Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-04-2014 Ran by Adrian (administrator) on ADRIAN on 24-04-2014 16:03:14 Running from C:\Users\Adrian\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: Polish Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (ArtistScope Pty Ltd) C:\Program Files\Common Files\ArtistScope\CSHelper64.exe (Hi-Rez Studios) D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Creative Technology Ltd.) C:\Windows\V0350Mon.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-03-29] (Realtek Semiconductor) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1225920 2014-04-02] (NVIDIA Corporation) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2201032 2014-04-02] (NVIDIA Corporation) HKLM-x32\...\Run: [V0350Mon.exe] => C:\Windows\V0350Mon.exe [28672 2007-08-23] (Creative Technology Ltd.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-04-30] (Microsoft Corporation) HKU\S-1-5-21-1644617884-16204230-2921145980-1000\...\Run: [Clownfish] => [X] HKU\S-1-5-21-1644617884-16204230-2921145980-1000\...\Run: [MKLOL] => "C:\Program Files (x86)\MKJogo\MKLOL\MK.exe" -auto ==================== Internet (Whitelisted) ==================== BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\..\Interfaces\{125C4FAF-8776-4E90-A306-1BB7AC348470}: [NameServer]8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 FireFox: ======== FF ProfilePath: C:\Users\Adrian\AppData\Roaming\Mozilla\Firefox\Profiles\k2d45yrp.default-1388411162753 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.) FF Plugin-x32: @artistscope.com/ArtistScope Plugin - C:\Program Files (x86)\Common Files\ArtistScope\npArtistScope.dll (ArtistScope Pty Ltd) FF Plugin-x32: @artistscope.com/ArtistScope Plugin 5 - C:\Program Files (x86)\Common Files\ArtistScope\npArtistScope5.dll (ArtistScope Pty Ltd) FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin HKCU: @artistscope.com/ArtistScope Plugin - C:\Program Files (x86)\Common Files\ArtistScope\npArtistScope.dll (ArtistScope Pty Ltd) FF Plugin HKCU: @artistscope.com/ArtistScope Plugin 5 - C:\Program Files (x86)\Common Files\ArtistScope\npArtistScope5.dll (ArtistScope Pty Ltd) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Adrian\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Extension: NetVideoHunter - C:\Users\Adrian\AppData\Roaming\Mozilla\Firefox\Profiles\k2d45yrp.default-1388411162753\Extensions\netvideohunter@netvideohunter.com [2014-04-15] FF Extension: Greasemonkey - C:\Users\Adrian\AppData\Roaming\Mozilla\Firefox\Profiles\k2d45yrp.default-1388411162753\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-03-12] ==================== Services (Whitelisted) ================= R2 CSHelper; C:\Program Files\Common Files\ArtistScope\CSHelper64.exe [361552 2013-09-26] (ArtistScope Pty Ltd) R2 HiPatchService; D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2014-02-28] (Hi-Rez Studios) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1615192 2014-04-02] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [20541216 2014-04-02] (NVIDIA Corporation) ==================== Drivers (Whitelisted) ==================== S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [29184 2013-04-18] (LG Electronics Inc.) S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [36352 2013-06-28] (LG Electronics Inc.) S3 andnetndis; C:\Windows\System32\DRIVERS\lgandnetndis64.sys [93696 2013-04-23] (LG Electronics Inc.) S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] () R1 CSDriver; C:\Program Files\Common Files\ArtistScope\CSDriver64.sys [61424 2013-09-26] () S3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [27648 2008-01-19] (Microsoft Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-21] (NVIDIA Corporation) S3 Ph3xIB64; C:\Windows\System32\DRIVERS\Ph3xIB64.sys [1627520 2009-06-10] (NXP Semiconductors) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-07-13] (Duplex Secure Ltd.) R3 VF0350Vfx; C:\Windows\System32\DRIVERS\V0350VFx.sys [12288 2007-03-05] (EyePower Games Pte. Ltd.) R3 VF0350Vid; C:\Windows\System32\DRIVERS\V0350Vid.sys [214976 2007-08-29] (Creative Technology Ltd.) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-24 16:03 - 2014-04-24 16:04 - 00008406 _____ () C:\Users\Adrian\Desktop\FRST.txt 2014-04-24 15:47 - 2014-04-24 15:47 - 00003090 _____ () C:\Windows\System32\Tasks\{FF70E406-8432-4A02-9AC8-72D66D9F8B75} 2014-04-23 16:46 - 2014-04-23 16:48 - 00000000 ____D () C:\Users\Adrian\Documents\MK-LOL 2014-04-23 16:46 - 2014-04-23 16:46 - 00000054 _____ () C:\Windows\JQHApp.dat 2014-04-23 16:45 - 2014-04-23 16:45 - 00000000 ____D () C:\Users\Adrian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MKJogo 2014-04-22 21:25 - 2014-04-22 21:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-04-22 21:25 - 2014-04-14 20:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-04-22 21:25 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-04-22 21:25 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-04-22 21:25 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-04-22 21:24 - 2014-04-22 21:25 - 00004129 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log 2014-04-21 17:05 - 2014-04-24 14:09 - 00049275 ____N () C:\Windows\WindowsUpdate.log 2014-04-20 23:23 - 2014-03-21 21:43 - 00040392 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys 2014-04-20 23:23 - 2014-03-21 21:43 - 00033568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll 2014-04-19 18:13 - 2014-04-19 18:13 - 00000722 _____ () C:\Users\Adrian\Desktop\lol.launcher — skrót.lnk 2014-04-19 16:48 - 2014-04-23 14:53 - 00000000 ____D () C:\Users\Adrian\AppData\Roaming\BoL 2014-04-19 16:41 - 2014-04-23 13:01 - 00000000 ____D () C:\Users\Adrian\Desktop\BoL Studio 2014-04-19 16:41 - 2014-04-19 16:41 - 00003126 _____ () C:\Windows\System32\Tasks\{FA682C3E-433D-4F51-8DBE-C5DEC150EBF6} 2014-04-06 21:57 - 2014-04-06 21:57 - 00000000 ____D () C:\Users\Adrian\Documents\My Games 2014-04-06 18:33 - 2014-04-06 18:34 - 00000000 ___SD () C:\Users\Adrian\GG dysk 2014-04-06 18:32 - 2014-04-06 19:05 - 00000000 ____D () C:\Users\Adrian\AppData\Roaming\GG 2014-04-06 18:32 - 2014-04-06 19:05 - 00000000 ____D () C:\Users\Adrian\AppData\Local\GG 2014-04-06 18:32 - 2014-04-06 18:32 - 00001177 _____ () C:\Users\Adrian\Desktop\OpenFM.lnk 2014-04-06 18:31 - 2014-04-06 18:38 - 00000000 ____D () C:\Users\Adrian\AppData\Local\OpenFM 2014-04-06 18:31 - 2014-04-06 18:31 - 00001185 _____ () C:\Users\Adrian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenFM.lnk 2014-04-06 00:53 - 2014-04-06 00:53 - 00000915 _____ () C:\Users\Public\Desktop\Smite.lnk 2014-04-06 00:53 - 2014-04-06 00:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios 2014-03-29 13:16 - 2014-04-10 02:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-25 08:01 - 2014-03-25 08:01 - 00000000 ____D () C:\Users\Adrian\Desktop\na forum ==================== One Month Modified Files and Folders ======= 2014-04-24 16:04 - 2014-04-24 16:03 - 00008406 _____ () C:\Users\Adrian\Desktop\FRST.txt 2014-04-24 16:03 - 2014-03-24 22:53 - 00000000 ____D () C:\FRST 2014-04-24 15:58 - 2014-03-24 22:52 - 02061824 _____ (Farbar) C:\Users\Adrian\Desktop\FRST64.exe 2014-04-24 15:53 - 2013-12-22 12:26 - 00000000 ____D () C:\Users\Adrian\AppData\Local\PMB Files 2014-04-24 15:53 - 2013-12-22 12:26 - 00000000 ____D () C:\ProgramData\PMB Files 2014-04-24 15:47 - 2014-04-24 15:47 - 00003090 _____ () C:\Windows\System32\Tasks\{FF70E406-8432-4A02-9AC8-72D66D9F8B75} 2014-04-24 15:15 - 2013-07-25 13:26 - 00000930 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-04-24 14:12 - 2009-07-14 19:55 - 00737730 _____ () C:\Windows\system32\perfh015.dat 2014-04-24 14:12 - 2009-07-14 19:55 - 00154418 _____ () C:\Windows\system32\perfc015.dat 2014-04-24 14:12 - 2009-07-14 07:13 - 01662556 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-24 14:11 - 2009-07-14 06:45 - 00022784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-24 14:11 - 2009-07-14 06:45 - 00022784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-24 14:09 - 2014-04-21 17:05 - 00049275 ____N () C:\Windows\WindowsUpdate.log 2014-04-24 14:06 - 2013-04-29 23:14 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-04-24 14:06 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-23 19:25 - 2013-05-21 21:59 - 00003962 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{C2A6A923-AD5C-4B6B-B871-67A360EFAD24} 2014-04-23 16:48 - 2014-04-23 16:46 - 00000000 ____D () C:\Users\Adrian\Documents\MK-LOL 2014-04-23 16:46 - 2014-04-23 16:46 - 00000054 _____ () C:\Windows\JQHApp.dat 2014-04-23 16:45 - 2014-04-23 16:45 - 00000000 ____D () C:\Users\Adrian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MKJogo 2014-04-23 14:53 - 2014-04-19 16:48 - 00000000 ____D () C:\Users\Adrian\AppData\Roaming\BoL 2014-04-23 13:01 - 2014-04-19 16:41 - 00000000 ____D () C:\Users\Adrian\Desktop\BoL Studio 2014-04-22 21:26 - 2013-10-17 16:07 - 00000000 ____D () C:\ProgramData\Oracle 2014-04-22 21:25 - 2014-04-22 21:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-04-22 21:25 - 2014-04-22 21:24 - 00004129 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log 2014-04-22 21:25 - 2013-10-17 16:07 - 00000000 ____D () C:\Program Files (x86)\Java 2014-04-21 10:10 - 2013-12-26 14:14 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-04-20 23:24 - 2013-04-29 23:14 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation 2014-04-20 23:23 - 2013-11-12 20:13 - 00000000 ____D () C:\Users\Adrian\AppData\Local\NVIDIA Corporation 2014-04-20 23:23 - 2013-04-29 23:13 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation 2014-04-19 18:13 - 2014-04-19 18:13 - 00000722 _____ () C:\Users\Adrian\Desktop\lol.launcher — skrót.lnk 2014-04-19 16:41 - 2014-04-19 16:41 - 00003126 _____ () C:\Windows\System32\Tasks\{FA682C3E-433D-4F51-8DBE-C5DEC150EBF6} 2014-04-19 01:01 - 2013-05-14 21:41 - 00000000 ____D () C:\Users\Adrian\AppData\Roaming\Media Player Classic 2014-04-14 20:13 - 2014-04-22 21:25 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-04-14 20:05 - 2014-04-22 21:25 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-04-14 20:05 - 2014-04-22 21:25 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-04-14 20:04 - 2014-04-22 21:25 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-04-10 02:06 - 2014-03-29 13:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-04-10 02:01 - 2013-05-11 18:00 - 00000000 ____D () C:\Users\Adrian\AppData\Roaming\Skype 2014-04-08 21:34 - 2013-05-27 23:03 - 00122368 ___SH () C:\Users\Adrian\Documents\Thumbs.db 2014-04-08 15:16 - 2013-09-10 13:51 - 00000000 ____D () C:\ProgramData\Origin 2014-04-06 21:57 - 2014-04-06 21:57 - 00000000 ____D () C:\Users\Adrian\Documents\My Games 2014-04-06 19:05 - 2014-04-06 18:32 - 00000000 ____D () C:\Users\Adrian\AppData\Roaming\GG 2014-04-06 19:05 - 2014-04-06 18:32 - 00000000 ____D () C:\Users\Adrian\AppData\Local\GG 2014-04-06 18:38 - 2014-04-06 18:31 - 00000000 ____D () C:\Users\Adrian\AppData\Local\OpenFM 2014-04-06 18:38 - 2013-08-26 14:54 - 00000000 ____D () C:\Users\Adrian\AppData\Roaming\OpenFM 2014-04-06 18:34 - 2014-04-06 18:33 - 00000000 ___SD () C:\Users\Adrian\GG dysk 2014-04-06 18:33 - 2013-04-28 21:37 - 00000000 ____D () C:\Users\Adrian 2014-04-06 18:32 - 2014-04-06 18:32 - 00001177 _____ () C:\Users\Adrian\Desktop\OpenFM.lnk 2014-04-06 18:31 - 2014-04-06 18:31 - 00001185 _____ () C:\Users\Adrian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenFM.lnk 2014-04-06 01:01 - 2013-04-29 16:03 - 00000000 ____D () C:\Users\Adrian\AppData\Roaming\Gadu-Gadu 10 2014-04-06 00:53 - 2014-04-06 00:53 - 00000915 _____ () C:\Users\Public\Desktop\Smite.lnk 2014-04-06 00:53 - 2014-04-06 00:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios 2014-04-06 00:53 - 2013-06-23 12:35 - 00000000 ____D () C:\ProgramData\Hi-Rez Studios 2014-04-06 00:53 - 2013-05-09 21:12 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-04-02 15:27 - 2013-10-28 23:16 - 01225920 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll 2014-04-02 15:27 - 2013-10-28 23:16 - 01081112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll 2014-03-30 12:37 - 2009-07-14 07:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-03-29 19:05 - 2013-08-17 12:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-03-25 08:01 - 2014-03-25 08:01 - 00000000 ____D () C:\Users\Adrian\Desktop\na forum ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-19 10:40 ==================== End Of Log ============================