Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013 Ran by Walentyna (administrator) on MARTUSIA on 10-10-2013 22:28:43 Running from C:\Users\Walentyna\Desktop\Downloads Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Polish Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2013\avgrsx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgcsrvx.exe (Microsoft Corporation) C:\Windows\system32\SLsvc.exe (Microsoft Corporation) C:\Windows\system32\WLANExt.exe (Dell Inc.) C:\Windows\System32\bcmwltry.exe (ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (Andrea Electronics Corporation) C:\Windows\system32\aestsrv.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgwdsvc.exe (Creative Technology Ltd) C:\Program Files\Creative\Shared Files\CTDevSrv.exe (France Telecom SA) C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe () C:\ProgramData\IBUpdaterService\ibsvc.exe () C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE (UASSOFT.COM) C:\Program Files\Trust\Trust R-Series Mouse\KMWDSrv.exe () C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgnsx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgemcx.exe (IDT, Inc.) C:\Windows\system32\STacSV.exe (TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe (Creative Technology Ltd.) C:\Windows\OEM02Mon.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Creative Technology Ltd.) C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) C:\Windows\system32\igfxsrvc.exe (Dell Inc.) C:\Windows\System32\WLTRAY.EXE (CyberLink Corp.) C:\Program Files\Dell\MediaDirect\PCMService.exe () C:\Program Files\Winamp\winampa.exe (UASSOFT.COM) C:\Program Files\Trust\Trust R-Series Mouse\StartAutorun.exe (IDT, Inc.) C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (Apple Computer, Inc.) C:\Program Files\QuickTime\qttask.exe () C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe (CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (Nuance Communications, Inc.) C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe (Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgui.exe (ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Gadu-Gadu S.A.) C:\Program Files\Gadu-Gadu\gg.exe (Creative Technology Ltd.) C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe (Creative Technology Ltd) C:\Program Files\Creative\Software Update 3\SoftAuto.exe (OLYMPUS IMAGING CORP.) C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (DT Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTLite.exe (TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (Samsung) C:\Program Files\Samsung\Kies\Kies.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Avanquest Software ) C:\Program Files\Digital Line Detect\DLG.exe (Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe (ArcSoft, Inc.) C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (France Telecom SA) C:\Program Files\Livebox\Launcher\Launcher.exe (UASSOFT.COM) C:\Program Files\Trust\Trust R-Series Mouse\KMConfig.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe (UASSOFT.COM) C:\Program Files\Trust\Trust R-Series Mouse\KMProcess.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe (Google Inc.) C:\Users\Walentyna\AppData\Local\Google\Update\1.3.21.153\GoogleCrashHandler.exe (France Telecom SA) C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe (Broadcom Corporation.) c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe (Teleca AB) C:\Program Files\Common Files\Teleca Shared\Generic.exe (France Telecom SA) C:\Program Files\Livebox\systray\systrayapp.exe (France Telecom SA) C:\Program Files\Livebox\connectivity\connectivitymanager.exe (France Telecom SA) C:\Program Files\Livebox\connectivity\CoreCom\CoreCom.exe (Sony Ericsson Mobile Communications AB) C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe (France Telecom SA) C:\Program Files\Livebox\connectivity\CoreCom\OraConfigRecover.exe (France Telecom SA) C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe (Microsoft Corporation) C:\Windows\system32\wuauclt.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\system32\conime.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation) HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [167936 2008-05-04] (Alps Electric Co., Ltd.) HKLM\...\Run: [OEM02Mon.exe] - C:\Windows\OEM02Mon.exe [36864 2008-03-04] (Creative Technology Ltd.) HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] () HKLM\...\Run: [DELL Webcam Manager] - C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe [118784 2007-07-27] (Creative Technology Ltd.) HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [174872 2007-03-21] (Intel Corporation) HKLM\...\Run: [Broadcom Wireless Manager UI] - C:\Windows\system32\WLTRAY.exe [3563520 2008-07-03] (Dell Inc.) HKLM\...\Run: [PCMService] - C:\Program Files\Dell\MediaDirect\PCMService.exe [184320 2007-12-21] (CyberLink Corp.) HKLM\...\Run: [WinampAgent] - C:\Program Files\Winamp\winampa.exe [36352 2008-08-04] () HKLM\...\Run: [KMCONFIG] - C:\Program Files\Trust\Trust R-Series Mouse\StartAutorun.exe [212992 2007-03-06] (UASSOFT.COM) HKLM\...\Run: [TQ566808] - "E:\Setup.exe" HKLM\...\Run: [CnxDslTaskBar] - "CnxDslTb.exe" "Conexant\AccessRunner ADSL" HKLM\...\Run: [OM2_Monitor] - C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe [54576 2008-10-31] (OLYMPUS IMAGING CORP.) HKLM\...\Run: [ORAHSSSessionManager] - C:\Program Files\Livebox\SessionManager\SessionManager.exe [107248 2008-06-10] (France Telecom SA) HKLM\...\Run: [SigmatelSysTrayApp] - C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [405504 2007-11-12] (IDT, Inc.) HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [77824 2010-03-02] (Apple Computer, Inc.) HKLM\...\Run: [Sony Ericsson PC Suite] - C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [528384 2007-06-13] () HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [644696 2007-05-14] (CANON INC.) HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1603152 2007-04-03] (CANON INC.) HKLM\...\Run: [SSBkgdUpdate] - C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.) HKLM\...\Run: [OpwareSE4] - C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe [79400 2007-02-04] (Nuance Communications, Inc.) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.) HKLM\...\Run: [ROC_ROC_NT] - "C:\Program Files\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2013\avgui.exe [4411440 2013-08-15] (AVG Technologies CZ, s.r.o.) HKLM\...\Run: [ArcSoft Connection Service] - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.) HKLM\...\Run: [KiesTrayAgent] - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311152 2013-04-23] (Samsung Electronics Co., Ltd.) HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation) HKCU\...\Run: [Gadu-Gadu] - C:\Program Files\Gadu-Gadu\gg.exe [2127296 2008-03-20] (Gadu-Gadu S.A.) HKCU\...\Run: [CTZDetec.exe] - C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe [368640 2008-04-24] (Creative Technology Ltd.) HKCU\...\Run: [SoftAuto.exe] - C:\Program Files\Creative\Software Update 3\SoftAuto.exe [405504 2008-08-13] (Creative Technology Ltd) HKCU\...\Run: [Prec] - C:\Program Files\Prec\PrecStarter.exe HKCU\...\Run: [OM2_Monitor] - C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe [95536 2008-10-31] (OLYMPUS IMAGING CORP.) HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files\DAEMON Tools Lite\DTLite.exe [369200 2009-10-30] (DT Soft Ltd) HKCU\...\Run: [Google Update] - C:\Users\Walentyna\AppData\Local\Google\Update\GoogleUpdate.exe [135664 2010-02-02] (Google Inc.) HKCU\...\Run: [TomTomHOME.exe] - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [247144 2010-08-24] (TomTom) HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20684656 2013-07-25] (Skype Technologies S.A.) HKCU\...\Run: [KiesPreload] - C:\Program Files\Samsung\Kies\Kies.exe [1561968 2013-04-23] (Samsung) HKCU\...\Run: [KiesAirMessage] - C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup HKCU\...\Run: [] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844144 2013-04-23] (Samsung) HKCU\...\Run: [AVG-Secure-Search-Update_0913b] - C:\Users\Walentyna\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid 2374a27e9ab647d899bf0f3f38143f06-4a1bc8eb95de4155def7f1398b058f351dd340b1 --CMPID 0913b HKCU\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x95000000 MountPoints2: {370c103f-b2c3-11df-8407-b3b3d724e83d} - H:\InstallTomTomHOME.exe MountPoints2: {d4e41566-f306-11de-abe1-a5db45bff9aa} - H:\LaunchU3.exe -a HKU\Paszczaki i te inne\...\Run: [OM2_Monitor] - C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe [ 2008-10-31] (OLYMPUS IMAGING CORP.) HKU\Paszczaki i te inne\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [ 2008-01-21] (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.delta-search.com/?babsrc=HP_ss&mntrId=1C61001FE1DE2092&affID=119676&tt=070813_wc2&tsp=4970 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/default.aspx?c=pl&l=pl&s=pad HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Livebox\SearchURLHook\SearchPageURL.dll () SearchScopes: HKCU - ${searchCLSID} URL = http://search.yahoo.com/search?fr=megaup&p={searchTerms} SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=1C61001FE1DE2092&affID=119676&tt=070813_wc2&tsp=4970 SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69} URL = http://search.bearshare.com/webResults.html?src=ieb&q={searchTerms} BHO: QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) BHO: Speed Analysis 2 - {18DBB6CE-3148-4FEC-B481-103CB3290427} - C:\Program Files\Speed Analysis 2\ScriptHost.dll (SpeedAnalysis.com) BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll () BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: 7Go Games - {FF103732-4528-4322-AA8B-F7849AB7776B} - C:\Program Files\7Go Games\ScriptHost.dll (7go.com) Toolbar: HKLM - BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll (BearShare) Toolbar: HKLM - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () Toolbar: HKLM - QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) Toolbar: HKCU -DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () Toolbar: HKCU -BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll (BearShare) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Walentyna\AppData\Roaming\Mozilla\Firefox\C:\ProgramData\Kaspersky Lab\SafeBrowser\S-1-5-21-1316996332-3962549900-4291200685-1000\FireFox FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.7.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Walentyna\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Walentyna\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Extension: Blokowanie banerów - C:\Program Files\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak FF Extension: Kaspersky URL Advisor - C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak FF Extension: QuickStores-Toolbar - C:\Program Files\Mozilla Firefox\extensions\quickstores@quickstores.de FF Extension: Skype extension for Firefox - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} FF Extension: BearShare MediaBar - C:\Program Files\Mozilla Firefox\extensions\{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF HKLM\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru FF HKLM\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru FF HKLM\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru Chrome: ======= CHR HomePage: hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=1C61001FE1DE2092&affID=119676&tt=070813_wc2&tsp=4970 CHR RestoreOnStartup: "urls_to_restore_on_startup": null CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR Plugin: (Chrome PDF Viewer) - C:\Users\Walentyna\AppData\Local\Google\Chrome\Application\29.0.1547.76\pdf.dll () CHR Plugin: (Google Gears 0.5.33.0) - C:\Users\Walentyna\AppData\Local\Google\Chrome\Application\29.0.1547.76\gears.dll No File CHR Plugin: (Shockwave Flash) - C:\Users\Walentyna\AppData\Local\Google\Chrome\Application\29.0.1547.76\gcswf32.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File CHR Plugin: (Java(TM) Platform SE 6 U17) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File CHR Plugin: (Microsoft Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation) CHR Plugin: (Java Deployment Toolkit 6.0.170.4) - C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll No File CHR Plugin: (Microsoft Office 2003) - C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL (Microsoft Corporation) CHR Plugin: (QuickTime Plug-in 6.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Computer, Inc.) CHR Plugin: (QuickTime Plug-in 6.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Computer, Inc.) CHR Plugin: (QuickTime Plug-in 6.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Computer, Inc.) CHR Plugin: (QuickTime Plug-in 6.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Computer, Inc.) CHR Plugin: (QuickTime Plug-in 6.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Computer, Inc.) CHR Plugin: (QuickTime Plug-in 6.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Computer, Inc.) CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll No File CHR Plugin: (Google Update) - C:\Users\Walentyna\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll No File CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File CHR Plugin: (Default Plug-in) - default_plugin No File CHR Extension: () - C:\Users\WALENT~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgjkhjdcljddbedokogakmmdjgnbeanf\1.0.0.3 CHR Extension: () - C:\Users\WALENT~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjajpkikblccgefaibcafkfbanllpefi\1.0.0.2 CHR Extension: (Chrome In-App Payments service) - C:\Users\WALENT~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0 CHR HKLM\...\Chrome\Extension: [dgjkhjdcljddbedokogakmmdjgnbeanf] - C:\Users\Walentyna\AppData\Roaming\SpeedAnalysis2\SpeedAnalysis.crx CHR HKLM\...\Chrome\Extension: [gjajpkikblccgefaibcafkfbanllpefi] - C:\Users\Walentyna\AppData\Roaming\7go\7go.crx CHR StartMenuInternet: Google Chrome - C:\Users\Walentyna\AppData\Local\Google\Chrome\Application\chrome.exe ========================== Services (Whitelisted) ================= R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) R2 AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.) R2 CTDevice_Srv; C:\Program Files\Creative\Shared Files\CTDevSrv.exe [61440 2007-04-02] (Creative Technology Ltd) R2 FTRTSVC; C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe [65536 2008-06-20] (France Telecom SA) R2 IBUpdaterService; C:\ProgramData\IBUpdaterService\ibsvc.exe [822720 2013-08-10] () R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [101528 2007-04-13] () R2 KMWDSERVICE; C:\Program Files\Trust\Trust R-Series Mouse\KMWDSrv.exe [208896 2007-06-09] (UASSOFT.COM) R2 OMSI download service; C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [90112 2009-04-30] () S2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2654208 2008-07-03] (Dell Inc.) S2 gupdate1c9a80bb79aec60; ==================== Drivers (Whitelisted) ==================== S3 adiusbaw; C:\Windows\System32\DRIVERS\adiusbaw.sys [118552 2007-02-07] (Analog Devices Inc.) R3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [208184 2013-07-20] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [60216 2013-07-20] (AVG Technologies CZ, s.r.o.) R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22328 2013-09-10] (AVG Technologies CZ, s.r.o.) R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [171320 2013-07-20] (AVG Technologies CZ, s.r.o.) R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.) R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [96568 2013-07-01] (AVG Technologies CZ, s.r.o.) R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [39224 2013-09-05] (AVG Technologies CZ, s.r.o.) R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [182072 2013-03-21] (AVG Technologies CZ, s.r.o.) R3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2008-07-03] (Broadcom Corporation) R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-11] (Microsoft Corporation) S3 CnxEtP; C:\Windows\System32\DRIVERS\CnxEtP.sys [131072 2006-08-31] (Conexant Systems, Inc.) S3 CnxEtU; C:\Windows\System32\DRIVERS\CnxEtU.sys [618112 2006-08-31] (Conexant Systems, Inc.) S2 ELOADER; C:\Windows\System32\Drivers\adildr.sys [56088 2007-02-07] (Analog Deivces) R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] () S3 IT9135BDA; C:\Windows\System32\Drivers\IT9135BDA.sys [145152 2013-01-10] (ITE ) S3 KMWDFilter; C:\Windows\System32\Drivers\KMWDFilter.SYS [17024 2007-03-29] (Windows (R) Codename Longhorn DDK provider) S3 PCAMp50; C:\Windows\System32\Drivers\PCAMp50.sys [28224 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA)) S3 PCASp50; C:\Windows\System32\Drivers\PCASp50.sys [27072 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA)) S3 s0016bus; C:\Windows\System32\DRIVERS\s0016bus.sys [89256 2008-05-16] (MCCI Corporation) S3 s0016mdfl; C:\Windows\System32\DRIVERS\s0016mdfl.sys [15016 2008-05-16] (MCCI Corporation) S3 s0016mdm; C:\Windows\System32\DRIVERS\s0016mdm.sys [120744 2008-05-16] (MCCI Corporation) S3 s0016mgmt; C:\Windows\System32\DRIVERS\s0016mgmt.sys [114216 2008-05-16] (MCCI Corporation) S3 s0016nd5; C:\Windows\System32\DRIVERS\s0016nd5.sys [25512 2008-05-16] (MCCI Corporation) S3 s0016obex; C:\Windows\System32\DRIVERS\s0016obex.sys [110632 2008-05-16] (MCCI Corporation) S3 s0016unic; C:\Windows\System32\DRIVERS\s0016unic.sys [115752 2008-05-16] (MCCI Corporation) S3 s1039mdm; C:\Windows\System32\DRIVERS\s1039mdm.sys [124016 2009-11-19] (MCCI Corporation) S3 s125bus; C:\Windows\System32\DRIVERS\s125bus.sys [83336 2007-04-24] (MCCI Corporation) S3 s125mdfl; C:\Windows\System32\DRIVERS\s125mdfl.sys [15112 2007-04-24] (MCCI Corporation) S3 s125mdm; C:\Windows\System32\DRIVERS\s125mdm.sys [108680 2007-04-24] (MCCI Corporation) S3 s125mgmt; C:\Windows\System32\DRIVERS\s125mgmt.sys [100488 2007-04-24] (MCCI Corporation) S3 s125obex; C:\Windows\System32\DRIVERS\s125obex.sys [98696 2007-04-24] (MCCI Corporation) R0 speedfan; C:\Windows\System32\speedfan.sys [25240 2011-03-18] (Almico Software) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-01-30] () U3 ar9eno2y; C:\Windows\System32\Drivers\ar9eno2y.sys [0 ] (Microsoft Corporation) S3 IpInIp; system32\DRIVERS\ipinip.sys [x] S3 NPF; system32\drivers\npf.sys [x] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x] S1 UimBus; system32\DRIVERS\UimBus.sys [x] S1 Uim_IM; System32\Drivers\Uim_IM.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-10 22:28 - 2013-10-10 22:28 - 00000000 ____D C:\FRST 2013-10-01 20:00 - 2013-10-01 20:00 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-09-19 15:48 - 2013-09-19 15:48 - 00086267 _____ C:\Users\Walentyna\.recently-used.xbel 2013-09-18 03:06 - 2013-07-31 12:30 - 12335104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-09-18 03:06 - 2013-07-31 12:05 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-09-18 03:06 - 2013-07-31 12:00 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-09-18 03:06 - 2013-07-31 11:53 - 01104896 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-09-18 03:06 - 2013-07-31 11:52 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2013-09-18 03:06 - 2013-07-31 11:52 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-09-18 03:06 - 2013-07-31 11:51 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2013-09-18 03:06 - 2013-07-31 11:49 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-09-18 03:06 - 2013-07-31 11:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-09-18 03:06 - 2013-07-31 11:48 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2013-09-18 03:06 - 2013-07-31 11:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2013-09-18 03:06 - 2013-07-31 11:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-09-18 03:06 - 2013-07-31 11:46 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-09-18 03:06 - 2013-07-31 11:45 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-09-18 03:06 - 2013-07-31 11:45 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2013-09-18 03:06 - 2013-07-31 11:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-09-17 20:03 - 2013-08-08 03:45 - 02049536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-09-17 20:03 - 2013-07-16 06:35 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll 2013-09-10 01:34 - 2013-09-10 01:34 - 00022328 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsshimx.sys ==================== One Month Modified Files and Folders ======= 2013-10-10 22:28 - 2013-10-10 22:28 - 00000000 ____D C:\FRST 2013-10-10 22:05 - 2010-02-02 14:04 - 00001074 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1316996332-3962549900-4291200685-1000UA.job 2013-10-10 22:01 - 2012-08-10 19:37 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2013-10-10 22:01 - 2012-08-10 19:37 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2013-10-10 22:01 - 2012-08-10 19:37 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-10-10 22:01 - 2008-12-20 21:28 - 00000000 ____D C:\Users\Walentyna\AppData\Roaming\Skype 2013-10-10 22:00 - 2008-10-24 01:35 - 01429154 _____ C:\Windows\WindowsUpdate.log 2013-10-10 22:00 - 2006-11-02 14:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2013-10-10 22:00 - 2006-11-02 14:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2013-10-10 19:40 - 2009-08-02 12:13 - 00065536 _____ C:\Windows\system32\Ikeext.etl 2013-10-10 19:40 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-10-10 19:32 - 2012-10-21 19:56 - 00000000 ____D C:\ProgramData\MFAData 2013-10-08 00:42 - 2008-10-24 01:36 - 00002140 _____ C:\Windows\bthservsdp.dat 2013-10-08 00:42 - 2006-11-02 15:01 - 00032562 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-10-08 00:34 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\tracing 2013-10-08 00:18 - 2010-07-12 14:21 - 00000000 ___RD C:\Program Files\Skype 2013-10-08 00:18 - 2008-12-20 21:20 - 00000000 ____D C:\ProgramData\Skype 2013-10-08 00:15 - 2012-06-11 10:43 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2013-10-07 19:06 - 2010-02-02 14:04 - 00001022 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1316996332-3962549900-4291200685-1000Core.job 2013-10-06 23:04 - 2011-08-21 15:48 - 00000410 ____H C:\Windows\Tasks\Norton Security Scan for Walentyna.job 2013-10-06 21:40 - 2008-01-21 08:24 - 01495500 _____ C:\Windows\system32\PerfStringBackup.INI 2013-10-06 21:40 - 2008-01-21 08:24 - 00672390 _____ C:\Windows\system32\perfh015.dat 2013-10-06 21:40 - 2008-01-21 08:24 - 00130766 _____ C:\Windows\system32\perfc015.dat 2013-10-05 20:33 - 2011-10-24 21:16 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared 2013-10-01 20:00 - 2013-10-01 20:00 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-09-19 15:48 - 2013-09-19 15:48 - 00086267 _____ C:\Users\Walentyna\.recently-used.xbel 2013-09-19 15:48 - 2011-03-10 21:22 - 00000000 ____D C:\Users\Walentyna\AppData\Roaming\gtk-2.0 2013-09-19 15:48 - 2011-03-10 21:09 - 00000000 ____D C:\Users\Walentyna\.gimp-2.6 2013-09-19 15:48 - 2008-12-18 19:26 - 00000000 ____D C:\Users\Walentyna 2013-09-19 10:37 - 2008-12-19 00:57 - 00010240 _____ C:\Users\Walentyna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-09-19 10:16 - 2013-08-10 23:42 - 00000000 ____D C:\Users\Walentyna\AppData\Roaming\PerformerSoft 2013-09-19 10:16 - 2013-03-22 21:23 - 00000000 ____D C:\Users\Walentyna\AppData\Roaming\uTorrent 2013-09-18 03:44 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache 2013-09-18 03:28 - 2006-11-02 14:47 - 00341392 _____ C:\Windows\system32\FNTCACHE.DAT 2013-09-18 03:27 - 2008-01-21 04:47 - 00067002 _____ C:\Windows\PFRO.log 2013-09-18 03:10 - 2006-11-02 12:23 - 00000240 _____ C:\Windows\win.ini 2013-09-18 03:04 - 2013-07-24 03:00 - 00000000 ____D C:\Windows\system32\MRT 2013-09-18 03:00 - 2006-11-02 12:24 - 76725432 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2013-09-10 01:34 - 2013-09-10 01:34 - 00022328 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsshimx.sys Files to move or delete: ==================== C:\Users\Walentyna\AppData\Roaming\desktop.ini C:\ProgramData\hpe37D8.dll Some content of TEMP: ==================== C:\Users\Paszczaki i te inne\AppData\Local\Temp\FlashPlayerUpdate.exe C:\Users\Paszczaki i te inne\AppData\Local\Temp\SkypeSetup.exe C:\Users\Walentyna\AppData\Local\Temp\DevSetup32.dll C:\Users\Walentyna\AppData\Local\Temp\DevSetup64.dll C:\Users\Walentyna\AppData\Local\Temp\DriverInstall32.exe C:\Users\Walentyna\AppData\Local\Temp\DriverInstall64.exe C:\Users\Walentyna\AppData\Local\Temp\ICReinstall_FLVPlayerSetup.exe C:\Users\Walentyna\AppData\Local\Temp\ICReinstall_uTorrent_Installer.exe C:\Users\Walentyna\AppData\Local\Temp\KillProcess.exe C:\Users\Walentyna\AppData\Local\Temp\oxqr0zmm.dll C:\Users\Walentyna\AppData\Local\Temp\SkypeSetup.exe C:\Users\Walentyna\AppData\Local\Temp\uninst1.exe C:\Users\Walentyna\AppData\Local\Temp\?odec Performer803616.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-10-10 19:47 ==================== End Of Log ============================