Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-04-2014 01 Ran by Kamil (administrator) on KAMIL on 14-04-2014 09:31:11 Running from D:\czyszczenie Windows 7 Professional Service Pack 1 (X64) OS Language: Polish Internet Explorer Version 10 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\STacSV64.exe (Validity Sensors, Inc.) C:\Windows\system32\vcsFPService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe () C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE (Dell Inc.) C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe (Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\AESTSr64.exe (Microsoft Corporation) C:\Windows\System32\alg.exe (Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe (HP) C:\Windows\system32\HPSIsvc.exe () C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe () C:\Program Files (x86)\PSService\mysql5067\bin\mysqld-nt.exe (Software 2000 Limited) C:\Windows\system32\spool\DRIVERS\x64\3\HP1006MC.EXE () C:\Program Files (x86)\PSService\PSHttpService.exe () C:\Program Files (x86)\PSService\PSKeeperService.exe () C:\Program Files (x86)\PSService\PSService.exe () C:\Program Files (x86)\PSStore\PSStoreKeeperService.exe () C:\Program Files (x86)\PSStore\PSStoreService.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe () C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Microsoft Corporation) C:\Windows\System32\StikyNot.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () D:\czyszczenie\MiniRegTool64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Farbar) D:\czyszczenie\FSS.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [130576 2009-04-22] (Logitech, Inc.) HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2840352 2010-04-07] (ESET) HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [AllShare Control] => C:\Program Files (x86)\Samsung\Smart Home Control\AllShare Control HKU\S-1-5-19\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-20] (Microsoft Corporation) HKU\S-1-5-20\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-20] (Microsoft Corporation) HKU\S-1-5-21-2714914111-4178040897-3028522752-1000\...\Run: [GG] => C:\Users\Kamil\AppData\Local\GG\Application\gghub.exe [4023360 2014-04-09] (GG Network S.A.) HKU\S-1-5-21-2714914111-4178040897-3028522752-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.) HKU\S-1-5-21-2714914111-4178040897-3028522752-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation) HKU\S-1-5-21-2714914111-4178040897-3028522752-1000\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_12_0_0_77_Plugin.exe [841096 2014-03-11] (Adobe Systems Incorporated) HKU\S-1-5-21-2714914111-4178040897-3028522752-1000\...\Policies\Explorer: [] HKU\S-1-5-21-2714914111-4178040897-3028522752-1000\...\MountPoints2: F - F:\AutoRun.exe HKU\S-1-5-21-2714914111-4178040897-3028522752-1000\...\MountPoints2: {5a095ba6-df95-11df-981e-a4badbabdcd0} - G:\AutoRun.exe HKU\S-1-5-21-2714914111-4178040897-3028522752-1000\...\MountPoints2: {921e9aac-b40a-11df-9285-f07bcb4e3163} - F:\LaunchU3.exe -a HKU\S-1-5-21-2714914111-4178040897-3028522752-1000\...\MountPoints2: {b8c1f10d-1a70-11e0-aded-a4badbabdcd0} - H:\AutoRun.exe HKU\S-1-5-21-2714914111-4178040897-3028522752-1000\...\MountPoints2: {d3b49500-1a39-11e0-86f1-a4badbabdcd0} - F:\AutoRun.exe HKU\S-1-5-21-2714914111-4178040897-3028522752-1000\...\MountPoints2: {d53b9d75-61ab-11df-a454-806e6f6e6963} - E:\autoRcd.exe HKU\S-1-5-21-2714914111-4178040897-3028522752-1000\...\MountPoints2: {d6964e61-cd95-11df-9071-a4badbabdcd0} - F:\AutoRun.exe HKU\S-1-5-21-2714914111-4178040897-3028522752-1000\...\MountPoints2: {d6964e70-cd95-11df-9071-a4badbabdcd0} - G:\AutoRun.exe HKU\S-1-5-21-2714914111-4178040897-3028522752-1000\...\MountPoints2: {dbbf4572-f53e-11e1-9c4e-506313956d68} - F:\NokiaPCIA_Autorun.exe HKU\S-1-5-21-2714914111-4178040897-3028522752-1000\...\MountPoints2: {e067907a-1bcd-11e0-b8b5-a4badbabdcd0} - F:\AutoRun.exe HKU\S-1-5-21-2714914111-4178040897-3028522752-1000\...\MountPoints2: {e0679095-1bcd-11e0-b8b5-a4badbabdcd0} - F:\AutoRun.exe HKU\S-1-5-21-2714914111-4178040897-3028522752-1000\...\MountPoints2: {e0679098-1bcd-11e0-b8b5-a4badbabdcd0} - F:\AutoRun.exe HKU\S-1-5-21-2714914111-4178040897-3028522752-1000\...\MountPoints2: {e9f1ee6f-2ffc-11e1-a731-506313956d68} - F:\AutoRun.exe HKU\S-1-5-21-2714914111-4178040897-3028522752-1000\...\MountPoints2: {e9f1ee7d-2ffc-11e1-a731-506313956d68} - F:\AutoRun.exe HKU\S-1-5-21-2714914111-4178040897-3028522752-1011\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-20] (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ SearchScopes: HKCU - DefaultScope {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = http://www.daemon-search.com/search/web?q={searchTerms} SearchScopes: HKCU - {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = http://www.daemon-search.com/search/web?q={searchTerms} SearchScopes: HKCU - {DAD6C786-7F1A-46AA-A04F-B5471704E0B9} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=U3&apn_dtid=OSJ000YYPL&apn_uid=D195D7E6-966C-46A2-B699-6EB33ED845BE&apn_sauid=92B0D5F2-0F5E-482D-9886-99C865244E00 BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: IEPluginBHO Class - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\ProgramData\Gadu-Gadu 10\_userdata\ggbho.2.dll No File Toolbar: HKLM - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () Toolbar: HKLM-x32 - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () Toolbar: HKLM-x32 - Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.) Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File DPF: HKLM-x32 {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} http://212.160.173.246/ssi.cgi/cab/OCXChecker_8300.cab DPF: HKLM-x32 {D7B039C1-5929-49B3-913E-EB62C8866FC4} http://192.168.1.102/HtmlAnvView.cab Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 89.22.39.252 8.8.8.8 Tcpip\..\Interfaces\{575EDD95-AA5F-446F-B7BF-077110AC315E}: [NameServer]8.8.8.8 FireFox: ======== FF ProfilePath: C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\q0ujm3eo.default FF SearchEngineOrder.1: Ask.com FF SelectedSearchEngine: Google FF Homepage: hxxp://www.google.pl/ FF NetworkProxy: "http", "91.121.91.61" FF NetworkProxy: "http_port", 3128 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll () FF Plugin: @java.com/DTPlugin,version=10.10.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.10.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @real.com/nppl3260;version=6.0.12.450 - C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.448 - C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: hbgk.net/WebDvrCtrl - C:\Program Files (x86)\WebControl\npWebCtrl.dll (TODO: <公司名>) FF Plugin-x32: Web Components - C:\Program Files (x86)\Web Components\npWebVideoPlugin.dll () FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Kamil\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdnu.dll (AOL LLC) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdnupdater2.dll (AOL LLC) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.) FF SearchPlugin: C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\q0ujm3eo.default\searchplugins\aol-web-search.xml FF SearchPlugin: C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\q0ujm3eo.default\searchplugins\askcom.xml FF SearchPlugin: C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\q0ujm3eo.default\searchplugins\daemon-search.xml FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2014-02-17] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-03-03] FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012-02-03] FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012-02-03] Chrome: ======= CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll () CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll () CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation) CHR Plugin: (downloadUpdater) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll (AOL LLC) CHR Plugin: (downloadUpdater2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll (AOL LLC) CHR Plugin: (Winamp Application Detector) - C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll No File CHR Plugin: (Java Deployment Toolkit 7.0.510.13) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) CHR Plugin: (Java(TM) Platform SE 7 U51) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) CHR Plugin: (Web Components) - C:\Program Files (x86)\Web Components\npWebVideoPlugin.dll () CHR Plugin: (TODO: <产品名>) - C:\Program Files (x86)\WebControl\npWebCtrl.dll (TODO: <公司名>) CHR Plugin: (Unity Player) - C:\Users\Kamil\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.) CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll () CHR Extension: (Dokumenty Google) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-03-26] CHR Extension: (Dysk Google) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-03-26] CHR Extension: (YouTube) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-03-26] CHR Extension: (Szukaj w Google) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-26] CHR Extension: (http://agrafka.nazwa.pl/2012/bannery/banner_f) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\egibcklfcbndpajmafeehgojlleaipfb [2013-09-05] CHR Extension: (Skype Click to Call) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-02-17] CHR Extension: (Google Wallet) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22] CHR Extension: (Gmail) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-26] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-03-03] ==================== Services (Whitelisted) ================= R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation) R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc.) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363584 2014-03-03] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748608 2014-03-03] (Microsoft Corporation) S3 EhttpSrv; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [42336 2010-04-07] (ESET) R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [810120 2010-04-07] (ESET) S2 EsetNod32Fix; C:\Windows\Regedit.exe [427008 2009-07-14] (Microsoft Corporation) S2 EsetNod32Fix; C:\Windows\SysWow64\Regedit.exe [398336 2009-07-14] (Microsoft Corporation) R2 InstallFilterService; C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [59904 2009-11-29] () S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2012-02-02] () R2 MSSQL$INSERTGT; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29178224 2007-02-10] (Microsoft Corporation) R2 MySql_ps; C:\Program Files (x86)\PSService\mysql5067\bin\mysqld-nt.exe [5779456 2012-12-07] () R2 PSHttpService; C:\Program Files (x86)\PSService\PSHttpService.exe [135680 2012-12-10] () R2 PSKeeperService; C:\Program Files (x86)\PSService\PSKeeperService.exe [78848 2012-12-10] () R2 PSService; C:\Program Files (x86)\PSService\PSService.exe [935936 2012-12-10] () R2 PSStoreKeeperService; C:\Program Files (x86)\PSStore\PSStoreKeeperService.exe [78336 2012-12-10] () R2 PSStoreService; C:\Program Files (x86)\PSStore\PSStoreService.exe [221184 2012-12-10] () R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\STacSV64.exe [247808 2010-04-07] (IDT, Inc.) R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [4521472 2010-05-17] (Dell Inc.) R2 WMCoreService; C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe [444416 2009-10-28] () ==================== Drivers (Whitelisted) ==================== R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2011-07-15] (DT Soft Ltd) R2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [164912 2010-04-07] (ESET) R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [139704 2010-04-07] (ESET) R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [124760 2010-04-07] (ESET) S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [113792 2009-06-22] (Huawei Technologies Co., Ltd.) R3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-12-24] (Marvell Semiconductor, Inc.) S3 nmwcdx64; C:\Windows\System32\drivers\nmwcdx64.sys [173056 2007-06-28] (Nokia) S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [871408 2011-07-15] () ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-14 09:25 - 2014-04-14 09:25 - 01273076 _____ () C:\Users\Kamil\Downloads\MiniRegTool64.zip 2014-04-13 23:21 - 2014-04-13 23:21 - 00018010 _____ () C:\Users\Kamil\Downloads\0-PZ-M1-0 (49).odt 2014-04-13 18:55 - 2014-04-13 18:55 - 00000000 ____D () C:\Users\Kamil\Desktop\Nowy folder (2) 2014-04-13 18:51 - 2014-04-12 17:10 - 69829314 ____N () C:\Users\Kamil\Desktop\20140412_171006.mp4 2014-04-10 23:27 - 2014-04-10 23:27 - 00017461 _____ () C:\Users\Kamil\Downloads\0-PZ-M1-0 (48).odt 2014-04-10 11:49 - 2014-04-10 11:49 - 00017939 _____ () C:\Users\Kamil\Downloads\0-PZ-M1-0 (46).odt 2014-04-10 11:49 - 2014-04-10 11:49 - 00016388 _____ () C:\Users\Kamil\Downloads\0-PZ-M1-0 (47).odt 2014-04-09 23:30 - 2014-04-09 23:30 - 00017938 _____ () C:\Users\Kamil\Downloads\0-PZ-M1-0 (45).odt 2014-04-09 16:37 - 2014-04-14 09:31 - 00000000 ____D () C:\FRST 2014-04-09 15:47 - 2014-04-09 15:51 - 00003476 _____ () C:\fix.txt 2014-04-09 12:15 - 2014-04-09 12:15 - 00015608 _____ () C:\Users\Kamil\Downloads\sell_document_for_order (17).odt 2014-04-09 12:07 - 2014-04-09 12:07 - 00015751 _____ () C:\Users\Kamil\Downloads\sell_document_for_order (16).odt 2014-04-09 12:06 - 2014-04-09 12:06 - 00015751 _____ () C:\Users\Kamil\Downloads\sell_document_for_order (15).odt 2014-04-08 22:54 - 2014-04-08 22:54 - 00016354 _____ () C:\Users\Kamil\Downloads\0-PZ-M1-0 (44).odt 2014-04-08 22:51 - 2014-04-08 22:51 - 00018230 _____ () C:\Users\Kamil\Downloads\0-PZ-M1-0 (43).odt 2014-04-08 14:05 - 2014-04-08 14:05 - 00017647 _____ () C:\Users\Kamil\Downloads\0-PZ-M1-0 (42).odt 2014-04-08 12:08 - 2014-04-08 12:08 - 00018478 _____ () C:\Users\Kamil\Downloads\0-PZ-M1-0 (41).odt 2014-04-07 22:53 - 2014-04-07 22:53 - 00018561 _____ () C:\Users\Kamil\Downloads\0-PZ-M1-0 (40).odt 2014-04-07 14:23 - 2014-04-07 14:23 - 00017674 _____ () C:\Users\Kamil\Downloads\0-PZ-M1-0 (39).odt 2014-04-07 11:49 - 2014-04-07 11:49 - 00018464 _____ () C:\Users\Kamil\Downloads\0-PZ-M1-0 (38).odt 2014-04-07 09:26 - 2014-04-07 09:26 - 00878035 ____N () C:\Users\Kamil\Desktop\00140212 2014 05 03.xlsx 2014-04-07 09:24 - 2014-04-07 09:42 - 00315334 _____ () C:\Users\Kamil\Desktop\00140209 2014 04 16.xlsx 2014-04-06 22:43 - 2014-04-06 22:43 - 00018512 _____ () C:\Users\Kamil\Downloads\0-PZ-M1-0 (37).odt 2014-04-04 12:07 - 2014-04-04 12:07 - 00017723 _____ () C:\Users\Kamil\Downloads\0-PZ-M1-0 (36).odt 2014-04-03 23:14 - 2014-04-03 23:14 - 00017811 _____ () C:\Users\Kamil\Downloads\0-PZ-M1-0 (35).odt 2014-04-03 23:07 - 2014-04-03 23:07 - 00017810 _____ () C:\Users\Kamil\Downloads\0-PZ-M1-0 (34).odt 2014-04-03 12:54 - 2014-04-03 12:54 - 00015072 _____ () C:\Users\Kamil\Downloads\sell_document_for_order (14).odt 2014-04-03 12:43 - 2014-04-07 09:52 - 00000000 ____D () C:\Users\Kamil\Desktop\DOSTAWY 2014-04-03 11:38 - 2014-04-03 11:38 - 00017874 _____ () C:\Users\Kamil\Downloads\0-PZ-M1-0 (33).odt 2014-04-02 23:27 - 2014-04-02 23:27 - 00017780 _____ () C:\Users\Kamil\Downloads\0-PZ-M1-0 (32).odt 2014-04-02 15:32 - 2014-04-02 15:32 - 00017236 _____ () C:\Users\Kamil\Downloads\0-PZ-M1-0 (31).odt 2014-04-02 12:26 - 2014-04-02 12:26 - 00015260 _____ () C:\Users\Kamil\Downloads\sell_document_for_order (13).odt 2014-04-02 12:03 - 2014-04-02 12:03 - 00018062 _____ () C:\Users\Kamil\Downloads\0-PZ-M1-0 (30).odt 2014-04-02 10:25 - 2014-04-02 10:25 - 02382768 _____ () C:\Users\Kamil\Downloads\Alufelgi-uzgodnienia2 (1).odt 2014-04-02 10:20 - 2014-04-02 10:20 - 06091692 _____ () C:\Users\Kamil\Downloads\Alufelgi-uzgodnienia-dodatkowe-pytania-2-4 (1).odt 2014-04-02 10:02 - 2014-04-02 10:02 - 02382768 _____ () C:\Users\Kamil\Downloads\Alufelgi-uzgodnienia2.odt 2014-04-02 09:50 - 2014-04-02 09:50 - 06091692 _____ () C:\Users\Kamil\Downloads\Alufelgi-uzgodnienia-dodatkowe-pytania-2-4.odt 2014-04-02 00:03 - 2014-04-02 00:03 - 00018061 _____ () C:\Users\Kamil\Downloads\0-PZ-M1-0 (29).odt 2014-04-02 00:03 - 2014-04-02 00:03 - 00018061 _____ () C:\Users\Kamil\Downloads\0-PZ-M1-0 (28).odt 2014-04-01 15:10 - 2014-04-01 15:10 - 00017224 _____ () C:\Users\Kamil\Downloads\0-PZ-M1-0 (27).odt 2014-04-01 15:09 - 2014-04-01 15:09 - 00017177 _____ () C:\Users\Kamil\Downloads\0-PZ-M1-0 (26).odt 2014-04-01 14:29 - 2014-04-01 14:29 - 00017177 _____ () C:\Users\Kamil\Downloads\0-PZ-M1-0 (25).odt 2014-04-01 13:56 - 2014-04-01 13:56 - 00017378 _____ () C:\Users\Kamil\Downloads\0-PZ-M1-0 (24).odt 2014-04-01 10:08 - 2014-04-01 10:08 - 00017526 _____ () C:\Users\Kamil\Downloads\0-PZ-M1-0 (23).odt 2014-04-01 10:07 - 2014-04-01 10:07 - 00017527 _____ () C:\Users\Kamil\Downloads\0-PZ-M1-0 (22).odt 2014-04-01 09:58 - 2014-04-01 09:58 - 00017481 _____ () C:\Users\Kamil\Downloads\0-PZ-M1-0 (21).odt 2014-04-01 00:33 - 2014-04-01 00:33 - 00017058 _____ () C:\Users\Kamil\Downloads\0-PZ-M1-0 (20).odt 2014-04-01 00:23 - 2014-04-01 00:23 - 00017057 _____ () C:\Users\Kamil\Downloads\0-PZ-M1-0 (19).odt 2014-03-31 21:22 - 2014-03-31 21:22 - 00018351 _____ () C:\Users\Kamil\Downloads\0-PZ-M1-0 (18).odt 2014-03-31 21:22 - 2014-03-31 21:22 - 00018351 _____ () C:\Users\Kamil\Downloads\0-PZ-M1-0 (17).odt 2014-03-31 20:43 - 2014-03-31 20:43 - 00016956 _____ () C:\Users\Kamil\Downloads\0-PZ-M1-0 (16).odt 2014-03-31 18:13 - 2014-03-31 18:13 - 00016866 _____ () C:\Users\Kamil\Downloads\0-PZ-M1-0 (15).odt 2014-03-31 15:53 - 2014-03-31 15:53 - 00018210 _____ () C:\Users\Kamil\Downloads\0-PZ-M1-0 (14).odt 2014-03-31 13:51 - 2014-03-31 13:51 - 00017644 _____ () C:\Users\Kamil\Downloads\0-PZ-M1-0 (13).odt 2014-03-31 13:30 - 2014-03-31 13:30 - 00015362 _____ () C:\Users\Kamil\Downloads\sell_document_for_order (12).odt 2014-03-31 13:29 - 2014-03-31 13:29 - 00015362 _____ () C:\Users\Kamil\Downloads\sell_document_for_order (11).odt 2014-03-31 13:19 - 2014-03-31 13:19 - 00015198 _____ () C:\Users\Kamil\Downloads\sell_document_for_order (10).odt 2014-03-31 13:08 - 2014-03-31 13:08 - 00015267 _____ () C:\Users\Kamil\Downloads\sell_document_for_order (9).odt 2014-03-31 13:07 - 2014-03-31 13:07 - 00015267 _____ () C:\Users\Kamil\Downloads\sell_document_for_order (8).odt 2014-03-31 13:00 - 2014-03-31 13:00 - 00015189 _____ () C:\Users\Kamil\Downloads\sell_document_for_order (7).odt 2014-03-31 12:19 - 2014-03-31 12:19 - 00018377 _____ () C:\Users\Kamil\Downloads\0-PZ-M1-0 (12).odt 2014-03-31 10:52 - 2014-03-31 10:52 - 00002962 _____ () C:\Windows\System32\Tasks\iSCSIAgentAutoStartup 2014-03-31 10:52 - 2014-03-31 10:52 - 00001108 _____ () C:\Users\Public\Desktop\Qfinder.lnk 2014-03-31 10:52 - 2014-03-31 10:52 - 00000000 ____D () C:\Program Files (x86)\QNAP 2014-03-31 00:21 - 2014-03-31 00:21 - 00016855 _____ () C:\Users\Kamil\Downloads\0-PZ-M1-0 (11).odt 2014-03-31 00:20 - 2014-03-31 00:20 - 00017143 _____ () C:\Users\Kamil\Downloads\0-PZ-M1-0 (10).odt 2014-03-30 23:40 - 2014-03-30 23:40 - 00018366 _____ () C:\Users\Kamil\Downloads\0-PZ-M1-0 (9).odt 2014-03-28 10:35 - 2014-03-28 10:35 - 00015264 _____ () C:\Users\Kamil\Downloads\sell_document_for_order (6).odt 2014-03-27 23:48 - 2014-03-27 23:48 - 00018265 _____ () C:\Users\Kamil\Downloads\0-PZ-M1-0 (8).odt 2014-03-27 14:37 - 2014-03-27 14:37 - 00017303 _____ () C:\Users\Kamil\Downloads\0-PZ-M1-0 (7).odt 2014-03-27 14:36 - 2014-03-27 14:36 - 00112421 _____ () C:\Users\Kamil\AppData\Local\recently-used.xbel 2014-03-27 13:51 - 2014-03-27 13:51 - 00015218 _____ () C:\Users\Kamil\Downloads\sell_document_for_order (5).odt 2014-03-27 13:21 - 2014-03-27 13:21 - 00018074 _____ () C:\Users\Kamil\Downloads\0-PZ-M1-0 (6).odt 2014-03-26 22:57 - 2014-03-26 22:57 - 00018101 _____ () C:\Users\Kamil\Downloads\0-PZ-M1-0 (5).odt 2014-03-26 14:39 - 2014-03-26 14:39 - 00015011 _____ () C:\Users\Kamil\Downloads\sell_document_for_order (4).odt 2014-03-26 14:05 - 2014-03-26 14:05 - 00015100 _____ () C:\Users\Kamil\Downloads\sell_document_for_order (3).odt 2014-03-25 23:00 - 2014-03-25 23:00 - 00018408 _____ () C:\Users\Kamil\Downloads\0-PZ-M1-0 (4).odt 2014-03-25 15:40 - 2014-03-25 15:40 - 00015285 _____ () C:\Users\Kamil\Downloads\sell_document_for_order (2).odt 2014-03-25 15:37 - 2014-03-25 15:37 - 00015060 _____ () C:\Users\Kamil\Downloads\sell_document_for_order (1).odt 2014-03-25 15:21 - 2014-03-25 15:21 - 00015044 _____ () C:\Users\Kamil\Downloads\sell_document_for_order.odt 2014-03-25 14:20 - 2014-03-25 14:20 - 00017235 _____ () C:\Users\Kamil\Downloads\0-PZ-M1-0 (3).odt 2014-03-25 13:12 - 2014-03-25 13:12 - 00017739 _____ () C:\Users\Kamil\Downloads\0-PZ-M1-0 (2).odt 2014-03-24 23:54 - 2014-03-24 23:54 - 00017540 _____ () C:\Users\Kamil\Downloads\0-PZ-M1-0 (1).odt 2014-03-24 22:32 - 2014-03-24 22:32 - 00018340 _____ () C:\Users\Kamil\Downloads\0-PZ-M1-0.odt 2014-03-17 10:55 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys 2014-03-17 10:55 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe 2014-03-17 10:55 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll 2014-03-17 10:55 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll 2014-03-17 10:55 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll 2014-03-17 10:55 - 2013-10-02 03:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll 2014-03-17 10:55 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll 2014-03-17 10:55 - 2013-10-02 02:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll 2014-03-17 10:55 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll 2014-03-17 10:55 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll 2014-03-17 10:55 - 2013-10-02 02:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2014-03-17 10:55 - 2013-10-02 02:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe 2014-03-17 10:55 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll 2014-03-17 10:55 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe 2014-03-17 10:55 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll 2014-03-17 10:55 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe 2014-03-17 10:55 - 2013-10-01 22:57 - 06578176 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2014-03-17 10:55 - 2013-10-01 22:55 - 05698048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2014-03-17 10:53 - 2014-03-17 10:53 - 00000020 ___SH () C:\Users\UpdatusUser\ntuser.ini 2014-03-17 10:53 - 2014-03-17 10:53 - 00000000 _SHDL () C:\Users\UpdatusUser\Ustawienia lokalne 2014-03-17 10:53 - 2014-03-17 10:53 - 00000000 _SHDL () C:\Users\UpdatusUser\Szablony 2014-03-17 10:53 - 2014-03-17 10:53 - 00000000 _SHDL () C:\Users\UpdatusUser\Moje dokumenty 2014-03-17 10:53 - 2014-03-17 10:53 - 00000000 _SHDL () C:\Users\UpdatusUser\Menu Start 2014-03-17 10:53 - 2014-03-17 10:53 - 00000000 _SHDL () C:\Users\UpdatusUser\Documents\Moje wideo 2014-03-17 10:53 - 2014-03-17 10:53 - 00000000 _SHDL () C:\Users\UpdatusUser\Documents\Moje obrazy 2014-03-17 10:53 - 2014-03-17 10:53 - 00000000 _SHDL () C:\Users\UpdatusUser\Documents\Moja muzyka 2014-03-17 10:53 - 2014-03-17 10:53 - 00000000 _SHDL () C:\Users\UpdatusUser\Dane aplikacji 2014-03-17 10:53 - 2014-03-17 10:53 - 00000000 _SHDL () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programy 2014-03-17 10:53 - 2014-03-17 10:53 - 00000000 _SHDL () C:\Users\UpdatusUser\AppData\Local\Historia 2014-03-17 10:53 - 2014-03-17 10:53 - 00000000 _SHDL () C:\Users\UpdatusUser\AppData\Local\Dane aplikacji 2014-03-17 10:53 - 2014-03-17 10:53 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation 2014-03-17 10:53 - 2010-12-18 02:30 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Microsoft Help 2014-03-17 10:53 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-03-17 10:53 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-03-17 10:52 - 2013-09-05 03:37 - 00061216 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll 2014-03-17 10:52 - 2013-09-05 03:37 - 00053024 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll 2014-03-17 10:50 - 2014-03-17 10:50 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation 2014-03-17 10:41 - 2013-09-25 04:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll 2014-03-17 10:41 - 2013-09-25 03:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll 2014-03-17 09:36 - 2014-03-17 09:36 - 00000000 ____D () C:\Users\Kamil\AppData\Local\Skype ==================== One Month Modified Files and Folders ======= 2014-04-14 09:31 - 2014-04-09 16:37 - 00000000 ____D () C:\FRST 2014-04-14 09:25 - 2014-04-14 09:25 - 01273076 _____ () C:\Users\Kamil\Downloads\MiniRegTool64.zip 2014-04-14 09:10 - 2012-06-15 10:02 - 00000930 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-04-14 09:10 - 2010-11-12 23:54 - 00000000 ____D () C:\Users\Kamil\AppData\Roaming\Skype 2014-04-14 08:55 - 2013-02-10 17:40 - 00001046 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-04-13 23:21 - 2014-04-13 23:21 - 00018010 _____ () C:\Users\Kamil\Downloads\0-PZ-M1-0 (49).odt 2014-04-13 18:55 - 2014-04-13 18:55 - 00000000 ____D () C:\Users\Kamil\Desktop\Nowy folder (2) 2014-04-13 15:35 - 2010-07-16 12:56 - 00003954 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{9E23F4DA-EFF4-4A46-BCCE-C1CCC7F6C6BA} 2014-04-13 15:23 - 2009-07-14 06:45 - 00015168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-13 15:23 - 2009-07-14 06:45 - 00015168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-13 15:19 - 2010-05-17 14:03 - 01317527 _____ () C:\Windows\WindowsUpdate.log 2014-04-12 17:10 - 2014-04-13 18:51 - 69829314 ____N () C:\Users\Kamil\Desktop\20140412_171006.mp4 2014-04-10 23:27 - 2014-04-10 23:27 - 00017461 _____ () C:\Users\Kamil\Downloads\0-PZ-M1-0 (48).odt 2014-04-10 11:49 - 2014-04-10 11:49 - 00017939 _____ () C:\Users\Kamil\Downloads\0-PZ-M1-0 (46).odt 2014-04-10 11:49 - 2014-04-10 11:49 - 00016388 _____ () C:\Users\Kamil\Downloads\0-PZ-M1-0 (47).odt 2014-04-09 23:30 - 2014-04-09 23:30 - 00017938 _____ () C:\Users\Kamil\Downloads\0-PZ-M1-0 (45).odt 2014-04-09 22:10 - 2013-12-11 17:53 - 00000000 ____D () C:\Users\Kamil\AppData\Roaming\GG 2014-04-09 16:38 - 2009-07-14 19:55 - 00788264 _____ () C:\Windows\system32\perfh015.dat 2014-04-09 16:38 - 2009-07-14 19:55 - 00173642 _____ () C:\Windows\system32\perfc015.dat 2014-04-09 16:38 - 2009-07-14 07:13 - 01803342 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-09 16:34 - 2013-12-11 17:53 - 00000000 ____D () C:\Users\Kamil\AppData\Local\GG 2014-04-09 16:33 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-09 16:32 - 2010-05-17 18:26 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-04-09 16:32 - 2010-05-17 18:25 - 00068074 _____ () C:\Windows\PFRO.log 2014-04-09 16:32 - 2009-07-14 06:51 - 00046262 _____ () C:\Windows\setupact.log 2014-04-09 15:51 - 2014-04-09 15:47 - 00003476 _____ () C:\fix.txt 2014-04-09 12:15 - 2014-04-09 12:15 - 00015608 _____ () C:\Users\Kamil\Downloads\sell_document_for_order (17).odt 2014-04-09 12:07 - 2014-04-09 12:07 - 00015751 _____ () C:\Users\Kamil\Downloads\sell_document_for_order (16).odt 2014-04-09 12:06 - 2014-04-09 12:06 - 00015751 _____ () C:\Users\Kamil\Downloads\sell_document_for_order (15).odt 2014-04-08 22:54 - 2014-04-08 22:54 - 00016354 _____ () C:\Users\Kamil\Downloads\0-PZ-M1-0 (44).odt 2014-04-08 22:51 - 2014-04-08 22:51 - 00018230 _____ () C:\Users\Kamil\Downloads\0-PZ-M1-0 (43).odt 2014-04-08 14:05 - 2014-04-08 14:05 - 00017647 _____ () C:\Users\Kamil\Downloads\0-PZ-M1-0 (42).odt 2014-04-08 12:08 - 2014-04-08 12:08 - 00018478 _____ () C:\Users\Kamil\Downloads\0-PZ-M1-0 (41).odt 2014-04-07 22:53 - 2014-04-07 22:53 - 00018561 _____ () C:\Users\Kamil\Downloads\0-PZ-M1-0 (40).odt 2014-04-07 14:23 - 2014-04-07 14:23 - 00017674 _____ () C:\Users\Kamil\Downloads\0-PZ-M1-0 (39).odt 2014-04-07 11:49 - 2014-04-07 11:49 - 00018464 _____ () C:\Users\Kamil\Downloads\0-PZ-M1-0 (38).odt 2014-04-07 09:52 - 2014-04-03 12:43 - 00000000 ____D () C:\Users\Kamil\Desktop\DOSTAWY 2014-04-07 09:42 - 2014-04-07 09:24 - 00315334 _____ () C:\Users\Kamil\Desktop\00140209 2014 04 16.xlsx 2014-04-07 09:26 - 2014-04-07 09:26 - 00878035 ____N () C:\Users\Kamil\Desktop\00140212 2014 05 03.xlsx 2014-04-06 22:43 - 2014-04-06 22:43 - 00018512 _____ () C:\Users\Kamil\Downloads\0-PZ-M1-0 (37).odt 2014-04-04 12:07 - 2014-04-04 12:07 - 00017723 _____ () C:\Users\Kamil\Downloads\0-PZ-M1-0 (36).odt 2014-04-03 23:36 - 2012-08-03 22:27 - 00000000 ____D () C:\Users\Kamil\.gimp-2.8 2014-04-03 23:14 - 2014-04-03 23:14 - 00017811 _____ () C:\Users\Kamil\Downloads\0-PZ-M1-0 (35).odt 2014-04-03 23:07 - 2014-04-03 23:07 - 00017810 _____ () C:\Users\Kamil\Downloads\0-PZ-M1-0 (34).odt 2014-04-03 12:54 - 2014-04-03 12:54 - 00015072 _____ () C:\Users\Kamil\Downloads\sell_document_for_order (14).odt 2014-04-03 11:38 - 2014-04-03 11:38 - 00017874 _____ () C:\Users\Kamil\Downloads\0-PZ-M1-0 (33).odt 2014-04-02 23:27 - 2014-04-02 23:27 - 00017780 _____ () C:\Users\Kamil\Downloads\0-PZ-M1-0 (32).odt 2014-04-02 15:32 - 2014-04-02 15:32 - 00017236 _____ () C:\Users\Kamil\Downloads\0-PZ-M1-0 (31).odt 2014-04-02 12:26 - 2014-04-02 12:26 - 00015260 _____ () C:\Users\Kamil\Downloads\sell_document_for_order (13).odt 2014-04-02 12:03 - 2014-04-02 12:03 - 00018062 _____ () C:\Users\Kamil\Downloads\0-PZ-M1-0 (30).odt 2014-04-02 10:25 - 2014-04-02 10:25 - 02382768 _____ () C:\Users\Kamil\Downloads\Alufelgi-uzgodnienia2 (1).odt 2014-04-02 10:20 - 2014-04-02 10:20 - 06091692 _____ () C:\Users\Kamil\Downloads\Alufelgi-uzgodnienia-dodatkowe-pytania-2-4 (1).odt 2014-04-02 10:02 - 2014-04-02 10:02 - 02382768 _____ () C:\Users\Kamil\Downloads\Alufelgi-uzgodnienia2.odt 2014-04-02 09:50 - 2014-04-02 09:50 - 06091692 _____ () C:\Users\Kamil\Downloads\Alufelgi-uzgodnienia-dodatkowe-pytania-2-4.odt 2014-04-02 00:03 - 2014-04-02 00:03 - 00018061 _____ () C:\Users\Kamil\Downloads\0-PZ-M1-0 (29).odt 2014-04-02 00:03 - 2014-04-02 00:03 - 00018061 _____ () C:\Users\Kamil\Downloads\0-PZ-M1-0 (28).odt 2014-04-01 15:10 - 2014-04-01 15:10 - 00017224 _____ () C:\Users\Kamil\Downloads\0-PZ-M1-0 (27).odt 2014-04-01 15:09 - 2014-04-01 15:09 - 00017177 _____ () C:\Users\Kamil\Downloads\0-PZ-M1-0 (26).odt 2014-04-01 14:29 - 2014-04-01 14:29 - 00017177 _____ () C:\Users\Kamil\Downloads\0-PZ-M1-0 (25).odt 2014-04-01 13:56 - 2014-04-01 13:56 - 00017378 _____ () C:\Users\Kamil\Downloads\0-PZ-M1-0 (24).odt 2014-04-01 10:08 - 2014-04-01 10:08 - 00017526 _____ () C:\Users\Kamil\Downloads\0-PZ-M1-0 (23).odt 2014-04-01 10:07 - 2014-04-01 10:07 - 00017527 _____ () C:\Users\Kamil\Downloads\0-PZ-M1-0 (22).odt 2014-04-01 09:58 - 2014-04-01 09:58 - 00017481 _____ () C:\Users\Kamil\Downloads\0-PZ-M1-0 (21).odt 2014-04-01 00:33 - 2014-04-01 00:33 - 00017058 _____ () C:\Users\Kamil\Downloads\0-PZ-M1-0 (20).odt 2014-04-01 00:23 - 2014-04-01 00:23 - 00017057 _____ () C:\Users\Kamil\Downloads\0-PZ-M1-0 (19).odt 2014-03-31 21:22 - 2014-03-31 21:22 - 00018351 _____ () C:\Users\Kamil\Downloads\0-PZ-M1-0 (18).odt 2014-03-31 21:22 - 2014-03-31 21:22 - 00018351 _____ () C:\Users\Kamil\Downloads\0-PZ-M1-0 (17).odt 2014-03-31 20:43 - 2014-03-31 20:43 - 00016956 _____ () C:\Users\Kamil\Downloads\0-PZ-M1-0 (16).odt 2014-03-31 18:13 - 2014-03-31 18:13 - 00016866 _____ () C:\Users\Kamil\Downloads\0-PZ-M1-0 (15).odt 2014-03-31 15:53 - 2014-03-31 15:53 - 00018210 _____ () C:\Users\Kamil\Downloads\0-PZ-M1-0 (14).odt 2014-03-31 13:51 - 2014-03-31 13:51 - 00017644 _____ () C:\Users\Kamil\Downloads\0-PZ-M1-0 (13).odt 2014-03-31 13:30 - 2014-03-31 13:30 - 00015362 _____ () C:\Users\Kamil\Downloads\sell_document_for_order (12).odt 2014-03-31 13:29 - 2014-03-31 13:29 - 00015362 _____ () C:\Users\Kamil\Downloads\sell_document_for_order (11).odt 2014-03-31 13:19 - 2014-03-31 13:19 - 00015198 _____ () C:\Users\Kamil\Downloads\sell_document_for_order (10).odt 2014-03-31 13:08 - 2014-03-31 13:08 - 00015267 _____ () C:\Users\Kamil\Downloads\sell_document_for_order (9).odt 2014-03-31 13:07 - 2014-03-31 13:07 - 00015267 _____ () C:\Users\Kamil\Downloads\sell_document_for_order (8).odt 2014-03-31 13:00 - 2014-03-31 13:00 - 00015189 _____ () C:\Users\Kamil\Downloads\sell_document_for_order (7).odt 2014-03-31 12:19 - 2014-03-31 12:19 - 00018377 _____ () C:\Users\Kamil\Downloads\0-PZ-M1-0 (12).odt 2014-03-31 10:52 - 2014-03-31 10:52 - 00002962 _____ () C:\Windows\System32\Tasks\iSCSIAgentAutoStartup 2014-03-31 10:52 - 2014-03-31 10:52 - 00001108 _____ () C:\Users\Public\Desktop\Qfinder.lnk 2014-03-31 10:52 - 2014-03-31 10:52 - 00000000 ____D () C:\Program Files (x86)\QNAP 2014-03-31 00:21 - 2014-03-31 00:21 - 00016855 _____ () C:\Users\Kamil\Downloads\0-PZ-M1-0 (11).odt 2014-03-31 00:20 - 2014-03-31 00:20 - 00017143 _____ () C:\Users\Kamil\Downloads\0-PZ-M1-0 (10).odt 2014-03-30 23:40 - 2014-03-30 23:40 - 00018366 _____ () C:\Users\Kamil\Downloads\0-PZ-M1-0 (9).odt 2014-03-30 23:11 - 2014-02-11 15:26 - 00000000 ____D () C:\Users\Kamil\Desktop\Trend Meble 2014-03-30 23:11 - 2013-07-28 23:40 - 00000000 ____D () C:\Program Files (x86)\SpeedFan 2014-03-30 23:09 - 2014-02-05 14:14 - 00000000 ____D () C:\Users\Kamil\Desktop\FORA 2014-03-28 10:35 - 2014-03-28 10:35 - 00015264 _____ () C:\Users\Kamil\Downloads\sell_document_for_order (6).odt 2014-03-28 09:55 - 2013-02-10 17:40 - 00001042 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-03-28 09:50 - 2013-02-10 17:40 - 00004042 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-03-28 09:50 - 2013-02-10 17:40 - 00003790 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-03-27 23:48 - 2014-03-27 23:48 - 00018265 _____ () C:\Users\Kamil\Downloads\0-PZ-M1-0 (8).odt 2014-03-27 14:37 - 2014-03-27 14:37 - 00017303 _____ () C:\Users\Kamil\Downloads\0-PZ-M1-0 (7).odt 2014-03-27 14:36 - 2014-03-27 14:36 - 00112421 _____ () C:\Users\Kamil\AppData\Local\recently-used.xbel 2014-03-27 13:51 - 2014-03-27 13:51 - 00015218 _____ () C:\Users\Kamil\Downloads\sell_document_for_order (5).odt 2014-03-27 13:21 - 2014-03-27 13:21 - 00018074 _____ () C:\Users\Kamil\Downloads\0-PZ-M1-0 (6).odt 2014-03-26 22:57 - 2014-03-26 22:57 - 00018101 _____ () C:\Users\Kamil\Downloads\0-PZ-M1-0 (5).odt 2014-03-26 14:39 - 2014-03-26 14:39 - 00015011 _____ () C:\Users\Kamil\Downloads\sell_document_for_order (4).odt 2014-03-26 14:05 - 2014-03-26 14:05 - 00015100 _____ () C:\Users\Kamil\Downloads\sell_document_for_order (3).odt 2014-03-25 23:00 - 2014-03-25 23:00 - 00018408 _____ () C:\Users\Kamil\Downloads\0-PZ-M1-0 (4).odt 2014-03-25 15:40 - 2014-03-25 15:40 - 00015285 _____ () C:\Users\Kamil\Downloads\sell_document_for_order (2).odt 2014-03-25 15:37 - 2014-03-25 15:37 - 00015060 _____ () C:\Users\Kamil\Downloads\sell_document_for_order (1).odt 2014-03-25 15:21 - 2014-03-25 15:21 - 00015044 _____ () C:\Users\Kamil\Downloads\sell_document_for_order.odt 2014-03-25 14:20 - 2014-03-25 14:20 - 00017235 _____ () C:\Users\Kamil\Downloads\0-PZ-M1-0 (3).odt 2014-03-25 13:12 - 2014-03-25 13:12 - 00017739 _____ () C:\Users\Kamil\Downloads\0-PZ-M1-0 (2).odt 2014-03-24 23:54 - 2014-03-24 23:54 - 00017540 _____ () C:\Users\Kamil\Downloads\0-PZ-M1-0 (1).odt 2014-03-24 22:32 - 2014-03-24 22:32 - 00018340 _____ () C:\Users\Kamil\Downloads\0-PZ-M1-0.odt 2014-03-22 17:46 - 2010-05-28 15:30 - 00000000 ____D () C:\Users\Kamil\AppData\Roaming\VSO 2014-03-18 13:43 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-03-17 11:00 - 2010-11-12 23:54 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-03-17 10:53 - 2014-03-17 10:53 - 00000020 ___SH () C:\Users\UpdatusUser\ntuser.ini 2014-03-17 10:53 - 2014-03-17 10:53 - 00000000 _SHDL () C:\Users\UpdatusUser\Ustawienia lokalne 2014-03-17 10:53 - 2014-03-17 10:53 - 00000000 _SHDL () C:\Users\UpdatusUser\Szablony 2014-03-17 10:53 - 2014-03-17 10:53 - 00000000 _SHDL () C:\Users\UpdatusUser\Moje dokumenty 2014-03-17 10:53 - 2014-03-17 10:53 - 00000000 _SHDL () C:\Users\UpdatusUser\Menu Start 2014-03-17 10:53 - 2014-03-17 10:53 - 00000000 _SHDL () C:\Users\UpdatusUser\Documents\Moje wideo 2014-03-17 10:53 - 2014-03-17 10:53 - 00000000 _SHDL () C:\Users\UpdatusUser\Documents\Moje obrazy 2014-03-17 10:53 - 2014-03-17 10:53 - 00000000 _SHDL () C:\Users\UpdatusUser\Documents\Moja muzyka 2014-03-17 10:53 - 2014-03-17 10:53 - 00000000 _SHDL () C:\Users\UpdatusUser\Dane aplikacji 2014-03-17 10:53 - 2014-03-17 10:53 - 00000000 _SHDL () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programy 2014-03-17 10:53 - 2014-03-17 10:53 - 00000000 _SHDL () C:\Users\UpdatusUser\AppData\Local\Historia 2014-03-17 10:53 - 2014-03-17 10:53 - 00000000 _SHDL () C:\Users\UpdatusUser\AppData\Local\Dane aplikacji 2014-03-17 10:53 - 2014-03-17 10:53 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation 2014-03-17 10:53 - 2010-05-17 18:24 - 00000000 ____D () C:\Program Files\NVIDIA Corporation 2014-03-17 10:50 - 2014-03-17 10:50 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation 2014-03-17 09:36 - 2014-03-17 09:36 - 00000000 ____D () C:\Users\Kamil\AppData\Local\Skype 2014-03-17 09:36 - 2010-11-12 23:54 - 00000000 ____D () C:\ProgramData\Skype Files to move or delete: ==================== C:\ProgramData\PKP_DLbx.DAT C:\ProgramData\PKP_DLck.DAT Some content of TEMP: ==================== C:\Users\Kamil\AppData\Local\Temp\gg10.upgr.exe C:\Users\Kamil\AppData\Local\Temp\ggdrive-menu.exe C:\Users\Kamil\AppData\Local\Temp\ggdrive-overlay.exe C:\Users\Kamil\AppData\Local\Temp\installstats.exe C:\Users\Kamil\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe C:\Users\Kamil\AppData\Local\Temp\sfamcc00001.dll C:\Users\Kamil\AppData\Local\Temp\sfareca00001.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-11 13:57 ==================== End Of Log ============================