Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-10-2013 Ran by Adik1 (administrator) on ADIK1-KOMPUTER on 06-11-2013 14:08:25 Running from C:\Users\Adik1\Desktop Windows 7 Ultimate (X64) OS Language: Polish Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe (AMD) C:\Windows\system32\atieclxx.exe () C:\Program Files (x86)\Ashampoo\Ashampoo Anti-Malware\AAMW_Service.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Ashampoo Development GmbH & Co. KG) C:\Program Files (x86)\Ashampoo\Ashampoo Anti-Malware\AAMW_Guard.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe () C:\Program Files (x86)\Ashampoo\Ashampoo Anti-Malware\AAMW_WSC_Service_Vista.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\system32\taskmgr.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Ashampoo Anti-Malware Guard] - C:\Program Files (x86)\Ashampoo\Ashampoo Anti-Malware\AAMW_Guard.exe [3314176 2010-08-26] (Ashampoo Development GmbH & Co. KG) MountPoints2: {4c427bbd-2998-11e3-a099-001fd0541e0b} - F:\LaunchU3.exe -a MountPoints2: {da64a640-25ee-11e3-bce0-806e6f6e6963} - E:\XP_BY_ZBYCHO.exe HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe [111024 2012-01-03] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-02] (Adobe Systems Incorporated) HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-07-04] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [AMD AVT] - Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml AlternateShell: ==================== Internet (Whitelisted) ==================== StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) Tcpip\Parameters: [DhcpNameServer] 217.173.176.6 217.173.176.50 Chrome: ======= CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File CHR Extension: (Google Docs) - C:\Users\Adik1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0 CHR Extension: (Google Drive) - C:\Users\Adik1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 CHR Extension: (YouTube) - C:\Users\Adik1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (Google Search) - C:\Users\Adik1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 CHR Extension: (Google Wallet) - C:\Users\Adik1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0 CHR Extension: (Gmail) - C:\Users\Adik1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1 ==================== Services (Whitelisted) ================= R2 AAMWService; C:\Program Files (x86)\Ashampoo\Ashampoo Anti-Malware\AAMW_Service.exe [1313184 2011-08-17] () R2 AAMW_WSC_Service_Vista; C:\Program Files (x86)\Ashampoo\Ashampoo Anti-Malware\AAMW_WSC_Service_Vista.exe [52616 2010-03-02] () R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-07-04] (Advanced Micro Devices, Inc.) S3 WatAdminSvc; C:\Windows\system32\Wat\WatAdminSvc.exe [1255736 2013-09-25] () ==================== Drivers (Whitelisted) ==================== R3 AAMWRegFilter; C:\Program Files (x86)\Ashampoo\Ashampoo Anti-Malware\AAMW_Regfilter64.sys [18456 2010-01-20] () R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices) R3 ASW3Scan; C:\Program Files (x86)\Ashampoo\Ashampoo Anti-Malware\AAMW_IFS64.sys [21528 2010-06-16] () ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-11-06 14:07 - 2013-11-06 14:07 - 00052824 _____ C:\Users\Adik1\Desktop\OTL.Txt 2013-11-06 14:07 - 2013-11-06 14:07 - 00039276 _____ C:\Users\Adik1\Desktop\Extras.Txt 2013-11-06 10:52 - 2013-11-06 10:52 - 00891184 _____ C:\Users\Adik1\Desktop\SecurityCheck.exe 2013-11-06 10:52 - 2013-11-06 10:52 - 00000000 ____D C:\FRST 2013-11-06 10:51 - 2013-11-06 10:51 - 01957098 _____ (Farbar) C:\Users\Adik1\Desktop\FRST64.exe 2013-11-06 10:51 - 2013-11-06 10:51 - 00602112 _____ (OldTimer Tools) C:\Users\Adik1\Desktop\OTL.com 2013-11-06 10:51 - 2013-11-06 10:51 - 00259584 _____ (OldTimer Tools) C:\Users\Adik1\Desktop\OTH.com 2013-11-06 10:50 - 2013-11-06 10:50 - 00448512 _____ (OldTimer Tools) C:\Users\Adik1\Desktop\TFC.exe 2013-11-05 20:04 - 2013-11-05 20:06 - 27201688 _____ (Advanced Micro Devices, Inc.) C:\Users\Adik1\Downloads\13-9_win7_win8_32-64_hydravision.exe 2013-11-05 19:59 - 2013-11-05 19:59 - 00103140 __RSH C:\tnmdj.exe 2013-11-05 14:24 - 2013-11-05 14:24 - 00000000 ____D C:\Nowy folder 2013-11-05 13:28 - 2013-11-05 13:29 - 00000000 ____D C:\Users\Adik1\AppData\Roaming\DAEMON Tools Lite 2013-11-05 13:28 - 2013-11-05 13:28 - 00103140 __RSH C:\xkntgk.pif 2013-11-05 13:27 - 2013-11-05 13:28 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite 2013-11-05 11:05 - 2013-11-05 11:05 - 00000000 ___HD C:\ProgramData\CanonIJScan 2013-11-05 11:05 - 2013-11-05 11:05 - 00000000 _____ C:\Users\Adik1\Sti_Trace.log 2013-11-05 11:02 - 2013-11-05 11:05 - 00000000 ____D C:\Users\Adik1\AppData\Roaming\Canon 2013-11-05 10:49 - 2013-11-05 10:49 - 00002095 _____ C:\Users\Public\Desktop\Canon MP Navigator EX 3.0.lnk 2013-11-05 10:49 - 2013-11-05 10:49 - 00000000 ____D C:\Program Files (x86)\Canon 2013-11-05 10:48 - 2013-11-05 10:48 - 00000000 ___HD C:\Windows\system32\CanonIJ Uninstaller Information 2013-11-05 10:48 - 2013-11-05 10:48 - 00000000 ___HD C:\ProgramData\CanonBJ 2013-11-05 10:48 - 2009-04-03 16:01 - 01321984 _____ (CANON INC.) C:\Windows\system32\CNC250C.dll 2013-11-05 10:48 - 2009-04-03 16:00 - 00092672 _____ (CANON INC.) C:\Windows\system32\CNC250I.dll 2013-11-05 10:48 - 2009-04-03 15:57 - 00106496 _____ (CANON INC.) C:\Windows\SysWOW64\CNC250U.dll 2013-11-05 10:48 - 2009-03-11 11:36 - 00328192 _____ (CANON INC.) C:\Windows\system32\CNC250L.dll 2013-11-05 10:48 - 2009-03-11 11:34 - 00303104 _____ (CANON INC.) C:\Windows\SysWOW64\CNC250L.dll 2013-11-05 10:48 - 2008-11-18 19:57 - 00012288 _____ C:\Windows\SysWOW64\CNC173AD.TBL 2013-11-05 10:48 - 2008-11-18 19:57 - 00012288 _____ C:\Windows\system32\CNC173AD.TBL 2013-11-05 10:48 - 2008-08-25 18:02 - 00017920 _____ (CANON INC.) C:\Windows\system32\CNHMCA6.dll 2013-11-05 10:48 - 2008-08-25 18:02 - 00015872 _____ (CANON INC.) C:\Windows\SysWOW64\CNHMCA.dll 2013-11-05 10:47 - 2013-11-05 10:47 - 00000000 ___HD C:\Program Files\CanonBJ 2013-11-05 10:47 - 2010-04-24 05:00 - 00336896 _____ (CANON INC.) C:\Windows\system32\CNMLM9W.DLL 2013-11-05 10:47 - 2009-03-18 09:10 - 00244736 _____ (CANON INC.) C:\Windows\system32\CNMIU9W.DLL 2013-11-05 10:47 - 2009-02-04 13:18 - 00104960 _____ (Canon Inc.) C:\Windows\system32\CNC250O.dll 2013-11-05 10:40 - 2013-11-05 10:46 - 49904760 _____ C:\Users\Adik1\Downloads\mpnx_3_0-win-3_05-ea23_2.exe 2013-11-05 10:40 - 2013-11-05 10:46 - 21130384 _____ C:\Users\Adik1\Downloads\mp68-win-mp250-1_05-ea24.exe 2013-11-03 10:34 - 2013-11-03 10:34 - 00657883 _____ C:\Users\Adik1\Downloads\1kw_11sek.zip 2013-11-03 10:34 - 2001-10-15 21:56 - 00880644 _____ C:\Users\Adik1\Downloads\1kW_11sek.mpg 2013-11-02 04:50 - 2011-10-21 16:35 - 02794522 _____ (SexGamesBox ) C:\Users\Adik1\Downloads\flying-pussies.exe 2013-11-01 10:30 - 2013-11-01 10:30 - 01431400 _____ C:\Users\Adik1\Downloads\ashampoo_virus_quickscan.exe 2013-11-01 10:22 - 2013-11-01 10:22 - 00492272 _____ C:\Users\Adik1\Downloads\ZDL_GOLD_STACK.wal 2013-11-01 09:54 - 2013-11-01 09:54 - 00753449 _____ C:\Users\Adik1\Downloads\Pimeer_Modern_v2.wal 2013-11-01 09:52 - 2013-11-05 14:43 - 00000000 ____D C:\Program Files (x86)\Winamp 2013-11-01 09:52 - 2013-11-01 09:54 - 00000000 ____D C:\Users\Adik1\AppData\Roaming\Winamp 2013-11-01 09:52 - 2013-11-01 09:52 - 00000979 _____ C:\Users\Public\Desktop\Winamp.lnk 2013-11-01 09:52 - 2013-11-01 09:52 - 00000000 ____D C:\Users\Adik1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Detektor Winampa 2013-11-01 09:52 - 2013-11-01 09:52 - 00000000 ____D C:\Program Files (x86)\Winamp Detect 2013-11-01 09:52 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll 2013-11-01 09:52 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll 2013-11-01 09:51 - 2013-11-01 09:51 - 13459952 _____ (Nullsoft, Inc.) C:\Users\Adik1\Downloads\winamp565_full_emusic-7plus_pl-pl.exe 2013-10-31 08:29 - 2013-10-31 08:29 - 00001857 _____ C:\Users\Adik1\Documents\adi.TXT 2013-10-31 07:59 - 2013-10-31 07:59 - 01607493 _____ C:\Users\Adik1\Downloads\tcd.zip 2013-10-31 07:59 - 2013-10-31 07:59 - 00286720 ____N (Microsoft Corporation) C:\Windows\Setup1.exe 2013-10-31 07:59 - 2013-10-31 07:59 - 00073216 _____ (Microsoft Corporation) C:\Windows\ST6UNST.EXE 2013-10-31 07:59 - 2013-10-31 07:59 - 00000000 ____D C:\Users\Adik1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tesla Coil Designer 2013-10-31 07:59 - 2001-10-17 22:16 - 01548104 _____ C:\Users\Adik1\Downloads\TCD.CAB 2013-10-31 07:59 - 2001-10-17 22:16 - 00003783 _____ C:\Users\Adik1\Downloads\SETUP.LST 2013-10-31 07:59 - 1998-06-18 00:00 - 00140800 _____ (Microsoft Corporation) C:\Users\Adik1\Downloads\setup.exe 2013-10-31 07:47 - 2013-10-31 07:47 - 00585174 _____ C:\Users\Adik1\Downloads\student.jpg.bmp ==================== One Month Modified Files and Folders ======= 2013-11-06 14:07 - 2013-11-06 14:07 - 00052824 _____ C:\Users\Adik1\Desktop\OTL.Txt 2013-11-06 14:07 - 2013-11-06 14:07 - 00039276 _____ C:\Users\Adik1\Desktop\Extras.Txt 2013-11-06 13:52 - 2009-07-14 18:55 - 00687590 _____ C:\Windows\system32\perfh015.dat 2013-11-06 13:52 - 2009-07-14 18:55 - 00131176 _____ C:\Windows\system32\perfc015.dat 2013-11-06 13:52 - 2009-07-14 06:13 - 01523412 _____ C:\Windows\system32\PerfStringBackup.INI 2013-11-06 13:51 - 2013-09-25 15:32 - 00146017 _____ C:\Windows\WindowsUpdate.log 2013-11-06 13:48 - 2013-09-25 20:40 - 00001042 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-11-06 13:48 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-11-06 13:48 - 2009-07-14 05:51 - 00020946 _____ C:\Windows\setupact.log 2013-11-06 10:52 - 2013-11-06 10:52 - 00891184 _____ C:\Users\Adik1\Desktop\SecurityCheck.exe 2013-11-06 10:52 - 2013-11-06 10:52 - 00000000 ____D C:\FRST 2013-11-06 10:51 - 2013-11-06 10:51 - 01957098 _____ (Farbar) C:\Users\Adik1\Desktop\FRST64.exe 2013-11-06 10:51 - 2013-11-06 10:51 - 00602112 _____ (OldTimer Tools) C:\Users\Adik1\Desktop\OTL.com 2013-11-06 10:51 - 2013-11-06 10:51 - 00259584 _____ (OldTimer Tools) C:\Users\Adik1\Desktop\OTH.com 2013-11-06 10:50 - 2013-11-06 10:50 - 00448512 _____ (OldTimer Tools) C:\Users\Adik1\Desktop\TFC.exe 2013-11-06 10:38 - 2013-09-25 20:46 - 00024088 _____ C:\Windows\PFRO.log 2013-11-05 21:25 - 2013-09-25 20:40 - 00001046 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-11-05 21:18 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Public\Libraries 2013-11-05 20:10 - 2013-09-25 20:25 - 00000000 ____D C:\Program Files (x86)\ATI Technologies 2013-11-05 20:06 - 2013-11-05 20:04 - 27201688 _____ (Advanced Micro Devices, Inc.) C:\Users\Adik1\Downloads\13-9_win7_win8_32-64_hydravision.exe 2013-11-05 19:59 - 2013-11-05 19:59 - 00103140 __RSH C:\tnmdj.exe 2013-11-05 14:43 - 2013-11-01 09:52 - 00000000 ____D C:\Program Files (x86)\Winamp 2013-11-05 14:43 - 2013-09-25 21:56 - 00000000 ____D C:\Program Files (x86)\Real Alternative 2013-11-05 14:43 - 2013-09-25 21:43 - 00000000 ____D C:\Program Files (x86)\ALLPlayer 2013-11-05 14:43 - 2013-09-25 21:40 - 00000000 ____D C:\Program Files (x86)\RMVB Player 2013-11-05 14:43 - 2013-09-25 20:27 - 00000000 ____D C:\Program Files\CCleaner 2013-11-05 14:24 - 2013-11-05 14:24 - 00000000 ____D C:\Nowy folder 2013-11-05 14:23 - 2009-07-14 05:45 - 00017120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-11-05 14:23 - 2009-07-14 05:45 - 00017120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-11-05 13:29 - 2013-11-05 13:28 - 00000000 ____D C:\Users\Adik1\AppData\Roaming\DAEMON Tools Lite 2013-11-05 13:28 - 2013-11-05 13:28 - 00103140 __RSH C:\xkntgk.pif 2013-11-05 13:28 - 2013-11-05 13:27 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite 2013-11-05 11:05 - 2013-11-05 11:05 - 00000000 ___HD C:\ProgramData\CanonIJScan 2013-11-05 11:05 - 2013-11-05 11:05 - 00000000 _____ C:\Users\Adik1\Sti_Trace.log 2013-11-05 11:05 - 2013-11-05 11:02 - 00000000 ____D C:\Users\Adik1\AppData\Roaming\Canon 2013-11-05 11:05 - 2013-09-25 15:35 - 00000000 ____D C:\Users\Adik1 2013-11-05 10:49 - 2013-11-05 10:49 - 00002095 _____ C:\Users\Public\Desktop\Canon MP Navigator EX 3.0.lnk 2013-11-05 10:49 - 2013-11-05 10:49 - 00000000 ____D C:\Program Files (x86)\Canon 2013-11-05 10:48 - 2013-11-05 10:48 - 00000000 ___HD C:\Windows\system32\CanonIJ Uninstaller Information 2013-11-05 10:48 - 2013-11-05 10:48 - 00000000 ___HD C:\ProgramData\CanonBJ 2013-11-05 10:48 - 2009-07-14 04:20 - 00000000 __RSD C:\Windows\Media 2013-11-05 10:47 - 2013-11-05 10:47 - 00000000 ___HD C:\Program Files\CanonBJ 2013-11-05 10:46 - 2013-11-05 10:40 - 49904760 _____ C:\Users\Adik1\Downloads\mpnx_3_0-win-3_05-ea23_2.exe 2013-11-05 10:46 - 2013-11-05 10:40 - 21130384 _____ C:\Users\Adik1\Downloads\mp68-win-mp250-1_05-ea24.exe 2013-11-04 09:26 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF 2013-11-03 10:34 - 2013-11-03 10:34 - 00657883 _____ C:\Users\Adik1\Downloads\1kw_11sek.zip 2013-11-01 10:30 - 2013-11-01 10:30 - 01431400 _____ C:\Users\Adik1\Downloads\ashampoo_virus_quickscan.exe 2013-11-01 10:22 - 2013-11-01 10:22 - 00492272 _____ C:\Users\Adik1\Downloads\ZDL_GOLD_STACK.wal 2013-11-01 09:54 - 2013-11-01 09:54 - 00753449 _____ C:\Users\Adik1\Downloads\Pimeer_Modern_v2.wal 2013-11-01 09:54 - 2013-11-01 09:52 - 00000000 ____D C:\Users\Adik1\AppData\Roaming\Winamp 2013-11-01 09:52 - 2013-11-01 09:52 - 00000979 _____ C:\Users\Public\Desktop\Winamp.lnk 2013-11-01 09:52 - 2013-11-01 09:52 - 00000000 ____D C:\Users\Adik1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Detektor Winampa 2013-11-01 09:52 - 2013-11-01 09:52 - 00000000 ____D C:\Program Files (x86)\Winamp Detect 2013-11-01 09:51 - 2013-11-01 09:51 - 13459952 _____ (Nullsoft, Inc.) C:\Users\Adik1\Downloads\winamp565_full_emusic-7plus_pl-pl.exe 2013-10-31 08:29 - 2013-10-31 08:29 - 00001857 _____ C:\Users\Adik1\Documents\adi.TXT 2013-10-31 07:59 - 2013-10-31 07:59 - 01607493 _____ C:\Users\Adik1\Downloads\tcd.zip 2013-10-31 07:59 - 2013-10-31 07:59 - 00286720 ____N (Microsoft Corporation) C:\Windows\Setup1.exe 2013-10-31 07:59 - 2013-10-31 07:59 - 00073216 _____ (Microsoft Corporation) C:\Windows\ST6UNST.EXE 2013-10-31 07:59 - 2013-10-31 07:59 - 00000000 ____D C:\Users\Adik1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tesla Coil Designer 2013-10-31 07:59 - 2013-09-25 15:35 - 00000000 ___RD C:\Users\Adik1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-10-31 07:47 - 2013-10-31 07:47 - 00585174 _____ C:\Users\Adik1\Downloads\student.jpg.bmp 2013-10-30 23:20 - 2013-09-25 20:40 - 00004042 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2013-10-30 23:20 - 2013-09-25 20:40 - 00003790 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore Some content of TEMP: ==================== C:\Users\Adik1\AppData\Local\Temp\loksby.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-11-01 16:48 ==================== End Of Log ============================