Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013 Ran by KINGA (administrator) on KINGA-KOMPUTER on 12-10-2013 08:27:55 Running from C:\Users\KINGA\Desktop Windows 7 Home Premium (X64) OS Language: Polish Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (ASUSTeK Computer Inc.) C:\Windows\system32\FBAgent.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (Atheros) C:\Program Files (x86)\Atheros\Ath_CoexAgent.exe (Atheros Commnucations) C:\Program Files (x86)\Atheros\Bluetooth Suite\adminservice.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (ASUS) C:\Windows\AsScrPro.exe (Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.exe (ASUS) C:\Program Files\P4G\BatteryLife.exe (ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe (ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE () C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Atheros Communications) C:\Program Files (x86)\Atheros\Bluetooth Suite\BtvStack.exe (Atheros Commnucations) C:\Program Files (x86)\Atheros\Bluetooth Suite\AthBtTray.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [ASUS WebStorage] - C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [1754448 2010-03-16] () HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] () HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-03-16] (Realtek Semiconductor) HKLM\...\Run: [AtherosBtStack] - C:\Program Files (x86)\Atheros\Bluetooth Suite\BtvStack.exe [613536 2010-11-26] (Atheros Communications) HKLM\...\Run: [AthBtTray] - C:\Program Files (x86)\Atheros\Bluetooth Suite\AthBtTray.exe [379040 2010-11-26] (Atheros Commnucations) HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2587944 2010-12-13] (ELAN Microelectronics Corp.) HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [6330568 2013-03-21] (ESET) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) MountPoints2: {53991242-88ca-11e2-a71b-e0b9a52f1e67} - F:\AutoRun.exe MountPoints2: {6f46fed2-849c-11e2-8efe-e0b9a52f1e67} - F:\AutoRun.exe HKLM-x32\...\Run: [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS) HKLM-x32\...\Run: [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS) HKLM-x32\...\Run: [SonicMasterTray] - C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [984400 2010-07-10] (Virage Logic Corporation / Sonic Focus) HKLM-x32\...\Run: [Wireless Console 3] - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-24] () HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKU\UpdatusUser\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-06] (Acresso Corporation) HKU\UpdatusUser\...\Run: [swg] - "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" AppInit_DLLs: C:\Windows\system32\nvinitx.dll [226920 2011-03-16] (NVIDIA Corporation) AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll [192616 2011-03-16] (NVIDIA Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Atheros\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) BHO-x32: Pomocnik logowania za pomocą identyfikatora Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\KINGA\AppData\Roaming\Mozilla\Firefox\Profiles\zc603rrp.default-1381558514648 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll () FF Plugin: @java.com/DTPlugin,version=10.5.0 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.5.0 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: ZEON/PDF,version=2.0 - C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation) FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird ==================== Services (Whitelisted) ================= R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Atheros\Ath_CoexAgent.exe [151552 2010-05-25] (Atheros) R2 AtherosSvc; C:\Program Files (x86)\Atheros\Bluetooth Suite\adminservice.exe [52896 2010-11-26] (Atheros Commnucations) R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1341664 2013-03-21] (ESET) ==================== Drivers (Whitelisted) ==================== R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [213416 2013-02-14] (ESET) R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [150616 2013-01-10] (ESET) R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [139768 2013-01-10] (ESET) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-12 08:26 - 2013-10-12 08:26 - 00003178 _____ C:\Windows\System32\Tasks\P4GIntlCtrl 2013-10-12 08:26 - 2013-10-12 08:26 - 00000000 ___RD C:\Users\KINGA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2013-10-12 08:22 - 2013-10-12 08:22 - 00448512 _____ (OldTimer Tools) C:\Users\KINGA\Desktop\TFC.exe 2013-10-12 08:13 - 2013-10-12 08:21 - 00000254 _____ C:\Users\KINGA\Desktop\Nowy dokument tekstowy.txt 2013-10-11 23:02 - 2013-10-11 23:02 - 00262144 _____ C:\Windows\Minidump\101113-25755-01.dmp 2013-10-11 23:02 - 2013-10-11 23:02 - 00000000 ____D C:\Windows\Minidump 2013-10-11 23:01 - 2013-10-11 23:01 - 405370612 _____ C:\Windows\MEMORY.DMP 2013-10-11 22:39 - 2013-10-11 22:39 - 00377856 _____ C:\Users\KINGA\Desktop\dcf3x8m0.exe 2013-10-11 22:28 - 2013-10-12 08:11 - 00000000 ____D C:\FRST 2013-10-11 22:27 - 2013-10-11 22:28 - 01954124 _____ (Farbar) C:\Users\KINGA\Desktop\FRST64.exe 2013-10-11 17:35 - 2013-10-11 20:17 - 00173568 ___SH C:\Users\KINGA\Desktop\Thumbs.db 2013-10-10 17:59 - 2013-10-10 17:59 - 00019456 _____ C:\Users\KINGA\Desktop\Rachunek wzór.xls 2013-10-09 21:56 - 2013-10-09 21:56 - 00602112 _____ (OldTimer Tools) C:\Users\KINGA\Desktop\OTL.exe 2013-10-09 17:57 - 2013-10-09 17:57 - 00000000 ____D C:\ProgramData\ESET 2013-10-09 17:57 - 2013-10-09 17:57 - 00000000 ____D C:\Program Files\ESET 2013-10-08 20:46 - 2013-10-11 01:12 - 00126976 _____ C:\Users\KINGA\Desktop\Plan2014_Jastrzębski Rafał.xls 2013-10-01 09:32 - 2013-10-01 09:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-09-29 19:14 - 2013-10-11 09:16 - 00000000 ____D C:\Users\KINGA\Desktop\Nowy folder ==================== One Month Modified Files and Folders ======= 2013-10-12 08:26 - 2013-10-12 08:26 - 00003178 _____ C:\Windows\System32\Tasks\P4GIntlCtrl 2013-10-12 08:26 - 2013-10-12 08:26 - 00000000 ___RD C:\Users\KINGA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2013-10-12 08:26 - 2011-06-20 11:31 - 00058288 _____ (Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.dll 2013-10-12 08:26 - 2011-03-16 11:20 - 00045056 _____ C:\Windows\system32\acovcnt.exe 2013-10-12 08:26 - 2011-03-16 11:10 - 00000035 _____ C:\Users\Public\Documents\AtherosServiceConfig.ini 2013-10-12 08:26 - 2011-03-16 09:07 - 00017920 _____ C:\Windows\system32\rpcnetp.exe 2013-10-12 08:25 - 2013-06-11 22:26 - 00005229 _____ C:\Windows\setupact.log 2013-10-12 08:25 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-10-12 08:24 - 2011-03-16 09:13 - 01750780 _____ C:\Windows\WindowsUpdate.log 2013-10-12 08:23 - 2013-03-26 10:09 - 00000000 ____D C:\Users\KINGA\Desktop\Rafał 2013-10-12 08:22 - 2013-10-12 08:22 - 00448512 _____ (OldTimer Tools) C:\Users\KINGA\Desktop\TFC.exe 2013-10-12 08:21 - 2013-10-12 08:13 - 00000254 _____ C:\Users\KINGA\Desktop\Nowy dokument tekstowy.txt 2013-10-12 08:11 - 2013-10-11 22:28 - 00000000 ____D C:\FRST 2013-10-12 07:56 - 2012-07-07 22:40 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-10-12 06:37 - 2009-08-03 21:55 - 00709558 _____ C:\Windows\system32\perfh015.dat 2013-10-12 06:37 - 2009-08-03 21:55 - 00138976 _____ C:\Windows\system32\perfc015.dat 2013-10-12 06:37 - 2009-07-14 07:13 - 01580692 _____ C:\Windows\system32\PerfStringBackup.INI 2013-10-11 23:12 - 2009-07-14 06:45 - 00010240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-10-11 23:12 - 2009-07-14 06:45 - 00010240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-10-11 23:02 - 2013-10-11 23:02 - 00262144 _____ C:\Windows\Minidump\101113-25755-01.dmp 2013-10-11 23:02 - 2013-10-11 23:02 - 00000000 ____D C:\Windows\Minidump 2013-10-11 23:01 - 2013-10-11 23:01 - 405370612 _____ C:\Windows\MEMORY.DMP 2013-10-11 22:39 - 2013-10-11 22:39 - 00377856 _____ C:\Users\KINGA\Desktop\dcf3x8m0.exe 2013-10-11 22:28 - 2013-10-11 22:27 - 01954124 _____ (Farbar) C:\Users\KINGA\Desktop\FRST64.exe 2013-10-11 20:17 - 2013-10-11 17:35 - 00173568 ___SH C:\Users\KINGA\Desktop\Thumbs.db 2013-10-11 14:59 - 2012-07-07 22:44 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-10-11 14:59 - 2012-07-07 22:44 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2013-10-11 09:16 - 2013-09-29 19:14 - 00000000 ____D C:\Users\KINGA\Desktop\Nowy folder 2013-10-11 09:16 - 2013-07-12 09:55 - 00000000 ____D C:\Users\KINGA\Desktop\Nowy folder A 2013-10-11 09:16 - 2013-07-05 21:56 - 00000000 ____D C:\Users\KINGA\Desktop\WYNKI NEW OK 2013-10-11 09:16 - 2011-06-20 20:33 - 00000000 ____D C:\Users\KINGA\AppData\Local\CrashDumps 2013-10-11 09:16 - 2011-06-20 20:21 - 00000000 ___RD C:\Users\KINGA\Desktop\FloraPark 2013-10-11 09:16 - 2011-06-20 20:21 - 00000000 ____D C:\Users\KINGA\Desktop\Dokumenty Kingi 2013-10-11 07:54 - 2009-07-14 04:34 - 00000499 _____ C:\Windows\win.ini 2013-10-11 07:49 - 2013-08-23 06:46 - 00000000 ____D C:\Windows\system32\MRT 2013-10-11 07:47 - 2011-08-29 21:17 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-10-11 01:12 - 2013-10-08 20:46 - 00126976 _____ C:\Users\KINGA\Desktop\Plan2014_Jastrzębski Rafał.xls 2013-10-10 19:57 - 2012-07-07 22:40 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-10-10 19:57 - 2012-07-07 22:40 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-10-10 19:57 - 2012-07-07 22:40 - 00003868 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-10-10 17:59 - 2013-10-10 17:59 - 00019456 _____ C:\Users\KINGA\Desktop\Rachunek wzór.xls 2013-10-09 21:56 - 2013-10-09 21:56 - 00602112 _____ (OldTimer Tools) C:\Users\KINGA\Desktop\OTL.exe 2013-10-09 18:08 - 2011-06-05 20:17 - 00000000 ____D C:\Users\KINGA 2013-10-09 17:57 - 2013-10-09 17:57 - 00000000 ____D C:\ProgramData\ESET 2013-10-09 17:57 - 2013-10-09 17:57 - 00000000 ____D C:\Program Files\ESET 2013-10-08 22:01 - 2011-03-16 11:15 - 00002218 _____ C:\Windows\system32\AutoRunFilter.ini 2013-10-05 10:35 - 2012-05-24 19:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-10-01 20:35 - 2011-06-20 10:48 - 00000000 ____D C:\Users\KINGA\AppData\Local\Mozilla 2013-10-01 09:33 - 2013-10-01 09:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-09-17 06:11 - 2011-06-05 20:19 - 00000000 ____D C:\Users\KINGA\Documents\Bluetooth Folder ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-10-01 08:42 ==================== End Of Log ============================