Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-09-2013 01 Ran by x (administrator) on X-VAIO on 03-09-2013 09:00:33 Running from C:\Users\x\Downloads Windows 7 Home Premium (X64) OS Language: Polish Internet Explorer Version 8 Boot Mode: Safe Mode (with Networking) ==================== Processes (Whitelisted) ================= ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7938080 2009-07-24] (Realtek Semiconductor) HKLM\...\Run: [Skytel] - C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-07-24] (Realtek Semiconductor Corp.) HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Java\jre6\bin\jusched.exe [171520 2009-08-19] (Sun Microsystems, Inc.) HKLM\...\Policies\Explorer: [NoActiveDesktop] 1 HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1 HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [357696 2010-04-01] (DT Soft Ltd) MountPoints2: F - F:\Autorun.exe MountPoints2: I - I:\AutoRun.exe MountPoints2: J - J:\AutoRun.exe MountPoints2: {026e35f4-7bf3-11e1-9cd9-00264374782f} - I:\Startme.exe MountPoints2: {08aaef76-6d0d-11e1-9caf-00264374782f} - I:\AutoRun.exe MountPoints2: {0b013327-1d96-11df-9b09-0024d610a95e} - H:\AutoRun.exe MountPoints2: {0d4a088b-d9f5-11de-9d30-00264374782f} - G:\setup.exe MountPoints2: {1e0b52d0-1e22-11df-9b28-0024d610a95e} - H:\AutoRun.exe MountPoints2: {1e0b52d3-1e22-11df-9b28-0024d610a95e} - H:\AutoRun.exe MountPoints2: {1e0b52e2-1e22-11df-9b28-0024d610a95e} - H:\AutoRun.exe MountPoints2: {44f30c43-6879-11e1-9c2c-00264374782f} - I:\AutoRun.exe MountPoints2: {59989f71-d10b-11df-8e9e-00264374782f} - H:\AutoRun.exe MountPoints2: {6083d8f4-68ca-11df-987c-00264374782f} - I:\Startme.exe MountPoints2: {63da86df-6c4e-11e1-922e-00264374782f} - I:\AutoRun.exe MountPoints2: {66f23100-f334-11e0-8e8a-00264374782f} - I:\AutoRun.exe MountPoints2: {66f23128-f334-11e0-8e8a-00264374782f} - I:\AutoRun.exe MountPoints2: {8979b29d-f353-11e0-9c68-00264374782f} - I:\AutoRun.exe MountPoints2: {8979b2b8-f353-11e0-9c68-00264374782f} - I:\AutoRun.exe MountPoints2: {94e089d2-c405-11df-9ab7-00264374782f} - H:\setup.exe AUTORUN=1 MountPoints2: {bfadf391-6853-11e1-9c0c-00264374782f} - I:\AutoRun.exe MountPoints2: {bfadf3a8-6853-11e1-9c0c-00264374782f} - I:\AutoRun.exe MountPoints2: {c9915019-fe39-11de-9dbe-0024d610a95e} - H:\AutoRun.exe MountPoints2: {c991501e-fe39-11de-9dbe-0024d610a95e} - H:\AutoRun.exe MountPoints2: {df29ae8b-1409-11df-a0c1-0024d610a95e} - I:\AutoRun.exe MountPoints2: {df29ae8f-1409-11df-a0c1-0024d610a95e} - I:\AutoRun.exe MountPoints2: {df29ae98-1409-11df-a0c1-0024d610a95e} - I:\AutoRun.exe MountPoints2: {df29ae9c-1409-11df-a0c1-0024d610a95e} - I:\AutoRun.exe MountPoints2: {e86e5148-50d7-11e1-99d8-00264374782f} - I:\AutoRun.exe MountPoints2: {eb3abb20-4ee9-11e0-9b4e-00264374782f} - I:\AutoRun.exe MountPoints2: {eb3abb3e-4ee9-11e0-9b4e-00264374782f} - I:\AutoRun.exe MountPoints2: {efcc1ce3-8349-11e1-8eff-00264374782f} - I:\AutoRun.exe MountPoints2: {efcc1cf6-8349-11e1-8eff-00264374782f} - I:\AutoRun.exe HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-10] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [avast] - C:\Program Files\Alwil Software\Avast5\avastUI.exe [4858968 2013-05-09] (AVAST Software) HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.) AppInit_DLLs-x32: C:\PROGRA~2\Google\GOOGLE~1\GO36F4~1.DLL [123392 2010-06-28] (Google) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) ==================== Internet (Whitelisted) ==================== ProxyServer: http=;ftp=;https=; HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?AF=100478&babsrc=HP_ss&mntrId=acf1a598000000000000000000000000 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=SVEA&bmod=EU01 HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q={searchTerms}&AF=100478&babsrc=SP_ss&mntrId=acf1a598000000000000000000000000 SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q={searchTerms}&AF=100478&babsrc=SP_ss&mntrId=acf1a598000000000000000000000000 SearchScopes: HKCU - {70D46D94-BF1E-45ED-B567-48701376298E} URL = http://127.0.0.1:4664/search&s=e_KGPoLMT6zIJuK1ahWhLr0Dq54?q={searchTerms} SearchScopes: HKCU - {927C6F51-5D9A-43FB-B85F-92FDF6C2D4F7} URL = http://services.zinio.com/search?s={selection}&rf=sonyslices SearchScopes: HKCU - {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = http://www.daemon-search.com/search/web?q={searchTerms} SearchScopes: HKCU - {C41F4CCE-3EEF-4A6F-BEBE-63F69959C781} URL = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta= SearchScopes: HKCU - {DA61334C-DC28-403C-8168-4A997FCDD16E} URL = http://rover.ebay.com/rover/1/710-42480-16445-5/4?satitle={searchTerms} BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software) BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\scriptsn.dll (McAfee, Inc.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO) BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.) BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) Toolbar: HKLM - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software) Toolbar: HKLM-x32 - &Tłumaczenie - {0D704FAD-66E9-4F0A-BFED-4F665770DDB3} - C:\Program Files (x86)\Techland\Common\InternetTranslator\InternetTranslator.dll (Techland) Toolbar: HKLM-x32 - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () Toolbar: HKLM-x32 - Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.) Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) Toolbar: HKCU - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Winsock: Catalog9 12 %SystemRoot%\system32\vsocklib.dll [63088] (VMware, Inc.) Winsock: Catalog9 13 %SystemRoot%\system32\vsocklib.dll [63088] (VMware, Inc.) Winsock: Catalog9-x64 12 %SystemRoot%\system32\vsocklib.dll [67184] (VMware, Inc.) Winsock: Catalog9-x64 13 %SystemRoot%\system32\vsocklib.dll [67184] (VMware, Inc.) Tcpip\Parameters: [DhcpNameServer] 62.179.1.60 62.179.1.61 Tcpip\..\Interfaces\{47180757-35F2-4827-B29E-1A913C02E96C}: [NameServer]89.108.195.20 217.17.34.10 Tcpip\..\Interfaces\{8DAA83D3-064F-43BF-A44C-77122563FE08}: [NameServer]89.108.195.20 217.17.34.10 Tcpip\..\Interfaces\{E1E3C00A-741D-4BAA-88B9-580ED8A4FC9D}: [NameServer]89.108.195.20 217.17.34.10 FireFox: ======== FF ProfilePath: C:\Users\x\AppData\Roaming\Mozilla\Firefox\Profiles\jdzczjhs.default FF DefaultSearchEngine: Search the web (Babylon) FF SearchEngineOrder.1: Search the web (Babylon) FF SelectedSearchEngine: Search the web (Babylon) FF Homepage: hxxp://www.google.pl/ FF Keyword.URL: hxxp://search.babylon.com/?AF=100478&babsrc=adbartrp&mntrId=acf1a598000000000000000000000000&q= FF NetworkProxy: "gopher", "" FF NetworkProxy: "gopher_port", 0 FF NetworkProxy: "share_proxy_settings", true FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @ganymede/GanymedeNetPlugin,version=1.0 - C:\Program Files (x86)\Ganymede\Plugins\npganymedenet.dll ( ) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @real.com/nppl3260;version=6.0.12.450 - C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.448 - C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 - C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 - C:\Users\x\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( ) FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\x\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\x\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF SearchPlugin: C:\Users\x\AppData\Roaming\Mozilla\Firefox\Profiles\jdzczjhs.default\searchplugins\daemon-search.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\googledesktop.xml FF Extension: No Name - C:\Users\x\AppData\Roaming\Mozilla\Firefox\Profiles\jdzczjhs.default\Extensions\DTToolbar@toolbarnet.com FF Extension: No Name - C:\Users\x\AppData\Roaming\Mozilla\Firefox\Profiles\jdzczjhs.default\Extensions\staged FF Extension: Greasemonkey - C:\Users\x\AppData\Roaming\Mozilla\Firefox\Profiles\jdzczjhs.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} FF Extension: support - C:\Users\x\AppData\Roaming\Mozilla\Firefox\Profiles\jdzczjhs.default\Extensions\support@real-hide-ip.com.xpi FF Extension: No Name - C:\Users\x\AppData\Roaming\Mozilla\Firefox\Profiles\jdzczjhs.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi FF Extension: No Name - C:\Users\x\AppData\Roaming\Mozilla\Firefox\Profiles\jdzczjhs.default\Extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\Alwil Software\Avast5\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF Chrome: ======= CHR HomePage: hxxp://www.google.com/ig/redirectdomain?brand=SVEA&bmod=SVEA CHR RestoreOnStartup: "hxxp://www.google.com/ig/redirectdomain?brand=SVEA&bmod=SVEA" CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter} CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\pdf.dll () CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Google\Chrome\Application\plugins\nppl3260.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files (x86)\Google\Chrome\Application\plugins\nprpjplug.dll (RealNetworks, Inc.) CHR Plugin: (Java Deployment Toolkit 6.0.240.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File CHR Plugin: (Java(TM) Platform SE 6 U24) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation) CHR Plugin: (GanymedeNet.Detector) - C:\Program Files (x86)\Mozilla Firefox\plugins\npganymedenet.dll ( ) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File CHR Plugin: (Media Go Detector) - C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC) CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Unity Player) - C:\Users\x\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\x\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) CHR Plugin: (Facebook Plugin) - C:\Users\x\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( ) CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File CHR Extension: (LiveVDO plugin) - C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbiamblgmkgbcgbcgejjgebalncpmhnp\1.3_0 CHR HKLM-x32\...\Chrome\Extension: [pbiamblgmkgbcgbcgejjgebalncpmhnp] - C:\Program Files (x86)\StartSearch plugin\vshareplg.crx ==================== Services (Whitelisted) ================= S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) S2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [46808 2013-05-09] (AVAST Software) S2 Connectify; C:\Program Files (x86)\Connectify\ConnectifyService.exe [69632 2011-09-29] () S3 GoogleDesktopManager-051210-111108; C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-06-28] (Google) S2 GtDetectSc; C:\Program Files (x86)\ERA\GlobeTrotter Connect\GtDetectSc.exe [204915 2007-11-05] (Option) S2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [339456 2010-11-16] () S2 McAfeeEngineService; C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe [19720 2009-10-22] (McAfee, Inc.) S2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [103744 2009-08-25] (McAfee, Inc.) S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [227232 2010-01-15] (McAfee, Inc.) S2 McShield; C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe [178920 2009-10-22] (McAfee, Inc.) S2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [66896 2009-10-22] (McAfee, Inc.) S2 mfevtp; C:\Windows\system32\mfevtps.exe [79504 2009-10-22] (McAfee, Inc.) S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [66872 2009-11-26] () S3 Roxio UPnP Renderer 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2009-06-26] (Sonic Solutions) S2 Roxio Upnp Server 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2009-06-26] (Sonic Solutions) S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [189984 2009-07-24] (Realtek Semiconductor) S2 SOHDBSvr; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [70952 2009-07-28] (Sony Corporation) S2 SOHPlMgr; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [91432 2009-07-28] (Sony Corporation) S3 Sony Ericsson PCCompanion; C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [152064 2011-04-20] (Avanquest Software) S2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.) S2 UnsignedThemes; C:\Windows\UnsignedThemesSvc.exe [24168 2009-07-13] (The Within Network, LLC) S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [69632 2009-07-23] (Sony Corporation) S2 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [642920 2009-07-23] (Sony Corporation) S3 Vcsw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [313264 2009-07-23] (Sony Corporation) S2 Virtual Router; C:\Program Files (x86)\Virtual Router\VirtualRouterService.exe [12288 2009-11-18] (Chris Pietschmann (http://pietschsoft.com)) S2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [11839488 2011-11-13] () S2 VzCdbSvc; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [206336 2009-07-23] (Sony Corporation) ==================== Drivers (Whitelisted) ==================== S3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.) S2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software) S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software) R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software) S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] () S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-27] (AVAST Software) S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-27] (AVAST Software) S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software) S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-27] () R1 cnnctfy2; C:\Windows\System32\DRIVERS\cnnctfy2.sys [31344 2011-09-20] (Connectify) S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [256000 2010-08-31] (Huawei Technologies Co., Ltd.) S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [97576 2009-10-22] (McAfee, Inc.) S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [119968 2009-10-22] (McAfee, Inc.) S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [469144 2009-10-22] (McAfee, Inc.) S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [77104 2009-10-22] (McAfee, Inc.) R1 mfetdik; C:\Windows\System32\drivers\mfetdik.sys [83784 2009-10-22] (McAfee, Inc.) S3 pfc; C:\Windows\SysWow64\drivers\pfc.sys [10368 2004-04-01] (Padus, Inc.) R2 risdptsk; C:\Windows\system32\DRIVERS\risdsn64.sys [76288 2009-07-31] (REDC) S3 s1018bus; C:\Windows\System32\DRIVERS\s1018bus.sys [113704 2009-03-25] (MCCI Corporation) S3 s1018mdfl; C:\Windows\System32\DRIVERS\s1018mdfl.sys [19496 2009-03-25] (MCCI Corporation) S3 s1018mdm; C:\Windows\System32\DRIVERS\s1018mdm.sys [153128 2009-03-25] (MCCI Corporation) S3 s1018mgmt; C:\Windows\System32\DRIVERS\s1018mgmt.sys [133160 2009-03-25] (MCCI Corporation) S3 s1018nd5; C:\Windows\System32\DRIVERS\s1018nd5.sys [34856 2009-03-25] (MCCI Corporation) S3 s1018obex; C:\Windows\System32\DRIVERS\s1018obex.sys [128552 2009-03-25] (MCCI Corporation) S3 s1018unic; C:\Windows\System32\DRIVERS\s1018unic.sys [146472 2009-03-25] (MCCI Corporation) S0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2009-11-25] (Duplex Secure Ltd.) S2 uxpatch; C:\Windows\system32\drivers\uxpatch.sys [30568 2009-07-13] () S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [x] S3 pfc; system32\drivers\pfc.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-09-03 08:55 - 2013-09-03 08:55 - 01950474 _____ (Farbar) C:\Users\x\Downloads\FRST64.exe 2013-09-02 22:35 - 2013-09-02 22:35 - 00143352 _____ C:\Users\x\Downloads\Extras.Txt 2013-09-02 22:33 - 2013-09-02 22:33 - 00137596 _____ C:\Users\x\Downloads\OTL.Txt 2013-08-28 15:51 - 2013-08-28 15:56 - 00602112 _____ (OldTimer Tools) C:\Users\x\Downloads\OTL.exe 2013-08-28 10:05 - 2013-08-28 10:05 - 00000000 ____D C:\Users\Public\Desktop\CC Support 2013-08-28 10:03 - 2013-08-28 10:04 - 04009167 _____ C:\Users\x\Downloads\ServicesRepair.exe 2013-08-28 10:03 - 2013-08-28 10:03 - 01404229 _____ C:\Users\x\Downloads\BDDnsChangerDetector.zip 2013-08-28 09:59 - 2013-08-28 10:00 - 19275792 _____ (Bitdefender LLC) C:\Users\x\Downloads\BootkitRemoval_x64.exe 2013-08-26 08:22 - 2013-08-26 08:22 - 00004428 _____ C:\Windows\PFRO.log 2013-08-26 00:29 - 2013-08-26 00:29 - 00000000 ____D C:\Users\x\AppData\Roaming\Malwarebytes 2013-08-26 00:29 - 2013-08-26 00:29 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-08-26 00:29 - 2013-08-26 00:29 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-08-26 00:29 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2013-08-26 00:28 - 2013-08-26 00:28 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\x\Downloads\mbam-setup-1.75.0.1300 (1).exe 2013-08-26 00:25 - 2013-08-26 00:25 - 00001066 _____ C:\Users\x\Desktop\DllSuite.lnk 2013-08-26 00:25 - 2013-08-26 00:25 - 00000000 ____D C:\Users\x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dll Suite 2013 2013-08-26 00:25 - 2013-08-26 00:25 - 00000000 ____D C:\Program Files (x86)\DLLSuite 2013-08-26 00:24 - 2013-08-26 00:25 - 16214030 _____ ( ) C:\Users\x\Downloads\DLLSuite_Setup.exe 2013-08-26 00:23 - 2013-08-26 00:22 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\x\Downloads\mbam-setup-1.75.0.1300.exe 2013-08-26 00:03 - 2013-08-26 00:03 - 00004902 _____ C:\Windows\system32\PerfStringBackup.TMP 2013-08-13 22:30 - 2013-08-30 02:15 - 00028161 _____ C:\Windows\WindowsUpdate.log 2013-08-13 22:21 - 2013-08-28 14:50 - 00000784 _____ C:\Windows\setupact.log 2013-08-13 22:21 - 2013-08-13 22:21 - 00000000 _____ C:\Windows\setuperr.log 2013-08-13 22:15 - 2013-08-13 22:15 - 00004620 _____ C:\Users\Public\Documents\cc_20130813_221526.reg 2013-08-13 14:11 - 2013-08-13 14:11 - 00006512 ____N C:\bootsqm.dat 2013-08-06 20:58 - 2013-08-06 20:58 - 32801672 _____ C:\Users\x\Desktop\szymszonbardziejmatt-instrumental.wav 2013-08-05 18:44 - 2013-08-05 18:50 - 161559480 _____ C:\Users\x\Desktop\SYSTEM_BARDZIEJ_MATT.wmv 2013-08-05 15:16 - 2013-08-05 15:16 - 00302944 _____ C:\Users\x\Downloads\Małpa - Miałem To Rzucić (A Capella) (93 Bpm).pk 2013-08-05 15:05 - 2013-08-05 15:10 - 130647072 _____ C:\Users\x\Desktop\SYSTEM.wmv 2013-08-05 13:18 - 2013-08-05 13:18 - 28246228 _____ C:\Users\x\Downloads\MALPA 93 BPM A.wav 2013-08-05 13:17 - 2013-08-05 13:18 - 27114620 _____ C:\Users\x\Downloads\Małpa - Miałem To Rzucić (A Capella) (93 Bpm).wav 2013-08-05 13:17 - 2013-08-05 13:18 - 26813044 _____ C:\Users\x\Downloads\Małpa - Pozwól Mi Nie Mówic Nic (A Capella) (91 Bpm).wav 2013-08-04 23:03 - 2013-08-04 23:20 - 32801672 _____ C:\Users\x\Desktop\szymszonbardziejmatt-final.wav ==================== One Month Modified Files and Folders ======= 2013-09-03 09:00 - 2013-09-03 09:00 - 00000000 ____D C:\FRST 2013-09-03 08:55 - 2013-09-03 08:55 - 01950474 _____ (Farbar) C:\Users\x\Downloads\FRST64.exe 2013-09-02 22:35 - 2013-09-02 22:35 - 00143352 _____ C:\Users\x\Downloads\Extras.Txt 2013-09-02 22:33 - 2013-09-02 22:33 - 00137596 _____ C:\Users\x\Downloads\OTL.Txt 2013-08-30 02:15 - 2013-08-13 22:30 - 00028161 _____ C:\Windows\WindowsUpdate.log 2013-08-30 02:15 - 2012-11-12 15:09 - 00004184 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2013-08-30 01:41 - 2009-09-10 12:45 - 00001062 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-08-29 23:57 - 2009-11-23 14:11 - 00003942 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{EE6EA6C2-B416-49C9-A23D-069EDD817DAD} 2013-08-29 23:41 - 2009-09-10 12:45 - 00001058 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-08-29 23:34 - 2011-10-19 17:13 - 00001062 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3030527572-2691701499-366312743-1000UA.job 2013-08-29 17:34 - 2011-10-19 17:13 - 00001040 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3030527572-2691701499-366312743-1000Core.job 2013-08-28 15:56 - 2013-08-28 15:51 - 00602112 _____ (OldTimer Tools) C:\Users\x\Downloads\OTL.exe 2013-08-28 15:14 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-08-28 15:14 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-08-28 14:54 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-08-28 14:53 - 2009-07-14 07:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-08-28 14:52 - 2012-12-02 21:34 - 00000000 ____D C:\ProgramData\VMware 2013-08-28 14:50 - 2013-08-13 22:21 - 00000784 _____ C:\Windows\setupact.log 2013-08-28 10:05 - 2013-08-28 10:05 - 00000000 ____D C:\Users\Public\Desktop\CC Support 2013-08-28 10:04 - 2013-08-28 10:03 - 04009167 _____ C:\Users\x\Downloads\ServicesRepair.exe 2013-08-28 10:03 - 2013-08-28 10:03 - 01404229 _____ C:\Users\x\Downloads\BDDnsChangerDetector.zip 2013-08-28 10:00 - 2013-08-28 09:59 - 19275792 _____ (Bitdefender LLC) C:\Users\x\Downloads\BootkitRemoval_x64.exe 2013-08-26 23:38 - 2009-11-25 21:58 - 00000000 ___RD C:\Users\x\Desktop\Filmy 2013-08-26 23:37 - 2009-11-25 20:55 - 00000000 ____D C:\Users\x\AppData\Roaming\Winamp 2013-08-26 08:22 - 2013-08-26 08:22 - 00004428 _____ C:\Windows\PFRO.log 2013-08-26 00:29 - 2013-08-26 00:29 - 00000000 ____D C:\Users\x\AppData\Roaming\Malwarebytes 2013-08-26 00:29 - 2013-08-26 00:29 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-08-26 00:29 - 2013-08-26 00:29 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-08-26 00:28 - 2013-08-26 00:28 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\x\Downloads\mbam-setup-1.75.0.1300 (1).exe 2013-08-26 00:25 - 2013-08-26 00:25 - 00001066 _____ C:\Users\x\Desktop\DllSuite.lnk 2013-08-26 00:25 - 2013-08-26 00:25 - 00000000 ____D C:\Users\x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dll Suite 2013 2013-08-26 00:25 - 2013-08-26 00:25 - 00000000 ____D C:\Program Files (x86)\DLLSuite 2013-08-26 00:25 - 2013-08-26 00:24 - 16214030 _____ ( ) C:\Users\x\Downloads\DLLSuite_Setup.exe 2013-08-26 00:22 - 2013-08-26 00:23 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\x\Downloads\mbam-setup-1.75.0.1300.exe 2013-08-26 00:03 - 2013-08-26 00:03 - 00004902 _____ C:\Windows\system32\PerfStringBackup.TMP 2013-08-26 00:03 - 2009-08-19 01:17 - 00611628 _____ C:\Windows\system32\perfh01F.dat 2013-08-26 00:03 - 2009-08-19 01:17 - 00124344 _____ C:\Windows\system32\perfc01F.dat 2013-08-26 00:03 - 2009-08-19 01:11 - 00619136 _____ C:\Windows\system32\perfh01D.dat 2013-08-26 00:03 - 2009-08-19 01:11 - 00126792 _____ C:\Windows\system32\perfc01D.dat 2013-08-26 00:03 - 2009-08-19 00:50 - 00706328 _____ C:\Windows\system32\perfh015.dat 2013-08-26 00:03 - 2009-08-19 00:50 - 00138088 _____ C:\Windows\system32\perfc015.dat 2013-08-26 00:03 - 2009-08-19 00:44 - 00633090 _____ C:\Windows\system32\perfh00E.dat 2013-08-26 00:03 - 2009-08-19 00:44 - 00150426 _____ C:\Windows\system32\perfc00E.dat 2013-08-21 01:30 - 2009-07-14 07:13 - 03776984 _____ C:\Windows\system32\PerfStringBackup.INI 2013-08-13 22:21 - 2013-08-13 22:21 - 00000000 _____ C:\Windows\setuperr.log 2013-08-13 22:15 - 2013-08-13 22:15 - 00004620 _____ C:\Users\Public\Documents\cc_20130813_221526.reg 2013-08-13 14:11 - 2013-08-13 14:11 - 00006512 ____N C:\bootsqm.dat 2013-08-12 18:05 - 2011-09-07 12:38 - 00000432 _____ C:\Windows\system32\Drivers\etc\hosts.ics 2013-08-12 00:12 - 2009-11-29 22:03 - 00000000 ____D C:\Users\x\Desktop\Sample 2013-08-06 20:58 - 2013-08-06 20:58 - 32801672 _____ C:\Users\x\Desktop\szymszonbardziejmatt-instrumental.wav 2013-08-05 22:44 - 2012-10-24 13:39 - 00000000 ____D C:\Users\x\Desktop\Bardziej Matt - Z Innej Perspektywy (WEB) 2013-08-05 19:13 - 2010-11-21 18:15 - 00000000 ____D C:\Users\x\AppData\Local\WMTools Downloaded Files 2013-08-05 18:50 - 2013-08-05 18:44 - 161559480 _____ C:\Users\x\Desktop\SYSTEM_BARDZIEJ_MATT.wmv 2013-08-05 18:26 - 2010-11-21 18:34 - 00020992 _____ C:\Users\x\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-08-05 15:16 - 2013-08-05 15:16 - 00302944 _____ C:\Users\x\Downloads\Małpa - Miałem To Rzucić (A Capella) (93 Bpm).pk 2013-08-05 15:10 - 2013-08-05 15:05 - 130647072 _____ C:\Users\x\Desktop\SYSTEM.wmv 2013-08-05 13:18 - 2013-08-05 13:18 - 28246228 _____ C:\Users\x\Downloads\MALPA 93 BPM A.wav 2013-08-05 13:18 - 2013-08-05 13:17 - 27114620 _____ C:\Users\x\Downloads\Małpa - Miałem To Rzucić (A Capella) (93 Bpm).wav 2013-08-05 13:18 - 2013-08-05 13:17 - 26813044 _____ C:\Users\x\Downloads\Małpa - Pozwól Mi Nie Mówic Nic (A Capella) (91 Bpm).wav 2013-08-04 23:20 - 2013-08-04 23:03 - 32801672 _____ C:\Users\x\Desktop\szymszonbardziejmatt-final.wav 2013-08-04 22:56 - 2013-07-31 19:03 - 00000000 ____D C:\Users\x\Downloads\szymszonmatt Files to move or delete: ==================== C:\Users\x\AppData\Local\Temp\Hammer0.exe C:\Users\x\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe C:\Users\x\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe C:\Users\x\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe C:\Users\x\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe C:\Users\x\AppData\Local\Temp\Uninstall.exe C:\Users\x\AppData\Local\Temp\Uninstaller.exe C:\Users\x\AppData\Local\Temp\{0B8A41D9-B1CC-46C3-BFD1-8C65EF38B791}\ISBEW64.exe C:\Users\x\AppData\Local\Temp\UnityWebPlayer\UnityWebPlayerUpdate.exe C:\Users\x\AppData\Local\Temp\oi_9gRn5JjTcs\VideoSpin_2_0_Setup.exe C:\Users\x\AppData\Local\Temp\is1890775716\432164_Setup.EXE C:\Users\x\AppData\Local\Temp\is-3HGM8.tmp\_isetup\_shfoldr.dll C:\Users\x\AppData\Local\Temp\BDRemovalTool\avxdisk.dll C:\Users\x\AppData\Local\Temp\BDRemovalTool\bdcore.dll C:\Users\x\AppData\Local\Temp\BDRemovalTool\BDRemovalTool.exe C:\Users\x\AppData\Local\Temp\BDRemovalTool\htmlayout.dll C:\Users\x\AppData\Local\Temp\BDRemovalTool\log.dll C:\Users\x\AppData\Local\Temp\BDRemovalTool\scan.dll C:\Users\x\AppData\Local\Temp\BDRemovalTool\trufos.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-08-13 16:23 ==================== End Of Log ============================