Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-04-2014 Ran by Mateusz (administrator) on MATEUSZ-ACER on 15-04-2014 06:09:14 Running from C:\Users\Mateusz\Desktop Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86) OS Language: Polish Internet Explorer Version 7 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Microsoft Corporation) C:\Windows\system32\SLsvc.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (McAfee, Inc.) C:\Program Files\McAfee.com\Agent\mcagent.exe () C:\Program Files\SiteAdvisor\6172\SiteAdv.exe () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe () C:\Windows\PLFSetI.exe (Agere Systems) C:\Windows\system32\agrsmsvc.exe (NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe () C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe (Egis Incorporated) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe () C:\Program Files\Acer\Empowering Technology\Service\ETService.exe (Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe () C:\ProgramData\DatacardService\HWDeviceService.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.) C:\Program Files\McAfee\VirusScan\Mcshield.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe (Acer Incorporated) C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe () C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe () C:\Acer\Mobility Center\MobilityService.exe (McAfee, Inc.) C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.) C:\Program Files\McAfee\MSK\MskSrver.exe (Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Egis Incorporated) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (NewTech InfoSystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe () C:\Program Files\Cyberlink\Shared files\RichVideo.exe (Acer Incorporated) C:\Program Files\Acer\Acer VCM\RS_Service.exe () C:\Program Files\SiteAdvisor\6172\SAService.exe (Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (AVG) C:\Program Files\AVG PC TuneUp 2014\TuneUpUtilitiesService32.exe (Acer Inc.) C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (AVG) C:\Program Files\AVG PC TuneUp 2014\TuneUpUtilitiesApp32.exe (CyberLink Corp.) C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (McAfee, Inc.) C:\Program Files\McAfee\MSC\mcmscsvc.exe (CyberLink) C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe (Acer Corp.) C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Nullsoft, Inc.) D:\programy\winamp\winampa.exe (Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) C:\Windows\WindowsMobile\wmdSync.exe (Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (BitTorrent, Inc.) C:\Program Files\uTorrent\uTorrent.exe (Sony Ericsson Mobile Communications AB) C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Acer Incorporated) C:\Program Files\Acer\Acer VCM\AcerVCM.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (Realtek Semiconductor Corp.) C:\Users\Mateusz\AppData\Local\Temp\RtkBtMnt.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Acer Inc.) C:\Program Files\Acer\Acer VCM\acp2HID.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.) C:\Program Files\McAfee\MSC\mcuimgr.exe (Microsoft Corporation) C:\Windows\system32\wermgr.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation) C:\Windows\system32\conime.exe (Microsoft Corporation) C:\Windows\system32\cmd.exe (Microsoft Corporation) C:\Windows\system32\cmd.exe (Microsoft Corporation) C:\Windows\system32\reg.exe (McAfee, Inc.) C:\Program Files\McAfee\MSC\mcshell.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1037608 2008-02-22] (Synaptics, Inc.) HKLM\...\Run: [mcagent_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [582992 2007-08-03] (McAfee, Inc.) HKLM\...\Run: [SiteAdvisor] => C:\Program Files\SiteAdvisor\6172\SiteAdv.exe [36640 2007-08-24] () HKLM\...\Run: [BkupTray] => C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [34040 2008-04-06] () HKLM\...\Run: [NvCplDaemon] => C:\Windows\system32\NvCpl.dll [13535776 2008-04-03] (NVIDIA Corporation) HKLM\...\Run: [NvMediaCenter] => C:\Windows\system32\NvMcTray.dll [92704 2008-04-03] (NVIDIA Corporation) HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6265376 2008-08-07] (Realtek Semiconductor) HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [200704 2007-10-23] () HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [809480 2008-07-25] (Dritek System Inc.) HKLM\...\Run: [eAudio] => C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe [544768 2008-03-07] (Acer Incorporated) HKLM\...\Run: [eDataSecurity Loader] => C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [526896 2008-03-04] (Egis Incorporated) HKLM\...\Run: [ePower_DMC] => C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe [397312 2008-04-30] (Acer Inc.) HKLM\...\Run: [ArcadeDeluxeAgent] => C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [147456 2008-04-10] (CyberLink Corp.) HKLM\...\Run: [CLMLServer] => C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe [167936 2008-04-10] (CyberLink) HKLM\...\Run: [PlayMovie] => C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe [167936 2008-04-18] (Acer Corp.) HKLM\...\Run: [WarReg_PopUp] => C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe [303104 2008-01-29] (Acer Incorporated) HKLM\...\Run: [WinampAgent] => D:\programy\winamp\winampa.exe [74752 2011-07-11] (Nullsoft, Inc.) HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdSync.exe [215552 2008-01-21] (Microsoft Corporation) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.) HKU\S-1-5-19\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1233920 2008-01-21] (Microsoft Corporation) HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1233920 2008-01-21] (Microsoft Corporation) HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-21-1051359795-92314991-2884734444-1000\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\sidebar.exe [1233920 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-1051359795-92314991-2884734444-1000\...\Run: [uTorrent] => C:\Program Files\uTorrent\uTorrent.exe [319280 2011-11-09] (BitTorrent, Inc.) HKU\S-1-5-21-1051359795-92314991-2884734444-1000\...\Run: [Sony Ericsson PC Companion] => C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe [772096 2009-06-18] (Sony Ericsson Mobile Communications AB) HKU\S-1-5-21-1051359795-92314991-2884734444-1000\...\Run: [ALLUpdate] => D:\programy\ALLPlayer\ALLUpdate.exe [2995712 2013-01-23] (ALLPlayer Group Ltd.) HKU\S-1-5-21-1051359795-92314991-2884734444-1000\...\Run: [Facebook Update] => C:\Users\Mateusz\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-02-06] (Facebook Inc.) HKU\S-1-5-21-1051359795-92314991-2884734444-1000\...\Run: [Galileo] => C:\Users\Mateusz\Desktop\Galileo\galileo.exe [94720 2012-04-18] () HKU\S-1-5-21-1051359795-92314991-2884734444-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-1051359795-92314991-2884734444-1000\...\MountPoints2: G - G:\AutoRun.exe HKU\S-1-5-21-1051359795-92314991-2884734444-1000\...\MountPoints2: {0005b0ea-0b66-11e1-84ce-001d72ca09a1} - F:\Startme.exe HKU\S-1-5-21-1051359795-92314991-2884734444-1000\...\MountPoints2: {85ef1711-69f5-11e1-8117-001d72ca09a1} - F:\autorun.exe HKU\S-1-5-21-1051359795-92314991-2884734444-1000\...\MountPoints2: {d981b24c-e4d3-11e2-82a9-001d72ca09a1} - G:\AutoRun.exe HKU\S-1-5-21-1051359795-92314991-2884734444-1000\...\MountPoints2: {d981b25b-e4d3-11e2-82a9-001e101faa49} - G:\AutoRun.exe Startup: C:\Users\Mateusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk ShortcutTarget: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://pl.intl.acer.yahoo.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://pl.intl.acer.yahoo.com BHO: No Name - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll () BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.) BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: McAfee Phishing Filter - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll () BHO: ALLYouTubeDownloader - {61DB16C5-B733-43F4-872E-B20DC9E72740} - C:\Program Files\ALLYouTubeDownloader\ALLYouTubeDownloader.dll (ALLCinema Ltd.) BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.) BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis) BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: IplexToALLPlayer - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - D:\programy\ALLPlayer\Iplex\IplexToALLPlayer.dll (ALLCinema Ltd.) Toolbar: HKLM - McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll () Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) Handler: ms-help - No CLSID Value - Handler: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll () Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Mateusz\AppData\Roaming\Mozilla\Firefox\Profiles\wc2katom.default FF user.js: detected! => C:\Users\Mateusz\AppData\Roaming\Mozilla\Firefox\Profiles\wc2katom.default\user.js FF DefaultSearchEngine: Facemoods Search FF SelectedSearchEngine: Facemoods Search FF Homepage: hxxp://www.google.pl/ FF Keyword.URL: hxxp://mystart.incredimail.com/mb68/?loc=ff_address_bar&u=92823368497462057&search= FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Mateusz\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF SearchPlugin: C:\Users\Mateusz\AppData\Roaming\Mozilla\Firefox\Profiles\wc2katom.default\searchplugins\MyStart Search.xml FF Extension: Babylon - C:\Users\Mateusz\AppData\Roaming\Mozilla\Firefox\Profiles\wc2katom.default\Extensions\ffxtlbr@babylon.com [2012-01-03] FF Extension: IncrediMail MediaBar 2 - C:\Users\Mateusz\AppData\Roaming\Mozilla\Firefox\Profiles\wc2katom.default\Extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} [2014-04-02] FF Extension: DealPly - C:\Users\Mateusz\AppData\Roaming\Mozilla\Firefox\Profiles\wc2katom.default\Extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} [2011-11-21] FF Extension: Iplex to ALLPlayer - C:\Users\Mateusz\AppData\Roaming\Mozilla\Firefox\Profiles\wc2katom.default\Extensions\IplextoALL@ALLPlayer.org.xpi [2013-01-28] FF Extension: ALLYouTubeDownloader - C:\Users\Mateusz\AppData\Roaming\Mozilla\Firefox\Profiles\wc2katom.default\Extensions\YouTubetoALL@ALLPlayer.org.xpi [2013-03-02] FF Extension: Microsoft .NET Framework Assistant - C:\Users\Mateusz\AppData\Roaming\Mozilla\Firefox\Profiles\wc2katom.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2012-02-14] FF Extension: FindRight - C:\Users\Mateusz\AppData\Roaming\Mozilla\Firefox\Profiles\wc2katom.default\Extensions\{42e50651-9669-456e-9081-d5a836274274}.xpi [2014-02-21] FF Extension: Adblock Plus - C:\Users\Mateusz\AppData\Roaming\Mozilla\Firefox\Profiles\wc2katom.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-16] FF StartMenuInternet: FIREFOX.EXE - D:\programy\mozilla\firefox.exe Chrome: ======= CHR HomePage: hxxp://www.google.com/ CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\34.0.1847.116\pdf.dll () CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\34.0.1847.116\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File CHR Plugin: (Java(TM) Platform SE 6 U29) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File CHR Plugin: (2007 Microsoft Office system) - D:\programy\mozilla\plugins\NPOFF12.DLL (Microsoft Corporation) CHR Plugin: (Winamp Application Detector) - D:\programy\mozilla\plugins\npwachk.dll (Nullsoft, Inc.) CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Extension: (McAfee Security Scan+) - C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh [2014-03-01] CHR Extension: (Skype Click to Call) - C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-01-19] CHR Extension: (Google Wallet) - C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-08] CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-10-02] ========================== Services (Whitelisted) ================= R2 CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [81504 2008-01-16] () R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-03-21] () R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [271712 2011-03-14] () S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [235696 2014-01-16] (McAfee, Inc.) R2 mcmscsvc; C:\Program Files\McAfee\MSC\mcmscsvc.exe [749904 2007-08-04] (McAfee, Inc.) R2 McNASvc; C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe [2376992 2008-03-20] (McAfee, Inc.) S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [378184 2007-07-25] (McAfee, Inc.) R2 McProxy; C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe [359248 2007-08-15] (McAfee, Inc.) R2 McShield; C:\Program Files\McAfee\VirusScan\Mcshield.exe [144704 2007-07-24] (McAfee, Inc.) S4 McSysmon; C:\Program Files\McAfee\VirusScan\mcsysmon.exe [695624 2007-07-25] (McAfee, Inc.) S2 Mobile Partner. RunOuc; C:\Program Files\Mobile Partner\UpdateDog\ouc.exe [246112 2013-07-04] () R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-12-06] () S3 MozillaMaintenance; C:\Program Files\Mozilla Maintenance Service\maintenanceservice_tmp.exe [119408 2014-03-19] (Mozilla Foundation) R2 MpfService; C:\Program Files\McAfee\MPF\MPFSrv.exe [856864 2007-07-18] (McAfee, Inc.) R2 MSK80Service; C:\Program Files\McAfee\MSK\MskSrver.exe [23880 2007-08-24] (McAfee, Inc.) R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-04] () R2 RichVideo; C:\Program Files\Cyberlink\Shared files\RichVideo.exe [272024 2007-01-09] () R2 RS_Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [233472 2008-01-10] (Acer Incorporated) R2 SiteAdvisor Service; C:\Program Files\SiteAdvisor\6172\SAService.exe [341280 2008-05-13] () R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.) R2 TuneUp.UtilitiesSvc; C:\Program Files\AVG PC TuneUp 2014\TuneUpUtilitiesService32.exe [1739064 2013-10-12] (AVG) ==================== Drivers (Whitelisted) ==================== R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [79304 2007-07-24] (McAfee, Inc.) R3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [35240 2007-07-21] (McAfee, Inc.) R1 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [201288 2007-07-21] (McAfee, Inc.) S3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [33800 2007-07-24] (McAfee, Inc.) S3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [40488 2007-07-21] (McAfee, Inc.) R1 MPFP; C:\Windows\System32\Drivers\Mpfp.sys [125728 2007-07-13] (McAfee, Inc.) S3 s1018obex; C:\Windows\System32\DRIVERS\s1018obex.sys [104744 2009-03-25] (MCCI Corporation) R3 TuneUpUtilitiesDrv; C:\Program Files\AVG PC TuneUp 2014\TuneUpUtilitiesDriver32.sys [12320 2013-09-18] (TuneUp Software) R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [61424 2008-04-18] (Cyberlink Corp.) S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] U3 pxrdafoc; \??\C:\Users\Mateusz\AppData\Local\Temp\pxrdafoc.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-15 02:11 - 2014-04-15 02:06 - 00006509 _____ () C:\Users\Mateusz\Desktop\fixlist.txt 2014-04-15 00:24 - 2014-04-15 00:20 - 04139360 _____ (Kaspersky Lab ZAO) C:\Users\Mateusz\Desktop\tdsskiller.exe 2014-04-14 23:33 - 2014-04-14 23:39 - 00137916 _____ () C:\Users\Mateusz\Desktop\gmer.txt 2014-04-14 22:44 - 2014-04-14 22:44 - 00056040 _____ () C:\Users\Mateusz\Desktop\Extras.Txt 2014-04-14 22:39 - 2014-04-14 22:39 - 00194232 _____ () C:\Users\Mateusz\Desktop\OTL.Txt 2014-04-14 21:51 - 2014-04-14 21:51 - 00079287 _____ () C:\Users\Mateusz\Desktop\Shortcut.txt 2014-04-14 21:48 - 2014-04-14 21:51 - 00044566 _____ () C:\Users\Mateusz\Desktop\Addition.txt 2014-04-14 21:44 - 2014-04-15 06:10 - 00023086 _____ () C:\Users\Mateusz\Desktop\FRST.txt 2014-04-14 21:43 - 2014-04-15 02:12 - 00000000 ____D () C:\FRST 2014-04-14 21:41 - 2014-04-14 21:39 - 01042944 _____ (Farbar) C:\Users\Mateusz\Desktop\FRST.exe 2014-04-14 21:41 - 2014-04-14 21:39 - 00602112 _____ (OldTimer Tools) C:\Users\Mateusz\Desktop\OTL.exe 2014-04-14 21:41 - 2014-04-14 21:39 - 00380416 _____ () C:\Users\Mateusz\Desktop\tspx2j2j.exe 2014-04-13 18:58 - 2014-04-13 18:58 - 00000356 _____ () C:\Users\Mateusz\Desktop\NATALA — skrót.lnk 2014-04-13 14:28 - 2014-04-13 14:28 - 00000000 __SHD () C:\found.000 2014-04-07 22:04 - 2014-04-07 22:04 - 00139016 _____ () C:\Windows\Minidump\Mini040714-01.dmp 2014-04-04 20:06 - 2014-04-04 20:06 - 00001854 _____ () C:\Users\Public\Desktop\AVG Konserwacja 1 kliknięciem.lnk 2014-04-04 20:06 - 2014-04-04 20:06 - 00001840 _____ () C:\Users\Public\Desktop\AVG PC TuneUp 2014.lnk 2014-04-04 20:06 - 2014-04-04 20:06 - 00000000 ____D () C:\Users\Mateusz\AppData\Roaming\AVG 2014-04-04 20:06 - 2013-10-12 02:00 - 00036152 _____ (AVG) C:\Windows\system32\TURegOpt.exe 2014-04-04 20:06 - 2013-10-12 02:00 - 00025400 _____ (AVG) C:\Windows\system32\authuitu.dll 2014-04-04 20:04 - 2014-04-04 20:06 - 00000000 ____D () C:\Program Files\AVG PC TuneUp 2014 2014-04-04 20:03 - 2014-04-04 21:38 - 00000000 ____D () C:\ProgramData\AVG 2014-04-04 20:02 - 2014-04-04 20:02 - 00000000 __SHD () C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} 2014-04-04 19:57 - 2014-04-04 19:57 - 00000832 _____ () C:\Users\Mateusz\Desktop\PhotoScape.lnk 2014-03-19 16:07 - 2014-03-19 16:07 - 00000000 ____D () C:\ProgramData\Mozilla 2014-03-17 17:49 - 2014-03-17 17:49 - 00000000 ____D () C:\Users\Mateusz\AppData\Local\Skype 2014-03-17 17:48 - 2014-04-14 11:33 - 00002379 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-03-17 17:48 - 2014-03-17 17:48 - 00000000 ____D () C:\Program Files\Common Files\Skype 2014-03-17 17:47 - 2014-03-17 17:47 - 01678496 _____ (Skype Technologies S.A.) C:\Users\Mateusz\Downloads\SkypeSetup.exe ==================== One Month Modified Files and Folders ======= 2014-04-15 06:10 - 2014-04-14 21:44 - 00023086 _____ () C:\Users\Mateusz\Desktop\FRST.txt 2014-04-15 06:07 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-15 06:07 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-15 06:05 - 2011-11-09 19:09 - 00000000 ____D () C:\Users\Mateusz\AppData\Roaming\uTorrent 2014-04-15 06:05 - 2011-09-30 14:40 - 00146187 _____ () C:\ProgramData\nvModes.001 2014-04-15 06:05 - 2011-09-30 14:38 - 00146187 _____ () C:\ProgramData\nvModes.dat 2014-04-15 04:04 - 2013-02-06 19:48 - 00000936 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1051359795-92314991-2884734444-1000UA.job 2014-04-15 04:02 - 2012-10-13 14:30 - 00000930 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-04-15 04:01 - 2011-12-28 18:41 - 00001038 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-04-15 02:13 - 2011-11-23 10:49 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-04-15 02:12 - 2014-04-14 21:43 - 00000000 ____D () C:\FRST 2014-04-15 02:06 - 2014-04-15 02:11 - 00006509 _____ () C:\Users\Mateusz\Desktop\fixlist.txt 2014-04-15 01:35 - 2011-09-30 14:44 - 00089088 _____ () C:\Users\Mateusz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-04-15 01:00 - 2008-05-13 00:10 - 00000362 _____ () C:\Windows\Tasks\McDefragTask.job 2014-04-15 00:27 - 2011-09-30 14:51 - 00000000 _____ () C:\Windows\system32\LogConfigTemp.xml 2014-04-15 00:26 - 2011-12-28 18:41 - 00001034 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-04-15 00:26 - 2008-05-13 00:30 - 00000147 _____ () C:\Windows\system32\agent.log 2014-04-15 00:26 - 2008-01-21 04:47 - 14649008 _____ () C:\Windows\PFRO.log 2014-04-15 00:26 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-15 00:25 - 2008-05-13 00:11 - 00026624 _____ () C:\Windows\system32\Config.MPF 2014-04-15 00:25 - 2006-11-02 15:01 - 00032576 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-04-15 00:20 - 2014-04-15 00:24 - 04139360 _____ (Kaspersky Lab ZAO) C:\Users\Mateusz\Desktop\tdsskiller.exe 2014-04-14 23:39 - 2014-04-14 23:33 - 00137916 _____ () C:\Users\Mateusz\Desktop\gmer.txt 2014-04-14 22:44 - 2014-04-14 22:44 - 00056040 _____ () C:\Users\Mateusz\Desktop\Extras.Txt 2014-04-14 22:39 - 2014-04-14 22:39 - 00194232 _____ () C:\Users\Mateusz\Desktop\OTL.Txt 2014-04-14 21:51 - 2014-04-14 21:51 - 00079287 _____ () C:\Users\Mateusz\Desktop\Shortcut.txt 2014-04-14 21:51 - 2014-04-14 21:48 - 00044566 _____ () C:\Users\Mateusz\Desktop\Addition.txt 2014-04-14 21:42 - 2008-05-13 09:59 - 00665460 _____ () C:\Windows\system32\perfh015.dat 2014-04-14 21:42 - 2008-05-13 09:59 - 00128164 _____ () C:\Windows\system32\perfc015.dat 2014-04-14 21:42 - 2006-11-02 12:33 - 01477720 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-14 21:41 - 2006-11-02 14:52 - 00145035 _____ () C:\Windows\setupact.log 2014-04-14 21:39 - 2014-04-14 21:41 - 01042944 _____ (Farbar) C:\Users\Mateusz\Desktop\FRST.exe 2014-04-14 21:39 - 2014-04-14 21:41 - 00602112 _____ (OldTimer Tools) C:\Users\Mateusz\Desktop\OTL.exe 2014-04-14 21:39 - 2014-04-14 21:41 - 00380416 _____ () C:\Users\Mateusz\Desktop\tspx2j2j.exe 2014-04-14 21:13 - 2011-09-30 14:28 - 01367680 _____ () C:\Windows\WindowsUpdate.log 2014-04-14 20:20 - 2006-11-02 12:23 - 00000321 _____ () C:\Windows\win.ini 2014-04-14 19:44 - 2014-01-17 19:40 - 00000000 ____D () C:\Users\Mateusz\AppData\Local\Mobogenie 2014-04-14 19:04 - 2013-02-06 19:48 - 00000914 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1051359795-92314991-2884734444-1000Core.job 2014-04-14 18:56 - 2008-05-13 00:09 - 00000000 ____D () C:\Program Files\McAfee 2014-04-14 18:40 - 2011-09-30 19:21 - 00000000 ____D () C:\Users\Mateusz\AppData\Roaming\winamp 2014-04-14 11:50 - 2012-11-11 13:28 - 00000000 ____D () C:\Users\Mateusz\AppData\Roaming\Skype 2014-04-14 11:33 - 2014-03-17 17:48 - 00002379 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-04-13 18:58 - 2014-04-13 18:58 - 00000356 _____ () C:\Users\Mateusz\Desktop\NATALA — skrót.lnk 2014-04-13 14:28 - 2014-04-13 14:28 - 00000000 __SHD () C:\found.000 2014-04-10 20:46 - 2012-12-28 21:38 - 00000000 ____D () C:\Users\Mateusz\Desktop\NATALA 2014-04-10 20:14 - 2011-12-28 18:48 - 00001981 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-04-07 22:04 - 2014-04-07 22:04 - 00139016 _____ () C:\Windows\Minidump\Mini040714-01.dmp 2014-04-07 22:04 - 2013-03-22 15:11 - 00000000 ____D () C:\Windows\Minidump 2014-04-07 22:03 - 2013-03-22 15:11 - 242691169 _____ () C:\Windows\MEMORY.DMP 2014-04-07 04:25 - 2012-02-17 09:16 - 00000680 _____ () C:\Users\Mateusz\AppData\Local\d3d9caps.dat 2014-04-04 21:38 - 2014-04-04 20:03 - 00000000 ____D () C:\ProgramData\AVG 2014-04-04 20:06 - 2014-04-04 20:06 - 00001854 _____ () C:\Users\Public\Desktop\AVG Konserwacja 1 kliknięciem.lnk 2014-04-04 20:06 - 2014-04-04 20:06 - 00001840 _____ () C:\Users\Public\Desktop\AVG PC TuneUp 2014.lnk 2014-04-04 20:06 - 2014-04-04 20:06 - 00000000 ____D () C:\Users\Mateusz\AppData\Roaming\AVG 2014-04-04 20:06 - 2014-04-04 20:04 - 00000000 ____D () C:\Program Files\AVG PC TuneUp 2014 2014-04-04 20:02 - 2014-04-04 20:02 - 00000000 __SHD () C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} 2014-04-04 19:59 - 2014-01-17 22:02 - 00007168 ____H () C:\Users\Mateusz\Desktop\photothumb.db 2014-04-04 19:58 - 2014-01-17 19:40 - 00000000 ____D () C:\Program Files\PhotoScape 2014-04-04 19:57 - 2014-04-04 19:57 - 00000832 _____ () C:\Users\Mateusz\Desktop\PhotoScape.lnk 2014-04-04 19:38 - 2014-01-17 19:38 - 00000000 ____D () C:\Program Files\Mobogenie 2014-04-03 22:43 - 2014-02-23 13:45 - 00000000 ____D () C:\Program Files\FindRight 2014-03-29 11:31 - 2013-12-22 11:16 - 00000142 _____ () C:\Users\Mateusz\AppData\Roaming\WB.CFG 2014-03-29 10:32 - 2011-09-30 14:47 - 00000000 ____D () C:\Program Files\Launch Manager 2014-03-19 16:07 - 2014-03-19 16:07 - 00000000 ____D () C:\ProgramData\Mozilla 2014-03-19 16:07 - 2014-02-14 20:06 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-03-17 17:49 - 2014-03-17 17:49 - 00000000 ____D () C:\Users\Mateusz\AppData\Local\Skype 2014-03-17 17:48 - 2014-03-17 17:48 - 00000000 ____D () C:\Program Files\Common Files\Skype 2014-03-17 17:48 - 2012-11-11 13:28 - 00000000 ___RD () C:\Program Files\Skype 2014-03-17 17:48 - 2012-11-11 13:27 - 00000000 ____D () C:\ProgramData\Skype 2014-03-17 17:47 - 2014-03-17 17:47 - 01678496 _____ (Skype Technologies S.A.) C:\Users\Mateusz\Downloads\SkypeSetup.exe Some content of TEMP: ==================== C:\Users\Mateusz\AppData\Local\Temp\AcDeltree.exe C:\Users\Mateusz\AppData\Local\Temp\AVG.exe C:\Users\Mateusz\AppData\Local\Temp\contentDATs.exe C:\Users\Mateusz\AppData\Local\Temp\drm_dialogs.dll C:\Users\Mateusz\AppData\Local\Temp\DSSExp.exe C:\Users\Mateusz\AppData\Local\Temp\FP_PL_PFS_INSTALLER-1.exe C:\Users\Mateusz\AppData\Local\Temp\FP_PL_PFS_INSTALLER.exe C:\Users\Mateusz\AppData\Local\Temp\gcapi_dll.dll C:\Users\Mateusz\AppData\Local\Temp\gdapi.dll C:\Users\Mateusz\AppData\Local\Temp\GenericWndApi.dll C:\Users\Mateusz\AppData\Local\Temp\GLF7AA4.tmp.ConduitEngineSetup.exe C:\Users\Mateusz\AppData\Local\Temp\GoogleSetup.exe C:\Users\Mateusz\AppData\Local\Temp\gtapi_signed.dll C:\Users\Mateusz\AppData\Local\Temp\GTGCAPI.exe C:\Users\Mateusz\AppData\Local\Temp\ICReinstall_FLVPlayerSetup.exe C:\Users\Mateusz\AppData\Local\Temp\IncrediMail_MediaBar_2.exe C:\Users\Mateusz\AppData\Local\Temp\install_flashplayer11x32_mssa_aih.exe C:\Users\Mateusz\AppData\Local\Temp\jre-6u34-windows-i586-iftw.exe C:\Users\Mateusz\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe C:\Users\Mateusz\AppData\Local\Temp\libcurl-4.dll C:\Users\Mateusz\AppData\Local\Temp\minerd.exe C:\Users\Mateusz\AppData\Local\Temp\msi15631.exe C:\Users\Mateusz\AppData\Local\Temp\msi27596.exe C:\Users\Mateusz\AppData\Local\Temp\msi28416.exe C:\Users\Mateusz\AppData\Local\Temp\msi31777.exe C:\Users\Mateusz\AppData\Local\Temp\msvcr90.dll C:\Users\Mateusz\AppData\Local\Temp\ose00000.exe C:\Users\Mateusz\AppData\Local\Temp\pthreadGC2.dll C:\Users\Mateusz\AppData\Local\Temp\RtkBtMnt.exe C:\Users\Mateusz\AppData\Local\Temp\SecurityScan_Release.exe C:\Users\Mateusz\AppData\Local\Temp\SkypeSetup.exe C:\Users\Mateusz\AppData\Local\Temp\t.dll C:\Users\Mateusz\AppData\Local\Temp\UNINSTALL.EXE C:\Users\Mateusz\AppData\Local\Temp\update_4060275.exe C:\Users\Mateusz\AppData\Local\Temp\ycomp_setup.exe C:\Users\Mateusz\AppData\Local\Temp\{282DB74E-0C55-4C0D-A5E7-903FF2D106B3}-chrome_updater.exe C:\Users\Mateusz\AppData\Local\Temp\{36D761B6-6716-4A17-8F2E-8B64C44E3430}-28.0.1500.52_chrome_installer.exe C:\Users\Mateusz\AppData\Local\Temp\{497E3823-CDEC-4950-9F2B-AE68E57D79A0}-GoogleEarth-Win-Bundle-7.1.1.1888.exe C:\Users\Mateusz\AppData\Local\Temp\{CA85DCEC-B901-436A-873B-AE17D0912F50}-32.0.1700.107_chrome_installer.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-15 00:32 ==================== End Of Log ============================