Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-01-2014
Ran by Owner (administrator) on OWNER-HP on 21-01-2014 19:40:12
Running from C:\Users\Owner\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version:
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version:
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST:
http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices) C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6602856 2011-01-11] (Realtek Semiconductor)
HKLM\...\Run: [HPWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-07-21] (Hewlett-Packard Company)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1580368 2010-11-03] (Logitech, Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-03-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2013-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2014-01-19] (AVAST Software)
HKLM\...\RunOnce: [NCPluginUpdater] - "c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe" Update [21720 2014-01-14] (Hewlett-Packard)
HKCU\...\Run: [EPSON Stylus CX8400 Series] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICEA.EXE [209408 2007-02-15] (SEIKO EPSON CORPORATION)
HKCU\...409d6c4515e9\InprocServer32: [Default-shell32] C:\Users\Owner\AppData\Local\Temp\sxpherm\sobyows\wow64.dll ATTENTION! ====> ZeroAccess?
HKCU\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
MountPoints2: {7dc68271-a549-11e0-8d5f-806e6f6e6963} - E:\FLTEnhanced.exe
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.msn.com/?pc=U147E&ocid=U147EDHP
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://g.msn.com/HPNOT/1
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages =
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=CPNTDF
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=CPNTDF
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - {12B6A7F2-4A13-4CB7-AEB3-40DE3D8297BB} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=5BDC4FC7-F7D3-4523-9A22-F9D2B921A48B&apn_sauid=91FFE764-2E83-4669-9E74-2E27808806B4
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=CPNTDF
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg.dll No File
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe64.dll No File
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: No Name - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: No Name - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258}
http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe64.dll No File
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg.dll No File
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - No File
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - No File
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - No File
Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - No File
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62 192.168.1.1
Chrome:
=======
CHR HomePage: hxxp://www.msn.com/?pc=U147C&ocid=U147CDHP
CHR DefaultSearchKeyword: bing.com
CHR DefaultSearchProvider: Bing
CHR DefaultSearchURL: http://www.bing.com/search?FORM=U147CD&PC=U147C&q={searchTerms}
CHR DefaultNewTabURL:
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.300.12) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U30) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll No File
CHR Extension: (Adblock Plus) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-01-19]
CHR Extension: (avast! Online Security) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-01-19]
CHR Extension: (Ghostery) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2014-01-19]
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-19]
CHR HKLM\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\chrome_tmbep.crx [2014-01-19]
CHR HKLM-x32\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\chrome_tmbep.crx [2014-01-19]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-01-19]
==================== Services (Whitelisted) =================
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [354304 2011-03-04] (Advanced Micro Devices, Inc.)
R2 AMD Reservation Manager; C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [194496 2010-06-17] (Advanced Micro Devices)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-19] (AVAST Software)
==================== Drivers (Whitelisted) ====================
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-01-19] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2014-01-19] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-01-19] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1034464 2014-01-19] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [422216 2014-01-19] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [79672 2014-01-19] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-19] ()
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [46392 2012-08-24] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105744 2012-05-02] (Trend Micro Inc.)
U2 TMAgent;
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-21 19:40 - 2014-01-21 19:41 - 00017730 _____ C:\Users\Owner\Desktop\FRST.txt
2014-01-21 19:40 - 2014-01-21 19:40 - 00000000 ____D C:\FRST
2014-01-21 19:38 - 2014-01-21 19:38 - 02077184 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2014-01-21 17:14 - 2014-01-21 17:14 - 00003101 _____ C:\Users\Owner\Desktop\AdwCleaner[R1].txt
2014-01-21 06:20 - 2014-01-21 17:05 - 00000168 _____ C:\Windows\setupact.log
2014-01-21 06:20 - 2014-01-21 06:20 - 00000000 _____ C:\Windows\setuperr.log
2014-01-20 19:03 - 2014-01-21 18:52 - 00052447 _____ C:\Windows\WindowsUpdate.log
2014-01-20 18:59 - 2014-01-20 18:59 - 00000000 ____D C:\Windows\pss
2014-01-20 17:21 - 2014-01-21 17:13 - 00000000 ____D C:\AdwCleaner
2014-01-20 17:02 - 2014-01-20 17:22 - 00002132 _____ C:\Users\Owner\Desktop\msconfig and services.txt
2014-01-20 16:40 - 2014-01-20 16:40 - 01236282 _____ C:\Users\Owner\Downloads\AdwCleaner.exe
2014-01-20 16:29 - 2014-01-20 16:29 - 00001808 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-01-20 16:29 - 2014-01-20 16:29 - 00000000 ____D C:\Users\Owner\AppData\Roaming\SUPERAntiSpyware.com
2014-01-20 16:29 - 2014-01-20 16:29 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2014-01-20 16:29 - 2014-01-20 16:29 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2014-01-20 16:27 - 2014-01-20 16:27 - 29485864 _____ (SUPERAntiSpyware) C:\Users\Owner\Downloads\SUPERAntiSpyware.exe
2014-01-20 15:42 - 2014-01-20 15:42 - 00022266 _____ C:\Users\Owner\Documents\cc_20140120_154237.reg
2014-01-19 23:15 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-19 23:15 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-19 23:15 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-19 23:15 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-19 23:13 - 2014-01-19 23:15 - 00005310 _____ C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-19 23:01 - 2014-01-19 23:01 - 00000000 ____D C:\ProgramData\Synaptics
2014-01-19 21:21 - 2012-08-23 08:41 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-01-19 21:21 - 2012-08-23 08:40 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-01-19 21:20 - 2012-08-23 09:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-01-19 21:20 - 2012-08-23 09:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-01-19 21:20 - 2012-08-23 09:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2014-01-19 21:20 - 2012-08-23 09:07 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-01-19 21:20 - 2012-08-23 08:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-01-19 21:20 - 2012-08-23 08:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-01-19 21:20 - 2012-08-23 08:24 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-01-19 21:20 - 2012-08-23 08:20 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-01-19 21:20 - 2012-08-23 08:18 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-01-19 21:20 - 2012-08-23 08:17 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-01-19 21:20 - 2012-08-23 08:06 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-01-19 21:20 - 2012-08-23 07:52 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-01-19 21:20 - 2012-08-23 06:20 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-01-19 21:20 - 2012-08-23 06:15 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-01-19 21:20 - 2012-08-23 06:14 - 00384000 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-01-19 21:20 - 2012-08-23 06:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-01-19 21:20 - 2012-08-23 05:54 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-01-19 21:20 - 2012-08-23 05:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-01-19 21:20 - 2012-08-23 05:39 - 01048064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-01-19 21:20 - 2012-08-23 05:22 - 01123840 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-01-19 21:20 - 2012-08-23 04:51 - 03174912 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-01-19 21:20 - 2012-08-23 03:19 - 04916224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-01-19 21:20 - 2012-08-23 03:13 - 05773824 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-01-19 21:07 - 2012-05-04 06:00 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-01-19 21:07 - 2012-05-04 04:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-01-19 20:59 - 2014-01-19 21:00 - 00152888 _____ C:\Users\Owner\Documents\cc_20140119_205948.reg
2014-01-19 20:16 - 2014-01-19 20:16 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-19 20:16 - 2014-01-19 20:16 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Malwarebytes
2014-01-19 20:16 - 2014-01-19 20:16 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-19 20:16 - 2014-01-19 20:16 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-19 20:16 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-19 16:39 - 2013-11-26 20:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-19 16:39 - 2013-11-26 20:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-19 16:39 - 2013-11-26 20:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-19 16:39 - 2013-11-26 20:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-19 16:39 - 2013-11-26 20:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-19 16:39 - 2013-11-26 20:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-19 16:39 - 2013-11-26 20:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-19 16:38 - 2013-11-26 06:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-19 16:38 - 2013-11-26 05:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-19 16:30 - 2014-01-19 16:30 - 00002772 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-01-19 16:30 - 2014-01-19 16:30 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2014-01-19 16:29 - 2014-01-19 16:30 - 00000000 ____D C:\Program Files\CCleaner
2014-01-19 16:26 - 2014-01-19 16:26 - 00000000 ____D C:\Users\Owner\AppData\Roaming\AVAST Software
2014-01-19 16:25 - 2014-01-19 16:25 - 00001966 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-01-19 16:24 - 2014-01-21 17:00 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2014-01-19 16:24 - 2014-01-19 16:25 - 00079672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-01-19 16:24 - 2014-01-19 16:23 - 01034464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-01-19 16:24 - 2014-01-19 16:23 - 00422216 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-01-19 16:24 - 2014-01-19 16:23 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-01-19 16:24 - 2014-01-19 16:23 - 00207904 _____ C:\Windows\system32\Drivers\aswVmm.sys
2014-01-19 16:24 - 2014-01-19 16:23 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-01-19 16:24 - 2014-01-19 16:23 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-01-19 16:24 - 2014-01-19 16:23 - 00065776 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2014-01-19 16:23 - 2014-01-19 16:23 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-01-19 16:21 - 2014-01-19 16:21 - 00000000 ____D C:\Program Files\AVAST Software
2014-01-19 16:14 - 2014-01-19 16:15 - 00000000 ____D C:\ProgramData\AVAST Software
2014-01-19 16:12 - 2014-01-19 16:12 - 04645232 _____ (Piriform Ltd) C:\Users\Owner\Downloads\ccsetup409.exe
2014-01-19 16:11 - 2014-01-19 16:11 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-19 16:09 - 2014-01-19 16:12 - 91412976 _____ (AVAST Software) C:\Users\Owner\Downloads\avast_free_antivirus_setup.exe
2013-12-26 18:37 - 2013-12-26 18:37 - 00014504 _____ C:\Users\Owner\Documents\Music.txt
==================== One Month Modified Files and Folders =======
2014-01-21 19:41 - 2014-01-21 19:40 - 00017730 _____ C:\Users\Owner\Desktop\FRST.txt
2014-01-21 19:40 - 2014-01-21 19:40 - 00000000 ____D C:\FRST
2014-01-21 19:40 - 2011-12-23 21:51 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-21 19:38 - 2014-01-21 19:38 - 02077184 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2014-01-21 19:20 - 2011-11-01 07:41 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-01-21 19:20 - 2011-08-23 06:53 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2014-01-21 18:55 - 2012-04-19 06:14 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-21 18:52 - 2014-01-20 19:03 - 00052447 _____ C:\Windows\WindowsUpdate.log
2014-01-21 18:17 - 2011-07-03 20:03 - 00003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{6339F689-9326-4B5F-B574-7BC083483359}
2014-01-21 17:14 - 2014-01-21 17:14 - 00003101 _____ C:\Users\Owner\Desktop\AdwCleaner[R1].txt
2014-01-21 17:13 - 2014-01-20 17:21 - 00000000 ____D C:\AdwCleaner
2014-01-21 17:13 - 2009-07-13 23:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-21 17:13 - 2009-07-13 23:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-21 17:06 - 2011-12-23 21:51 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-21 17:05 - 2014-01-21 06:20 - 00000168 _____ C:\Windows\setupact.log
2014-01-21 17:05 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-21 17:00 - 2014-01-19 16:24 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2014-01-21 06:20 - 2014-01-21 06:20 - 00000000 _____ C:\Windows\setuperr.log
2014-01-20 18:59 - 2014-01-20 18:59 - 00000000 ____D C:\Windows\pss
2014-01-20 18:53 - 2011-12-23 21:51 - 00000000 ____D C:\Program Files\Google
2014-01-20 18:53 - 2011-12-23 21:50 - 00000000 ____D C:\Program Files (x86)\Google
2014-01-20 17:22 - 2014-01-20 17:02 - 00002132 _____ C:\Users\Owner\Desktop\msconfig and services.txt
2014-01-20 16:40 - 2014-01-20 16:40 - 01236282 _____ C:\Users\Owner\Downloads\AdwCleaner.exe
2014-01-20 16:29 - 2014-01-20 16:29 - 00001808 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-01-20 16:29 - 2014-01-20 16:29 - 00000000 ____D C:\Users\Owner\AppData\Roaming\SUPERAntiSpyware.com
2014-01-20 16:29 - 2014-01-20 16:29 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2014-01-20 16:29 - 2014-01-20 16:29 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2014-01-20 16:27 - 2014-01-20 16:27 - 29485864 _____ (SUPERAntiSpyware) C:\Users\Owner\Downloads\SUPERAntiSpyware.exe
2014-01-20 16:00 - 2011-12-23 21:50 - 00000000 ____D C:\Users\Owner\AppData\Local\Google
2014-01-20 15:57 - 2012-09-04 19:18 - 00000000 ____D C:\Firefox
2014-01-20 15:42 - 2014-01-20 15:42 - 00022266 _____ C:\Users\Owner\Documents\cc_20140120_154237.reg
2014-01-20 15:39 - 2011-08-26 22:08 - 00000000 ____D C:\Users\Owner\AppData\Local\The Weather Channel
2014-01-20 06:30 - 2012-03-07 10:07 - 00000258 __RSH C:\ProgramData\ntuser.pol
2014-01-20 06:09 - 2012-03-07 10:09 - 00000000 ____D C:\Users\Owner\AppData\Local\Trend Micro
2014-01-20 06:09 - 2011-07-04 08:36 - 00000000 ____D C:\ProgramData\Trend Micro
2014-01-20 06:02 - 2013-10-07 13:10 - 00000000 ____D C:\ProgramData\Oracle
2014-01-20 00:03 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2014-01-19 23:15 - 2014-01-19 23:13 - 00005310 _____ C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-19 23:15 - 2011-04-11 13:48 - 00000000 ____D C:\Program Files (x86)\Java
2014-01-19 23:01 - 2014-01-19 23:01 - 00000000 ____D C:\ProgramData\Synaptics
2014-01-19 22:55 - 2009-07-13 23:45 - 00277464 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-19 22:17 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2014-01-19 21:48 - 2012-03-24 09:01 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-19 21:13 - 2013-08-09 23:34 - 00000000 ____D C:\Windows\system32\MRT
2014-01-19 21:08 - 2011-07-04 07:35 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-19 21:00 - 2014-01-19 20:59 - 00152888 _____ C:\Users\Owner\Documents\cc_20140119_205948.reg
2014-01-19 20:16 - 2014-01-19 20:16 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-19 20:16 - 2014-01-19 20:16 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Malwarebytes
2014-01-19 20:16 - 2014-01-19 20:16 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-19 20:16 - 2014-01-19 20:16 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-19 20:13 - 2012-02-12 21:37 - 00000000 ____D C:\Windows\Minidump
2014-01-19 20:13 - 2011-08-23 20:38 - 00000000 ____D C:\Users\Owner\AppData\Local\CrashDumps
2014-01-19 20:13 - 2007-01-01 20:25 - 00000000 ____D C:\Windows\Panther
2014-01-19 19:44 - 2009-07-14 00:13 - 00006450 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-19 17:03 - 2011-12-31 20:54 - 00000000 ____D C:\Users\Owner\AppData\Local\Apple
2014-01-19 16:50 - 2013-11-26 07:30 - 00000000 ____D C:\Program Files (x86)\ARO 2013
2014-01-19 16:45 - 2012-02-12 21:43 - 00002019 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-01-19 16:37 - 2013-03-25 19:37 - 00003186 _____ C:\Windows\System32\Tasks\HPCeeScheduleForOwner
2014-01-19 16:37 - 2013-03-25 19:37 - 00000332 _____ C:\Windows\Tasks\HPCeeScheduleForOwner.job
2014-01-19 16:30 - 2014-01-19 16:30 - 00002772 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-01-19 16:30 - 2014-01-19 16:30 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2014-01-19 16:30 - 2014-01-19 16:29 - 00000000 ____D C:\Program Files\CCleaner
2014-01-19 16:26 - 2014-01-19 16:26 - 00000000 ____D C:\Users\Owner\AppData\Roaming\AVAST Software
2014-01-19 16:25 - 2014-01-19 16:25 - 00001966 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-01-19 16:25 - 2014-01-19 16:24 - 00079672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-01-19 16:23 - 2014-01-19 16:24 - 01034464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-01-19 16:23 - 2014-01-19 16:24 - 00422216 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-01-19 16:23 - 2014-01-19 16:24 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-01-19 16:23 - 2014-01-19 16:24 - 00207904 _____ C:\Windows\system32\Drivers\aswVmm.sys
2014-01-19 16:23 - 2014-01-19 16:24 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-01-19 16:23 - 2014-01-19 16:24 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-01-19 16:23 - 2014-01-19 16:24 - 00065776 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2014-01-19 16:23 - 2014-01-19 16:23 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-01-19 16:21 - 2014-01-19 16:21 - 00000000 ____D C:\Program Files\AVAST Software
2014-01-19 16:15 - 2014-01-19 16:14 - 00000000 ____D C:\ProgramData\AVAST Software
2014-01-19 16:12 - 2014-01-19 16:12 - 04645232 _____ (Piriform Ltd) C:\Users\Owner\Downloads\ccsetup409.exe
2014-01-19 16:12 - 2014-01-19 16:09 - 91412976 _____ (AVAST Software) C:\Users\Owner\Downloads\avast_free_antivirus_setup.exe
2014-01-19 16:11 - 2014-01-19 16:11 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-04 16:03 - 2009-07-14 00:08 - 00032560 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-26 18:37 - 2013-12-26 18:37 - 00014504 _____ C:\Users\Owner\Documents\Music.txt
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-19 23:55
==================== End Of Log ============================