Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-05-2014 Ran by agusia (administrator) on AGUSIA-HP on 14-05-2014 19:41:22 Running from C:\Users\agusia\Downloads Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Polish Internet Explorer Version 9 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (HP) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe (EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe () C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\consent.exe (HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe (HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (OldTimer Tools) C:\Users\agusia\Downloads\OTL (1).exe (Farbar) C:\Users\agusia\Downloads\FRST64 (1).exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2011-06-10] (Synaptics Incorporated) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1424896 2011-09-08] (IDT, Inc.) HKLM\...\Run: [SetDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [43320 2011-09-30] (Hewlett-Packard Development Company, L.P.) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1281512 2013-01-27] (Microsoft Corporation) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-09-25] (Adobe Systems Incorporated) HKLM-x32\...\Run: [HPQuickWebProxy] => C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [169528 2011-10-08] (Hewlett-Packard Company) HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [574008 2011-07-11] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated) HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-09-15] (EasyBits Software AS) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2237328 2013-11-05] (Adobe Systems Incorporated) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKLM-x32\...\Run: [fst_pl_31] => [X] Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 HKU\S-1-5-21-2927037778-1233708203-2928765012-1000\...\Run: [uTorrent] => C:\Users\agusia\AppData\Roaming\uTorrent\uTorrent.exe [1270352 2014-04-29] (BitTorrent Inc.) HKU\S-1-5-21-2927037778-1233708203-2928765012-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd) HKU\S-1-5-21-2927037778-1233708203-2928765012-1000\...\MountPoints2: {f4a19b42-81a7-11e3-a81f-ec9a743f342e} - G:\setup.exe AppInit_DLLs-x32: c:\progra~2\optimi~1\optpro~1.dll => "c:\progra~2\optimi~1\optpro~1.dll" File Not Found GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== ProxyServer: 199.191.120.205:46760 StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKLM - {ACE05FB9-18E8-48AC-A0EC-2D474C167A90} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 - {ACE05FB9-18E8-48AC-A0EC-2D474C167A90} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKCU - {ACE05FB9-18E8-48AC-A0EC-2D474C167A90} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} BHO: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP) BHO-x32: Pomocnik logowania za pomocą identyfikatora Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2011-10-21] (EasyBits Software Corp.) Tcpip\Parameters: [DhcpNameServer] 168.95.1.1 Tcpip\..\Interfaces\{55995D4A-2E53-4795-BAC5-0F1402EA566A}: [NameServer]8.8.8.8,8.8.4.4 FireFox: ======== FF ProfilePath: C:\Users\agusia\AppData\Roaming\Mozilla\Firefox\Profiles\arxobzob.default-1392448114656 FF user.js: detected! => C:\Users\agusia\AppData\Roaming\Mozilla\Firefox\Profiles\arxobzob.default-1392448114656\user.js FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems) FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\agusia\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\agusia\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Extension: Widget context - C:\Users\agusia\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{140A2D0E-85CC-4ed3-9BA5-8FA35DA7FABA}.xpi [2014-04-05] FF Extension: iMacros for Firefox - C:\Users\agusia\AppData\Roaming\Mozilla\Firefox\Profiles\arxobzob.default-1392448114656\Extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [2014-03-05] FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com [2014-04-08] Chrome: ======= CHR HomePage: hxxp://mysearch.avg.com/?cid={793D217C-F454-49F6-8494-EA81DEA07253}&mid=a766980ef71147d0aac2a113f034d415-e37a1320561a2da1ae077a7def2cf969e71cc59b&lang=pl/finishurl=hxxp://toolbar.avg.com/p-install?lang=pl&ds=ht011&pr=sa&d=2013-09-23 11:06:18&v=15.4.0.5&pid=safeguard&sg=0&sap=hp CHR StartupUrls: "hxxp://mysearch.avg.com/?cid={793D217C-F454-49F6-8494-EA81DEA07253}&mid=a766980ef71147d0aac2a113f034d415-e37a1320561a2da1ae077a7def2cf969e71cc59b&lang=pl/finishurl=hxxp://toolbar.avg.com/p-install?lang=pl&ds=ht011&pr=sa&d=2013-09-23 11:06:18&v=15.4.0.5&pid=safeguard&sg=0&sap=hp", "hxxp://start.qone8.com/?type=hp&ts=1382720512&from=cor&uid=ST9500423AS_6WR0H5QA", "hxxp://start.qone8.com/?type=hp&ts=1397030119&from=tt4u&uid=ST9500423AS_6WR0H5QA" CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\agusia\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) CHR Extension: (AdBlock) - C:\Users\agusia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-04-09] CHR Extension: (Google Wallet) - C:\Users\agusia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-19] CHR HKLM-x32\...\Chrome\Extension: [bfmogjcijkfeahcajecmmegieipfbdcc] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx [2011-08-18] ==================== Services (Whitelisted) ================= S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [402192 2014-01-20] (BlueStack Systems, Inc.) R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2014-01-20] (BlueStack Systems, Inc.) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [115472 2014-01-20] (BlueStack Systems) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-01-20] (Disc Soft Ltd) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation) S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [158024 2013-05-02] (MCCI Corporation) R1 wStLibG64; C:\Windows\System32\drivers\wStLibG64.sys [61112 2014-04-09] (StdLib) S2 SPDRIVER_1.35.1.155; \??\C:\Program Files (x86)\ShopperPro\JSDriver\1.35.1.155\jsdrv.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-14 19:40 - 2014-05-14 19:40 - 02066944 _____ (Farbar) C:\Users\agusia\Downloads\FRST64 (1).exe 2014-05-14 19:39 - 2014-05-14 19:39 - 01056256 _____ (Farbar) C:\Users\agusia\Downloads\FRST.exe 2014-05-14 19:38 - 2014-05-14 19:38 - 00602112 _____ (OldTimer Tools) C:\Users\agusia\Downloads\OTL (1).exe 2014-05-13 15:57 - 2014-05-13 15:57 - 00047240 _____ () C:\Users\agusia\Downloads\piorun.wav 2014-05-10 17:31 - 2014-05-10 17:31 - 02856346 _____ () C:\Users\agusia\Downloads\Pulpit (2).rar 2014-05-07 21:03 - 2014-05-07 21:03 - 00001902 _____ () C:\Users\agusia\Downloads\codperk_sandalymurzyna.amxx 2014-05-07 21:03 - 2014-05-07 21:03 - 00000650 _____ () C:\Users\agusia\Downloads\codperk_sandalymurzyna.sma 2014-05-07 21:03 - 2014-05-07 21:03 - 00000020 _____ () C:\Users\agusia\Desktop\Nowy Archiwum WinRARa.rar 2014-05-07 12:40 - 2014-05-07 12:41 - 09072065 _____ () C:\Users\agusia\Downloads\orizon_30.rar 2014-05-07 11:51 - 2014-05-07 11:54 - 09319394 _____ () C:\Users\agusia\Downloads\orizon_30.zip 2014-05-06 21:41 - 2014-05-06 21:41 - 00021178 _____ () C:\Users\agusia\AppData\Local\recently-used.xbel 2014-05-03 21:56 - 2014-05-03 21:56 - 00056225 _____ () C:\Users\agusia\Desktop\28684.jpeg 2014-05-02 12:06 - 2014-05-02 12:06 - 00000375 _____ () C:\Windows\system32\Drivers\etc\hosts.ics 2014-05-01 21:31 - 2014-05-01 21:32 - 03125743 _____ () C:\Users\agusia\Downloads\Lucky Patcher v4.1.4.apk 2014-05-01 21:30 - 2014-05-01 21:34 - 88155868 _____ () C:\Users\agusia\Downloads\W2Av4Obb.zip 2014-05-01 21:27 - 2014-05-01 21:27 - 10837985 _____ () C:\Users\agusia\Downloads\W2Av1.4.0.apk 2014-05-01 18:22 - 2014-05-01 18:22 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf 2014-05-01 08:09 - 2014-05-01 08:10 - 00895483 _____ () C:\Users\agusia\Downloads\screenshots.rar 2014-04-30 15:30 - 2014-04-30 15:30 - 00000000 ____D () C:\Users\agusia\AppData\Local\{2DA61438-2E0A-45A2-898E-DBC18C733A8C} 2014-04-30 08:13 - 2014-04-30 08:16 - 00003966 _____ () C:\Users\agusia\Desktop\hay day.txt 2014-04-29 19:57 - 2014-04-29 19:57 - 01570060 _____ () C:\Users\agusia\Downloads\de_dust2014_r2_2.rar 2014-04-29 16:36 - 2014-04-29 16:37 - 11844672 _____ () C:\Users\agusia\Downloads\de_shopping.zip 2014-04-29 10:16 - 2014-04-29 10:16 - 00000000 _____ () C:\Users\agusia\Desktop\Nowy dokument tekstowy (2).txt 2014-04-29 09:04 - 2014-04-29 09:04 - 00801279 _____ () C:\Users\agusia\Downloads\trasher.zip 2014-04-29 07:07 - 2014-04-29 07:07 - 03171767 _____ () C:\Users\agusia\Downloads\Brave Frontier Hack.rar 2014-04-29 07:07 - 2014-04-29 07:07 - 03171767 _____ () C:\Users\agusia\Downloads\Brave Frontier Hack (1).rar 2014-04-27 23:44 - 2014-04-27 23:44 - 00114127 _____ () C:\Users\agusia\Downloads\Dragonvale TRICHE ILLIMITÉ GEMMES ET PIÈCES – DRAGONVALE HACK.rar 2014-04-27 14:34 - 2014-04-27 14:34 - 04091685 _____ () C:\Users\agusia\Downloads\Pulpit (1).rar 2014-04-27 13:55 - 2014-04-27 13:55 - 01969945 _____ () C:\Users\agusia\Downloads\ddddd.rar 2014-04-27 12:32 - 2014-04-27 12:32 - 01140045 _____ () C:\Users\agusia\Downloads\Soldiers Inc Hack Tool v2.4 By GamesHuntters.rar 2014-04-26 21:55 - 2014-04-26 21:56 - 00361329 _____ () C:\Users\agusia\Downloads\arras-theme.1.4.2.zip 2014-04-26 12:01 - 2014-04-26 12:01 - 01040336 _____ () C:\Users\agusia\Downloads\cstrike (20).rar 2014-04-25 17:43 - 2014-04-25 17:43 - 00243979 _____ () C:\Users\agusia\Downloads\ar2.2.0-beta2-d57c18d.zip 2014-04-24 21:42 - 2014-04-24 21:42 - 00151256 _____ () C:\Users\agusia\Downloads\Flappy Bird Cheats Tool 2014 - HyperHacks.rar 2014-04-23 12:28 - 2014-04-23 12:28 - 00774317 _____ () C:\Users\agusia\Downloads\Generateur de Gemmes Clash Of Clans v1.2.rar 2014-04-23 10:19 - 2014-04-23 10:19 - 00955026 _____ () C:\Users\agusia\Downloads\ssy (3).rar 2014-04-22 22:21 - 2014-04-22 22:21 - 08497100 _____ () C:\Users\agusia\Downloads\SSy OnlySilence x2.rar 2014-04-22 20:07 - 2014-04-22 20:07 - 07157661 _____ () C:\Users\agusia\Downloads\15009.rar 2014-04-22 20:04 - 2014-04-22 20:04 - 00208347 _____ () C:\Users\agusia\Downloads\anticheat.cfg 2014-04-22 19:52 - 2014-04-22 19:52 - 03016550 _____ () C:\Users\agusia\Downloads\cstrike (19).rar 2014-04-22 16:29 - 2014-04-22 16:29 - 00263792 _____ () C:\Users\agusia\Downloads\de_dust20000.rar 2014-04-22 14:21 - 2014-04-22 14:21 - 00903969 _____ () C:\Users\agusia\Desktop\dust2.rar 2014-04-20 06:56 - 2014-04-20 06:57 - 02261011 _____ () C:\Users\agusia\Downloads\Desktop (4).rar 2014-04-19 21:58 - 2014-04-19 21:58 - 02261011 _____ () C:\Users\agusia\Downloads\Desktop (3).rar 2014-04-19 14:08 - 2014-04-19 14:09 - 05452994 _____ () C:\Users\agusia\Downloads\Dragon-Friends-Hack-Tool.rar 2014-04-18 17:42 - 2014-04-18 17:43 - 00480821 _____ () C:\Users\agusia\Downloads\Desktop (2).rar 2014-04-18 12:08 - 2014-04-18 12:08 - 00001516 _____ () C:\Users\agusia\Downloads\de_dust20001.zip 2014-04-16 12:11 - 2014-04-16 12:11 - 04273161 _____ () C:\Users\agusia\Downloads\Rambuś.rar 2014-04-15 11:56 - 2014-04-15 11:56 - 02248284 _____ () C:\Users\agusia\Downloads\cstrike_polish (4).rar 2014-04-14 20:51 - 2014-04-14 20:52 - 00000096 _____ () C:\Users\agusia\Downloads\computer_gender.vbs 2014-04-14 11:39 - 2014-04-14 11:39 - 04270342 _____ () C:\Users\agusia\Downloads\Nowy folder (6).rar ==================== One Month Modified Files and Folders ======= 2014-05-14 19:41 - 2014-02-15 13:14 - 00018473 _____ () C:\Users\agusia\Downloads\FRST.txt 2014-05-14 19:41 - 2014-02-14 22:00 - 00000000 ____D () C:\FRST 2014-05-14 19:40 - 2014-05-14 19:40 - 02066944 _____ (Farbar) C:\Users\agusia\Downloads\FRST64 (1).exe 2014-05-14 19:39 - 2014-05-14 19:39 - 01056256 _____ (Farbar) C:\Users\agusia\Downloads\FRST.exe 2014-05-14 19:38 - 2014-05-14 19:38 - 00602112 _____ (OldTimer Tools) C:\Users\agusia\Downloads\OTL (1).exe 2014-05-14 19:15 - 2013-12-10 15:26 - 00000930 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-05-14 19:01 - 2012-12-17 16:25 - 00001048 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-05-14 18:40 - 2014-02-17 22:18 - 00000286 _____ () C:\Windows\Tasks\bench-Updater removing.job 2014-05-14 18:40 - 2011-12-12 01:31 - 01302892 _____ () C:\Windows\WindowsUpdate.log 2014-05-14 17:44 - 2011-10-21 20:26 - 00739218 _____ () C:\Windows\system32\perfh015.dat 2014-05-14 17:44 - 2011-10-21 20:26 - 00155296 _____ () C:\Windows\system32\perfc015.dat 2014-05-14 17:44 - 2009-07-14 07:13 - 01666076 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-05-14 17:43 - 2013-01-01 18:35 - 00000932 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2927037778-1233708203-2928765012-1000UA.job 2014-05-14 17:43 - 2013-01-01 18:35 - 00000910 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2927037778-1233708203-2928765012-1000Core.job 2014-05-14 16:29 - 2014-01-20 12:20 - 00000000 ____D () C:\Users\agusia\AppData\Roaming\uTorrent 2014-05-14 16:29 - 2013-02-17 16:15 - 00000000 ____D () C:\Users\agusia\AppData\Local\Adobe 2014-05-14 16:29 - 2012-12-17 16:25 - 00001044 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-05-14 16:21 - 2009-07-14 06:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-05-14 16:21 - 2009-07-14 06:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-05-14 16:14 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-05-14 16:14 - 2009-07-14 06:51 - 00100335 _____ () C:\Windows\setupact.log 2014-05-13 22:16 - 2013-12-10 15:26 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-05-13 22:16 - 2013-12-10 15:26 - 00003868 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-05-13 22:16 - 2011-10-21 11:00 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-05-13 16:53 - 2013-10-09 20:09 - 00003192 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForagusia 2014-05-13 16:53 - 2013-10-09 20:09 - 00000336 _____ () C:\Windows\Tasks\HPCeeScheduleForagusia.job 2014-05-13 15:57 - 2014-05-13 15:57 - 00047240 _____ () C:\Users\agusia\Downloads\piorun.wav 2014-05-13 10:14 - 2012-12-17 14:19 - 00003974 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{72F69AC9-5AD0-46CB-B469-2BAA73A78A21} 2014-05-11 16:19 - 2012-12-17 16:29 - 00000000 ____D () C:\Users\agusia\AppData\Roaming\GG 2014-05-10 17:31 - 2014-05-10 17:31 - 02856346 _____ () C:\Users\agusia\Downloads\Pulpit (2).rar 2014-05-10 07:56 - 2012-12-17 16:25 - 00004044 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-05-10 07:56 - 2012-12-17 16:25 - 00003792 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-05-09 08:18 - 2013-06-28 15:03 - 00000000 ____D () C:\Users\agusia\Documents\Visual Studio 2010 2014-05-09 07:58 - 2013-02-10 19:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive 2014-05-08 11:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-05-07 21:03 - 2014-05-07 21:03 - 00001902 _____ () C:\Users\agusia\Downloads\codperk_sandalymurzyna.amxx 2014-05-07 21:03 - 2014-05-07 21:03 - 00000650 _____ () C:\Users\agusia\Downloads\codperk_sandalymurzyna.sma 2014-05-07 21:03 - 2014-05-07 21:03 - 00000020 _____ () C:\Users\agusia\Desktop\Nowy Archiwum WinRARa.rar 2014-05-07 12:41 - 2014-05-07 12:40 - 09072065 _____ () C:\Users\agusia\Downloads\orizon_30.rar 2014-05-07 11:54 - 2014-05-07 11:51 - 09319394 _____ () C:\Users\agusia\Downloads\orizon_30.zip 2014-05-06 21:41 - 2014-05-06 21:41 - 00021178 _____ () C:\Users\agusia\AppData\Local\recently-used.xbel 2014-05-06 21:40 - 2013-08-07 10:35 - 00000000 ____D () C:\Users\agusia\.gimp-2.8 2014-05-03 21:56 - 2014-05-03 21:56 - 00056225 _____ () C:\Users\agusia\Desktop\28684.jpeg 2014-05-02 12:06 - 2014-05-02 12:06 - 00000375 _____ () C:\Windows\system32\Drivers\etc\hosts.ics 2014-05-01 21:34 - 2014-05-01 21:30 - 88155868 _____ () C:\Users\agusia\Downloads\W2Av4Obb.zip 2014-05-01 21:32 - 2014-05-01 21:31 - 03125743 _____ () C:\Users\agusia\Downloads\Lucky Patcher v4.1.4.apk 2014-05-01 21:27 - 2014-05-01 21:27 - 10837985 _____ () C:\Users\agusia\Downloads\W2Av1.4.0.apk 2014-05-01 18:22 - 2014-05-01 18:22 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf 2014-05-01 08:10 - 2014-05-01 08:09 - 00895483 _____ () C:\Users\agusia\Downloads\screenshots.rar 2014-04-30 15:30 - 2014-04-30 15:30 - 00000000 ____D () C:\Users\agusia\AppData\Local\{2DA61438-2E0A-45A2-898E-DBC18C733A8C} 2014-04-30 08:16 - 2014-04-30 08:13 - 00003966 _____ () C:\Users\agusia\Desktop\hay day.txt 2014-04-29 19:57 - 2014-04-29 19:57 - 01570060 _____ () C:\Users\agusia\Downloads\de_dust2014_r2_2.rar 2014-04-29 16:37 - 2014-04-29 16:36 - 11844672 _____ () C:\Users\agusia\Downloads\de_shopping.zip 2014-04-29 10:16 - 2014-04-29 10:16 - 00000000 _____ () C:\Users\agusia\Desktop\Nowy dokument tekstowy (2).txt 2014-04-29 09:04 - 2014-04-29 09:04 - 00801279 _____ () C:\Users\agusia\Downloads\trasher.zip 2014-04-29 07:07 - 2014-04-29 07:07 - 03171767 _____ () C:\Users\agusia\Downloads\Brave Frontier Hack.rar 2014-04-29 07:07 - 2014-04-29 07:07 - 03171767 _____ () C:\Users\agusia\Downloads\Brave Frontier Hack (1).rar 2014-04-27 23:44 - 2014-04-27 23:44 - 00114127 _____ () C:\Users\agusia\Downloads\Dragonvale TRICHE ILLIMITÉ GEMMES ET PIÈCES – DRAGONVALE HACK.rar 2014-04-27 14:34 - 2014-04-27 14:34 - 04091685 _____ () C:\Users\agusia\Downloads\Pulpit (1).rar 2014-04-27 13:55 - 2014-04-27 13:55 - 01969945 _____ () C:\Users\agusia\Downloads\ddddd.rar 2014-04-27 12:32 - 2014-04-27 12:32 - 01140045 _____ () C:\Users\agusia\Downloads\Soldiers Inc Hack Tool v2.4 By GamesHuntters.rar 2014-04-26 21:56 - 2014-04-26 21:55 - 00361329 _____ () C:\Users\agusia\Downloads\arras-theme.1.4.2.zip 2014-04-26 12:01 - 2014-04-26 12:01 - 01040336 _____ () C:\Users\agusia\Downloads\cstrike (20).rar 2014-04-25 17:43 - 2014-04-25 17:43 - 00243979 _____ () C:\Users\agusia\Downloads\ar2.2.0-beta2-d57c18d.zip 2014-04-24 21:42 - 2014-04-24 21:42 - 00151256 _____ () C:\Users\agusia\Downloads\Flappy Bird Cheats Tool 2014 - HyperHacks.rar 2014-04-23 18:37 - 2014-02-22 18:24 - 00000000 ____D () C:\Users\agusia\AppData\Local\Windows Live 2014-04-23 12:28 - 2014-04-23 12:28 - 00774317 _____ () C:\Users\agusia\Downloads\Generateur de Gemmes Clash Of Clans v1.2.rar 2014-04-23 10:19 - 2014-04-23 10:19 - 00955026 _____ () C:\Users\agusia\Downloads\ssy (3).rar 2014-04-22 22:21 - 2014-04-22 22:21 - 08497100 _____ () C:\Users\agusia\Downloads\SSy OnlySilence x2.rar 2014-04-22 20:07 - 2014-04-22 20:07 - 07157661 _____ () C:\Users\agusia\Downloads\15009.rar 2014-04-22 20:04 - 2014-04-22 20:04 - 00208347 _____ () C:\Users\agusia\Downloads\anticheat.cfg 2014-04-22 19:52 - 2014-04-22 19:52 - 03016550 _____ () C:\Users\agusia\Downloads\cstrike (19).rar 2014-04-22 16:29 - 2014-04-22 16:29 - 00263792 _____ () C:\Users\agusia\Downloads\de_dust20000.rar 2014-04-22 14:21 - 2014-04-22 14:21 - 00903969 _____ () C:\Users\agusia\Desktop\dust2.rar 2014-04-20 06:57 - 2014-04-20 06:56 - 02261011 _____ () C:\Users\agusia\Downloads\Desktop (4).rar 2014-04-19 21:58 - 2014-04-19 21:58 - 02261011 _____ () C:\Users\agusia\Downloads\Desktop (3).rar 2014-04-19 14:09 - 2014-04-19 14:08 - 05452994 _____ () C:\Users\agusia\Downloads\Dragon-Friends-Hack-Tool.rar 2014-04-18 17:43 - 2014-04-18 17:42 - 00480821 _____ () C:\Users\agusia\Downloads\Desktop (2).rar 2014-04-18 12:08 - 2014-04-18 12:08 - 00001516 _____ () C:\Users\agusia\Downloads\de_dust20001.zip 2014-04-16 12:11 - 2014-04-16 12:11 - 04273161 _____ () C:\Users\agusia\Downloads\Rambuś.rar 2014-04-15 11:56 - 2014-04-15 11:56 - 02248284 _____ () C:\Users\agusia\Downloads\cstrike_polish (4).rar 2014-04-14 20:52 - 2014-04-14 20:51 - 00000096 _____ () C:\Users\agusia\Downloads\computer_gender.vbs 2014-04-14 11:39 - 2014-04-14 11:39 - 04270342 _____ () C:\Users\agusia\Downloads\Nowy folder (6).rar Files to move or delete: ==================== C:\Users\agusia\AppData\Roaming\Camdata.ini C:\Users\agusia\AppData\Roaming\CamLayout.ini C:\Users\agusia\AppData\Roaming\CamShapes.ini Some content of TEMP: ==================== C:\Users\agusia\AppData\Local\Temp\adb.exe C:\Users\agusia\AppData\Local\Temp\AdbWinApi.dll C:\Users\agusia\AppData\Local\Temp\AdbWinUsbApi.dll C:\Users\agusia\AppData\Local\Temp\appshat_generic.exe C:\Users\agusia\AppData\Local\Temp\AutoItX3.dll C:\Users\agusia\AppData\Local\Temp\bitool.dll C:\Users\agusia\AppData\Local\Temp\cabex.dll C:\Users\agusia\AppData\Local\Temp\Creative Cloud Helper.exe C:\Users\agusia\AppData\Local\Temp\DeviceRooter.exe C:\Users\agusia\AppData\Local\Temp\DIFxAPI.dll C:\Users\agusia\AppData\Local\Temp\ews-setup.exe C:\Users\agusia\AppData\Local\Temp\Extract.exe C:\Users\agusia\AppData\Local\Temp\fp_pl_pfs_installer.exe C:\Users\agusia\AppData\Local\Temp\ggdrive-menu.exe C:\Users\agusia\AppData\Local\Temp\ggdrive-overlay.exe C:\Users\agusia\AppData\Local\Temp\GoogleSetup.exe C:\Users\agusia\AppData\Local\Temp\HPHelpUpdater.exe C:\Users\agusia\AppData\Local\Temp\installstats.exe C:\Users\agusia\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe C:\Users\agusia\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe C:\Users\agusia\AppData\Local\Temp\LiveSupport_setup.exe C:\Users\agusia\AppData\Local\Temp\LiveSupport_update.exe C:\Users\agusia\AppData\Local\Temp\Mobogenie_Setup_2.1.37_515.exe C:\Users\agusia\AppData\Local\Temp\OneClickRoot.exe C:\Users\agusia\AppData\Local\Temp\OptimizerPro.exe C:\Users\agusia\AppData\Local\Temp\Quarantine.exe C:\Users\agusia\AppData\Local\Temp\Resource.exe C:\Users\agusia\AppData\Local\Temp\setup.exe C:\Users\agusia\AppData\Local\Temp\setup_fst_pl.exe C:\Users\agusia\AppData\Local\Temp\Show-Password_1030-8102.exe C:\Users\agusia\AppData\Local\Temp\sp58915.exe C:\Users\agusia\AppData\Local\Temp\SP59202.exe C:\Users\agusia\AppData\Local\Temp\sp64126.exe C:\Users\agusia\AppData\Local\Temp\SpeedUpMyComputer.exe C:\Users\agusia\AppData\Local\Temp\unelevate.exe C:\Users\agusia\AppData\Local\Temp\uninst.exe C:\Users\agusia\AppData\Local\Temp\uninst1.exe C:\Users\agusia\AppData\Local\Temp\UninstallHPSA.exe C:\Users\agusia\AppData\Local\Temp\unlockrootsetup.exe C:\Users\agusia\AppData\Local\Temp\UpdateCheckerSetup.exe C:\Users\agusia\AppData\Local\Temp\Updater.exe C:\Users\agusia\AppData\Local\Temp\vmark_setup.exe C:\Users\agusia\AppData\Local\Temp\ytai_ytareg_setup.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-10 14:33 ==================== End Of Log ============================