Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-11-2013 Ran by Klaudia (administrator) on KLAUDIA30 on 24-11-2013 20:49:48 Running from C:\Users\Klaudia\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: Polish Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\TiMiniService.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\TiResumeSrv.exe () C:\Program Files (x86)\Cyfrowy Polsat\MF669\AssistantServices.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ASUS) C:\Windows\AsScrPro.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe () C:\Program Files (x86)\Cyfrowy Polsat\MF669\CancelAutoPlay.exe () C:\Program Files (x86)\Cyfrowy Polsat\MF669\UIExec.exe (Microsoft Corporation) C:\Windows\System32\alg.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [VizorHtmlDialog.exe] - C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe [1123664 2010-10-08] (Trend Micro Inc.) HKLM\...\Run: [Trend Micro Client Framework] - C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe [192520 2010-10-12] (Trend Micro Inc.) HKLM\...\Run: [Trend Micro Titanium] - C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe [322384 2010-09-17] (Trend Micro Inc.) HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2278504 2011-10-14] (Realtek Semiconductor) HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2587944 2010-12-31] (ELAN Microelectronics Corp.) MountPoints2: F - F:\Windows/Autorun.exe MountPoints2: {8901bbf1-2aa7-11e3-82a9-9cb70d3661e5} - F:\start.exe MountPoints2: {c7f2025e-4c7d-11e3-b0a9-00a0c6000000} - F:\Windows/Autorun.exe MountPoints2: {c9864275-40cc-11e3-b35d-9cb70d3661e5} - F:\Windows/Autorun.exe MountPoints2: {d0a31e95-4ecf-11e2-a0db-9cb70d3661e5} - F:\ICM_Manager.exe HKLM-x32\...\Run: [ASUSPRP] - C:\Program Files (x86)\ASUS\APRP\aprp.exe [3331312 2011-10-19] (ASUSTek Computer Inc.) HKLM-x32\...\Run: [ATKOSD2] - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS) HKLM-x32\...\Run: [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS) HKLM-x32\...\Run: [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS) HKLM-x32\...\Run: [Wireless Console 3] - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2255360 2011-06-10] (ASUS) HKLM-x32\...\Run: [CancelAutoPlay] - C:\Program Files (x86)\Cyfrowy Polsat\MF669\CancelAutoPlay.exe [414544 2011-12-27] () HKLM-x32\...\Run: [UIExec] - C:\Program Files (x86)\Cyfrowy Polsat\MF669\UIExec.exe [156448 2012-05-11] () AppInit_DLLs: [ ] () AppInit_DLLs-x32: [ ] () ==================== Internet (Whitelisted) ==================== StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKCU - {6B1E2A6C-EA77-4451-84DE-C7A37200249B} URL = http://searchou.com/?q={searchTerms}&id=6459e9a60000000000009ab70d3661e5&r=234 BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.) BHO-x32: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.) Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.) Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.) Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.) FireFox: ======== FF ProfilePath: C:\Users\Klaudia\AppData\Roaming\Mozilla\Firefox\Profiles\7tujs6vb.default FF Homepage: hxxp://www.google.pl FF NetworkProxy: "type", 0 FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: ZEON/PDF,version=2.0 - C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation) FF SearchPlugin: C:\Users\Klaudia\AppData\Roaming\Mozilla\Firefox\Profiles\7tujs6vb.default\searchplugins\privitize.xml FF Extension: No Name - C:\Users\Klaudia\AppData\Roaming\Mozilla\Firefox\Profiles\7tujs6vb.default\Extensions\zo7.u@vglyeoi-r.org FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension\ FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension\ Chrome: ======= CHR Extension: (Privitize Chrome Toolbar) - C:\Users\Klaudia\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhfcbmlocifngpbjdpgnkbjmgkadkjpp\1.0_0 CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-07-14] (Advanced Micro Devices, Inc.) R2 TiMiniService; C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [241488 2010-09-17] (Trend Micro Inc.) R2 UI Assistant Service; C:\Program Files (x86)\Cyfrowy Polsat\MF669\AssistantServices.exe [274720 2012-05-11] () S3 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 [x] ==================== Drivers (Whitelisted) ==================== R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( ) S3 ss_bserd; C:\Windows\System32\DRIVERS\ss_bserd.sys [128000 2010-07-28] (MCCI Corporation) R2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [90704 2010-09-17] (Trend Micro Inc.) R2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [144464 2010-09-17] (Trend Micro Inc.) R2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [67664 2010-09-17] (Trend Micro Inc.) R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105552 2010-09-17] (Trend Micro Inc.) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-11-24 20:49 - 2013-11-24 20:50 - 00009364 _____ C:\Users\Klaudia\Desktop\FRST.txt 2013-11-24 20:49 - 2013-11-24 20:49 - 00079654 _____ C:\Users\Klaudia\Desktop\Extras.Txt 2013-11-24 20:44 - 2013-11-24 20:44 - 00071626 _____ C:\Users\Klaudia\Desktop\OTL.Txt 2013-11-24 19:52 - 2013-11-24 19:52 - 00000000 ____D C:\FRST 2013-11-24 19:52 - 2013-11-24 19:41 - 01958440 _____ (Farbar) C:\Users\Klaudia\Desktop\FRST64.exe 2013-11-24 19:52 - 2013-11-24 19:41 - 00602112 _____ (OldTimer Tools) C:\Users\Klaudia\Desktop\OTL.scr 2013-11-24 19:21 - 2013-11-24 19:47 - 00000000 ____D C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP 2013-11-24 17:52 - 2013-11-24 20:04 - 00000168 _____ C:\Windows\setupact.log 2013-11-24 17:52 - 2013-11-24 17:52 - 00000000 _____ C:\Windows\setuperr.log 2013-11-24 17:51 - 2013-11-24 19:17 - 00001848 _____ C:\Windows\PFRO.log 2013-11-24 17:42 - 2013-11-24 17:42 - 00000000 ____D C:\Program Files\CCleaner 2013-11-24 14:40 - 2013-11-24 13:57 - 01381864 _____ (Anvisoft Corporation) C:\Users\Klaudia\Desktop\AnviUnIns.exe 2013-11-24 14:40 - 2013-11-24 13:25 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Klaudia\Desktop\SpyHunter-Installer.exe 2013-11-24 14:40 - 2013-11-24 13:18 - 01091882 _____ C:\Users\Klaudia\Desktop\adwcleaner.exe 2013-11-24 14:40 - 2013-11-23 22:14 - 01402880 _____ C:\Users\Klaudia\Desktop\HiJackThis.msi 2013-11-24 14:07 - 2013-11-24 14:07 - 00000000 ____D C:\Program Files (x86)\Anvisoft 2013-11-24 13:20 - 2013-11-24 20:03 - 00000000 ____D C:\AdwCleaner 2013-11-23 21:24 - 2013-11-23 21:24 - 00000000 ____D C:\Users\Klaudia\AppData\Local\avgchrome 2013-11-17 10:46 - 2013-11-17 10:46 - 00051992 _____ (cake bake) C:\Program Files (x86)\WBDesktop.Updater.1.0.0.17.exe 2013-11-13 17:24 - 2013-11-13 17:24 - 00000022 _____ C:\Users\Klaudia\Desktop\klaudia korytowska.zip 2013-11-11 16:19 - 2013-11-11 16:19 - 00015677 _____ C:\Users\Klaudia\Documents\klaaudia korytowska.wlmp 2013-11-05 12:09 - 2013-11-12 08:13 - 00000000 ____D C:\Users\Klaudia\AppData\Roaming\RedApp 2013-11-05 12:09 - 2013-11-05 12:09 - 00000000 ____D C:\ProgramData\RedApp 2013-11-05 12:07 - 2013-11-05 12:07 - 01700352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdiplus.dll 2013-11-05 12:07 - 2013-11-05 12:07 - 01060864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71.dll 2013-11-05 12:07 - 2013-11-05 12:07 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll 2013-11-05 12:07 - 2013-11-05 12:07 - 00000000 ____D C:\Program Files (x86)\RedApp 2013-11-05 12:06 - 2011-09-15 11:01 - 01009744 _____ (DiBcom SA) C:\Windows\system32\Drivers\mod7700.sys 2013-11-05 12:06 - 2011-09-15 11:01 - 00151040 _____ (ZTE Corporation) C:\Windows\system32\Drivers\ZTEusbnet.sys 2013-11-05 12:06 - 2011-09-15 11:01 - 00123520 _____ (ZTE Incorporated) C:\Windows\system32\Drivers\ZTEusbnmeaext2.sys 2013-11-05 12:06 - 2011-09-15 11:01 - 00123520 _____ (ZTE Incorporated) C:\Windows\system32\Drivers\ZTEusbnmeaext.sys 2013-11-05 12:06 - 2011-09-15 11:01 - 00123520 _____ (ZTE Incorporated) C:\Windows\system32\Drivers\ZTEusbgps.sys 2013-11-05 12:06 - 2011-09-15 11:01 - 00123520 _____ (ZTE Incorporated) C:\Windows\system32\Drivers\ZTEusbdvbh.sys 2013-11-05 12:06 - 2011-09-15 11:01 - 00123264 _____ (ZTE Incorporated) C:\Windows\system32\Drivers\ZTEusbser6k.sys 2013-11-05 12:06 - 2011-09-15 11:01 - 00123264 _____ (ZTE Incorporated) C:\Windows\system32\Drivers\ZTEusbnmea.sys 2013-11-05 12:06 - 2011-09-15 11:01 - 00123264 _____ (ZTE Incorporated) C:\Windows\system32\Drivers\ZTEusbmdm6k.sys 2013-11-05 12:06 - 2011-09-15 11:01 - 00011776 _____ (MBB Incorporated) C:\Windows\system32\Drivers\massfilter.sys 2013-11-05 12:05 - 2013-11-05 12:05 - 00001920 _____ C:\Users\Public\Desktop\Cyfrowy Polsat MF669.lnk 2013-11-05 12:04 - 2013-11-05 12:05 - 00000000 ____D C:\Windows\SysWOW64\SupportAppCB 2013-11-05 12:04 - 2013-11-05 12:04 - 00000000 ____D C:\Program Files (x86)\Cyfrowy Polsat ==================== One Month Modified Files and Folders ======= 2013-11-24 20:50 - 2013-11-24 20:49 - 00009364 _____ C:\Users\Klaudia\Desktop\FRST.txt 2013-11-24 20:49 - 2013-11-24 20:49 - 00079654 _____ C:\Users\Klaudia\Desktop\Extras.Txt 2013-11-24 20:45 - 2012-02-03 00:47 - 01948783 _____ C:\Windows\WindowsUpdate.log 2013-11-24 20:44 - 2013-11-24 20:44 - 00071626 _____ C:\Users\Klaudia\Desktop\OTL.Txt 2013-11-24 20:13 - 2009-07-14 05:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-11-24 20:13 - 2009-07-14 05:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-11-24 20:10 - 2011-02-19 06:40 - 00008596 _____ C:\Windows\system32\perfh00E.dat 2013-11-24 20:10 - 2011-02-19 06:40 - 00007114 _____ C:\Windows\system32\perfc00E.dat 2013-11-24 20:10 - 2011-02-19 06:36 - 00669708 _____ C:\Windows\system32\perfh005.dat 2013-11-24 20:10 - 2011-02-19 06:36 - 00143734 _____ C:\Windows\system32\perfc005.dat 2013-11-24 20:10 - 2011-02-19 06:31 - 00017198 _____ C:\Windows\system32\perfh015.dat 2013-11-24 20:10 - 2011-02-19 06:31 - 00006986 _____ C:\Windows\system32\perfc015.dat 2013-11-24 20:10 - 2009-07-14 06:13 - 00840198 _____ C:\Windows\system32\PerfStringBackup.INI 2013-11-24 20:05 - 2013-07-04 11:32 - 00000378 ____H C:\Windows\Tasks\MagniPicUpdaterTask{DD50012D-C618-40DD-B9BE-9F0E185AA7F9}.job 2013-11-24 20:05 - 2013-07-01 13:40 - 00000374 _____ C:\Windows\system32\Drivers\etc\hosts.ics 2013-11-24 20:04 - 2013-11-24 17:52 - 00000168 _____ C:\Windows\setupact.log 2013-11-24 20:04 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-11-24 20:03 - 2013-11-24 13:20 - 00000000 ____D C:\AdwCleaner 2013-11-24 19:52 - 2013-11-24 19:52 - 00000000 ____D C:\FRST 2013-11-24 19:47 - 2013-11-24 19:21 - 00000000 ____D C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP 2013-11-24 19:41 - 2013-11-24 19:52 - 01958440 _____ (Farbar) C:\Users\Klaudia\Desktop\FRST64.exe 2013-11-24 19:41 - 2013-11-24 19:52 - 00602112 _____ (OldTimer Tools) C:\Users\Klaudia\Desktop\OTL.scr 2013-11-24 19:17 - 2013-11-24 17:51 - 00001848 _____ C:\Windows\PFRO.log 2013-11-24 17:52 - 2013-11-24 17:52 - 00000000 _____ C:\Windows\setuperr.log 2013-11-24 17:52 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\tracing 2013-11-24 17:43 - 2012-10-07 19:11 - 00000000 ____D C:\Windows\Minidump 2013-11-24 17:43 - 2009-07-29 07:03 - 00000000 ____D C:\Windows\Panther 2013-11-24 17:42 - 2013-11-24 17:42 - 00000000 ____D C:\Program Files\CCleaner 2013-11-24 17:36 - 2011-10-19 23:48 - 00000000 ____D C:\Program Files (x86)\Windows Live 2013-11-24 16:28 - 2011-10-19 23:59 - 00000000 ____D C:\Program Files (x86)\ASUS 2013-11-24 16:19 - 2011-10-20 00:08 - 00000000 ____D C:\AsusVibeData 2013-11-24 16:07 - 2012-04-25 15:43 - 00000000 ___HD C:\ASUS.DAT 2013-11-24 14:07 - 2013-11-24 14:07 - 00000000 ____D C:\Program Files (x86)\Anvisoft 2013-11-24 13:57 - 2013-11-24 14:40 - 01381864 _____ (Anvisoft Corporation) C:\Users\Klaudia\Desktop\AnviUnIns.exe 2013-11-24 13:48 - 2012-04-25 15:42 - 00045056 _____ C:\Windows\SysWOW64\acovcnt.exe 2013-11-24 13:25 - 2013-11-24 14:40 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Klaudia\Desktop\SpyHunter-Installer.exe 2013-11-24 13:22 - 2012-05-14 08:54 - 00001178 _____ C:\Users\Klaudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2013-11-24 13:18 - 2013-11-24 14:40 - 01091882 _____ C:\Users\Klaudia\Desktop\adwcleaner.exe 2013-11-23 22:14 - 2013-11-24 14:40 - 01402880 _____ C:\Users\Klaudia\Desktop\HiJackThis.msi 2013-11-23 21:24 - 2013-11-23 21:24 - 00000000 ____D C:\Users\Klaudia\AppData\Local\avgchrome 2013-11-17 10:46 - 2013-11-17 10:46 - 00051992 _____ (cake bake) C:\Program Files (x86)\WBDesktop.Updater.1.0.0.17.exe 2013-11-17 10:38 - 2012-02-03 01:07 - 00001216 _____ C:\Windows\system32\ServiceFilter.ini 2013-11-13 17:24 - 2013-11-13 17:24 - 00000022 _____ C:\Users\Klaudia\Desktop\klaudia korytowska.zip 2013-11-12 08:13 - 2013-11-05 12:09 - 00000000 ____D C:\Users\Klaudia\AppData\Roaming\RedApp 2013-11-11 16:19 - 2013-11-11 16:19 - 00015677 _____ C:\Users\Klaudia\Documents\klaaudia korytowska.wlmp 2013-11-11 15:38 - 2013-10-01 15:53 - 00000000 ____D C:\Users\Klaudia\NE 2013-11-05 13:00 - 2012-02-03 01:07 - 00001818 _____ C:\Windows\system32\AutoRunFilter.ini 2013-11-05 12:09 - 2013-11-05 12:09 - 00000000 ____D C:\ProgramData\RedApp 2013-11-05 12:07 - 2013-11-05 12:07 - 01700352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdiplus.dll 2013-11-05 12:07 - 2013-11-05 12:07 - 01060864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71.dll 2013-11-05 12:07 - 2013-11-05 12:07 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll 2013-11-05 12:07 - 2013-11-05 12:07 - 00000000 ____D C:\Program Files (x86)\RedApp 2013-11-05 12:05 - 2013-11-05 12:05 - 00001920 _____ C:\Users\Public\Desktop\Cyfrowy Polsat MF669.lnk 2013-11-05 12:05 - 2013-11-05 12:04 - 00000000 ____D C:\Windows\SysWOW64\SupportAppCB 2013-11-05 12:04 - 2013-11-05 12:04 - 00000000 ____D C:\Program Files (x86)\Cyfrowy Polsat 2013-11-05 12:04 - 2012-02-03 00:53 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information Files to move or delete: ==================== C:\ProgramData\SetWallpaper.exe Some content of TEMP: ==================== C:\Users\Klaudia\AppData\Local\Temp\eauninstall.exe C:\Users\Klaudia\AppData\Local\Temp\Quarantine.exe C:\Users\Klaudia\AppData\Local\Temp\SHSetup.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-07-05 18:39 ==================== End Of Log ============================