Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:01-06-2014 01 Ran by Asus (administrator) on ASUS-PC on 01-06-2014 22:11:16 Running from C:\Users\Asus\Desktop\komp Dawida Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Polish Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (Microsoft Corporation) C:\Windows\System32\conime.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [Zune Launcher] => C:\Program Files\Zune\ZuneLauncher.exe [159456 2011-08-05] (Microsoft Corporation) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-02-15] (AVAST Software) HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-21-3785081291-1902790920-3344881401-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.) HKU\S-1-5-21-3785081291-1902790920-3344881401-1000\...\MountPoints2: G - G:\AutoRun.exe HKU\S-1-5-21-3785081291-1902790920-3344881401-1000\...\MountPoints2: {01fe6565-cdd7-11e2-9021-00248ca8d0aa} - G:\AutoRun.exe HKU\S-1-5-21-3785081291-1902790920-3344881401-1000\...\MountPoints2: {20e5a630-dd14-11e3-be76-cb2b03d59e71} - G:\AutoRun.exe HKU\S-1-5-21-3785081291-1902790920-3344881401-1000\...\MountPoints2: {20e5a647-dd14-11e3-be76-cb2b03d59e71} - G:\AutoRun.exe HKU\S-1-5-21-3785081291-1902790920-3344881401-1000\...\MountPoints2: {26b715d7-d51e-11e2-a8c1-00248ca8d0aa} - G:\AutoRun.exe HKU\S-1-5-21-3785081291-1902790920-3344881401-1000\...\MountPoints2: {638fbb78-cbae-11e2-9b0e-00248ca8d0aa} - G:\AutoRun.exe HKU\S-1-5-21-3785081291-1902790920-3344881401-1000\...\MountPoints2: {684421d3-276e-11e3-80e4-ba28d675f816} - G:\AutoRun.exe HKU\S-1-5-21-3785081291-1902790920-3344881401-1000\...\MountPoints2: {684421f4-276e-11e3-80e4-ba28d675f816} - G:\AutoRun.exe HKU\S-1-5-21-3785081291-1902790920-3344881401-1000\...\MountPoints2: {9ee05081-3e3b-11e3-a7f1-c399d7da6909} - G:\AutoRun.exe HKU\S-1-5-21-3785081291-1902790920-3344881401-1000\...\MountPoints2: {d4f761f1-5a8f-11e3-b86c-e91c92ed5b8b} - I:\Startme.exe HKU\S-1-5-21-3785081291-1902790920-3344881401-1000\...\MountPoints2: {f67492db-bae5-11e2-a2e8-00248ca8d0aa} - G:\AutoRun.exe HKU\S-1-5-21-3785081291-1902790920-3344881401-1000\...\MountPoints2: {f6749310-bae5-11e2-a2e8-00248ca8d0aa} - G:\AutoRun.exe HKU\S-1-5-21-3785081291-1902790920-3344881401-1000\...\MountPoints2: {fbe9c1c3-d5f0-11e2-afcf-00248ca8d0aa} - G:\AutoRun.exe ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.exitingsearch.info/?pid=34&r=2014/03/02&hid=16023521000464819024&lg=EN&cc=PL&unqvl=50 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.exitingsearch.info/?pid=34&r=2014/03/02&hid=16023521000464819024&lg=EN&cc=PL&unqvl=50 SearchScopes: HKLM - DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.exitingsearch.info/?l=1&q={searchTerms}&pid=34&r=2014/03/02&hid=16023521000464819024&lg=EN&cc=PL&unqvl=50 SearchScopes: HKLM - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.exitingsearch.info/?l=1&q={searchTerms}&pid=34&r=2014/03/02&hid=16023521000464819024&lg=EN&cc=PL&unqvl=50 SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=148F0022438B9862&affID=119357&tsp=4960 SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=148F0022438B9862&affID=119357&tsp=4960 SearchScopes: HKCU - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.exitingsearch.info/?l=1&q={searchTerms}&pid=34&r=2014/03/02&hid=16023521000464819024&lg=EN&cc=PL&unqvl=50 BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) FireFox: ======== FF ProfilePath: C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\z5bliqsu.default FF DefaultSearchEngine: WebSearch FF SearchEngineOrder.1: WebSearch FF SearchEngineOrder.user_pref("browser.search.order.1,S", "WebSearch");: user_pref("browser.search.order.1,S", "WebSearch"); FF SelectedSearchEngine: WebSearch FF Homepage: hxxp://websearch.exitingsearch.info/?pid=34&r=2014/03/02&hid=16023521000464819024&lg=EN&cc=PL&unqvl=50 FF Keyword.URL: hxxp://websearch.exitingsearch.info/?pid=34&r=2014/03/02&hid=16023521000464819024&lg=EN&cc=PL&unqvl=50&l=1&q= FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll () FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF user.js: detected! => C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\z5bliqsu.default\user.js FF SearchPlugin: C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\z5bliqsu.default\searchplugins\ask-search.xml FF SearchPlugin: C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\z5bliqsu.default\searchplugins\babylon.xml FF SearchPlugin: C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\z5bliqsu.default\searchplugins\BrowserDefender.xml FF SearchPlugin: C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\z5bliqsu.default\searchplugins\delta.xml FF SearchPlugin: C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\z5bliqsu.default\searchplugins\metaCrawler.xml FF SearchPlugin: C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\z5bliqsu.default\searchplugins\WebSearch.xml FF Extension: FT Downloader - C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\z5bliqsu.default\Extensions\ftd@ftd.com [2013-08-11] FF Extension: Boston MarketOne - C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\z5bliqsu.default\Extensions\support@bostonmarketone.com [2013-08-07] FF Extension: SNT - C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\z5bliqsu.default\Extensions\yoaod9x@ycodinkn.net [2014-03-02] FF Extension: Fast Discountz - C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\z5bliqsu.default\Extensions\{2a4808f0-e451-4d0b-982a-bb0f44d3354d} [2013-09-11] FF Extension: FT Downloader - C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\z5bliqsu.default\Extensions\ftd@ftd.com.xpi [2013-06-26] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-11-03] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] ========================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-15] (AVAST Software) S2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [113704 2014-02-15] (AVAST Software) S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software) ==================== Drivers (Whitelisted) ==================== R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-02-15] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [54832 2014-02-15] (AVAST Software) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-01-13] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [775952 2014-02-15] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [410784 2014-02-15] (AVAST Software) R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57672 2014-02-15] (AVAST Software) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180248 2014-01-13] () R3 L1E; C:\Windows\System32\DRIVERS\L1E60x86.sys [48128 2008-12-16] (Atheros Communications, Inc.) R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2007-07-31] (ATK0100) R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1766592 2009-06-05] () S1 aswKbd; \??\C:\Windows\system32\drivers\aswKbd.sys [X] U5 aswNdis; C:\Windows\System32\Drivers\aswNdis.sys [12112 2014-02-15] (ALWIL Software) S0 aswNdis2; No ImagePath S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-01 22:09 - 2014-06-01 22:11 - 00000000 ____D () C:\FRST 2014-06-01 21:49 - 2014-06-01 22:11 - 00000000 ____D () C:\Users\Asus\Desktop\komp Dawida 2014-06-01 21:47 - 2014-06-01 21:48 - 00000787 _____ () C:\Windows\setupact.log 2014-06-01 21:47 - 2014-06-01 21:47 - 00000000 _____ () C:\Windows\setuperr.log 2014-05-16 20:32 - 2014-05-16 20:32 - 00000800 _____ () C:\Users\Public\Desktop\PLAY ONLINE.lnk 2014-05-16 20:32 - 2014-05-16 20:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PLAY ONLINE 2014-05-16 20:31 - 2008-09-26 18:04 - 00621056 _____ (DiBcom SA) C:\Windows\system32\Drivers\mod7700.sys 2014-05-16 20:31 - 2008-09-26 18:04 - 00113152 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbnet.sys 2014-05-16 20:31 - 2008-09-26 18:04 - 00101760 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbmdm.sys 2014-05-16 20:31 - 2008-09-26 18:03 - 00023424 _____ (Huawei Tech. Co., Ltd.) C:\Windows\system32\Drivers\ewdcsc.sys 2014-05-16 20:27 - 2014-05-16 20:32 - 00000000 ____D () C:\Program Files\PLAY ONLINE 2014-05-16 17:52 - 2014-05-16 17:52 - 00000000 ____D () C:\Windows\system32\vi-VN 2014-05-16 17:52 - 2014-05-16 17:52 - 00000000 ____D () C:\Windows\system32\eu-ES 2014-05-16 17:52 - 2014-05-16 17:52 - 00000000 ____D () C:\Windows\system32\ca-ES 2014-05-16 17:38 - 2014-06-01 21:46 - 00065536 _____ () C:\Windows\system32\Ikeext.etl 2014-05-16 17:20 - 2014-05-16 17:20 - 00000000 ____D () C:\Windows\system32\EventProviders ==================== One Month Modified Files and Folders ======= 2014-06-01 22:11 - 2014-06-01 22:09 - 00000000 ____D () C:\FRST 2014-06-01 22:11 - 2014-06-01 21:49 - 00000000 ____D () C:\Users\Asus\Desktop\komp Dawida 2014-06-01 22:11 - 2011-10-31 13:03 - 00000000 ____D () C:\Users\Asus\AppData\Local\Temp 2014-06-01 21:51 - 2008-01-21 08:24 - 00923036 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-06-01 21:51 - 2008-01-21 08:24 - 00155106 _____ () C:\Windows\system32\perfc015.dat 2014-06-01 21:51 - 2008-01-21 08:24 - 00013218 _____ () C:\Windows\system32\perfh015.dat 2014-06-01 21:50 - 2008-01-21 03:35 - 01227561 _____ () C:\Windows\WindowsUpdate.log 2014-06-01 21:48 - 2014-06-01 21:47 - 00000787 _____ () C:\Windows\setupact.log 2014-06-01 21:47 - 2014-06-01 21:47 - 00000000 _____ () C:\Windows\setuperr.log 2014-06-01 21:46 - 2014-05-16 17:38 - 00065536 _____ () C:\Windows\system32\Ikeext.etl 2014-06-01 21:46 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-06-01 21:46 - 2006-11-02 14:47 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-06-01 21:46 - 2006-11-02 14:47 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-06-01 21:02 - 2014-03-03 18:37 - 00000171 _____ () C:\Windows\disney.ini 2014-06-01 21:02 - 2011-11-03 20:25 - 00000000 ____D () C:\Program Files\Common Files\InstallShield 2014-06-01 21:02 - 2011-11-03 01:13 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2014-06-01 20:44 - 2013-08-07 12:48 - 00000000 ____D () C:\Users\Asus\AppData\Roaming\Skype 2014-05-16 20:32 - 2014-05-16 20:32 - 00000800 _____ () C:\Users\Public\Desktop\PLAY ONLINE.lnk 2014-05-16 20:32 - 2014-05-16 20:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PLAY ONLINE 2014-05-16 20:32 - 2014-05-16 20:27 - 00000000 ____D () C:\Program Files\PLAY ONLINE 2014-05-16 20:31 - 2012-04-25 23:31 - 00000930 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-05-16 20:31 - 2011-10-31 13:03 - 00000000 ____D () C:\Users\Asus 2014-05-16 20:22 - 2014-02-14 10:21 - 00000288 _____ () C:\Windows\Tasks\Digital Sites.job 2014-05-16 20:22 - 2013-11-10 21:22 - 00000288 _____ () C:\Windows\Tasks\DigitalSite.job 2014-05-16 20:04 - 2013-12-22 14:24 - 00000000 ____D () C:\Program Files\Fotojoker 2014-05-16 20:03 - 2013-04-08 18:42 - 00000000 ____D () C:\Program Files\Google 2014-05-16 20:02 - 2013-05-12 11:47 - 00000000 ____D () C:\Program Files\iPlus 2014-05-16 20:02 - 2013-04-08 18:43 - 00000000 ____D () C:\Users\Asus\AppData\Local\Google 2014-05-16 19:50 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\rescache 2014-05-16 19:46 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-05-16 19:39 - 2014-01-12 17:19 - 00000000 ____D () C:\Windows\Minidump 2014-05-16 18:20 - 2014-03-02 19:43 - 00000000 ____D () C:\ProgramData\SNT 2014-05-16 18:17 - 2014-03-02 19:42 - 00000000 ____D () C:\Program Files\SNT 2014-05-16 18:06 - 2006-11-02 15:01 - 00032624 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-05-16 17:59 - 2011-10-31 13:03 - 00000915 _____ () C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk 2014-05-16 17:55 - 2006-11-02 14:47 - 00228544 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-05-16 17:52 - 2014-05-16 17:52 - 00000000 ____D () C:\Windows\system32\vi-VN 2014-05-16 17:52 - 2014-05-16 17:52 - 00000000 ____D () C:\Windows\system32\eu-ES 2014-05-16 17:52 - 2014-05-16 17:52 - 00000000 ____D () C:\Windows\system32\ca-ES 2014-05-16 17:52 - 2008-01-21 08:23 - 00000000 ____D () C:\Windows\system32\Drivers\pl-PL 2014-05-16 17:52 - 2006-11-02 14:37 - 00000000 ____D () C:\Windows\system32\XPSViewer 2014-05-16 17:52 - 2006-11-02 14:37 - 00000000 ____D () C:\Program Files\Windows Sidebar 2014-05-16 17:52 - 2006-11-02 14:37 - 00000000 ____D () C:\Program Files\Windows Photo Gallery 2014-05-16 17:52 - 2006-11-02 14:37 - 00000000 ____D () C:\Program Files\Windows Journal 2014-05-16 17:52 - 2006-11-02 14:37 - 00000000 ____D () C:\Program Files\Windows Defender 2014-05-16 17:52 - 2006-11-02 14:37 - 00000000 ____D () C:\Program Files\Windows Collaboration 2014-05-16 17:52 - 2006-11-02 14:37 - 00000000 ____D () C:\Program Files\Windows Calendar 2014-05-16 17:52 - 2006-11-02 14:37 - 00000000 ____D () C:\Program Files\Movie Maker 2014-05-16 17:52 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\zh-TW 2014-05-16 17:52 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\zh-CN 2014-05-16 17:52 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\uk-UA 2014-05-16 17:52 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\tr-TR 2014-05-16 17:52 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\th-TH 2014-05-16 17:52 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\sv-SE 2014-05-16 17:52 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS 2014-05-16 17:52 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\SLUI 2014-05-16 17:52 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\sl-SI 2014-05-16 17:52 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\sk-SK 2014-05-16 17:52 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\ru-RU 2014-05-16 17:52 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\ro-RO 2014-05-16 17:52 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\pt-PT 2014-05-16 17:52 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\pt-BR 2014-05-16 17:52 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\pl-PL 2014-05-16 17:52 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\nl-NL 2014-05-16 17:52 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\nb-NO 2014-05-16 17:52 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\lv-LV 2014-05-16 17:52 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\lt-LT 2014-05-16 17:52 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\ko-KR 2014-05-16 17:52 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\ja-JP 2014-05-16 17:52 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\it-IT 2014-05-16 17:52 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\hu-HU 2014-05-16 17:52 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\hr-HR 2014-05-16 17:52 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\he-IL 2014-05-16 17:52 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\fr-FR 2014-05-16 17:52 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\fi-FI 2014-05-16 17:52 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\et-EE 2014-05-16 17:52 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\el-GR 2014-05-16 17:52 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\de-DE 2014-05-16 17:52 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\bg-BG 2014-05-16 17:52 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\ar-SA 2014-05-16 17:52 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers 2014-05-16 17:52 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\IME 2014-05-16 17:52 - 2006-11-02 13:18 - 00000000 ____D () C:\Program Files\Common Files\System 2014-05-16 17:42 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\tracing 2014-05-16 17:29 - 2013-08-04 21:22 - 00000000 ____D () C:\Users\Asus\AppData\Local\Facebook 2014-05-16 17:21 - 2013-11-10 21:50 - 00000000 ____D () C:\ProgramData\Package Cache 2014-05-16 17:20 - 2014-05-16 17:20 - 00000000 ____D () C:\Windows\system32\EventProviders ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-06-01 21:52 ==================== End Of Log ============================