\Program Files\Lenovo\Energy Management\Energy Management.exe [8824648 2008-05-22] (Lenovo (Beijing) Limited) HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-21-662459261-2097686485-2363488366-1004\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_search_url = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Default_page_url = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Search bar = http://search.msn.com/spbasic.htm SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=LENIE SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=LENIE SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=LENIE BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} http://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.199.0.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 62.179.1.60 62.179.1.61 FireFox: ======== FF ProfilePath: C:\Users\sandoz\AppData\Roaming\Mozilla\Firefox\Profiles\9adrfnj9.default FF SelectedSearchEngine: Wikipedia (pl) FF Homepage: hxxp://www.google.pl/ FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll () FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @real.com/nppl3260;version=6.0.12.450 - C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=6.0.12.448 - C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\sandoz\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll (LiveVDO ) FF SearchPlugin: C:\Users\sandoz\AppData\Roaming\Mozilla\Firefox\Profiles\9adrfnj9.default\searchplugins\ceneo.xml FF SearchPlugin: C:\Users\sandoz\AppData\Roaming\Mozilla\Firefox\Profiles\9adrfnj9.default\searchplugins\filmwebpl.xml FF SearchPlugin: C:\Users\sandoz\AppData\Roaming\Mozilla\Firefox\Profiles\9adrfnj9.default\searchplugins\wyszukiwanie-filmw-wideo-w-youtube.xml FF Extension: Flagfox - C:\Users\sandoz\AppData\Roaming\Mozilla\Firefox\Profiles\9adrfnj9.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2012-02-13] FF Extension: DivX Web Player - C:\Users\sandoz\AppData\Roaming\Mozilla\Firefox\Profiles\9adrfnj9.default\Extensions\DivXWebPlayer@divx.com.xpi [2012-02-08] FF Extension: AvantGarde - C:\Users\sandoz\AppData\Roaming\Mozilla\Firefox\Profiles\9adrfnj9.default\Extensions\{d62e0de0-401b-11dd-ae16-0800200c9a66}.xpi [2012-01-27] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] ========================== Services (Whitelisted) ================= R2 ASLDRService; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [94208 2007-10-02] () R2 btwdins; c:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe [522792 2008-08-26] (Broadcom Corporation.) R2 IGRS; C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe [32768 2008-02-14] (Lenovo Group Limited) S3 IncSvc; C:\Program Files\Lenovo\ReadyComm\IncSvc.dll [469504 2007-06-03] (Lenovo Group Limited) R2 MotoConnect Service; C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe [91456 2010-04-29] () R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2013-02-14] () S3 PS_MDP; C:\Program Files\Lenovo\ReadyComm\PS_MDP.dll [270336 2007-04-11] (Lenovo Group Limited) R2 ReadyComm.DirectRouter; C:\Program Files\Lenovo\ReadyComm\common\router.dll [98304 2008-02-15] (Lenovo Group Limited) R2 System_Repair_UpdateMonitor; C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe [430080 2008-09-27] (Lenovo Group Limited) ==================== Drivers (Whitelisted) ==================== R3 ACPIVPC; C:\Windows\System32\DRIVERS\AcpiVpc.sys [21520 2009-05-19] (Lenovo Corporation) R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [279712 2013-07-06] () R1 funfrm; C:\Windows\system32\Drivers\funfrm.sys [49472 2009-11-07] () R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2013-07-06] () R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2006-12-14] (ATK0100) R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1761048 2008-10-15] () R3 vhidmini; C:\Windows\System32\DRIVERS\ITEhidCIR.sys [10880 2008-01-24] (ITE Tech. Inc. ) R0 Wdkbdmou; C:\Windows\System32\DRIVERS\Wdkbdmou.sys [8832 2008-06-13] () R3 wdmirror; C:\Windows\System32\DRIVERS\WDMirror.sys [8832 2008-06-13] (Windows (R) Codename Longhorn DDK provider) S3 WSVD; C:\Windows\system32\drivers\WSVD.sys [81192 2008-01-10] (CyberLink) S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-02-06 14:11 - 2014-02-06 14:11 - 00000000 ____D () C:\FRST 2014-02-06 13:50 - 2014-02-06 13:51 - 00000000 ____D () C:\Users\sandoz\Desktop\Sędzia 2014-02-06 13:49 - 2014-02-06 14:11 - 00000000 ____D () C:\Users\sandoz\Desktop\06.02.2014 2014-02-06 10:06 - 2014-02-06 10:07 - 00000834 _____ () C:\Users\sandoz\Desktop\Maxthon.exe — skrót.lnk 2014-02-06 10:06 - 2014-02-06 10:06 - 00000834 _____ () C:\Users\sandoz\Desktop\Maxthon.lnk 2014-02-06 10:03 - 2014-02-06 10:03 - 00000764 _____ () C:\Windows\PFRO.log 2014-02-06 00:44 - 2014-02-06 01:44 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-02-06 00:44 - 2014-02-06 01:44 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-02-04 11:40 - 2014-02-04 11:40 - 35618248 _____ (Maxthon International ltd.) C:\Users\sandoz\Downloads\mx4.2.1.1000.exe 2014-01-25 20:55 - 2014-01-25 20:57 - 00000000 ____D () C:\Users\sandoz\Downloads\Static X [Discography] 2014-01-25 20:52 - 2014-01-25 21:07 - 00000000 ____D () C:\Users\sandoz\Downloads\[2005] Employment - Kaiser Chiefs - 107mb @ 320kbs [only1joe] 2014-01-25 20:51 - 2014-01-25 20:55 - 00000000 ____D () C:\Users\sandoz\Downloads\Franz Ferdinand 2014-01-24 21:13 - 2014-01-24 21:14 - 00000000 ____D () C:\Users\sandoz\Downloads\Invaders Must Die 2014-01-19 19:12 - 2014-01-19 19:13 - 00000000 ____D () C:\Users\sandoz\Downloads\Eminem - Marshal Mathers LP 2014-01-19 18:40 - 2014-01-19 18:57 - 00000000 ____D () C:\Users\sandoz\Downloads\8 Mile [Clean] ==================== One Month Modified Files and Folders ======= 2014-02-06 14:11 - 2014-02-06 14:11 - 00000000 ____D () C:\FRST 2014-02-06 14:11 - 2014-02-06 13:49 - 00000000 ____D () C:\Users\sandoz\Desktop\06.02.2014 2014-02-06 14:03 - 2006-11-02 13:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-02-06 14:03 - 2006-11-02 13:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-02-06 13:51 - 2014-02-06 13:50 - 00000000 ____D () C:\Users\sandoz\Desktop\Sędzia 2014-02-06 13:50 - 2013-03-26 18:28 - 00001036 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-02-06 13:49 - 2010-01-13 02:47 - 00042526 _____ () C:\ProgramData\nvModes.001 2014-02-06 13:43 - 2010-12-20 21:23 - 01269904 _____ () C:\Windows\WindowsUpdate.log 2014-02-06 13:06 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\tracing 2014-02-06 10:50 - 2011-05-26 20:26 - 00000000 ____D () C:\Users\sandoz\AppData\Roaming\foobar2000 2014-02-06 10:07 - 2014-02-06 10:06 - 00000834 _____ () C:\Users\sandoz\Desktop\Maxthon.exe — skrót.lnk 2014-02-06 10:06 - 2014-02-06 10:06 - 00000834 _____ () C:\Users\sandoz\Desktop\Maxthon.lnk 2014-02-06 10:04 - 2010-01-13 02:37 - 00042526 _____ () C:\ProgramData\nvModes.dat 2014-02-06 10:03 - 2014-02-06 10:03 - 00000764 _____ () C:\Windows\PFRO.log 2014-02-06 10:03 - 2013-03-26 18:28 - 00001032 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-02-06 10:03 - 2010-08-01 11:57 - 08481945 _____ () C:\FaceProv.log 2014-02-06 10:03 - 2010-01-15 00:00 - 00065536 _____ () C:\Windows\system32\Ikeext.etl 2014-02-06 10:03 - 2009-11-07 14:19 - 00000056 ___SH () C:\_PartitionInfo 2014-02-06 10:03 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-02-06 01:53 - 2009-11-07 12:45 - 00000012 _____ () C:\Windows\bthservsdp.dat 2014-02-06 01:53 - 2006-11-02 14:01 - 00032546 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-02-06 01:47 - 2013-03-26 18:28 - 00000000 ____D () C:\Program Files\Google 2014-02-06 01:46 - 2012-02-28 14:00 - 00000000 ____D () C:\Users\sandoz\AppData\Local\Google 2014-02-06 01:44 - 2014-02-06 00:44 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-02-06 01:44 - 2014-02-06 00:44 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-02-06 01:43 - 2010-01-13 06:23 - 00000000 ____D () C:\Users\sandoz\AppData\Local\Adobe 2014-02-05 12:22 - 2013-05-10 12:01 - 00000000 ____D () C:\Users\sandoz\Documents\STUDIA 2014-02-04 11:40 - 2014-02-04 11:40 - 35618248 _____ (Maxthon International ltd.) C:\Users\sandoz\Downloads\mx4.2.1.1000.exe 2014-02-02 23:47 - 2009-11-07 11:52 - 00672140 _____ () C:\Windows\system32\perfh015.dat 2014-02-02 23:47 - 2009-11-07 11:52 - 00130516 _____ () C:\Windows\system32\perfc015.dat 2014-02-02 23:47 - 2006-11-02 11:33 - 01495264 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-01-26 04:42 - 2012-11-12 19:48 - 00000000 ____D () C:\Users\sandoz\AppData\Roaming\uTorrent 2014-01-25 21:07 - 2014-01-25 20:52 - 00000000 ____D () C:\Users\sandoz\Downloads\[2005] Employment - Kaiser Chiefs - 107mb @ 320kbs [only1joe] 2014-01-25 20:57 - 2014-01-25 20:55 - 00000000 ____D () C:\Users\sandoz\Downloads\Static X [Discography] 2014-01-25 20:55 - 2014-01-25 20:51 - 00000000 ____D () C:\Users\sandoz\Downloads\Franz Ferdinand 2014-01-24 21:14 - 2014-01-24 21:13 - 00000000 ____D () C:\Users\sandoz\Downloads\Invaders Must Die 2014-01-19 19:13 - 2014-01-19 19:12 - 00000000 ____D () C:\Users\sandoz\Downloads\Eminem - Marshal Mathers LP 2014-01-19 18:57 - 2014-01-19 18:40 - 00000000 ____D () C:\Users\sandoz\Downloads\8 Mile [Clean] 2014-01-18 17:00 - 2011-05-09 18:40 - 00000000 ____D () C:\ProgramData\Installations 2014-01-17 09:33 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-01-16 22:17 - 2009-11-07 13:25 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-01-16 22:12 - 2006-11-02 11:23 - 00000219 _____ () C:\Windows\win.ini 2014-01-16 12:44 - 2012-03-06 19:10 - 00000000 ____D () C:\Program Files\Common Files\Adobe 2014-01-16 10:53 - 2013-07-13 15:50 - 00000000 ____D () C:\Windows\system32\MRT 2014-01-16 10:48 - 2006-11-02 11:24 - 83425928 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe Some content of TEMP: ==================== C:\Users\sandoz\AppData\Local\Temp\Maxthon(13264).exe C:\Users\sandoz\AppData\Local\Temp\uninstall_flash_player.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-02-06 10:10 ==================== End Of Log ============================