Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-11-2014 01 Ran by Feliks (administrator) on FELIKS-5DB85C2F on 22-11-2014 22:47:09 Running from C:\ Loaded Profile: Feliks (Available profiles: Feliks) Platform: Microsoft Windows XP Professional Dodatek Service Pack 3 (X86) OS Language: Polski Internet Explorer Version 8 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe (Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe (Apple Inc.) C:\Program Files\QuickTime\QTTask.exe (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIAHE.EXE (Brother Industries, Ltd.) C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) C:\Program Files\Brother\Brother Help\BrotherHelp.exe (Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe () C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCtrlCntr.exe (Brother Industries, Ltd.) C:\Program Files\Browny02\BrYNSvc.exe (Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 11.0\Reader\reader_sl.exe (Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCcUxSys.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2010-03-17] (Apple Inc.) HKLM\...\Run: [EPSON Stylus Photo R240 Series (Kopia 1)] => C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE [98304 2005-04-25] (SEIKO EPSON CORPORATION) HKLM\...\Run: [EPSON Stylus Photo R240 Series] => C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE [98304 2005-04-25] (SEIKO EPSON CORPORATION) HKLM\...\Run: [EPSON Stylus Photo R240 Series (Kopia 2)] => C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE [98304 2005-04-25] (SEIKO EPSON CORPORATION) HKLM\...\Run: [Nikon Message Center 2] => C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe -s HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup HKLM\...\Run: [nwiz] => nwiz.exe /install HKLM\...\Run: [ControlCenter4] => C:\Program Files\ControlCenter4\BrCcBoot.exe [139776 2014-06-16] (Brother Industries, Ltd.) HKLM\...\Run: [BrStsMon00] => C:\Program Files\Browny02\Brother\BrStMonW.exe [4513792 2014-05-22] (Brother Industries, Ltd.) HKLM\...\Run: [BrHelp] => C:\Program Files\Brother\Brother Help\BrotherHelp.exe [2009088 2013-01-18] (Brother Industries, Ltd.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated) HKU\S-1-5-21-2025429265-2111687655-1957994488-1003\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-09-13] (Google Inc.) HKU\S-1-5-21-2025429265-2111687655-1957994488-1003\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation) Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Kodak EasyShare software.lnk ShortcutTarget: Kodak EasyShare software.lnk -> C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-2025429265-2111687655-1957994488-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKU\S-1-5-21-2025429265-2111687655-1957994488-1003 -> &Adres - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) Toolbar: HKU\S-1-5-21-2025429265-2111687655-1957994488-1003 -> &Łącza - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) Toolbar: HKU\S-1-5-21-2025429265-2111687655-1957994488-1003 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} http://www.myheritage.pl/Genoogle/Components/ActiveX/SearchEngineQuery.dll DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF Plugin: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll No File FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) Chrome: ======= ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed] S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] S3 KodakCCS; C:\WINDOWS\system32\drivers\KodakCCS.exe [411920 2005-03-30] (Eastman Kodak Company) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 AmdPPM; C:\WINDOWS\System32\DRIVERS\AmdPPM.sys [33792 2007-04-16] (Advanced Micro Devices) S3 BrScnUsb; C:\WINDOWS\System32\DRIVERS\BrScnUsb.sys [15295 2004-10-15] (Brother Industries Ltd.) R1 DcCam; C:\WINDOWS\System32\DRIVERS\DcCam.sys [37150 2005-06-16] (Eastman Kodak Company) S3 DcFpoint; C:\WINDOWS\System32\DRIVERS\DcFpoint.sys [61564 2005-03-31] (Eastman Kodak Company) R2 DCFS2K; C:\WINDOWS\System32\drivers\dcfs2k.sys [38673 2005-03-31] (Eastman Kodak Company) S3 DcLps; C:\WINDOWS\System32\DRIVERS\DcLps.sys [8022 2005-03-31] (Eastman Kodak Company) S3 DcPTP; C:\WINDOWS\System32\DRIVERS\DcPTP.sys [70262 2005-03-31] (Eastman Kodak Company) S1 Exportit; C:\WINDOWS\System32\DRIVERS\exportit.sys [152081 2005-03-31] (Eastman Kodak Company) S3 FsUsbExDisk; C:\WINDOWS\system32\FsUsbExDisk.SYS [0 2012-10-02] () [File not signed] R3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-13] (Microsoft Corporation) S3 MSIRCOMM; C:\WINDOWS\System32\DRIVERS\MSIRCOMM.sys [22016 2008-04-13] (Microsoft Corporation) R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [20576 2004-09-23] (Sonic Solutions) [File not signed] R3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation) R3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation) R1 StarOpen; C:\WINDOWS\system32\Drivers\StarOpen.sys [5632 2006-07-24] () [File not signed] S3 STIrUsb; C:\WINDOWS\System32\DRIVERS\irstusb.sys [30088 2001-09-24] (SigmaTel, Inc.) [File not signed] S3 USB_RNDIS; C:\WINDOWS\System32\DRIVERS\usb8023.sys [12928 2013-02-12] (Microsoft Corporation) R3 VIAudio; C:\WINDOWS\System32\drivers\ac97via.sys [84480 2004-08-03] (VIA Technologies, Inc.) S4 IntelIde; No ImagePath U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-22 22:47 - 2014-11-22 22:47 - 00000000 ____D () C:\FRST-OlderVersion 2014-11-22 22:12 - 2014-11-22 22:47 - 01109504 _____ (Farbar) C:\FRST.exe 2014-11-22 22:12 - 2014-11-22 22:47 - 00006912 _____ () C:\FRST.txt 2014-11-22 22:12 - 2014-11-22 22:05 - 00001376 _____ () C:\weelsof 2014-11-22 22:12 - 2014-11-21 12:48 - 00057896 _____ () C:\OTL.Txt 2014-11-22 22:12 - 2014-11-21 12:48 - 00041778 _____ () C:\Extras.Txt 2014-11-22 22:12 - 2014-11-21 12:32 - 00061232 _____ () C:\Addition.txt 2014-11-22 22:12 - 2014-11-21 12:31 - 00060461 _____ () C:\Shortcut.txt 2014-11-22 22:12 - 2014-11-21 12:13 - 00602112 _____ (OldTimer Tools) C:\OTL.exe 2014-11-22 22:12 - 2014-11-21 12:13 - 00380416 _____ () C:\l5xnbcds.exe 2014-11-21 12:32 - 2014-11-21 12:48 - 00000000 ____D () C:\Documents and Settings\Feliks\Pulpit\Weelsof 2014-11-21 12:23 - 2014-11-22 22:47 - 00000000 ____D () C:\FRST 2014-11-14 08:06 - 2014-11-14 08:06 - 00000000 _____ () C:\Documents and Settings\Feliks\Ustawienia lokalne\Dane aplikacji\{6729BA3D-8723-4973-8C7F-FFF9FECA3527} 2014-11-11 14:27 - 2014-11-11 14:27 - 00000000 _____ () C:\Documents and Settings\Feliks\Ustawienia lokalne\Dane aplikacji\{EACDEC9C-B9CA-4115-81FE-D0BADAC123AA} 2014-11-09 08:58 - 2014-11-09 09:06 - 00002347 _____ () C:\Documents and Settings\All Users\Menu Start\Programy\Adobe Reader XI.lnk 2014-11-09 08:58 - 2014-11-09 08:58 - 00001734 _____ () C:\Documents and Settings\All Users\Pulpit\Adobe Reader XI.lnk 2014-11-09 07:29 - 2014-11-09 07:29 - 00000000 _____ () C:\Documents and Settings\Feliks\Ustawienia lokalne\Dane aplikacji\{773C013B-5163-4283-9006-29EFFE639AA1} ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-22 22:48 - 2012-07-09 11:16 - 00000000 ____D () C:\Documents and Settings\Feliks\Ustawienia lokalne\temp 2014-11-22 22:48 - 2008-11-04 16:32 - 00000000 ___RD () C:\Documents and Settings\All Users\Dokumenty 2014-11-22 22:48 - 2008-11-04 15:42 - 01732167 _____ () C:\WINDOWS\WindowsUpdate.log 2014-11-22 22:46 - 2014-03-11 06:10 - 00000224 _____ () C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — logowanie.job 2014-11-22 22:46 - 2011-11-29 17:38 - 00001032 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-11-22 22:46 - 2008-11-04 16:35 - 00000159 _____ () C:\WINDOWS\wiadebug.log 2014-11-22 22:46 - 2008-11-04 16:35 - 00000050 _____ () C:\WINDOWS\wiaservc.log 2014-11-22 22:46 - 2008-11-04 15:50 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-11-22 22:44 - 2008-11-04 15:53 - 00000292 ___SH () C:\Documents and Settings\Feliks\ntuser.ini 2014-11-22 22:44 - 2008-11-04 15:50 - 00032022 _____ () C:\WINDOWS\SchedLgU.Txt 2014-11-22 22:43 - 2010-01-05 17:14 - 00000000 ____D () C:\Program Files\Java 2014-11-22 22:40 - 2013-03-09 09:11 - 00000000 ____D () C:\Program Files\MyFree Codec 2014-11-22 22:40 - 2012-04-26 16:23 - 00001912 _____ () C:\WINDOWS\epplauncher.mif 2014-11-22 22:40 - 2008-11-04 16:32 - 00000000 ___RD () C:\Documents and Settings\All Users\Menu Start\Programy 2014-11-22 22:38 - 2012-07-09 11:16 - 00000000 ____D () C:\Documents and Settings\NetworkService\Ustawienia lokalne\temp 2014-11-22 22:38 - 2008-11-04 16:31 - 00000000 __RHD () C:\Documents and Settings\All Users\Dane aplikacji 2014-11-22 22:37 - 2008-11-04 16:32 - 00000000 ___RD () C:\Documents and Settings\All Users\Menu Start\Programy\Autostart 2014-11-22 22:37 - 2008-11-04 16:32 - 00000000 ____D () C:\Documents and Settings\All Users\Pulpit 2014-11-22 22:27 - 2014-06-19 11:38 - 00038093 _____ () C:\WINDOWS\setupapi.log 2014-11-22 22:27 - 2008-11-04 15:53 - 00000000 ___HD () C:\Documents and Settings\Feliks\Ustawienia lokalne\Dane aplikacji 2014-11-22 22:25 - 2008-11-04 15:53 - 00000000 __SHD () C:\Documents and Settings\Feliks\Ustawienia lokalne\Historia 2014-11-22 22:25 - 2008-11-04 15:50 - 00000000 __SHD () C:\Documents and Settings\LocalService\Ustawienia lokalne\Historia 2014-11-22 22:15 - 2012-04-26 14:56 - 00000000 ____D () C:\Documents and Settings\LocalService\Ustawienia lokalne\temp 2014-11-22 22:15 - 2008-11-04 16:32 - 00000000 __SHD () C:\Documents and Settings\Default User\Ustawienia lokalne\Historia 2014-11-22 22:15 - 2008-11-04 15:50 - 00000000 ___HD () C:\Documents and Settings\NetworkService\Ustawienia lokalne\Historia 2014-11-22 22:13 - 2008-11-04 15:53 - 00000000 __RHD () C:\Documents and Settings\Feliks\Dane aplikacji 2014-11-22 22:13 - 2008-11-04 15:53 - 00000000 ____D () C:\Documents and Settings\Feliks 2014-11-22 09:43 - 2012-04-26 14:20 - 00000000 __SHD () C:\WINDOWS\CSC 2014-11-21 12:33 - 2008-11-04 15:53 - 00000000 ____D () C:\Documents and Settings\Feliks\Pulpit 2014-11-20 22:24 - 2011-11-29 17:38 - 00001036 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-11-20 21:20 - 2012-04-10 06:18 - 00000930 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-11-20 20:55 - 2012-03-19 19:39 - 00000198 _____ () C:\Documents and Settings\Feliks\Pulpit\Drzewo.url 2014-11-20 19:11 - 2012-09-05 14:10 - 00000201 _____ () C:\Documents and Settings\Feliks\Pulpit\neoBANK Wielkopolski Bank Spoldzielczy - serwis internetowy.URL 2014-11-19 18:01 - 2012-09-05 14:19 - 00000115 _____ () C:\Documents and Settings\Feliks\Pulpit\OZ PZD Poznań.URL 2014-11-18 10:04 - 2009-02-06 19:28 - 00000226 _____ () C:\Documents and Settings\Feliks\Pulpit\Serwis internetowy iPKO.url 2014-11-18 09:38 - 2009-04-07 07:15 - 00000211 _____ () C:\Documents and Settings\Feliks\Pulpit\Polski Związek Działkowców.url 2014-11-17 14:41 - 2008-11-04 15:53 - 00000000 ___RD () C:\Documents and Settings\Feliks\Moje dokumenty 2014-11-17 10:05 - 2014-08-13 20:12 - 00007889 _____ () C:\WINDOWS\BRRBCOM.INI 2014-11-15 17:26 - 2008-11-04 16:18 - 00000000 ____D () C:\Documents and Settings\Feliks\Moje dokumenty\OGRÓD 2014-11-15 09:07 - 2008-11-04 15:53 - 00000000 ___RD () C:\Documents and Settings\Feliks\Ulubione 2014-11-14 08:49 - 2008-11-05 10:46 - 00000000 ___RD () C:\Documents and Settings\Feliks\Pulpit\Gry 2014-11-14 08:04 - 2001-07-21 20:17 - 00002228 _____ () C:\WINDOWS\system32\wpa.dbl 2014-11-13 20:22 - 2012-05-22 13:10 - 00131072 _____ () C:\WINDOWS\system32\config\OAlerts.evt 2014-11-13 09:56 - 2009-10-14 10:07 - 00000196 _____ () C:\Documents and Settings\Feliks\Pulpit\Wspomnienia i refleksje przeciwlotnika WRiA Wojsk OPK - Wiadomości.url 2014-11-12 14:31 - 2008-11-04 15:55 - 00070368 ____C () C:\Documents and Settings\Feliks\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2014-11-12 14:18 - 2008-11-04 16:31 - 00272576 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-11-12 09:57 - 2012-05-22 12:58 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help 2014-11-12 09:47 - 2013-08-04 19:39 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-11-12 09:36 - 2008-11-04 16:47 - 100445232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-11-09 09:03 - 2008-11-05 10:41 - 00000000 ____D () C:\Program Files\Common Files\Adobe 2014-11-09 08:57 - 2008-11-05 10:41 - 00000000 ____D () C:\Program Files\Adobe 2014-11-09 08:57 - 2008-11-05 10:41 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Adobe 2014-11-04 18:57 - 2008-12-05 10:33 - 00012094 ____C () C:\WINDOWS\EPISMD00.SWB 2014-10-30 12:24 - 2012-10-14 17:54 - 00229000 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe 2014-10-29 19:25 - 2010-01-06 12:44 - 00000309 _____ () C:\Documents and Settings\Feliks\Pulpit\Ogólnopolski indeks małżeństw do r. 1899.url 2014-10-26 17:17 - 2008-11-04 16:32 - 01318324 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-10-26 17:17 - 2001-10-26 14:15 - 00575674 _____ () C:\WINDOWS\system32\perfh015.dat 2014-10-26 17:17 - 2001-10-26 14:15 - 00116788 _____ () C:\WINDOWS\system32\perfc015.dat Files to move or delete: ==================== C:\Documents and Settings\Feliks\OTL.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================