Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-09-2013 03 Ran by Paweł (administrator) on PAWEŁ-KOMPUTER on 04-09-2013 20:24:39 Running from F:\ Microsoft Windows 7 Professional (X86) OS Language: Polish Internet Explorer Version 9 Boot Mode: Safe Mode (minimal) ==================== Processes (Whitelisted) =================== (Microsoft Corporation) C:\Windows\system32\cmd.exe (OldTimer Tools) F:\OTL.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2215064 2010-08-12] (ESET) HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-10-26] (Synaptics, Inc.) HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2012-01-03] (Adobe Systems Incorporated) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-02] (Adobe Systems Incorporated) HKLM\...\Run: [UIExec] - C:\Program Files\blueconnect\UIExec.exe [138072 2010-08-02] () HKLM\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software) HKCU\...\Run: [IPLA!] - C:\Program Files\ipla\ipla.exe [19856840 2012-01-31] (Redefine Sp z o.o.) HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [17877168 2012-11-09] (Skype Technologies S.A.) HKCU\...\Run: [GG] - C:\Users\Paweł\AppData\Local\GG\Application\gghub.exe [3365440 2013-05-23] (GG Network S.A.) MountPoints2: {8f4130d1-a989-11e2-b406-001b24ab2420} - F:\windows\Install\Install.exe MountPoints2: {9af1464d-5414-11e1-b3b1-001b24ab2420} - F:\Install.exe Startup: C:\Users\Paweł\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jirbsvdcupedlhlhmls.lnk ShortcutTarget: jirbsvdcupedlhlhmls.lnk -> C:\Users\PAWE~1\AppData\Local\Temp\slmhlhldepucdvsbrij.bfg () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.delta-search.com/?babsrc=HP_ss&mntrId=1024001B24AB2420&affID=119357&tsp=4980 SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=1024001B24AB2420&affID=119357&tsp=4980 SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=1024001B24AB2420&affID=119357&tsp=4980 SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://tbsearch.ask.com/redirect?client=ie&tb=PTV&o=15184&src=crm&q={searchTerms}&locale=en_US BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO: KMPlayer Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) Toolbar: HKLM - KMPlayer Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKCU -KMPlayer Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 85.128.107.242 213.134.134.134 FireFox: ======== FF ProfilePath: C:\Users\Paweł\AppData\Roaming\Mozilla\Firefox\Profiles\mv0u9xhs.default FF user.js: detected! => C:\Users\Paweł\AppData\Roaming\Mozilla\Firefox\Profiles\mv0u9xhs.default\user.js FF Homepage: user_pref("browser.startup.homepage", ); FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @real.com/nppl3260;version=6.0.12.450 - C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=6.0.12.448 - C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} FF HKLM\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird Chrome: ======= Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION CHR Extension: (Docs) - C:\Users\PAWE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0 CHR Extension: (Delta Toolbar) - C:\Users\PAWE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.4_0 CHR Extension: (Gmail) - C:\Users\PAWE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 ========================== Services (Whitelisted) ================= S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software) S3 EhttpSrv; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [33584 2010-08-12] (ESET) S2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [810144 2010-08-12] (ESET) S2 UI Assistant Service; C:\Program Files\blueconnect\AssistantServices.exe [247152 2010-08-02] () ==================== Drivers (Whitelisted) ==================== S2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-05-09] (AVAST Software) S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-05-09] (AVAST Software) S1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [61680 2013-05-09] (AVAST Software) S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-05-09] () S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-08-20] (AVAST Software) S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-08-20] (AVAST Software) S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-05-09] (AVAST Software) S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [175176 2013-08-20] () R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation) S2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [136632 2010-07-29] (ESET) S1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [115008 2010-07-29] (ESET) S2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [96920 2010-07-29] (ESET) S3 NETwLv32; C:\Windows\System32\DRIVERS\NETwLv32.sys [6639616 2010-10-07] (Intel Corporation) S3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] () ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-09-03 21:11 - 2013-09-04 19:50 - 00001122 _____ C:\Windows\setupact.log 2013-09-03 21:11 - 2013-09-03 21:11 - 00000000 _____ C:\Windows\setuperr.log 2013-09-03 21:06 - 2013-09-03 21:06 - 00000639 _____ C:\Users\Paweł\Desktop\Muzyka — skrót.lnk 2013-09-03 20:47 - 2013-09-03 20:47 - 00000697 _____ C:\Users\Paweł\Desktop\mariolka fotki — skrót.lnk 2013-09-03 20:47 - 2013-09-03 20:47 - 00000630 _____ C:\Users\Paweł\Desktop\Filmy — skrót.lnk 2013-09-03 20:46 - 2013-09-03 20:46 - 00000683 _____ C:\Users\Paweł\Desktop\Międzyzdroje — skrót.lnk 2013-09-03 20:46 - 2013-09-03 20:46 - 00000676 _____ C:\Users\Paweł\Desktop\nasze fotki — skrót.lnk 2013-09-03 20:46 - 2013-09-03 20:46 - 00000648 _____ C:\Users\Paweł\Desktop\Zdjęcia — skrót.lnk 2013-09-03 19:25 - 2013-09-04 19:54 - 00000000 ___SD C:\32788R22FWJFW 2013-09-03 19:25 - 2013-09-03 19:25 - 00000000 ____D C:\Windows\erdnt 2013-09-03 06:46 - 2013-09-03 06:46 - 00000000 ____D C:\Windows\system32\Extensions 2013-08-20 12:48 - 2013-08-20 12:48 - 00000000 ____D C:\Windows\system32\searchplugins 2013-08-20 11:21 - 2013-08-30 16:35 - 00002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2013-08-20 11:19 - 2013-09-04 19:48 - 00001030 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-08-20 11:19 - 2013-09-04 19:30 - 00001034 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-08-20 11:19 - 2013-08-20 11:19 - 00000175 _____ C:\Windows\system32\Drivers\aswVmm.sys.sum 2013-08-20 11:19 - 2013-08-20 11:19 - 00000175 _____ C:\Windows\system32\Drivers\aswSP.sys.sum 2013-08-20 11:19 - 2013-08-20 11:19 - 00000175 _____ C:\Windows\system32\Drivers\aswSnx.sys.sum 2013-08-20 11:18 - 2013-08-20 11:23 - 00000000 ____D C:\Users\PAWE~1\AppData\Local\Google 2013-08-20 11:18 - 2013-08-20 11:21 - 00000000 ____D C:\Program Files\Google 2013-08-20 11:18 - 2013-08-20 11:19 - 00770344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2013-08-20 11:18 - 2013-08-20 11:19 - 00369584 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2013-08-20 11:18 - 2013-08-20 11:19 - 00175176 _____ C:\Windows\system32\Drivers\aswVmm.sys 2013-08-20 11:18 - 2013-08-20 11:18 - 00002075 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2013-08-20 11:18 - 2013-05-09 10:59 - 00066336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2013-08-20 11:18 - 2013-05-09 10:59 - 00061680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2013-08-20 11:18 - 2013-05-09 10:59 - 00056080 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys 2013-08-20 11:18 - 2013-05-09 10:59 - 00049376 _____ C:\Windows\system32\Drivers\aswRvrt.sys 2013-08-20 11:18 - 2013-05-09 10:59 - 00029816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys 2013-08-20 11:18 - 2013-05-09 10:58 - 00229648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2013-08-20 11:16 - 2013-08-20 11:16 - 00000000 ____D C:\Program Files\AVAST Software 2013-08-20 11:16 - 2013-05-09 10:58 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr 2013-08-20 11:14 - 2013-08-20 11:16 - 00000000 ____D C:\ProgramData\AVAST Software 2013-08-20 11:13 - 2013-08-20 11:13 - 117478104 _____ C:\Users\Paweł\Downloads\avast_free_antivirus_setup.exe 2013-08-20 11:09 - 2013-08-20 11:09 - 00000000 ____D C:\Users\Paweł\AppData\Roaming\Babylon 2013-08-20 11:09 - 2013-08-20 11:09 - 00000000 ____D C:\ProgramData\Babylon 2013-08-20 11:08 - 2013-08-20 11:08 - 00715888 _____ C:\Users\Paweł\Downloads\avast-Free-Antivirus(13266).exe 2013-08-18 19:50 - 2013-08-20 11:10 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-08-14 12:30 - 2013-08-14 12:31 - 00000000 ____D C:\Windows\system32\MRT ==================== One Month Modified Files and Folders ======= 2013-09-04 20:24 - 2013-09-04 20:24 - 00000000 ____D C:\FRST 2013-09-04 19:54 - 2013-09-03 19:25 - 00000000 ___SD C:\32788R22FWJFW 2013-09-04 19:50 - 2013-09-03 21:11 - 00001122 _____ C:\Windows\setupact.log 2013-09-04 19:49 - 2013-06-06 11:28 - 00000000 ____D C:\Users\Paweł\AppData\Roaming\GG 2013-09-04 19:49 - 2012-04-06 20:22 - 00000000 ____D C:\Users\Paweł\AppData\Roaming\ipla 2013-09-04 19:48 - 2013-08-20 11:19 - 00001030 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-09-04 19:48 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-09-04 19:42 - 2011-12-28 16:46 - 01523412 _____ C:\Windows\system32\PerfStringBackup.INI 2013-09-04 19:42 - 2009-07-19 13:48 - 00687590 _____ C:\Windows\system32\perfh015.dat 2013-09-04 19:42 - 2009-07-19 13:48 - 00131176 _____ C:\Windows\system32\perfc015.dat 2013-09-04 19:34 - 2011-12-28 16:38 - 01908741 _____ C:\Windows\WindowsUpdate.log 2013-09-04 19:30 - 2013-08-20 11:19 - 00001034 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-09-04 19:15 - 2009-07-14 06:34 - 00020720 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-09-04 19:15 - 2009-07-14 06:34 - 00020720 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-09-04 03:31 - 2011-12-31 10:54 - 00000000 ____D C:\Users\Paweł\AppData\Roaming\Skype 2013-09-03 21:11 - 2013-09-03 21:11 - 00000000 _____ C:\Windows\setuperr.log 2013-09-03 21:11 - 2011-12-28 21:42 - 00009724 _____ C:\Windows\PFRO.log 2013-09-03 21:06 - 2013-09-03 21:06 - 00000639 _____ C:\Users\Paweł\Desktop\Muzyka — skrót.lnk 2013-09-03 20:47 - 2013-09-03 20:47 - 00000697 _____ C:\Users\Paweł\Desktop\mariolka fotki — skrót.lnk 2013-09-03 20:47 - 2013-09-03 20:47 - 00000630 _____ C:\Users\Paweł\Desktop\Filmy — skrót.lnk 2013-09-03 20:46 - 2013-09-03 20:46 - 00000683 _____ C:\Users\Paweł\Desktop\Międzyzdroje — skrót.lnk 2013-09-03 20:46 - 2013-09-03 20:46 - 00000676 _____ C:\Users\Paweł\Desktop\nasze fotki — skrót.lnk 2013-09-03 20:46 - 2013-09-03 20:46 - 00000648 _____ C:\Users\Paweł\Desktop\Zdjęcia — skrót.lnk 2013-09-03 19:25 - 2013-09-03 19:25 - 00000000 ____D C:\Windows\erdnt 2013-09-03 06:46 - 2013-09-03 06:46 - 00000000 ____D C:\Windows\system32\Extensions 2013-08-30 16:35 - 2013-08-20 11:21 - 00002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2013-08-20 13:49 - 2012-03-11 23:16 - 00000000 ____D C:\Program Files\v9Soft 2013-08-20 12:48 - 2013-08-20 12:48 - 00000000 ____D C:\Windows\system32\searchplugins 2013-08-20 11:23 - 2013-08-20 11:18 - 00000000 ____D C:\Users\PAWE~1\AppData\Local\Google 2013-08-20 11:21 - 2013-08-20 11:18 - 00000000 ____D C:\Program Files\Google 2013-08-20 11:19 - 2013-08-20 11:19 - 00000175 _____ C:\Windows\system32\Drivers\aswVmm.sys.sum 2013-08-20 11:19 - 2013-08-20 11:19 - 00000175 _____ C:\Windows\system32\Drivers\aswSP.sys.sum 2013-08-20 11:19 - 2013-08-20 11:19 - 00000175 _____ C:\Windows\system32\Drivers\aswSnx.sys.sum 2013-08-20 11:19 - 2013-08-20 11:18 - 00770344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2013-08-20 11:19 - 2013-08-20 11:18 - 00369584 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2013-08-20 11:19 - 2013-08-20 11:18 - 00175176 _____ C:\Windows\system32\Drivers\aswVmm.sys 2013-08-20 11:18 - 2013-08-20 11:18 - 00002075 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2013-08-20 11:18 - 2009-07-14 04:04 - 00002577 _____ C:\Windows\system32\config.nt 2013-08-20 11:16 - 2013-08-20 11:16 - 00000000 ____D C:\Program Files\AVAST Software 2013-08-20 11:16 - 2013-08-20 11:14 - 00000000 ____D C:\ProgramData\AVAST Software 2013-08-20 11:13 - 2013-08-20 11:13 - 117478104 _____ C:\Users\Paweł\Downloads\avast_free_antivirus_setup.exe 2013-08-20 11:10 - 2013-08-18 19:50 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-08-20 11:09 - 2013-08-20 11:09 - 00000000 ____D C:\Users\Paweł\AppData\Roaming\Babylon 2013-08-20 11:09 - 2013-08-20 11:09 - 00000000 ____D C:\ProgramData\Babylon 2013-08-20 11:08 - 2013-08-20 11:08 - 00715888 _____ C:\Users\Paweł\Downloads\avast-Free-Antivirus(13266).exe 2013-08-20 06:46 - 2012-04-28 15:09 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2013-08-14 12:31 - 2013-08-14 12:30 - 00000000 ____D C:\Windows\system32\MRT 2013-08-14 12:30 - 2011-12-28 17:50 - 75778376 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-08-14 12:29 - 2011-12-28 21:19 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-08-06 20:30 - 2011-12-28 16:42 - 00000000 ____D C:\Users\Paweł 2013-08-05 06:52 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\NDF Files to move or delete: ==================== C:\Windows\System32\mctadmin.exe C:\Users\PAWE~1\AppData\Local\Temp\slmhlhldepucdvsbrij.bfg C:\Users\PAWE~1\AppData\Local\Temp\uninst1.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-08-24 10:29 ==================== End Of Log ============================