Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-05-2014 Ran by Szymon (administrator) on SZYMON-KOMPUTER on 15-05-2014 10:30:16 Running from C:\Users\Szymon\Downloads Platform: Windows 7 Home Basic Service Pack 1 (X64) OS Language: Polish Internet Explorer Version 10 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Cherished Technololgy LIMITED) C:\ProgramData\IePluginService\PluginService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Cherished Technololgy LIMITED) C:\ProgramData\WPM\wprotectmanager.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\nis.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\nis.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Aztec Media Inc) C:\Program Files (x86)\Settings Manager\systemk\SystemkService.exe (Aztec Media Inc) C:\Program Files (x86)\Settings Manager\systemk\SystemkService.exe (Aztec Media Inc) C:\Program Files (x86)\Settings Manager\systemk\systemku.exe () C:\Users\Szymon\AppData\Local\UpdateChecker\UpdateCheckerApp.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (AdTrustMedia) C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\trustedadssvc.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Development Co. L.P.) C:\Program Files (x86)\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe (Enigma Software Group USA, LLC.) C:\Config.Msi\425567.rbf (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe (AdTrustMedia) C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\trustedadssvc.exe (Microsoft Corporation) C:\Windows\System32\audiodg.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1179576 2014-02-05] (NVIDIA Corporation) HKLM-x32\...\Run: [fst_pl_81] => [X] HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2012-01-03] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-02] (Adobe Systems Incorporated) HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [PrivDogService] => C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\trustedadssvc.exe [525480 2013-11-15] (AdTrustMedia) HKU\S-1-5-21-1706887735-24700494-238556219-1000\...\Run: [GAINWARD] => C:\Program Files (x86)\EXPERTool\TBPanel.exe [2181672 2009-05-12] (Gainward Co.) HKU\S-1-5-21-1706887735-24700494-238556219-1000\...\Run: [ALLUpdate] => "F:\ALLPlayer\ALLUpdate.exe" "sleep" HKU\S-1-5-21-1706887735-24700494-238556219-1000\...\Run: [DAEMON Tools Lite] => F:\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd) HKU\S-1-5-21-1706887735-24700494-238556219-1000\...\Run: [UpdateChecker] => C:\Users\Szymon\AppData\Local\UpdateChecker\UpdateCheckerApp.exe [7168 2014-02-18] () HKU\S-1-5-21-1706887735-24700494-238556219-1000\...\Run: [ChicaPasswordManager] => "C:\Program Files (x86)\ChicaLogic\Chica Password Manager\stpass.exe" /autorunned HKU\S-1-5-21-1706887735-24700494-238556219-1000\...\Run: [ChomikBox] => C:\Program Files (x86)\ChomikBox\ChomikBox.exe HKU\S-1-5-21-1706887735-24700494-238556219-1000\...\Run: [SpeedUpMyComputer] => C:\Program Files (x86)\SmartTweak\SpeedUpMyComputer\SpeedUpMyComputer.exe /ot /as /ss HKU\S-1-5-21-1706887735-24700494-238556219-1000\...\Run: [FixMyRegistry] => C:\Program Files (x86)\SmartTweak\FixMyRegistry\FixMyRegistry.exe /ot /as /ss HKU\S-1-5-21-1706887735-24700494-238556219-1000\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2008-06-09] (Hewlett-Packard Company) HKU\S-1-5-21-1706887735-24700494-238556219-1000\...\Run: [LiveSupport] => "C:\Program Files (x86)\LiveSupport\LiveSupport.exe" /noshow /log HKU\S-1-5-21-1706887735-24700494-238556219-1000\...\Run: [eMuleAutoStart] => C:\Program Files (x86)\eMule\emule.exe [5758976 2010-04-07] (http://www.emule-project.net) IFEO\jumpflip: [Debugger] tasklist.exe IFEO\volaro: [Debugger] tasklist.exe IFEO\vonteera: [Debugger] tasklist.exe HKLM\...\AppCertDlls: [x86] -> C:\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll [490000 2014-04-28] () HKLM\...\AppCertDlls: [x64] -> C:\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll [664592 2014-04-28] () GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.default-search.net?sid=492&aid=109&itype=a&ver=12521&tm=302&src=hmp HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.awesomehp.com/web/?type=ds&ts=1395594888&from=amt&uid=ST31000528AS_9VP1CBR6XXXX9VP1CBR6&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.awesomehp.com/web/?type=ds&ts=1395594888&from=amt&uid=ST31000528AS_9VP1CBR6XXXX9VP1CBR6&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.awesomehp.com/web/?type=ds&ts=1395594888&from=amt&uid=ST31000528AS_9VP1CBR6XXXX9VP1CBR6&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=pl&pid=NAV&pvid=21.2.0.38 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,SearchURL = http://home.microsoft.com/access/autosearch.asp?p=%s HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.awesomehp.com/web/?type=ds&ts=1395594888&from=amt&uid=ST31000528AS_9VP1CBR6XXXX9VP1CBR6&q={searchTerms} SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.awesomehp.com/web/?type=ds&ts=1395594888&from=amt&uid=ST31000528AS_9VP1CBR6XXXX9VP1CBR6&q={searchTerms} SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL = http://www.default-search.net/search?sid=492&aid=109&itype=a&ver=12521&tm=302&src=ds&p={searchTerms} SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.awesomehp.com/web/?type=ds&ts=1395594888&from=amt&uid=ST31000528AS_9VP1CBR6XXXX9VP1CBR6&q={searchTerms} SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.awesomehp.com/web/?type=ds&ts=1395594888&from=amt&uid=ST31000528AS_9VP1CBR6XXXX9VP1CBR6&q={searchTerms} SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL = http://www.default-search.net/search?sid=492&aid=109&itype=a&ver=12521&tm=302&src=ds&p={searchTerms} SearchScopes: HKCU - DefaultScope Software\Microsoft\Internet Explorer\SearchScopes URL = SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.awesomehp.com/web/?type=ds&ts=1395594888&from=amt&uid=ST31000528AS_9VP1CBR6XXXX9VP1CBR6&q={searchTerms} SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL = http://www.default-search.net/search?sid=492&aid=109&itype=a&ver=12521&tm=302&src=ds&p={searchTerms} BHO: No Name - {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} - No File BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.2.0.38\coIEPlg.dll (Symantec Corporation) BHO: PrivDog Extension - {FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} - C:\Program Files\AdTrustMedia\PrivDog\1.8.0.15\trustedads.dll (AdTrustMedia) BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Rich Media View - {248b955b-b315-4bac-a485-ca8af3985435} - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release916\ie\RichMediaViewV1release916.dll () BHO-x32: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited) BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: No Name - {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} - No File BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: PrivDog Extension - {FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} - C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\trustedads.dll (AdTrustMedia) BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.2.0.38\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll () FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-03-22] FF HKLM-x32\...\Firefox\Extensions: [ext@RichMediaViewV1release916.net] - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release916\ff FF Extension: Rich Media View - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release916\ff [2014-05-13] FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2014-05-14] FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\ FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\ [] FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-03-22] Chrome: ======= CHR HomePage: hxxp://www.awesomehp.com/?type=hp&ts=1400095760&from=amt&uid=ST31000528AS_9VP1CBR6XXXX9VP1CBR6 CHR StartupUrls: "hxxp://www.awesomehp.com/?type=hp&ts=1400095760&from=amt&uid=ST31000528AS_9VP1CBR6XXXX9VP1CBR6" CHR DefaultSearchKeyword: awesomehp CHR DefaultSearchProvider: awesomehp CHR DefaultSearchURL: http://www.awesomehp.com/web/?type=ds&ts=1400095759&from=amt&uid=ST31000528AS_9VP1CBR6XXXX9VP1CBR6&q={searchTerms} CHR DefaultNewTabURL: CHR Extension: (Dokumenty Google) - C:\Users\Szymon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-14] CHR Extension: (Dysk Google) - C:\Users\Szymon\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-14] CHR Extension: (YouTube) - C:\Users\Szymon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-14] CHR Extension: (Szukaj w Google) - C:\Users\Szymon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-14] CHR Extension: (Rich Media View) - C:\Users\Szymon\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdgmmobgkniegadldfegkojplglhdffg [2014-05-14] CHR Extension: (Norton Identity Protection) - C:\Users\Szymon\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-05-14] CHR Extension: (Google Wallet) - C:\Users\Szymon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-14] CHR Extension: (Gmail) - C:\Users\Szymon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-14] CHR HKLM-x32\...\Chrome\Extension: [jdgmmobgkniegadldfegkojplglhdffg] - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release916\ch\RichMediaViewV1release916.crx [2014-05-13] CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\Exts\Chrome.crx [2014-05-14] CHR HKLM-x32\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\Szymon\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx [2014-05-14] ==================== Services (Whitelisted) ================= R2 IePluginService; C:\ProgramData\IePluginService\PluginService.exe [705136 2014-04-11] (Cherished Technololgy LIMITED) R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe [276376 2014-03-12] (Symantec Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation) R2 SystemkService; C:\Program Files (x86)\Settings Manager\systemk\SystemkService.exe [3543056 2014-04-28] (Aztec Media Inc) R2 Wpm; C:\ProgramData\WPM\wprotectmanager.exe [496640 2014-03-23] (Cherished Technololgy LIMITED) S2 Update Mega Browse; "C:\Program Files (x86)\Mega Browse\updateMegaBrowse.exe" [X] ==================== Drivers (Whitelisted) ==================== R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140409.001\BHDrvx64.sys [1525976 2014-04-09] (Symantec Corporation) R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1502000.026\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-03-23] (Disc Soft Ltd) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-05-14] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2014-05-14] (Symantec Corporation) R1 F06DEFF2-5B9C-490D-910F-35D3A91196222; C:\Program Files (x86)\Settings Manager\systemk\x64\systemkmgrc1.cfg [36240 2014-04-28] (Aztec Media Inc) R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140514.001\IDSvia64.sys [525016 2014-05-13] (Symantec Corporation) R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140514.008\ENG64.SYS [126040 2014-05-14] (Symantec Corporation) R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140514.008\EX64.SYS [2099288 2014-05-14] (Symantec Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation) R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1502000.026\SRTSP64.SYS [875736 2014-02-13] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1502000.026\SRTSPX64.SYS [36952 2013-09-10] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\NISx64\1502000.026\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\NISx64\1502000.026\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-05-14] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\NISx64\1502000.026\Ironx64.SYS [264280 2013-09-27] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1502000.026\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation) S2 TBPanel; No ImagePath R3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-15 10:30 - 2014-05-15 10:30 - 00022276 _____ () C:\Users\Szymon\Downloads\FRST.txt 2014-05-15 10:26 - 2014-05-15 10:30 - 00000000 ____D () C:\FRST 2014-05-15 10:24 - 2014-05-15 10:25 - 02066944 _____ (Farbar) C:\Users\Szymon\Downloads\FRST64.exe 2014-05-15 09:42 - 2014-05-15 10:20 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP 2014-05-15 09:42 - 2014-05-15 09:42 - 00000000 ____D () C:\Program Files\Enigma Software Group 2014-05-15 09:42 - 2014-05-15 09:42 - 00000000 _____ () C:\autoexec.bat 2014-05-15 09:40 - 2014-05-15 09:40 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Szymon\Downloads\SpyHunter-Installer.exe 2014-05-14 19:09 - 2014-05-14 19:09 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security 2014-05-14 18:28 - 2014-05-14 18:28 - 00000000 ____D () C:\Users\Szymon\AppData\Local\AdTrustMedia 2014-05-14 14:55 - 2014-05-14 14:55 - 00002257 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-05-14 14:55 - 2014-05-14 14:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-05-14 12:49 - 2014-05-14 19:04 - 00003234 _____ () C:\Windows\System32\Tasks\Norton WSC Integration 2014-05-14 12:49 - 2014-05-14 19:04 - 00002501 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk 2014-05-14 12:49 - 2014-05-14 12:49 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 2014-05-14 12:49 - 2014-05-14 12:49 - 00008222 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT 2014-05-14 12:49 - 2014-05-14 12:49 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared 2014-05-14 12:48 - 2014-05-14 19:04 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security 2014-05-14 12:48 - 2014-05-14 19:04 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64 2014-05-14 12:48 - 2014-05-14 12:48 - 00000000 ____D () C:\Program Files (x86)\Norton Internet Security 2014-05-14 12:47 - 2014-05-14 12:48 - 203978760 ____N (Symantec Corporation) C:\Users\Szymon\Downloads\NIS-TW-21.1.0-PL.exe 2014-05-14 12:26 - 2014-05-14 12:26 - 00000000 ____D () C:\ProgramData\Adtrustmedia 2014-05-14 12:26 - 2014-05-14 12:26 - 00000000 ____D () C:\Program Files\AdTrustMedia 2014-05-14 12:26 - 2014-05-14 12:26 - 00000000 ____D () C:\Program Files (x86)\AdTrustMedia 2014-05-14 12:24 - 2014-05-14 12:25 - 104541576 _____ (COMODO) C:\Users\Szymon\Downloads\cav_installer_x64.exe 2014-05-13 21:13 - 2014-05-13 21:13 - 486557673 _____ () C:\Windows\MEMORY.DMP 2014-05-13 21:13 - 2014-05-13 21:13 - 00290648 _____ () C:\Windows\Minidump\051314-24616-01.dmp 2014-05-13 21:13 - 2014-05-13 21:13 - 00000000 ____D () C:\Windows\Minidump 2014-05-13 20:58 - 2014-05-13 20:59 - 73052160 _____ () C:\Users\Szymon\Downloads\eav_nt64_plk.msi 2014-05-13 20:51 - 2014-05-13 20:51 - 00000000 ____D () C:\Program Files (x86)\RichMediaViewV1 2014-05-11 22:27 - 2014-05-11 22:27 - 00000000 ____D () C:\Windows\System32\Tasks\Games 2014-05-11 20:26 - 2014-05-11 20:26 - 03410944 _____ () C:\Users\Szymon\Downloads\Rozmowa podczas matury ustnej.pps 2014-05-08 22:43 - 2014-05-08 22:43 - 00000000 ____D () C:\ProgramData\Sun 2014-05-08 22:43 - 2014-05-08 22:43 - 00000000 ____D () C:\ProgramData\Oracle 2014-05-08 22:42 - 2014-05-08 22:42 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-05-08 22:42 - 2014-05-08 22:42 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-05-08 22:42 - 2014-05-08 22:42 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-05-08 22:42 - 2014-05-08 22:42 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-05-08 22:42 - 2014-05-08 22:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-05-08 22:42 - 2014-05-08 22:42 - 00000000 ____D () C:\Program Files (x86)\Java 2014-05-08 22:40 - 2014-05-08 22:40 - 00486864 _____ () C:\Users\Szymon\Downloads\chromeinstall-7u51 (2).exe 2014-05-08 22:40 - 2014-05-08 22:40 - 00486864 _____ () C:\Users\Szymon\Downloads\chromeinstall-7u51 (2) (1).exe 2014-05-08 22:40 - 2014-05-08 22:40 - 00000000 ____D () C:\Users\Szymon\AppData\Roaming\rmi 2014-05-03 10:28 - 2014-05-15 10:30 - 00000000 ____D () C:\ProgramData\systemk 2014-04-30 14:16 - 2014-04-30 14:16 - 00166018 _____ () C:\Users\Szymon\Desktop\necrophaga (1).mp3.reapeaks 2014-04-28 18:04 - 2014-05-15 09:54 - 00000930 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-04-28 18:04 - 2014-05-14 13:55 - 00003868 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-04-28 18:03 - 2014-04-28 18:03 - 17931952 _____ (Adobe Systems Incorporated) C:\Users\Szymon\Downloads\install_flash_player.exe 2014-04-28 17:59 - 2014-04-28 17:59 - 00003106 _____ () C:\Windows\System32\Tasks\{F1442C9E-CA2D-42C2-B373-6F6BB5DF2537} 2014-04-28 17:54 - 2014-04-28 18:00 - 17871592 _____ () C:\Users\Szymon\Downloads\Niepotwierdzony 821505.crdownload 2014-04-27 21:56 - 2014-04-27 21:56 - 00000000 ____D () C:\Users\Szymon\AppData\Roaming\MPC-HC 2014-04-27 21:55 - 2014-04-27 21:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack 2014-04-27 21:55 - 2014-04-27 21:55 - 00000000 ____D () C:\Program Files (x86)\K-Lite Codec Pack 2014-04-27 21:55 - 2013-12-01 14:10 - 00257624 _____ () C:\Windows\system32\unrar64.dll 2014-04-27 21:55 - 2013-12-01 14:10 - 00218200 _____ () C:\Windows\SysWOW64\unrar.dll 2014-04-27 21:53 - 2014-04-27 21:58 - 00000000 ____D () C:\Users\Szymon\AppData\Local\Mobogenie 2014-04-27 21:53 - 2014-04-27 21:54 - 00000000 ____D () C:\Users\Szymon\AppData\Local\cache 2014-04-27 21:53 - 2014-04-27 21:53 - 00000000 ____D () C:\Users\Szymon\Documents\Mobogenie 2014-04-27 21:53 - 2014-04-27 21:53 - 00000000 ____D () C:\Users\Szymon\.android 2014-04-27 21:53 - 2014-04-27 21:53 - 00000000 _____ () C:\Users\Szymon\daemonprocess.txt 2014-04-27 21:51 - 2014-04-27 21:51 - 18230146 _____ ( ) C:\Users\Szymon\Downloads\K-Lite Codec Pack Standard 10.4.5.exe 2014-04-27 21:50 - 2014-04-27 21:50 - 00597632 _____ ( ) C:\Users\Szymon\Downloads\K-Lite Codec Pack Standard 10.4.5_isdmgr.exe 2014-04-27 21:37 - 2014-04-27 21:37 - 00172032 _____ (Jin Hui E-mail: jinhui@jcomsoft.com Web: http://www.jcomsoft.com) C:\Windows\SysWOW64\AniGIF.ocx 2014-04-27 21:30 - 2014-04-28 18:01 - 00000000 ____D () C:\Users\Szymon\AppData\Local\CrashDumps 2014-04-27 21:07 - 2014-04-27 21:07 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Identity Safe 2014-04-27 20:32 - 2014-04-27 20:32 - 00003132 _____ () C:\Windows\System32\Tasks\{15309340-AF9B-471E-A77A-0B41520E25A2} 2014-04-27 20:18 - 2014-04-27 20:18 - 00000000 ____D () C:\Users\Szymon\Documents\Optimizer Pro 2014-04-27 20:10 - 2014-04-27 21:42 - 00000000 ____D () C:\Users\Public\Documents\GOOBZO 2014-04-27 20:09 - 2014-04-27 20:09 - 00000000 ____D () C:\Users\Public\Documents\ShopperPro 2014-04-27 20:07 - 2014-04-27 20:07 - 00000000 ____D () C:\Users\Szymon\AppData\Local\CrashRpt 2014-04-27 17:09 - 2014-04-27 17:09 - 00884712 _____ (Google Inc.) C:\Users\Szymon\Downloads\ChromeSetup.exe 2014-04-27 16:43 - 2014-05-14 12:48 - 00000000 ____D () C:\ProgramData\Norton 2014-04-27 16:38 - 2014-04-27 16:42 - 294237248 ____N (Symantec Corporation) C:\Users\Szymon\Downloads\NAV-ESD-21.2.0-PL.exe 2014-04-26 17:30 - 2014-04-26 17:32 - 90146089 _____ () C:\Users\Szymon\Downloads\lg_perpetuum_debile.zip 2014-04-25 17:09 - 2014-05-13 20:52 - 00000167 _____ () C:\extensions.ini 2014-04-25 17:09 - 2014-05-13 20:51 - 00000266 __RSH () C:\ProgramData\ntuser.pol 2014-04-25 17:08 - 2014-04-25 18:10 - 00000000 ____D () C:\Program Files (x86)\MediaBuzzV1 2014-04-23 17:07 - 2014-04-23 17:23 - 511437195 _____ () C:\Users\Szymon\Downloads\AutoMapa 6.15 (1312) PL.rar 2014-04-22 21:53 - 2014-04-22 21:53 - 00000000 ____D () C:\ProgramData\LightScribe 2014-04-22 18:37 - 2014-04-22 18:37 - 00002770 _____ () C:\Users\Public\Desktop\Nero StartSmart.lnk 2014-04-22 18:36 - 2014-04-22 18:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 2014-04-22 18:36 - 2014-04-22 18:40 - 00000000 ____D () C:\Program Files (x86)\Nero 2014-04-22 18:35 - 2014-04-22 18:35 - 00002037 _____ () C:\Users\Public\Desktop\LightScribe.lnk 2014-04-22 18:35 - 2014-04-22 18:35 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling 2014-04-22 18:18 - 2014-04-22 18:30 - 387482931 _____ () C:\Users\Szymon\Downloads\Nero 9 PL - Pełna Wersja + KLUCZ.zip 2014-04-22 18:12 - 2014-04-22 18:12 - 00003090 _____ () C:\Windows\System32\Tasks\{8F32BE0B-A398-4614-B20D-C00A809D7EDE} 2014-04-22 18:09 - 2014-04-22 18:10 - 57240784 _____ () C:\Users\Szymon\Downloads\Nero 6.rar 2014-04-22 17:24 - 2014-04-22 17:24 - 02236416 _____ () C:\Users\Szymon\Downloads\Nero_7_Sciagnij.pl (3).exe 2014-04-22 17:17 - 2014-04-22 21:54 - 00000000 ____D () C:\Users\Szymon\AppData\Roaming\Nero 2014-04-22 17:16 - 2014-04-22 18:38 - 00000000 ____D () C:\ProgramData\Nero 2014-04-22 17:07 - 2014-04-22 17:08 - 33363488 _____ (Nero AG) C:\Users\Szymon\Downloads\nero-9.4.12.708_lite.exe 2014-04-22 17:03 - 2014-04-22 17:03 - 02236416 _____ () C:\Users\Szymon\Downloads\Nero_7_Sciagnij.pl.exe 2014-04-22 17:03 - 2014-04-22 17:03 - 02236416 _____ () C:\Users\Szymon\Downloads\Nero_7_Sciagnij.pl (2).exe 2014-04-22 17:03 - 2014-04-22 17:03 - 02236416 _____ () C:\Users\Szymon\Downloads\Nero_7_Sciagnij.pl (1).exe 2014-04-22 17:01 - 2014-04-22 17:01 - 01415807 _____ () C:\Users\Szymon\Downloads\309271-nero6009_sciagnij (1).exe 2014-04-21 16:54 - 2014-04-21 16:54 - 01415807 _____ () C:\Users\Szymon\Downloads\309271-nero6009_sciagnij.exe 2014-04-21 16:48 - 2014-04-21 16:49 - 00002048 _____ () C:\Windows\SysWOW64\winver.exe 2014-04-21 16:48 - 2014-04-21 16:48 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll 2014-04-21 16:48 - 2014-04-21 16:48 - 00410624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\systemcpl.dll 2014-04-21 16:48 - 2014-04-21 16:48 - 00113543 _____ () C:\Windows\SysWOW64\slmgr.vbs 2014-04-21 16:48 - 2014-04-21 16:48 - 00001536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sppcomapi.dll 2014-04-21 16:46 - 2014-04-21 16:47 - 09061426 _____ () C:\Users\Szymon\Downloads\ChewWGA---v0.9.rar 2014-04-16 08:59 - 2014-04-16 08:59 - 00000000 ____D () C:\ProgramData\RegClean 2014-04-15 22:11 - 2014-04-15 22:11 - 00000000 ____D () C:\Users\Szymon\AppData\Roaming\AVG 2014-04-15 22:11 - 2014-04-15 22:11 - 00000000 ____D () C:\Users\Szymon\AppData\Local\AVG 2014-04-15 22:09 - 2014-04-15 22:16 - 00000000 ____D () C:\ProgramData\AVG 2014-04-15 22:09 - 2014-04-15 22:09 - 00000000 __SHD () C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} 2014-04-15 22:07 - 2014-04-15 22:07 - 00000000 ____D () C:\Users\Szymon\AppData\Roaming\OpenCandy 2014-04-15 22:06 - 2014-04-15 22:06 - 04184641 _____ (Alexander Vigovsky ) C:\Users\Szymon\Downloads\ac3filter_2_6_0b.exe 2014-04-15 22:02 - 2014-04-27 17:02 - 00000000 ____D () C:\Users\Szymon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmartTweak Software 2014-04-15 22:02 - 2014-04-27 17:02 - 00000000 ____D () C:\Program Files (x86)\SmartTweak 2014-04-15 21:57 - 2014-04-15 21:57 - 00277989 _____ () C:\Users\Szymon\Downloads\CinemaPlayer1.5.3[www.instalki.pl].zip 2014-04-15 21:57 - 2014-04-15 21:57 - 00000000 ____D () C:\Users\Szymon\Desktop\Cinema Player 2014-04-15 21:54 - 2014-04-15 21:54 - 00003584 _____ () C:\Users\Szymon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-04-15 18:25 - 2014-04-15 18:25 - 00026181 _____ () C:\Users\Szymon\Downloads\server (7).met 2014-04-15 18:24 - 2014-04-15 18:24 - 00023321 _____ () C:\Users\Szymon\Downloads\server (6).met 2014-04-15 18:24 - 2014-04-15 18:24 - 00023321 _____ () C:\Users\Szymon\Downloads\server (5).met 2014-04-15 18:09 - 2014-04-15 18:09 - 00004018 _____ () C:\Users\Szymon\Downloads\server (4).met 2014-04-15 18:09 - 2014-04-15 18:09 - 00004018 _____ () C:\Users\Szymon\Downloads\server (3).met 2014-04-15 18:09 - 2014-04-15 18:09 - 00004018 _____ () C:\Users\Szymon\Downloads\server (2).met 2014-04-15 17:46 - 2014-04-15 17:46 - 00000987 _____ () C:\Users\Public\Desktop\eMule.lnk 2014-04-15 17:46 - 2014-04-15 17:46 - 00000000 ____D () C:\Users\Szymon\Downloads\eMule 2014-04-15 17:46 - 2014-04-15 17:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eMule 2014-04-15 17:46 - 2014-04-15 17:46 - 00000000 ____D () C:\Program Files (x86)\eMule 2014-04-15 17:45 - 2014-04-15 17:45 - 03389035 _____ () C:\Users\Szymon\Downloads\eMule0.50a-Installer1_www.INSTALKI.pl.exe ==================== One Month Modified Files and Folders ======= 2014-05-15 10:30 - 2014-05-15 10:30 - 00022276 _____ () C:\Users\Szymon\Downloads\FRST.txt 2014-05-15 10:30 - 2014-05-15 10:26 - 00000000 ____D () C:\FRST 2014-05-15 10:30 - 2014-05-03 10:28 - 00000000 ____D () C:\ProgramData\systemk 2014-05-15 10:25 - 2014-05-15 10:24 - 02066944 _____ (Farbar) C:\Users\Szymon\Downloads\FRST64.exe 2014-05-15 10:20 - 2014-05-15 09:42 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP 2014-05-15 09:54 - 2014-04-28 18:04 - 00000930 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-05-15 09:43 - 2014-03-22 10:14 - 01789988 _____ () C:\Windows\WindowsUpdate.log 2014-05-15 09:42 - 2014-05-15 09:42 - 00000000 ____D () C:\Program Files\Enigma Software Group 2014-05-15 09:42 - 2014-05-15 09:42 - 00000000 _____ () C:\autoexec.bat 2014-05-15 09:40 - 2014-05-15 09:40 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Szymon\Downloads\SpyHunter-Installer.exe 2014-05-15 09:35 - 2014-03-30 12:24 - 00001048 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf4c022a72e0b1.job 2014-05-15 09:08 - 2014-03-23 19:15 - 00000470 _____ () C:\Windows\Tasks\AmiUpdXp.job 2014-05-15 09:08 - 2014-03-22 14:17 - 00001044 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-05-15 09:08 - 2010-11-21 05:47 - 00667176 _____ () C:\Windows\PFRO.log 2014-05-15 09:08 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-05-15 09:08 - 2009-07-14 06:51 - 00048226 _____ () C:\Windows\setupact.log 2014-05-14 22:36 - 2009-07-14 06:45 - 00016640 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-05-14 22:36 - 2009-07-14 06:45 - 00016640 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-05-14 19:09 - 2014-05-14 19:09 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security 2014-05-14 19:04 - 2014-05-14 12:49 - 00003234 _____ () C:\Windows\System32\Tasks\Norton WSC Integration 2014-05-14 19:04 - 2014-05-14 12:49 - 00002501 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk 2014-05-14 19:04 - 2014-05-14 12:48 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security 2014-05-14 19:04 - 2014-05-14 12:48 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64 2014-05-14 18:28 - 2014-05-14 18:28 - 00000000 ____D () C:\Users\Szymon\AppData\Local\AdTrustMedia 2014-05-14 16:55 - 2014-03-23 19:16 - 00000000 ____D () C:\Users\Szymon\AppData\Local\UpdateChecker 2014-05-14 16:55 - 2014-03-23 19:15 - 00000000 ____D () C:\ProgramData\WPM 2014-05-14 14:55 - 2014-05-14 14:55 - 00002257 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-05-14 14:55 - 2014-05-14 14:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-05-14 13:55 - 2014-04-28 18:04 - 00003868 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-05-14 13:54 - 2014-03-22 10:23 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-05-14 13:54 - 2014-03-22 10:23 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-05-14 12:49 - 2014-05-14 12:49 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 2014-05-14 12:49 - 2014-05-14 12:49 - 00008222 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT 2014-05-14 12:49 - 2014-05-14 12:49 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared 2014-05-14 12:48 - 2014-05-14 12:48 - 00000000 ____D () C:\Program Files (x86)\Norton Internet Security 2014-05-14 12:48 - 2014-05-14 12:47 - 203978760 ____N (Symantec Corporation) C:\Users\Szymon\Downloads\NIS-TW-21.1.0-PL.exe 2014-05-14 12:48 - 2014-04-27 16:43 - 00000000 ____D () C:\ProgramData\Norton 2014-05-14 12:26 - 2014-05-14 12:26 - 00000000 ____D () C:\ProgramData\Adtrustmedia 2014-05-14 12:26 - 2014-05-14 12:26 - 00000000 ____D () C:\Program Files\AdTrustMedia 2014-05-14 12:26 - 2014-05-14 12:26 - 00000000 ____D () C:\Program Files (x86)\AdTrustMedia 2014-05-14 12:25 - 2014-05-14 12:24 - 104541576 _____ (COMODO) C:\Users\Szymon\Downloads\cav_installer_x64.exe 2014-05-13 21:13 - 2014-05-13 21:13 - 486557673 _____ () C:\Windows\MEMORY.DMP 2014-05-13 21:13 - 2014-05-13 21:13 - 00290648 _____ () C:\Windows\Minidump\051314-24616-01.dmp 2014-05-13 21:13 - 2014-05-13 21:13 - 00000000 ____D () C:\Windows\Minidump 2014-05-13 20:59 - 2014-05-13 20:58 - 73052160 _____ () C:\Users\Szymon\Downloads\eav_nt64_plk.msi 2014-05-13 20:52 - 2014-04-25 17:09 - 00000167 _____ () C:\extensions.ini 2014-05-13 20:51 - 2014-05-13 20:51 - 00000000 ____D () C:\Program Files (x86)\RichMediaViewV1 2014-05-13 20:51 - 2014-04-25 17:09 - 00000266 __RSH () C:\ProgramData\ntuser.pol 2014-05-11 22:27 - 2014-05-11 22:27 - 00000000 ____D () C:\Windows\System32\Tasks\Games 2014-05-11 20:26 - 2014-05-11 20:26 - 03410944 _____ () C:\Users\Szymon\Downloads\Rozmowa podczas matury ustnej.pps 2014-05-08 22:43 - 2014-05-08 22:43 - 00000000 ____D () C:\ProgramData\Sun 2014-05-08 22:43 - 2014-05-08 22:43 - 00000000 ____D () C:\ProgramData\Oracle 2014-05-08 22:42 - 2014-05-08 22:42 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-05-08 22:42 - 2014-05-08 22:42 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-05-08 22:42 - 2014-05-08 22:42 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-05-08 22:42 - 2014-05-08 22:42 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-05-08 22:42 - 2014-05-08 22:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-05-08 22:42 - 2014-05-08 22:42 - 00000000 ____D () C:\Program Files (x86)\Java 2014-05-08 22:40 - 2014-05-08 22:40 - 00486864 _____ () C:\Users\Szymon\Downloads\chromeinstall-7u51 (2).exe 2014-05-08 22:40 - 2014-05-08 22:40 - 00486864 _____ () C:\Users\Szymon\Downloads\chromeinstall-7u51 (2) (1).exe 2014-05-08 22:40 - 2014-05-08 22:40 - 00000000 ____D () C:\Users\Szymon\AppData\Roaming\rmi 2014-05-08 20:01 - 2010-11-21 14:53 - 00739694 _____ () C:\Windows\system32\perfh015.dat 2014-05-08 20:01 - 2010-11-21 14:53 - 00155268 _____ () C:\Windows\system32\perfc015.dat 2014-05-08 20:01 - 2009-07-14 07:13 - 01668226 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-05-06 14:30 - 2014-03-30 12:24 - 00004044 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1cf4c022a72e0b1 2014-05-06 14:30 - 2014-03-22 14:17 - 00003792 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-05-06 07:17 - 2009-07-14 07:08 - 00032520 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-05-02 21:41 - 2014-03-24 16:21 - 00000000 ____D () C:\Users\Szymon\Desktop\nagrania 2014-05-02 21:31 - 2014-03-22 23:25 - 00000000 ____D () C:\Users\Szymon\Documents\REAPER Media 2014-04-30 14:16 - 2014-04-30 14:16 - 00166018 _____ () C:\Users\Szymon\Desktop\necrophaga (1).mp3.reapeaks 2014-04-28 18:03 - 2014-04-28 18:03 - 17931952 _____ (Adobe Systems Incorporated) C:\Users\Szymon\Downloads\install_flash_player.exe 2014-04-28 18:01 - 2014-04-27 21:30 - 00000000 ____D () C:\Users\Szymon\AppData\Local\CrashDumps 2014-04-28 18:00 - 2014-04-28 17:54 - 17871592 _____ () C:\Users\Szymon\Downloads\Niepotwierdzony 821505.crdownload 2014-04-28 17:59 - 2014-04-28 17:59 - 00003106 _____ () C:\Windows\System32\Tasks\{F1442C9E-CA2D-42C2-B373-6F6BB5DF2537} 2014-04-27 21:58 - 2014-04-27 21:53 - 00000000 ____D () C:\Users\Szymon\AppData\Local\Mobogenie 2014-04-27 21:56 - 2014-04-27 21:56 - 00000000 ____D () C:\Users\Szymon\AppData\Roaming\MPC-HC 2014-04-27 21:55 - 2014-04-27 21:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack 2014-04-27 21:55 - 2014-04-27 21:55 - 00000000 ____D () C:\Program Files (x86)\K-Lite Codec Pack 2014-04-27 21:54 - 2014-04-27 21:53 - 00000000 ____D () C:\Users\Szymon\AppData\Local\cache 2014-04-27 21:53 - 2014-04-27 21:53 - 00000000 ____D () C:\Users\Szymon\Documents\Mobogenie 2014-04-27 21:53 - 2014-04-27 21:53 - 00000000 ____D () C:\Users\Szymon\.android 2014-04-27 21:53 - 2014-04-27 21:53 - 00000000 _____ () C:\Users\Szymon\daemonprocess.txt 2014-04-27 21:53 - 2014-03-22 10:14 - 00000000 ____D () C:\Users\Szymon 2014-04-27 21:51 - 2014-04-27 21:51 - 18230146 _____ ( ) C:\Users\Szymon\Downloads\K-Lite Codec Pack Standard 10.4.5.exe 2014-04-27 21:50 - 2014-04-27 21:50 - 00597632 _____ ( ) C:\Users\Szymon\Downloads\K-Lite Codec Pack Standard 10.4.5_isdmgr.exe 2014-04-27 21:42 - 2014-04-27 20:10 - 00000000 ____D () C:\Users\Public\Documents\GOOBZO 2014-04-27 21:37 - 2014-04-27 21:37 - 00172032 _____ (Jin Hui E-mail: jinhui@jcomsoft.com Web: http://www.jcomsoft.com) C:\Windows\SysWOW64\AniGIF.ocx 2014-04-27 21:07 - 2014-04-27 21:07 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Identity Safe 2014-04-27 20:32 - 2014-04-27 20:32 - 00003132 _____ () C:\Windows\System32\Tasks\{15309340-AF9B-471E-A77A-0B41520E25A2} 2014-04-27 20:18 - 2014-04-27 20:18 - 00000000 ____D () C:\Users\Szymon\Documents\Optimizer Pro 2014-04-27 20:09 - 2014-04-27 20:09 - 00000000 ____D () C:\Users\Public\Documents\ShopperPro 2014-04-27 20:07 - 2014-04-27 20:07 - 00000000 ____D () C:\Users\Szymon\AppData\Local\CrashRpt 2014-04-27 17:30 - 2014-03-30 13:44 - 00000000 ____D () C:\Users\Szymon\AppData\Roaming\uTorrent 2014-04-27 17:09 - 2014-04-27 17:09 - 00884712 _____ (Google Inc.) C:\Users\Szymon\Downloads\ChromeSetup.exe 2014-04-27 17:02 - 2014-04-15 22:02 - 00000000 ____D () C:\Users\Szymon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmartTweak Software 2014-04-27 17:02 - 2014-04-15 22:02 - 00000000 ____D () C:\Program Files (x86)\SmartTweak 2014-04-27 16:42 - 2014-04-27 16:38 - 294237248 ____N (Symantec Corporation) C:\Users\Szymon\Downloads\NAV-ESD-21.2.0-PL.exe 2014-04-26 17:32 - 2014-04-26 17:30 - 90146089 _____ () C:\Users\Szymon\Downloads\lg_perpetuum_debile.zip 2014-04-25 18:10 - 2014-04-25 17:08 - 00000000 ____D () C:\Program Files (x86)\MediaBuzzV1 2014-04-25 17:09 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy 2014-04-25 17:09 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy 2014-04-23 17:23 - 2014-04-23 17:07 - 511437195 _____ () C:\Users\Szymon\Downloads\AutoMapa 6.15 (1312) PL.rar 2014-04-22 21:54 - 2014-04-22 17:17 - 00000000 ____D () C:\Users\Szymon\AppData\Roaming\Nero 2014-04-22 21:54 - 2014-03-22 10:14 - 00000000 ____D () C:\Users\Szymon\AppData\Local\VirtualStore 2014-04-22 21:53 - 2014-04-22 21:53 - 00000000 ____D () C:\ProgramData\LightScribe 2014-04-22 18:42 - 2014-04-22 18:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 2014-04-22 18:40 - 2014-04-22 18:36 - 00000000 ____D () C:\Program Files (x86)\Nero 2014-04-22 18:38 - 2014-04-22 17:16 - 00000000 ____D () C:\ProgramData\Nero 2014-04-22 18:37 - 2014-04-22 18:37 - 00002770 _____ () C:\Users\Public\Desktop\Nero StartSmart.lnk 2014-04-22 18:36 - 2014-03-22 14:10 - 00072869 _____ () C:\Windows\DirectX.log 2014-04-22 18:35 - 2014-04-22 18:35 - 00002037 _____ () C:\Users\Public\Desktop\LightScribe.lnk 2014-04-22 18:35 - 2014-04-22 18:35 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling 2014-04-22 18:30 - 2014-04-22 18:18 - 387482931 _____ () C:\Users\Szymon\Downloads\Nero 9 PL - Pełna Wersja + KLUCZ.zip 2014-04-22 18:12 - 2014-04-22 18:12 - 00003090 _____ () C:\Windows\System32\Tasks\{8F32BE0B-A398-4614-B20D-C00A809D7EDE} 2014-04-22 18:10 - 2014-04-22 18:09 - 57240784 _____ () C:\Users\Szymon\Downloads\Nero 6.rar 2014-04-22 17:24 - 2014-04-22 17:24 - 02236416 _____ () C:\Users\Szymon\Downloads\Nero_7_Sciagnij.pl (3).exe 2014-04-22 17:08 - 2014-04-22 17:07 - 33363488 _____ (Nero AG) C:\Users\Szymon\Downloads\nero-9.4.12.708_lite.exe 2014-04-22 17:03 - 2014-04-22 17:03 - 02236416 _____ () C:\Users\Szymon\Downloads\Nero_7_Sciagnij.pl.exe 2014-04-22 17:03 - 2014-04-22 17:03 - 02236416 _____ () C:\Users\Szymon\Downloads\Nero_7_Sciagnij.pl (2).exe 2014-04-22 17:03 - 2014-04-22 17:03 - 02236416 _____ () C:\Users\Szymon\Downloads\Nero_7_Sciagnij.pl (1).exe 2014-04-22 17:01 - 2014-04-22 17:01 - 01415807 _____ () C:\Users\Szymon\Downloads\309271-nero6009_sciagnij (1).exe 2014-04-21 16:54 - 2014-04-21 16:54 - 01415807 _____ () C:\Users\Szymon\Downloads\309271-nero6009_sciagnij.exe 2014-04-21 16:49 - 2014-04-21 16:48 - 00002048 _____ () C:\Windows\SysWOW64\winver.exe 2014-04-21 16:48 - 2014-04-21 16:48 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll 2014-04-21 16:48 - 2014-04-21 16:48 - 00410624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\systemcpl.dll 2014-04-21 16:48 - 2014-04-21 16:48 - 00113543 _____ () C:\Windows\SysWOW64\slmgr.vbs 2014-04-21 16:48 - 2014-04-21 16:48 - 00001536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sppcomapi.dll 2014-04-21 16:47 - 2014-04-21 16:46 - 09061426 _____ () C:\Users\Szymon\Downloads\ChewWGA---v0.9.rar 2014-04-21 16:43 - 2009-07-14 06:45 - 00412704 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-04-19 21:28 - 2014-03-23 18:16 - 00000000 ____D () C:\Users\Szymon\AppData\Local\Microsoft Help 2014-04-16 08:59 - 2014-04-16 08:59 - 00000000 ____D () C:\ProgramData\RegClean 2014-04-15 22:16 - 2014-04-15 22:09 - 00000000 ____D () C:\ProgramData\AVG 2014-04-15 22:11 - 2014-04-15 22:11 - 00000000 ____D () C:\Users\Szymon\AppData\Roaming\AVG 2014-04-15 22:11 - 2014-04-15 22:11 - 00000000 ____D () C:\Users\Szymon\AppData\Local\AVG 2014-04-15 22:09 - 2014-04-15 22:09 - 00000000 __SHD () C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} 2014-04-15 22:07 - 2014-04-15 22:07 - 00000000 ____D () C:\Users\Szymon\AppData\Roaming\OpenCandy 2014-04-15 22:06 - 2014-04-15 22:06 - 04184641 _____ (Alexander Vigovsky ) C:\Users\Szymon\Downloads\ac3filter_2_6_0b.exe 2014-04-15 21:57 - 2014-04-15 21:57 - 00277989 _____ () C:\Users\Szymon\Downloads\CinemaPlayer1.5.3[www.instalki.pl].zip 2014-04-15 21:57 - 2014-04-15 21:57 - 00000000 ____D () C:\Users\Szymon\Desktop\Cinema Player 2014-04-15 21:54 - 2014-04-15 21:54 - 00003584 _____ () C:\Users\Szymon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-04-15 18:28 - 2014-03-28 19:20 - 00000000 ____D () C:\Users\Szymon\AppData\Local\eMule 2014-04-15 18:25 - 2014-04-15 18:25 - 00026181 _____ () C:\Users\Szymon\Downloads\server (7).met 2014-04-15 18:24 - 2014-04-15 18:24 - 00023321 _____ () C:\Users\Szymon\Downloads\server (6).met 2014-04-15 18:24 - 2014-04-15 18:24 - 00023321 _____ () C:\Users\Szymon\Downloads\server (5).met 2014-04-15 18:09 - 2014-04-15 18:09 - 00004018 _____ () C:\Users\Szymon\Downloads\server (4).met 2014-04-15 18:09 - 2014-04-15 18:09 - 00004018 _____ () C:\Users\Szymon\Downloads\server (3).met 2014-04-15 18:09 - 2014-04-15 18:09 - 00004018 _____ () C:\Users\Szymon\Downloads\server (2).met 2014-04-15 17:46 - 2014-04-15 17:46 - 00000987 _____ () C:\Users\Public\Desktop\eMule.lnk 2014-04-15 17:46 - 2014-04-15 17:46 - 00000000 ____D () C:\Users\Szymon\Downloads\eMule 2014-04-15 17:46 - 2014-04-15 17:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eMule 2014-04-15 17:46 - 2014-04-15 17:46 - 00000000 ____D () C:\Program Files (x86)\eMule 2014-04-15 17:46 - 2014-03-28 19:21 - 00000000 ____D () C:\ProgramData\eMule 2014-04-15 17:45 - 2014-04-15 17:45 - 03389035 _____ () C:\Users\Szymon\Downloads\eMule0.50a-Installer1_www.INSTALKI.pl.exe Some content of TEMP: ==================== C:\Users\Szymon\AppData\Local\Temp\applinstall.exe C:\Users\Szymon\AppData\Local\Temp\appshat_generic.exe C:\Users\Szymon\AppData\Local\Temp\bitool.dll C:\Users\Szymon\AppData\Local\Temp\BundleSweetIMSetup.exe C:\Users\Szymon\AppData\Local\Temp\cabex.dll C:\Users\Szymon\AppData\Local\Temp\Delta.exe C:\Users\Szymon\AppData\Local\Temp\DeltaTB.exe C:\Users\Szymon\AppData\Local\Temp\DseShExt-x64.dll C:\Users\Szymon\AppData\Local\Temp\DseShExt-x86.dll C:\Users\Szymon\AppData\Local\Temp\FixMyRegistry.exe C:\Users\Szymon\AppData\Local\Temp\InstHelper.exe C:\Users\Szymon\AppData\Local\Temp\LiveSupport_setup.exe C:\Users\Szymon\AppData\Local\Temp\lowproc.exe C:\Users\Szymon\AppData\Local\Temp\ms.exe C:\Users\Szymon\AppData\Local\Temp\MybabylonTB.exe C:\Users\Szymon\AppData\Local\Temp\nvSCPAPI.dll C:\Users\Szymon\AppData\Local\Temp\nvStInst.exe C:\Users\Szymon\AppData\Local\Temp\OptimizerPro.exe C:\Users\Szymon\AppData\Local\Temp\pdr6free.exe C:\Users\Szymon\AppData\Local\Temp\qms.exe C:\Users\Szymon\AppData\Local\Temp\sbsetup.exe C:\Users\Szymon\AppData\Local\Temp\SDShelEx-win32.dll C:\Users\Szymon\AppData\Local\Temp\SDShelEx-x64.dll C:\Users\Szymon\AppData\Local\Temp\setup.exe C:\Users\Szymon\AppData\Local\Temp\setup_132.exe C:\Users\Szymon\AppData\Local\Temp\setup__6235.exe C:\Users\Szymon\AppData\Local\Temp\SHSetup.exe C:\Users\Szymon\AppData\Local\Temp\SpeedUpMyComputer.exe C:\Users\Szymon\AppData\Local\Temp\stubhelper.dll C:\Users\Szymon\AppData\Local\Temp\tu17p84.exe C:\Users\Szymon\AppData\Local\Temp\unelevate.exe C:\Users\Szymon\AppData\Local\Temp\WSSetup.exe C:\Users\Szymon\AppData\Local\Temp\ytai_ytareg_setup.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-09 17:03 ==================== End Of Log ============================