Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-07-2014 01 Ran by Abi (administrator) on ABI-KOMPUTER on 01-08-2014 20:17:25 Running from C:\Users\Abi\Desktop\Nowy folder Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Polski (Polska) Internet Explorer Version 9 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Lenovo) C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (BitTorrent Inc.) C:\Program Files (x86)\uTorrent\uTorrent.exe\uTorrent.exe () C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox 3 Beta 4\firefox.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Windows\System32\audiodg.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-19] () HKLM\...\Run: [OnekeyStudio] => C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [776608 2009-12-19] (Lenovo) HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [4462496 2010-04-12] (Lenovo(beijing) Limited) HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [7056800 2010-03-18] (Lenovo (Beijing) Limited) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-05-12] (Malwarebytes Corporation) HKU\S-1-5-21-2373459085-1094487338-3103877305-1001\...\Run: [uTorrent] => C:\Program Files (x86)\uTorrent\uTorrent.exe\uTorrent.exe [1051984 2013-02-11] (BitTorrent Inc.) HKU\S-1-5-21-2373459085-1094487338-3103877305-1001\...\Run: [ALLUpdate] => C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe [3000680 2013-11-01] (ALLPlayer Group Ltd.) HKU\S-1-5-21-2373459085-1094487338-3103877305-1001\...\MountPoints2: {6bf9b6c3-774b-11e2-86cc-c0cb38ef19ac} - G:\setup.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gazeta.pl/0,0.html?p=153 BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: ALLYouTubeDownloader -> {61DB16C5-B733-43F4-872E-B20DC9E72740} -> C:\Program Files (x86)\ALLYouTubeDownloader\ALLYouTubeDownloader.dll (ALLCinema Ltd.) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: IplexToALLPlayer -> {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} -> C:\Program Files (x86)\ALLPlayer\Iplex\IplexToALLPlayer.dll (ALLCinema Ltd.) BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\Abi\AppData\Roaming\Mozilla\Firefox\Profiles\kcm40lfr.default FF Homepage: about:home FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Abi\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF Extension: Iplex to ALLPlayer - C:\Users\Abi\AppData\Roaming\Mozilla\Firefox\Profiles\kcm40lfr.default\Extensions\IplextoALL@ALLPlayer.org [2014-01-02] FF Extension: Iplex to ALLPlayer - C:\Users\Abi\AppData\Roaming\Mozilla\Firefox\Profiles\kcm40lfr.default\Extensions\IplextoALL@ALLPlayer.org.xpi [2013-02-13] FF Extension: ALLYouTubeDownloader - C:\Users\Abi\AppData\Roaming\Mozilla\Firefox\Profiles\kcm40lfr.default\Extensions\YouTubetoALL@ALLPlayer.org.xpi [2014-01-03] FF Extension: Adblock Plus - C:\Users\Abi\AppData\Roaming\Mozilla\Firefox\Profiles\kcm40lfr.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-24] FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-05-19] FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox 3 Beta 4\firefox.exe Chrome: ======= Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION CHR Extension: (YToBookMark) - C:\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhnbopggcioogbkaofnechgjphkfofmo [2014-01-09] CHR Extension: (Easy Surf) - C:\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohlencieiipommannpdfcmfdpjjmeolj [2014-01-09] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [864032 2009-08-11] (Broadcom Corporation.) R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed] R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed] R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1037824 2009-09-20] (Hewlett-Packard Co.) [File not signed] R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed] S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [267824 2007-05-04] (Nero AG) R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U0 jtbpsk; C:\Windows\System32\drivers\fsloxsl.sys [79064 2014-08-01] (Malwarebytes Corporation) R3 usbsmi; C:\Windows\System32\DRIVERS\SMIksdrv.sys [197888 2010-01-22] (SMI) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-01 20:03 - 2014-08-01 20:03 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\fsloxsl.sys 2014-08-01 19:46 - 2014-08-01 19:49 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-01 19:46 - 2014-08-01 19:46 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-08-01 19:46 - 2014-08-01 19:46 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-01 19:46 - 2014-08-01 19:46 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-08-01 19:46 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-08-01 19:46 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-08-01 19:46 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-08-01 18:56 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll 2014-08-01 18:55 - 2014-08-01 19:32 - 00000000 ____D () C:\AdwCleaner 2014-07-31 11:49 - 2014-08-01 20:17 - 00000000 ____D () C:\FRST 2014-07-31 10:43 - 2014-07-31 10:43 - 00000000 ___SD () C:\Users\Abi\Documents\Passwords Database 2014-07-31 10:41 - 2014-08-01 20:17 - 00000000 ____D () C:\Users\Abi\Desktop\Nowy folder 2014-07-30 17:26 - 2014-07-30 17:26 - 00000000 ____D () C:\Users\Abi\AppData\Local\Adobe 2014-07-29 19:35 - 2014-07-29 19:34 - 00000677 _____ () C:\Users\Abi\Desktop\PRZEPISY.lnk 2014-07-26 08:53 - 2014-07-26 08:53 - 00000000 ____D () C:\Windows\SysWOW64\Adobe 2014-07-26 08:42 - 2014-07-26 08:42 - 00000000 ____D () C:\ProgramData\McAfee 2014-07-23 11:48 - 2014-07-23 11:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 3 Beta 4 2014-07-23 11:43 - 2014-07-23 11:46 - 00000136 _____ () C:\Users\Abi\Desktop\Nowy dokument tekstowy (2).txt 2014-07-17 12:32 - 2014-07-17 12:54 - 00002432 _____ () C:\Users\Abi\AppData\Local\TempnQ5876.html 2014-07-17 10:52 - 2014-07-17 10:52 - 00000022 _____ () C:\Users\Abi\Desktop\Nowy dokument tekstowy.txt 2014-07-17 09:28 - 2014-07-17 09:28 - 00262144 _____ () C:\Windows\system32\config\elam 2014-07-17 09:27 - 2014-07-17 09:30 - 00000000 ____D () C:\Program Files (x86)\SavePass 2014-07-12 21:28 - 2014-07-13 02:28 - 00002432 _____ () C:\Users\Abi\AppData\Local\Tempfp3400.html 2014-07-12 21:28 - 2014-07-13 02:28 - 00002089 _____ () C:\Users\Abi\AppData\Local\TempLC3400.html 2014-07-12 21:28 - 2014-07-12 21:31 - 00002432 _____ () C:\Users\Abi\AppData\Local\TempeW3400.html ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-01 20:17 - 2014-07-31 11:49 - 00000000 ____D () C:\FRST 2014-08-01 20:17 - 2014-07-31 10:41 - 00000000 ____D () C:\Users\Abi\Desktop\Nowy folder 2014-08-01 20:17 - 2013-02-11 14:05 - 00000000 ____D () C:\Users\Abi\AppData\Roaming\uTorrent 2014-08-01 20:03 - 2014-08-01 20:03 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\fsloxsl.sys 2014-08-01 20:03 - 2013-02-16 22:00 - 00000000 ____D () C:\Windows\PCHEALTH 2014-08-01 19:49 - 2014-08-01 19:46 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-01 19:47 - 2013-02-11 16:22 - 00000930 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-08-01 19:47 - 2009-07-14 06:45 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-08-01 19:47 - 2009-07-14 06:45 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-08-01 19:46 - 2014-08-01 19:46 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-08-01 19:46 - 2014-08-01 19:46 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-01 19:46 - 2014-08-01 19:46 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-08-01 19:38 - 2013-02-11 12:37 - 01917487 _____ () C:\Windows\WindowsUpdate.log 2014-08-01 19:35 - 2014-02-05 17:00 - 00025074 _____ () C:\Windows\setupact.log 2014-08-01 19:35 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-08-01 19:32 - 2014-08-01 18:55 - 00000000 ____D () C:\AdwCleaner 2014-08-01 19:27 - 2014-02-05 16:59 - 00005696 _____ () C:\Windows\PFRO.log 2014-08-01 18:31 - 2013-02-11 13:44 - 00001468 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-08-01 18:31 - 2013-02-11 13:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox 3 Beta 4 2014-07-31 11:39 - 2011-04-05 17:24 - 00037242 _____ () C:\Users\Abi\Desktop\do ściągnięcia.txt 2014-07-31 10:51 - 2014-03-14 13:27 - 00000000 ____D () C:\Users\Abi\AppData\Roaming\Samsung 2014-07-31 10:51 - 2013-12-22 11:26 - 00000000 ____D () C:\ProgramData\Samsung 2014-07-31 10:51 - 2013-12-22 11:26 - 00000000 ____D () C:\Program Files (x86)\Samsung 2014-07-31 10:51 - 2013-02-11 12:48 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-07-31 10:45 - 2013-10-07 23:12 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2014-07-31 10:44 - 2014-01-09 02:03 - 00000000 ____D () C:\Users\HomeGroupUser$ 2014-07-31 10:44 - 2014-01-09 02:03 - 00000000 ____D () C:\Users\Gość 2014-07-31 10:44 - 2014-01-09 02:03 - 00000000 ____D () C:\Users\Administrator 2014-07-31 10:43 - 2014-07-31 10:43 - 00000000 ___SD () C:\Users\Abi\Documents\Passwords Database 2014-07-30 17:40 - 2011-04-12 15:21 - 00698004 _____ () C:\Windows\system32\perfh015.dat 2014-07-30 17:40 - 2011-04-12 15:21 - 00135082 _____ () C:\Windows\system32\perfc015.dat 2014-07-30 17:40 - 2009-07-14 07:13 - 01549696 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-07-30 17:26 - 2014-07-30 17:26 - 00000000 ____D () C:\Users\Abi\AppData\Local\Adobe 2014-07-29 19:34 - 2014-07-29 19:35 - 00000677 _____ () C:\Users\Abi\Desktop\PRZEPISY.lnk 2014-07-29 14:48 - 2013-04-02 19:36 - 00000000 ____D () C:\FILMY 2014-07-26 08:59 - 2013-02-11 16:22 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-07-26 08:59 - 2013-02-11 16:22 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-07-26 08:59 - 2013-02-11 16:22 - 00003868 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-07-26 08:53 - 2014-07-26 08:53 - 00000000 ____D () C:\Windows\SysWOW64\Adobe 2014-07-26 08:42 - 2014-07-26 08:42 - 00000000 ____D () C:\ProgramData\McAfee 2014-07-24 11:39 - 2013-02-11 18:52 - 00000000 ____D () C:\ProgramData\MoorHunt 2014-07-24 11:37 - 2013-02-11 13:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-07-23 11:48 - 2014-07-23 11:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 3 Beta 4 2014-07-23 11:46 - 2014-07-23 11:43 - 00000136 _____ () C:\Users\Abi\Desktop\Nowy dokument tekstowy (2).txt 2014-07-21 09:58 - 2009-07-14 07:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-07-17 12:54 - 2014-07-17 12:32 - 00002432 _____ () C:\Users\Abi\AppData\Local\TempnQ5876.html 2014-07-17 10:52 - 2014-07-17 10:52 - 00000022 _____ () C:\Users\Abi\Desktop\Nowy dokument tekstowy.txt 2014-07-17 09:30 - 2014-07-17 09:27 - 00000000 ____D () C:\Program Files (x86)\SavePass 2014-07-17 09:28 - 2014-07-17 09:28 - 00262144 _____ () C:\Windows\system32\config\elam 2014-07-13 02:28 - 2014-07-12 21:28 - 00002432 _____ () C:\Users\Abi\AppData\Local\Tempfp3400.html 2014-07-13 02:28 - 2014-07-12 21:28 - 00002089 _____ () C:\Users\Abi\AppData\Local\TempLC3400.html 2014-07-12 21:31 - 2014-07-12 21:28 - 00002432 _____ () C:\Users\Abi\AppData\Local\TempeW3400.html 2014-07-02 08:48 - 2013-04-15 08:33 - 00000641 _____ () C:\Users\Abi\Desktop\MoorHunt.lnk ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-28 00:28 ==================== End Of Log ============================