Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2014 04 Ran by ja (administrator) on JA-KOMPUTER on 20-01-2014 08:00:47 Running from C:\Users\ja\Desktop Windows 7 Professional Service Pack 1 (X64) OS Language: Polish Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Windows\System32\wlanext.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (France Telecom SA) C:\Program Files (x86)\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe (Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe (France Telecom SA) C:\Program Files (x86)\CardDetector\HUAWEI1752_1552\CardDetector.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe (France Telecom SA) C:\Program Files (x86)\Common Files\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [IntelWirelessWiMAX] - C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe [1437696 2009-09-16] (Intel® Corporation) HKLM\...\Run: [IntelWireless] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1926928 2010-01-19] (Intel(R) Corporation) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4956176 2013-11-07] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [CardDetectorHUAWEI1752_1552] - C:\Program Files (x86)\CardDetector\HUAWEI1752_1552\CardDetector.exe [282624 2009-10-14] (France Telecom SA) HKLM-x32\...\Run: [BEWINTERNET-PLSessionManager] - C:\Program Files (x86)\OrangeBS\BEWInternet-PL\SessionManager\SessionManager.exe [140016 2009-10-14] (France Telecom SA) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKCU\...\Run: [AVG-Secure-Search-Update_1213b] - C:\Users\ja\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=93b5c27c683447d3b31f2104e4b34f2e-29a7b43a2bad10a75e950a17395c49975e1a602d /CMPID=1213b MountPoints2: {1281bcac-7f6a-11e3-88f8-f04da257a6dd} - H:\Startme.exe MountPoints2: {991f6e30-484a-11e3-850f-f04da257a6dd} - H:\MicroLauncher.exe ==================== Internet (Whitelisted) ==================== HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.aartemis.com/web/?type=ds&ts=1385655594&from=mlv&uid=HITACHIXHTS545050B9A300_090925PB4404Q7J3HYRAX&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://aartemis.com/?type=hp&ts=1385655594&from=mlv&uid=HITACHIXHTS545050B9A300_090925PB4404Q7J3HYRAX HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://aartemis.com/?type=hp&ts=1385655594&from=mlv&uid=HITACHIXHTS545050B9A300_090925PB4404Q7J3HYRAX HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.aartemis.com/web/?type=ds&ts=1385655594&from=mlv&uid=HITACHIXHTS545050B9A300_090925PB4404Q7J3HYRAX&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.pl StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://aartemis.com/?type=sc&ts=1385655594&from=mlv&uid=HITACHIXHTS545050B9A300_090925PB4404Q7J3HYRAX SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.aartemis.com/web/?type=ds&ts=1385655594&from=mlv&uid=HITACHIXHTS545050B9A300_090925PB4404Q7J3HYRAX&q={searchTerms} SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.aartemis.com/web/?type=ds&ts=1385655594&from=mlv&uid=HITACHIXHTS545050B9A300_090925PB4404Q7J3HYRAX&q={searchTerms} SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Tcpip\Parameters: [DhcpNameServer] 192.168.10.1 FireFox: ======== FF ProfilePath: C:\Users\ja\AppData\Roaming\Mozilla\Firefox\Profiles\2vv8ai2i.default FF user.js: detected! => C:\Users\ja\AppData\Roaming\Mozilla\Firefox\Profiles\2vv8ai2i.default\user.js FF NewTab: hxxp://www.google.pl FF SearchEngineOrder.1: Ask Search FF Homepage: https://www.google.pl/ FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3225826&SearchSource=2&CUI=UN79278433453086679&UM=&q= FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF Plugin-x32: @comarch.com/NOL,version=3.0 - C:\Program Files (x86)\Common Files\NOL3\npn30plugin.dll (COMARCH S.A.) FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\ja\AppData\Roaming\Mozilla\Firefox\Profiles\2vv8ai2i.default\searchplugins\ask-search.xml FF SearchPlugin: C:\Users\ja\AppData\Roaming\Mozilla\Firefox\Profiles\2vv8ai2i.default\searchplugins\Ask.xml FF SearchPlugin: C:\Users\ja\AppData\Roaming\Mozilla\Firefox\Profiles\2vv8ai2i.default\searchplugins\delta.xml FF Extension: Widget context - C:\Users\ja\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{140A2D0E-85CC-4ed3-9BA5-8FA35DA7FABA}.xpi [2013-12-06] FF Extension: BitTorrentControl_v12 - C:\Users\ja\AppData\Roaming\Mozilla\Firefox\Profiles\2vv8ai2i.default\Extensions\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} [2013-12-14] Chrome: ======= CHR HomePage: hxxp://www.google.com CHR RestoreOnStartup: "hxxp://www.google.com" CHR Extension: (Dokumenty Google) - C:\Users\ja\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-28] CHR Extension: (Dysk Google) - C:\Users\ja\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-28] CHR Extension: (YouTube) - C:\Users\ja\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-28] CHR Extension: (Szukaj w Google) - C:\Users\ja\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-28] CHR Extension: (Google Wallet) - C:\Users\ja\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-28] CHR Extension: (Widget context) - C:\Users\ja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ombmmloebnfnpehgjnmkcgoegfachobp [2013-12-06] CHR Extension: (Gmail) - C:\Users\ja\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-28] ==================== Services (Whitelisted) ================= S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3478544 2013-11-11] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.) R2 FTRTSVC; C:\Program Files (x86)\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe [90112 2009-10-14] (France Telecom SA) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [315664 2010-01-19] () ==================== Drivers (Whitelisted) ==================== R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-05] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [240920 2013-11-04] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [194872 2013-10-24] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-10-31] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.) S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-01-20 08:00 - 2014-01-20 08:01 - 00011655 _____ C:\Users\ja\Desktop\FRST.txt 2014-01-20 07:55 - 2014-01-20 07:55 - 00000000 ____D C:\FRST 2014-01-20 07:52 - 2014-01-20 07:52 - 00602112 _____ (OldTimer Tools) C:\Users\ja\Desktop\OTL.exe 2014-01-20 07:50 - 2014-01-20 07:50 - 02076672 _____ (Farbar) C:\Users\ja\Desktop\FRST64.exe 2014-01-18 18:31 - 2014-01-18 18:31 - 00001796 _____ C:\Users\ja\Desktop\Artur P — skrót.lnk 2014-01-18 18:28 - 2014-01-18 18:28 - 00003104 _____ C:\Users\ja\Desktop\Hania — skrót.lnk 2014-01-17 10:00 - 2014-01-17 10:34 - 00000000 ___HD C:\Windows\AxInstSV 2014-01-15 10:29 - 2014-01-15 10:29 - 00001695 _____ C:\Users\ja\Desktop\karola — skrót.lnk 2014-01-15 09:46 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2014-01-15 09:46 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2014-01-15 09:46 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys 2014-01-15 09:46 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2014-01-15 09:46 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2014-01-15 09:46 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys 2014-01-15 09:46 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2014-01-15 09:46 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2014-01-15 09:46 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-01-13 10:12 - 2014-01-13 10:12 - 00000000 ____D C:\Users\ja\Documents\Fax 2014-01-08 13:31 - 2014-01-08 13:31 - 00018531 _____ C:\Users\ja\Desktop\kp___kasa_przyjmie.xlsx 2014-01-05 16:11 - 2014-01-05 16:11 - 00095232 _____ C:\Users\ja\Downloads\ARKUSZ SPISU Z NATURY - Remanent;Inwentaryzacja.xls ==================== One Month Modified Files and Folders ======= 2014-01-20 08:01 - 2014-01-20 08:00 - 00011655 _____ C:\Users\ja\Desktop\FRST.txt 2014-01-20 07:58 - 2013-10-16 07:36 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-01-20 07:55 - 2014-01-20 07:55 - 00000000 ____D C:\FRST 2014-01-20 07:52 - 2014-01-20 07:52 - 00602112 _____ (OldTimer Tools) C:\Users\ja\Desktop\OTL.exe 2014-01-20 07:52 - 2009-07-14 05:45 - 00021280 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-01-20 07:52 - 2009-07-14 05:45 - 00021280 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-01-20 07:51 - 2013-10-15 19:40 - 01553753 _____ C:\Windows\WindowsUpdate.log 2014-01-20 07:50 - 2014-01-20 07:50 - 02076672 _____ (Farbar) C:\Users\ja\Desktop\FRST64.exe 2014-01-20 07:49 - 2013-11-28 17:33 - 00001040 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-01-20 07:45 - 2013-10-16 07:36 - 00000000 ____D C:\ProgramData\MFAData 2014-01-20 07:36 - 2013-11-28 17:33 - 00001036 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-01-20 07:36 - 2013-10-16 07:17 - 00000050 _____ C:\Windows\system32\SupplicantTest.log 2014-01-20 07:36 - 2010-11-21 04:47 - 00005892 _____ C:\Windows\PFRO.log 2014-01-20 07:36 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2014-01-20 07:36 - 2009-07-14 05:51 - 00045593 _____ C:\Windows\setupact.log 2014-01-19 21:15 - 2013-12-12 12:21 - 00000000 ____D C:\Program Files (x86)\Mobogenie 2014-01-19 21:15 - 2013-12-12 12:19 - 00000000 ____D C:\Program Files (x86)\MyPC Backup 2014-01-19 21:15 - 2013-10-15 19:46 - 00000000 ___RD C:\Users\ja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-01-19 21:14 - 2013-11-28 17:19 - 00000000 ____D C:\Users\ja\AppData\Local\Lollipop 2014-01-19 21:10 - 2013-10-16 07:35 - 00000000 ____D C:\Program Files (x86)\Adobe 2014-01-19 21:10 - 2013-10-15 22:37 - 00000000 ____D C:\Users\ja\AppData\Roaming\Adobe 2014-01-19 20:52 - 2013-12-06 17:27 - 00000000 ____D C:\Windows\system32\appmgmt 2014-01-19 20:49 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD 2014-01-18 22:43 - 2013-12-12 12:22 - 00021197 _____ C:\Users\ja\daemonprocess.txt 2014-01-18 18:34 - 2013-10-17 15:32 - 00000000 ____D C:\Users\ja\Documents\karola 2014-01-18 18:31 - 2014-01-18 18:31 - 00001796 _____ C:\Users\ja\Desktop\Artur P — skrót.lnk 2014-01-18 18:28 - 2014-01-18 18:28 - 00003104 _____ C:\Users\ja\Desktop\Hania — skrót.lnk 2014-01-17 10:34 - 2014-01-17 10:00 - 00000000 ___HD C:\Windows\AxInstSV 2014-01-16 12:20 - 2009-07-14 05:45 - 00419952 _____ C:\Windows\system32\FNTCACHE.DAT 2014-01-15 21:20 - 2013-10-16 07:20 - 00000000 ____D C:\ProgramData\Microsoft Help 2014-01-15 21:17 - 2013-10-15 20:22 - 00000000 ____D C:\Windows\system32\MRT 2014-01-15 21:13 - 2013-10-15 20:22 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-01-15 13:07 - 2013-12-13 17:23 - 00000000 ____D C:\Users\ja\Documents\Artur P 2014-01-15 10:29 - 2014-01-15 10:29 - 00001695 _____ C:\Users\ja\Desktop\karola — skrót.lnk 2014-01-13 10:12 - 2014-01-13 10:12 - 00000000 ____D C:\Users\ja\Documents\Fax 2014-01-08 13:31 - 2014-01-08 13:31 - 00018531 _____ C:\Users\ja\Desktop\kp___kasa_przyjmie.xlsx 2014-01-07 09:03 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\system32\FxsTmp 2014-01-05 16:39 - 2013-10-16 05:35 - 00697912 _____ C:\Windows\system32\perfh015.dat 2014-01-05 16:39 - 2013-10-16 05:35 - 00134990 _____ C:\Windows\system32\perfc015.dat 2014-01-05 16:39 - 2009-07-14 06:13 - 01549696 _____ C:\Windows\system32\PerfStringBackup.INI 2014-01-05 16:11 - 2014-01-05 16:11 - 00095232 _____ C:\Users\ja\Downloads\ARKUSZ SPISU Z NATURY - Remanent;Inwentaryzacja.xls 2013-12-30 09:01 - 2013-10-15 22:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-12-25 16:33 - 2013-12-12 12:22 - 00000000 ____D C:\Users\ja\AppData\Local\Mobogenie Some content of TEMP: ==================== C:\Users\ja\AppData\Local\Temp\APNSetup.exe C:\Users\ja\AppData\Local\Temp\BackupSetup.exe C:\Users\ja\AppData\Local\Temp\Creative Cloud Helper.exe C:\Users\ja\AppData\Local\Temp\GoogleSetup.exe C:\Users\ja\AppData\Local\Temp\mlv_aartemis_2013111118252.exe C:\Users\ja\AppData\Local\Temp\SHSetup.exe C:\Users\ja\AppData\Local\Temp\vcredist_x64.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-12-10 18:21 ==================== End Of Log ============================