Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 30-08-2013 01 Ran by Leszek (administrator) on LESZEK-3 on 31-08-2013 10:17:09 Running from D:\Leszek\Documents\Z_Internetu\!_Diagnostyka www.fixtpc.pl\03_Farbar Recovery Scan Tool_FRST_ Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Polish Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe () C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe (Microsoft Corporation) C:\Windows\system32\schtasks.exe () C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe (Option) C:\Program Files\ERA\GlobeTrotter Connect\GtDetectSc.exe () C:\ProgramData\DatacardService\HWDeviceService.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe ( ) C:\Windows\system32\lxdncoms.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (COMPANYVERS_NAME) C:\PROGRA~1\VIDEOD~2\bar\1.bin\4zbarsvc.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe () C:\Program Files\Lexmark 2600 Series\lxdnmon.exe (Lexmark International Inc.) C:\Program Files\Lexmark 2600 Series\ezprint.exe (AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe () C:\Program Files\Lexmark 2600 Series\lxdnMsdMon.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (VER_COMPANY_NAME) C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbrmon.exe () C:\Program Files\AVG Secure Search\vprot.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Somoto) C:\Program Files\FilesFrog Update Checker\update_checker.exe (Nokia) D:\Program Files\Nokia PC Suite 7\PCSuite.exe (Nokia) C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe () D:\Program Files\PLAY ONLINE\PLAY ONLINE.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe (Era) C:\Program Files\ERA\GlobeTrotter Connect\GlobeTrotter Connect.exe () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\loggingserver.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Nokia) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE (C. Ghisler & Co.) C:\Program Files\wincmd 5_00\WINCMD32.EXE (C. Ghisler & Co.) C:\Program Files\wincmd 5_00\WINCMD32.EXE (OldTimer Tools) D:\Leszek\Documents\Z_Internetu\!_Diagnostyka www.fixtpc.pl\01_OTL\OTL.exe (WebConnect) C:\Program Files\WebConnect\updateWebConnect.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [lxdnmon.exe] - C:\Program Files\Lexmark 2600 Series\lxdnmon.exe [660136 2010-02-04] () HKLM\...\Run: [EzPrint] - C:\Program Files\Lexmark 2600 Series\ezprint.exe [107176 2010-02-04] (Lexmark International Inc.) HKLM\...\Run: [lxdnamon] - C:\Program Files\Lexmark 2600 Series\lxdnamon.exe [16040 2008-03-27] () HKLM\...\Run: [avgnt (1)] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [345144 2013-06-24] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [avgnt (2)] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [345144 2013-06-24] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [VideoDownloadConverter Search Scope Monitor] - C:\PROGRA~1\VIDEOD~2\bar\1.bin\4zsrchmn.exe [42536 2012-11-02] (MindSpark) HKLM\...\Run: [VideoDownloadConverter_4z Browser Plugin Loader] - C:\PROGRA~1\VIDEOD~2\bar\1.bin\4zbrmon.exe [30096 2012-11-02] (VER_COMPANY_NAME) HKLM\...\Run: [vProt] - C:\Program Files\AVG Secure Search\vprot.exe [2314416 2013-08-21] () HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [345144 2013-06-24] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM\...\Runonce: [Del5544500] - cmd.exe /Q /D /c del "C:\Users\Leszek\AppData\Local\Temp\0.del" [x] HKCU\...\Run: [SDP] - C:\Program Files\FilesFrog Update Checker\update_checker.exe [201808 2012-10-03] (Somoto) HKCU\...\Run: [] - [x] HKCU\...\Run: [HW_OPENEYE_OUC_] - D:\Program Files\PLAY ONLINE\UpdateDog\ouc.exe [110592 2009-04-14] (Huawei Technologies Co., Ltd.) HKCU\...\Run: [PC Suite Tray] - D:\Program Files\Nokia PC Suite 7\PCSuite.exe [1516632 2012-06-26] (Nokia) HKCU\...\Run: [NokiaSuite.exe] - C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [1088424 2012-10-13] (Nokia) HKCU\...\Run: [Mobile Partner] - D:\Program Files\PLAY ONLINE\PLAY ONLINE.exe [114688 2012-07-29] () HKCU\...\Run: [NTRedirect] - C:\Users\Leszek\AppData\Roaming\BabSolution\Shared\enhancedNT.dll [187888 2013-08-22] () HKCU\...\Runonce: [Del5544500] - cmd.exe /Q /D /c del "C:\Users\Leszek\AppData\Local\Temp\0.del" [x] MountPoints2: {d4cc0431-359e-11e2-bec5-001e101f7fb6} - H:\AutoRun.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GlobeTrotter Connect.lnk ShortcutTarget: GlobeTrotter Connect.lnk -> C:\Program Files\ERA\GlobeTrotter Connect\GlobeTrotter Connect.exe (Era) Startup: C:\Users\Leszek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PR. PULPITU i str. Internetowe.doc — skrót.lnk ShortcutTarget: PR. PULPITU i str. Internetowe.doc — skrót.lnk -> D:\Leszek\Documents\Internet\PR. PULPITU i str. Internetowe.doc () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www2.delta-search.com/?babsrc=HP_ss&mntrId=6433001E101F82A0&affID=119357&tsp=4991 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?utm_source=b&utm_medium=vlt&from=vlt&uid=ST3250823AS_3ND1MG3S____3ND1MG3S&ts=1351463222 HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www2.delta-search.com/?babsrc=HP_ss&mntrId=6433001E101F82A0&affID=119357&tsp=4991 URLSearchHook: SimilarSites - {FE69C007-C452-4d3e-86D2-1730DF8BC871} - C:\Program Files\SimilarSites\similarsites.dll (SimilarGroup) SearchScopes: HKLM - {cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=HJxdm073YYpl&ptnrS=HJxdm073YYpl&si=pconverter&ptb=1C287CA9-E314-4BEA-BBB7-B6F181ABF07A&ind=2012110200&n=77ee5d78&psa=&st=sb&searchfor={searchTerms} SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=6433001E101F82A0&affID=119357&tsp=4991 SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.v9.com/web/?q={searchTerms} SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=6433001E101F82A0&affID=119357&tsp=4991 SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.v9.com/web/?q={searchTerms} SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={1561FCCC-7DB1-425E-81DB-0137A7047536}&mid=5a9b3c72dab3480db8d203db7ebf2128-06217255473e678a0327a943cf1f87f9c4774acd&lang=pl&ds=ax011&pr=&d=2012-11-02 06:00:51&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms} SearchScopes: HKCU - {cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=HJxdm073YYpl&ptnrS=HJxdm073YYpl&si=pconverter&ptb=1C287CA9-E314-4BEA-BBB7-B6F181ABF07A&ind=2012110200&n=77ee5d78&psa=&st=sb&searchfor={searchTerms} SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = http://mystart.incredibar.com/mb203?a=6PQO2IHPTu&search={searchTerms}&i=26 BHO: WebConnect - {2316c625-b487-4410-a1a5-ff040b65245f} - C:\Program Files\WebConnect\WebConnectbho.dll (Web Connect) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.5.0.2\AVG Secure Search_toolbar.dll (AVG Secure Search) BHO: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files\Delta\delta\1.8.24.6\bh\delta.dll (Delta-search.com) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.5.0.2\AVG Secure Search_toolbar.dll (AVG Secure Search) Toolbar: HKLM - SimilarSites - {FE69C007-C452-4d3e-86D2-1730DF8BC871} - C:\Program Files\SimilarSites\similarsites.dll (SimilarGroup) Toolbar: HKLM - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files\Delta\delta\1.8.24.6\deltaTlbr.dll (Delta-search.com) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) Handler: msdaipp - No CLSID Value - Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll (AVG Secure Search) Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 19 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG) Tcpip\..\Interfaces\{1439938C-F172-45DA-BB69-08A0474A4B8E}: [NameServer]193.41.112.14 193.41.112.18 Tcpip\..\Interfaces\{24AD3D36-E409-4C4D-BCB2-AF003D029F96}: [NameServer]89.108.202.20 89.108.195.20 Tcpip\..\Interfaces\{43D469EC-B1E5-45BE-808F-4BCFBAE7355E}: [NameServer]193.41.112.14 193.41.112.18 Tcpip\..\Interfaces\{7AD588AB-185F-45DD-8CF7-5931C8F77E35}: [NameServer]193.41.112.14 193.41.112.18 Tcpip\..\Interfaces\{BC1BB6A5-6855-468F-9A86-68CEDE80932F}: [NameServer]89.108.202.21 89.108.195.21 Tcpip\..\Interfaces\{C85FE05C-BBFB-4FD0-81F6-8C57C0D954C1}: [NameServer]193.41.112.14 193.41.112.18 FireFox: ======== FF ProfilePath: C:\Users\Leszek\AppData\Roaming\Mozilla\Firefox\Profiles\6f33wrwd.default FF user.js: detected! => C:\Users\Leszek\AppData\Roaming\Mozilla\Firefox\Profiles\6f33wrwd.default\user.js FF NewTab: hxxp://www2.delta-search.com/?babsrc=HP_ss&mntrId=6433001E101F82A0&affID=119357&tsp=4991 FF SelectedSearchEngine: Delta Search FF Homepage: hxxp://www2.delta-search.com/?babsrc=HP_ss&mntrId=6433001E101F82A0&affID=119357&tsp=4991 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.5.0\\npsitesafety.dll (AVG Technologies) FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @nokia.com/EnablerPlugin - C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @VideoDownloadConverter_4z.com/Plugin - C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dll (MindSpark) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Leszek\AppData\Roaming\Mozilla\Firefox\Profiles\6f33wrwd.default\searchplugins\MyStart Search.xml FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml FF Extension: No Name - C:\Users\Leszek\AppData\Roaming\Mozilla\Firefox\Profiles\6f33wrwd.default\Extensions\41ed8dee-33ed-4769-bdf4-2707c4199b97@45a3c648-db86-4b41-92e2-a77bbbf91f1d.com FF Extension: No Name - C:\Users\Leszek\AppData\Roaming\Mozilla\Firefox\Profiles\6f33wrwd.default\Extensions\ffxtlbr@babylon.com FF Extension: Delta Toolbar - C:\Users\Leszek\AppData\Roaming\Mozilla\Firefox\Profiles\6f33wrwd.default\Extensions\ffxtlbr@delta.com FF Extension: No Name - C:\Users\Leszek\AppData\Roaming\Mozilla\Firefox\Profiles\6f33wrwd.default\Extensions\znpd@rogers-design.net FF Extension: No Name - C:\Users\Leszek\AppData\Roaming\Mozilla\Firefox\Profiles\6f33wrwd.default\Extensions\{E71B541F-5E72-5555-A47C-E47863195841} FF Extension: firefox - C:\Users\Leszek\AppData\Roaming\Mozilla\Firefox\Profiles\6f33wrwd.default\Extensions\firefox@webconnect.co.xpi FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] C:\Program Files\IB Updater\Firefox FF HKLM\...\Firefox\Extensions: [4zffxtbr@VideoDownloadConverter_4z.com] C:\Program Files\VideoDownloadConverter_4z\bar\1.bin FF Extension: VideoDownloadConverter - C:\Program Files\VideoDownloadConverter_4z\bar\1.bin FF HKLM\...\Firefox\Extensions: [avg@toolbar] C:\ProgramData\AVG Secure Search\FireFoxExt\15.5.0.2 FF Extension: AVG Security Toolbar - C:\ProgramData\AVG Secure Search\FireFoxExt\15.5.0.2 FF HKLM\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] C:\Program Files\IB Updater\Firefox FF HKCU\...\Firefox\Extensions: [{58bd07eb-0ee0-4df0-8121-dc9b693373df}] C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension FF Extension: BrowserProtect - C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension Chrome: ======= CHR HomePage: hxxp://www2.delta-search.com/?babsrc=HP_ss&mntrId=6433001E101F82A0&affID=119357&tsp=4991 CHR Extension: (YouTube) - C:\Users\Leszek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (Google Search) - C:\Users\Leszek\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 CHR Extension: (Delta Toolbar) - C:\Users\Leszek\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.4_0 CHR Extension: (WebConnect) - C:\Users\Leszek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieakfmpjhljbpbfpldjkddkjmmgjmgon\1.0.0 CHR Extension: (Aukcjoner.pl - snajper aukcyjny) - C:\Users\Leszek\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgdaoafidbchgjilkldigngigfolgbpk\0.3_0 CHR Extension: (AVG Secure Search) - C:\Users\Leszek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.5.0.2_0 CHR Extension: (Chrome In-App Payments service) - C:\Users\Leszek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0 CHR Extension: (Zestaw Narz\u0119dzi Po\u017Cyczkodawcy) - C:\Users\Leszek\AppData\Local\Google\Chrome\User Data\Default\Extensions\oaengcjnnmbccpkhgbaokmofmdibjdbc\6.32_0 CHR Extension: (BrowserProtect) - C:\Users\Leszek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0 CHR Extension: (Gmail) - C:\Users\Leszek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1 CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx CHR HKLM\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\Leszek\AppData\Roaming\BabSolution\CR\Delta.crx CHR HKLM\...\Chrome\Extension: [ieakfmpjhljbpbfpldjkddkjmmgjmgon] - C:\Program Files\WebConnect\ieakfmpjhljbpbfpldjkddkjmmgjmgon.crx CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\15.5.0.2\avg.crx CHR HKLM\...\Chrome\Extension: [pgafcinpmmpklohkojmllohdhomoefph] - C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.crx ========================== Services (Whitelisted) ================= R2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [371768 2013-06-24] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-06-24] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-24] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-06-24] (Avira Operations GmbH & Co. KG) R2 BrowserProtect; C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2550224 2013-01-16] () R2 GtDetectSc; C:\Program Files\ERA\GlobeTrotter Connect\GtDetectSc.exe [204915 2007-11-05] (Option) R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [271712 2011-03-14] () S3 Installer Service; C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{33EBF075-8593-4698-BDAF-CF8DED80BB5B}\Installer\InstallerService.exe [124512 2012-12-10] () S2 lxdnCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdnserv.exe [94208 2009-04-28] (Lexmark International, Inc.) R2 lxdn_device; C:\Windows\system32\lxdncoms.exe [594600 2008-02-28] ( ) S4 Mobile Partner. RunOuc; D:\Program Files\Mobile Partner\UpdateDog\ouc.exe [655712 2011-08-23] () S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155320 2012-01-18] (Avanquest Software) R2 Update WebConnect; C:\Program Files\WebConnect\updateWebConnect.exe [206632 2013-08-30] (WebConnect) R2 VideoDownloadConverter_4zService; C:\PROGRA~1\VIDEOD~2\bar\1.bin\4zbarsvc.exe [42504 2012-11-02] (COMPANYVERS_NAME) R2 vToolbarUpdater15.5.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [1643184 2013-08-21] (AVG Secure Search) ==================== Drivers (Whitelisted) ==================== R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-03-21] (Avira Operations GmbH & Co. KG) R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-08-21] (AVG Technologies) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-03-21] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-03-21] (Avira Operations GmbH & Co. KG) R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation) S3 GT72NDISIPXP; C:\Windows\System32\DRIVERS\Gt51Ip.sys [95744 2007-07-09] (Option NV) S3 GT72UBUS; C:\Windows\System32\DRIVERS\gt72ubus.sys [51968 2007-06-26] (Option N.V.) S3 GTPTSER; C:\Windows\System32\DRIVERS\gtptser.sys [8064 2007-03-30] (Option N.V.) S2 IcRecUsb; C:\Windows\System32\Drivers\IcRecUsb.sys [17432 2001-10-02] (lecs Inc.) S3 s0016bus; C:\Windows\System32\DRIVERS\s0016bus.sys [89256 2008-05-16] (MCCI Corporation) S3 s0016mdfl; C:\Windows\System32\DRIVERS\s0016mdfl.sys [15016 2008-05-16] (MCCI Corporation) S3 s0016mdm; C:\Windows\System32\DRIVERS\s0016mdm.sys [120744 2008-05-16] (MCCI Corporation) S3 s0016mgmt; C:\Windows\System32\DRIVERS\s0016mgmt.sys [114216 2008-05-16] (MCCI Corporation) S3 s0016nd5; C:\Windows\System32\DRIVERS\s0016nd5.sys [25512 2008-05-16] (MCCI Corporation) S3 s0016obex; C:\Windows\System32\DRIVERS\s0016obex.sys [110632 2008-05-16] (MCCI Corporation) S3 s0016unic; C:\Windows\System32\DRIVERS\s0016unic.sys [115752 2008-05-16] (MCCI Corporation) R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-11-10] (Avira GmbH) U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation) S3 catchme; \??\C:\Users\Leszek\AppData\Local\Temp\catchme.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-08-31 10:12 - 2013-08-31 10:12 - 01082213 _____ (Farbar) C:\Users\Leszek\Downloads\FRST.exe 2013-08-31 09:56 - 2013-08-31 10:04 - 00000922 _____ C:\Users\Leszek\Desktop\MiPony.lnk 2013-08-31 09:56 - 2013-08-31 09:57 - 00000000 ____D C:\Program Files\WebConnect 2013-08-31 09:56 - 2013-08-31 09:56 - 00000000 ____D C:\Users\Leszek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MiPony 2013-08-31 09:56 - 2013-08-31 09:56 - 00000000 ____D C:\Program Files\MiPony 2013-08-31 09:15 - 2013-08-31 09:15 - 00000000 ____D C:\Users\Leszek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AbiWord Word Processor 2013-08-31 09:12 - 2013-08-31 09:15 - 00000000 ____D C:\Program Files\AbiWord 2013-08-31 09:12 - 2013-08-31 09:12 - 00000000 ____D C:\Users\Leszek\AppData\Roaming\BabSolution 2013-08-31 09:11 - 2013-08-31 10:04 - 00000290 _____ C:\Windows\Tasks\DSite.job 2013-08-31 09:11 - 2013-08-31 09:11 - 00000000 ____D C:\Users\Leszek\AppData\Roaming\DSite 2013-08-31 09:10 - 2013-08-31 09:10 - 00794680 _____ C:\Users\Leszek\Downloads\WordViewerSetup (1).exe 2013-08-31 09:09 - 2013-08-31 09:09 - 00794680 _____ C:\Users\Leszek\Downloads\WordViewerSetup.exe 2013-08-15 00:34 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-08-15 00:34 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-08-15 00:34 - 2013-07-26 05:13 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-08-15 00:34 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-08-15 00:34 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-08-15 00:34 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-08-15 00:34 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-08-15 00:34 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-08-15 00:34 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-08-15 00:34 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-08-15 00:34 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-08-15 00:34 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-08-15 00:34 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-08-15 00:34 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-08-15 00:34 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-08-15 00:34 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-08-14 22:33 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2013-08-14 22:33 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2013-08-14 22:33 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2013-08-14 22:33 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2013-08-14 22:33 - 2013-07-09 06:53 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2013-08-14 22:33 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2013-08-14 22:33 - 2013-07-09 06:50 - 00652800 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2013-08-14 22:33 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2013-08-14 22:33 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2013-08-14 22:33 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2013-08-14 22:33 - 2013-07-06 07:05 - 01293760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2013-08-14 22:33 - 2013-06-15 05:38 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2013-08-01 10:49 - 2013-08-01 10:49 - 00000000 __RSH C:\MSDOS.SYS 2013-08-01 10:49 - 2013-08-01 10:49 - 00000000 __RSH C:\IO.SYS ==================== One Month Modified Files and Folders ======= 2013-08-31 10:16 - 2013-08-31 10:16 - 00000000 ____D C:\FRST 2013-08-31 10:12 - 2013-08-31 10:12 - 01082213 _____ (Farbar) C:\Users\Leszek\Downloads\FRST.exe 2013-08-31 10:11 - 2012-04-19 17:31 - 00001036 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-08-31 10:04 - 2013-08-31 09:56 - 00000922 _____ C:\Users\Leszek\Desktop\MiPony.lnk 2013-08-31 10:04 - 2013-08-31 09:11 - 00000290 _____ C:\Windows\Tasks\DSite.job 2013-08-31 09:57 - 2013-08-31 09:56 - 00000000 ____D C:\Program Files\WebConnect 2013-08-31 09:56 - 2013-08-31 09:56 - 00000000 ____D C:\Users\Leszek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MiPony 2013-08-31 09:56 - 2013-08-31 09:56 - 00000000 ____D C:\Program Files\MiPony 2013-08-31 09:30 - 2012-04-05 02:54 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-08-31 09:15 - 2013-08-31 09:15 - 00000000 ____D C:\Users\Leszek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AbiWord Word Processor 2013-08-31 09:15 - 2013-08-31 09:12 - 00000000 ____D C:\Program Files\AbiWord 2013-08-31 09:12 - 2013-08-31 09:12 - 00000000 ____D C:\Users\Leszek\AppData\Roaming\BabSolution 2013-08-31 09:11 - 2013-08-31 09:11 - 00000000 ____D C:\Users\Leszek\AppData\Roaming\DSite 2013-08-31 09:10 - 2013-08-31 09:10 - 00794680 _____ C:\Users\Leszek\Downloads\WordViewerSetup (1).exe 2013-08-31 09:09 - 2013-08-31 09:09 - 00794680 _____ C:\Users\Leszek\Downloads\WordViewerSetup.exe 2013-08-31 09:02 - 2012-04-05 09:12 - 00003601 _____ C:\Windows\wincmd.ini 2013-08-31 08:18 - 2012-04-05 07:30 - 01965375 _____ C:\Windows\WindowsUpdate.log 2013-08-31 07:47 - 2009-07-14 06:34 - 00013760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-08-31 07:47 - 2009-07-14 06:34 - 00013760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-08-31 07:39 - 2013-06-19 15:16 - 00009464 _____ C:\Windows\setupact.log 2013-08-31 07:39 - 2013-06-07 20:51 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job 2013-08-31 07:39 - 2013-06-04 15:27 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job 2013-08-31 07:39 - 2012-04-19 17:30 - 00001032 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-08-31 07:39 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-08-21 19:48 - 2012-11-02 07:00 - 00037664 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx86.sys 2013-08-21 19:48 - 2012-11-02 07:00 - 00000000 ____D C:\Program Files\AVG Secure Search 2013-08-21 16:32 - 2012-04-05 02:54 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2013-08-21 16:32 - 2012-04-05 02:54 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2013-08-17 20:35 - 2009-07-14 06:53 - 00032604 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-08-16 12:20 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET 2013-08-15 08:29 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\pl-PL 2013-08-15 00:53 - 2013-07-25 11:12 - 00000000 ____D C:\Windows\system32\MRT 2013-08-15 00:40 - 2012-04-05 11:52 - 75778376 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-08-15 00:37 - 2012-04-05 07:39 - 01568482 _____ C:\Windows\system32\PerfStringBackup.INI 2013-08-15 00:37 - 2009-07-14 10:07 - 00697728 _____ C:\Windows\system32\perfh015.dat 2013-08-15 00:37 - 2009-07-14 10:07 - 00134838 _____ C:\Windows\system32\perfc015.dat 2013-08-01 10:49 - 2013-08-01 10:49 - 00000000 __RSH C:\MSDOS.SYS 2013-08-01 10:49 - 2013-08-01 10:49 - 00000000 __RSH C:\IO.SYS Files to move or delete: ==================== C:\Users\Leszek\AppData\Local\Temp\ICReinstall_DownloadManagerSetup.exe C:\Users\Leszek\AppData\Local\Temp\NOSEventMessages.dll C:\Users\Leszek\AppData\Local\Temp\nsz3AB6.tmp\Time.dll C:\Users\Leszek\AppData\Local\Temp\nsu9A19.tmp\Time.dll C:\Users\Leszek\AppData\Local\Temp\nsqA9B9.tmp\Time.dll C:\Users\Leszek\AppData\Local\Temp\nsq3E21.tmp\Time.dll C:\Users\Leszek\AppData\Local\Temp\nsk2F7B.tmp\Time.dll C:\Users\Leszek\AppData\Local\Temp\nsh9218.tmp\Time.dll C:\Users\Leszek\AppData\Local\Temp\nsfA842.tmp\Time.dll C:\Users\Leszek\AppData\Local\Temp\nsc9331.tmp\Time.dll C:\Users\Leszek\AppData\Local\Temp\nsa8D65.tmp\Time.dll C:\Users\Leszek\AppData\Local\Temp\is357113909\DeltaTB.exe C:\Users\Leszek\AppData\Local\Temp\is357113909\DownloadManagerV2.exe C:\Users\Leszek\AppData\Local\Temp\is357113909\uninstaller.exe C:\Users\Leszek\AppData\Local\Temp\is357113909\WebConnect.exe C:\Users\Leszek\AppData\Local\Temp\is1590112554\abwordsetup.exe C:\Users\Leszek\AppData\Local\Temp\is1590112554\DeltaTB.exe C:\Users\Leszek\AppData\Local\Temp\8D2BC923-BAB0-7891-9A4B-48C90ACA65B6\Latest\BabMaint.exe C:\Users\Leszek\AppData\Local\Temp\8D2BC923-BAB0-7891-9A4B-48C90ACA65B6\Latest\BExternal.dll C:\Users\Leszek\AppData\Local\Temp\8D2BC923-BAB0-7891-9A4B-48C90ACA65B6\Latest\BUSolForMontiera.dll C:\Users\Leszek\AppData\Local\Temp\8D2BC923-BAB0-7891-9A4B-48C90ACA65B6\Latest\BUSolution.dll C:\Users\Leszek\AppData\Local\Temp\8D2BC923-BAB0-7891-9A4B-48C90ACA65B6\Latest\ccp.exe C:\Users\Leszek\AppData\Local\Temp\8D2BC923-BAB0-7891-9A4B-48C90ACA65B6\Latest\ChromeToolbarSetup.dll C:\Users\Leszek\AppData\Local\Temp\8D2BC923-BAB0-7891-9A4B-48C90ACA65B6\Latest\CrxInstaller.dll C:\Users\Leszek\AppData\Local\Temp\8D2BC923-BAB0-7891-9A4B-48C90ACA65B6\Latest\enhancedNT.dll C:\Users\Leszek\AppData\Local\Temp\8D2BC923-BAB0-7891-9A4B-48C90ACA65B6\Latest\GUninstaller.exe C:\Users\Leszek\AppData\Local\Temp\8D2BC923-BAB0-7891-9A4B-48C90ACA65B6\Latest\IEHelper.dll C:\Users\Leszek\AppData\Local\Temp\8D2BC923-BAB0-7891-9A4B-48C90ACA65B6\Latest\MntrDLLInstall.dll C:\Users\Leszek\AppData\Local\Temp\8D2BC923-BAB0-7891-9A4B-48C90ACA65B6\Latest\MyDeltaTB.exe C:\Users\Leszek\AppData\Local\Temp\8D2BC923-BAB0-7891-9A4B-48C90ACA65B6\Latest\Setup.exe C:\Users\Leszek\AppData\Local\Temp\8D2BC923-BAB0-7891-9A4B-48C90ACA65B6\Latest\sqlite3.dll C:\Users\Leszek\AppData\Local\Temp\70DF0597-BAB0-7891-9BFB-08F2DA3B4F8C\Latest\BabMaint.exe C:\Users\Leszek\AppData\Local\Temp\70DF0597-BAB0-7891-9BFB-08F2DA3B4F8C\Latest\BExternal.dll C:\Users\Leszek\AppData\Local\Temp\70DF0597-BAB0-7891-9BFB-08F2DA3B4F8C\Latest\BUSolForMontiera.dll C:\Users\Leszek\AppData\Local\Temp\70DF0597-BAB0-7891-9BFB-08F2DA3B4F8C\Latest\BUSolution.dll C:\Users\Leszek\AppData\Local\Temp\70DF0597-BAB0-7891-9BFB-08F2DA3B4F8C\Latest\ccp.exe C:\Users\Leszek\AppData\Local\Temp\70DF0597-BAB0-7891-9BFB-08F2DA3B4F8C\Latest\ChromeToolbarSetup.dll C:\Users\Leszek\AppData\Local\Temp\70DF0597-BAB0-7891-9BFB-08F2DA3B4F8C\Latest\CrxInstaller.dll C:\Users\Leszek\AppData\Local\Temp\70DF0597-BAB0-7891-9BFB-08F2DA3B4F8C\Latest\enhancedNT.dll C:\Users\Leszek\AppData\Local\Temp\70DF0597-BAB0-7891-9BFB-08F2DA3B4F8C\Latest\GUninstaller.exe C:\Users\Leszek\AppData\Local\Temp\70DF0597-BAB0-7891-9BFB-08F2DA3B4F8C\Latest\IEHelper.dll C:\Users\Leszek\AppData\Local\Temp\70DF0597-BAB0-7891-9BFB-08F2DA3B4F8C\Latest\MntrDLLInstall.dll C:\Users\Leszek\AppData\Local\Temp\70DF0597-BAB0-7891-9BFB-08F2DA3B4F8C\Latest\MyDeltaTB.exe C:\Users\Leszek\AppData\Local\Temp\70DF0597-BAB0-7891-9BFB-08F2DA3B4F8C\Latest\Setup.exe C:\Users\Leszek\AppData\Local\Temp\70DF0597-BAB0-7891-9BFB-08F2DA3B4F8C\Latest\sqlite3.dll C:\Users\Leszek\AppData\Local\Temp\16133A8A-BAB0-7891-82AB-32B624EBA01E\Latest\BabMaint.exe C:\Users\Leszek\AppData\Local\Temp\16133A8A-BAB0-7891-82AB-32B624EBA01E\Latest\BExternal.dll C:\Users\Leszek\AppData\Local\Temp\16133A8A-BAB0-7891-82AB-32B624EBA01E\Latest\BUSolForMontiera.dll C:\Users\Leszek\AppData\Local\Temp\16133A8A-BAB0-7891-82AB-32B624EBA01E\Latest\BUSolution.dll C:\Users\Leszek\AppData\Local\Temp\16133A8A-BAB0-7891-82AB-32B624EBA01E\Latest\ccp.exe C:\Users\Leszek\AppData\Local\Temp\16133A8A-BAB0-7891-82AB-32B624EBA01E\Latest\ChromeToolbarSetup.dll C:\Users\Leszek\AppData\Local\Temp\16133A8A-BAB0-7891-82AB-32B624EBA01E\Latest\CrxInstaller.dll C:\Users\Leszek\AppData\Local\Temp\16133A8A-BAB0-7891-82AB-32B624EBA01E\Latest\enhancedNT.dll C:\Users\Leszek\AppData\Local\Temp\16133A8A-BAB0-7891-82AB-32B624EBA01E\Latest\GUninstaller.exe C:\Users\Leszek\AppData\Local\Temp\16133A8A-BAB0-7891-82AB-32B624EBA01E\Latest\IEHelper.dll C:\Users\Leszek\AppData\Local\Temp\16133A8A-BAB0-7891-82AB-32B624EBA01E\Latest\MntrDLLInstall.dll C:\Users\Leszek\AppData\Local\Temp\16133A8A-BAB0-7891-82AB-32B624EBA01E\Latest\MyDeltaTB.exe C:\Users\Leszek\AppData\Local\Temp\16133A8A-BAB0-7891-82AB-32B624EBA01E\Latest\Setup.exe C:\Users\Leszek\AppData\Local\Temp\16133A8A-BAB0-7891-82AB-32B624EBA01E\Latest\sqlite3.dll ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-08-22 00:40 ==================== End Of Log ============================