Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-11-2013 01 Ran by Marcin (administrator) on MARCIN-PC on 22-11-2013 22:42:35 Running from C:\Users\Marcin\Downloads Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86) OS Language: Polish Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (Microsoft Corporation) C:\Windows\system32\SLsvc.exe (AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ABBYY) C:\Program Files\ABBYY FineReader 11\NetworkLicenseServer.exe () C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe () C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Freemake) C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe ( ) C:\Windows\system32\lxbkcoms.exe (Egis Technology Inc.) C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe (NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe () C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe (Intel Corporation) C:\Windows\system32\igfxsrvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Egis Technology Inc.) C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe () C:\Windows\PLFSetI.exe (Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (CyberLink Corp.) C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink) C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (Acer Corp.) C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Lexmark International, Inc.) C:\Program Files\Lexmark X1100 Series\LXBKbmgr.exe (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Lexmark International, Inc.) C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe (Intel Corporation) C:\Windows\system32\igfxext.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe () C:\Program Files\NetMeter\NetMeter.exe () C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe (Infra-Azure Labs) C:\Program Files\Lunabar\Lunabar.exe (Firetrust Ltd) C:\Program Files\FireTrust\MailWasher Free\MailWasher.exe (Realtek Semiconductor Corp.) C:\Users\Marcin\AppData\Local\Temp\RtkBtMnt.exe (Google Inc.) C:\Users\Marcin\AppData\Local\Google\Chrome\Application\chrome.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe (Google Inc.) C:\Users\Marcin\AppData\Local\Google\Chrome\Application\chrome.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (OldTimer Tools) C:\Users\Marcin\Downloads\OTL.exe (Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.2.241.0\SeaPort.exe (Google Inc.) C:\Users\Marcin\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Marcin\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Marcin\AppData\Local\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\system32\conime.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation) HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6724128 2009-02-11] (Realtek Semiconductor) HKLM\...\Run: [Google Desktop Search] - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-08-04] (Google) HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [703008 2009-06-23] (Acer Incorporated) HKLM\...\Run: [EgisTecLiveUpdate] - C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-05-13] (Egis Technology Inc.) HKLM\...\Run: [PLFSetI] - C:\Windows\PLFSetI.exe [200704 2008-07-29] () HKLM\...\Run: [LManager] - C:\Program Files\Launch Manager\LManager.exe [1131016 2009-06-16] (Dritek System Inc.) HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1418536 2009-01-09] (Synaptics, Inc.) HKLM\...\Run: [ArcadeDeluxeAgent] - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [156968 2009-05-05] (CyberLink Corp.) HKLM\...\Run: [CLMLServer] - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe [206120 2009-05-05] (CyberLink) HKLM\...\Run: [PlayMovie] - C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe [173288 2009-05-04] (Acer Corp.) HKLM\...\Run: [avast5] - C:\Program Files\Alwil Software\Avast5\AvastUI.exe [3568312 2013-11-04] (AVAST Software) HKLM\...\Run: [Skytel] - C:\Program Files\Realtek\Audio\HDA\SkyTel.exe [1833504 2009-02-11] (Realtek Semiconductor Corp.) HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] () HKLM\...\Run: [Lexmark X1100 Series] - C:\Program Files\Lexmark X1100 Series\LXBKbmgr.exe [74408 2008-02-28] (Lexmark International, Inc.) HKLM\...\Run: [lxbkbmgr.exe] - C:\Program Files\Lexmark X1100 Series\LXBKbmgr.exe [74408 2008-02-28] (Lexmark International, Inc.) HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\hpwuschd2.exe [49208 2010-06-09] (Hewlett-Packard) HKLM\...\Run: [] - [x] HKLM\...\Run: [Bonus.SSR.FR11] - C:\Program Files\ABBYY FineReader 11\Bonus.ScreenshotReader.exe [925960 2011-08-18] (ABBYY.) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Run: [AvastUI.exe] - C:\Program Files\Alwil Software\Avast5\AvastUI.exe [3568312 2013-11-04] (AVAST Software) HKCU\...\Run: [ProductReg] - C:\Program Files\Acer\WR_PopUp\ProductReg.exe [135168 2009-04-15] (Acer) HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-07-02] (Google Inc.) HKCU\...\Run: [Google Update] - C:\Users\Marcin\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2010-08-04] (Google Inc.) HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\wmpnscfg.exe [202240 2008-01-21] (Microsoft Corporation) HKCU\...\Run: [C:\Program Files\NetMeter\NetMeter.exe] - C:\Program Files\NetMeter\NetMeter.exe [331264 2007-08-11] () MountPoints2: {7a5afd41-74e9-11e0-bfb0-002622240831} - E:\install.exe MountPoints2: {9663c26c-85e1-11df-843f-b7f8cdfc4aab} - D:\WELCOME.EXE HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\Default\...\Run: [ProductReg] - C:\Program Files\Acer\WR_PopUp\ProductReg.exe [ 2009-04-15] (Acer) HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files\Acer\Screensaver\run_Acer.exe [ 2009-06-29] () HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\Default User\...\Run: [ProductReg] - C:\Program Files\Acer\WR_PopUp\ProductReg.exe [ 2009-04-15] (Acer) HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files\Acer\Screensaver\run_Acer.exe [ 2009-06-29] () AppInit_DLLs: c:\progra~2\bitguard\271832~1.68\{c16c1~1\bitguard.dll [ ] () Startup: C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Lunabar Taskbar Icon.lnk ShortcutTarget: Lunabar Taskbar Icon.lnk -> C:\Program Files\Lunabar\Lunabar.exe (Infra-Azure Labs) Startup: C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MailWasherFree.lnk ShortcutTarget: MailWasherFree.lnk -> C:\Program Files\FireTrust\MailWasher Free\MailWasher.exe (Firetrust Ltd) Startup: C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MailWasherPro.lnk ShortcutTarget: MailWasherPro.lnk -> C:\Program Files\FireTrust\MailWasher Free\MailWasher.exe (Firetrust Ltd) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-search.com/?babsrc=HP_ss&mntrId=3A5E002622240831&affID=119535&tsp=5032 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0415&m=aspire_5732z&r=2v250710a215l0324zr55t47i2x37o HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://global.acer.com HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.delta-search.com/?babsrc=HP_ss&mntrId=3A5E002622240831&affID=119535&tsp=5032 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/solidyoutube/{6734B413-C541-404B-8663-CAB8DBE37335} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0415&m=aspire_5732z&r=2v250710a215l0324zr55t47i2x37o URLSearchHook: ATTENTION ==> Default URLSearchHook is missing. URLSearchHook: HKCU - ToolbarURLSearchHook Class - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\Solid YouTube Downloader and Converter DB Toolbar\tbhelper.dll () SearchScopes: HKCU - ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=3A5E002622240831&affID=119535&tsp=5032 SearchScopes: HKCU - {70D46D94-BF1E-45ED-B567-48701376298E} URL = http://127.0.0.1:4664/search&s=M1lbYMcojdSMIvfeloBOjXQ2K4E?q={searchTerms} SearchScopes: HKCU - {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} URL = http://www.bigseekpro.com/search/browser/solidyoutube/{6734B413-C541-404B-8663-CAB8DBE37335}?q={searchTerms} BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files\Delta\delta\1.8.24.6\bh\delta.dll (Delta-search.com) BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: Freemake.YoutubeButton - {e9e8eb35-ff77-455d-b677-91e5e4fc06c2} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) BHO: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) BHO: SMTTB2009 Class - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Solid YouTube Downloader and Converter DB Toolbar\tbcore3.dll () BHO: Yontoo - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC) Toolbar: HKLM - Solid YouTube Downloader and Converter DB Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\Solid YouTube Downloader and Converter DB Toolbar\tbcore3.dll () Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKLM - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files\Delta\delta\1.8.24.6\deltaTlbr.dll (Delta-search.com) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - Solid YouTube Downloader and Converter DB Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\Solid YouTube Downloader and Converter DB Toolbar\tbcore3.dll () Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\Marcin\AppData\Roaming\Mozilla\Firefox\Profiles\z8lxpcz6.default FF user.js: detected! => C:\Users\Marcin\AppData\Roaming\Mozilla\Firefox\Profiles\z8lxpcz6.default\user.js FF NewTab: hxxp://www.delta-search.com/?babsrc=NT_ss&mntrId=3A5E002622240831&affID=119535&tsp=5032 FF Homepage: hxxp://www.delta-search.com/?babsrc=HP_ss&mntrId=3A5E002622240831&affID=119535&tsp=5032 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_152.dll () FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/Photosynth,version=2.0 - C:\Program Files\Photosynth\npPhotosynthMozilla.dll () FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Marcin\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Marcin\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF Extension: No Name - C:\Users\Marcin\AppData\Roaming\Mozilla\Firefox\Profiles\z8lxpcz6.default\Extensions\ffxtlbr@babylon.com FF Extension: Delta Toolbar - C:\Users\Marcin\AppData\Roaming\Mozilla\Firefox\Profiles\z8lxpcz6.default\Extensions\ffxtlbr@delta.com FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF FF HKLM\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com\ FF Extension: Freemake Video Downloader Plugin - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com\ FF HKLM\...\Firefox\Extensions: [ytfmdownloader@gmail.com] - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com\ FF Extension: Freemake Youtube Download Button - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com\ FF HKLM\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ FF Extension: Freemake Video Converter Plugin - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ FF HKLM\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ Chrome: ======= CHR HomePage: hxxp://www.delta-search.com/?babsrc=HP_ss&mntrId=3A5E002622240831&affID=119535&tsp=5032 CHR RestoreOnStartup: "hxxp://www.delta-search.com/?babsrc=HP_ss&mntrId=3A5E002622240831&affID=119535&tsp=5032" CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Users\Marcin\AppData\Local\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Users\Marcin\AppData\Local\Google\Chrome\Application\31.0.1650.57\pdf.dll () CHR Plugin: (Shockwave Flash) - C:\Users\Marcin\AppData\Local\Google\Chrome\Application\31.0.1650.57\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File CHR Plugin: ( "name": "",) - C:\Program Files\Photosynth\npPhotosynthMozilla.dll () CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Extension: (YouTube) - C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (Google Search) - C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 CHR Extension: (Freemake Video Downloader) - C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh\1.0.0_0 CHR Extension: (YouTube Video Downloader) - C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpcddcfoblbgmnaklcpkbfajnfikinhn\1.1_0 CHR Extension: (Yontoo) - C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.2_0 CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0 CHR Extension: (Google Wallet) - C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0 CHR Extension: (Gmail) - C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1 CHR HKLM\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx CHR HKLM\...\Chrome\Extension: [ehgldbbpchgpcfagfpfjgoomddhccfgh] - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\ChromeYoutubePlugin.crx CHR HKLM\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\Marcin\AppData\Roaming\BabSolution\CR\Delta.crx CHR HKLM\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx CHR HKLM\...\Chrome\Extension: [niapdbllcanepiiimjjndipklodoedlc] - C:\Program Files\Yontoo\YontooLayers.crx CHR StartMenuInternet: Google Chrome - C:\Users\Marcin\AppData\Local\Google\Chrome\Application\chrome.exe ========================== Services (Whitelisted) ================= R2 ABBYY.Licensing.FineReader.Professional.11.0; C:\Program Files\ABBYY FineReader 11\NetworkLicenseServer.exe [819976 2011-08-18] (ABBYY) R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2013-11-04] (AVAST Software) R2 BitGuard; C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [3780064 2013-11-18] () R2 CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [75048 2009-04-14] () R2 ePowerSvc; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [723488 2009-06-23] (Acer Incorporated) R2 FreemakeVideoCapture; C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe [8704 2012-12-19] (Freemake) S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-08-04] (Google) R2 lxbk_device; C:\Windows\system32\lxbkcoms.exe [537256 2008-02-19] ( ) R2 MWLService; C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-05-14] (Egis Technology Inc.) R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144640 2009-06-17] (NewTech Infosystems, Inc.) ==================== Drivers (Whitelisted) ==================== R2 acedrv11; C:\Windows\system32\drivers\acedrv11.sys [185472 2010-02-24] (Protect Software GmbH) R2 aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [35656 2013-11-04] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2013-11-04] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [54832 2013-11-04] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49944 2013-10-21] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [774392 2013-11-04] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [403440 2013-11-06] (AVAST Software) R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57672 2013-11-04] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [178304 2013-10-21] () R1 DPMemGridVista; C:\Program Files\GridVista\DPMemGridVista.sys [10504 2008-10-01] (Dritek System Inc.) R3 L1C; C:\Windows\System32\DRIVERS\L1C60x86.sys [49664 2009-01-15] (Atheros Communications, Inc.) R1 mwlPSDFilter; C:\Windows\System32\DRIVERS\mwlPSDFilter.sys [19504 2008-12-04] (Egis Incorporated.) R1 mwlPSDNServ; C:\Windows\System32\DRIVERS\mwlPSDNServ.sys [16432 2008-12-04] (Egis Incorporated.) R1 mwlPSDVDisk; C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys [59952 2008-12-04] (Egis Incorporated.) R3 NPF; C:\Windows\System32\drivers\NPF.sys [35088 2011-02-11] (CACE Technologies, Inc.) S3 NWUSBPort2; C:\Windows\System32\DRIVERS\nwusbser2.sys [174336 2009-01-19] (Novatel Wireless Inc.) S3 IpInIp; system32\DRIVERS\ipinip.sys [x] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-11-22 22:42 - 2013-11-22 23:01 - 00025064 _____ C:\Users\Marcin\Downloads\FRST.txt 2013-11-22 22:42 - 2013-11-22 22:42 - 00000000 ____D C:\FRST 2013-11-22 22:41 - 2013-11-22 22:41 - 01091001 _____ (Farbar) C:\Users\Marcin\Downloads\FRST.exe 2013-11-22 22:38 - 2013-11-22 22:38 - 00067632 _____ C:\Users\Marcin\Downloads\Extras.Txt 2013-11-22 22:34 - 2013-11-22 22:34 - 00094272 _____ C:\Users\Marcin\Downloads\OTL.Txt 2013-11-22 22:06 - 2013-11-22 22:06 - 00602112 _____ (OldTimer Tools) C:\Users\Marcin\Downloads\OTL.exe 2013-11-22 21:57 - 2013-11-22 21:57 - 00000474 _____ C:\Users\Marcin\Desktop\defogger_disable.log 2013-11-22 21:56 - 2013-11-22 21:56 - 00050477 _____ C:\Users\Marcin\Downloads\Defogger (1).exe 2013-11-22 21:55 - 2013-11-22 21:55 - 00000474 _____ C:\Users\Marcin\Downloads\defogger_disable.log 2013-11-22 21:55 - 2013-11-22 21:55 - 00000000 _____ C:\Users\Marcin\defogger_reenable 2013-11-22 21:53 - 2013-11-22 21:53 - 00050477 _____ C:\Users\Marcin\Desktop\Defogger.exe 2013-11-21 12:05 - 2013-11-21 12:05 - 00000000 ____D C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard 2013-11-13 06:10 - 2013-10-13 11:42 - 12344832 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-11-13 06:10 - 2013-10-13 11:08 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-11-13 06:10 - 2013-10-13 10:48 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-11-13 06:10 - 2013-10-13 10:37 - 01104896 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-11-13 06:10 - 2013-10-13 10:35 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2013-11-13 06:10 - 2013-10-13 10:35 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-11-13 06:10 - 2013-10-13 10:33 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2013-11-13 06:10 - 2013-10-13 10:32 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-11-13 06:10 - 2013-10-13 10:30 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-11-13 06:10 - 2013-10-13 10:30 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2013-11-13 06:10 - 2013-10-13 10:29 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2013-11-13 06:10 - 2013-10-13 10:27 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-11-13 06:10 - 2013-10-13 10:27 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-11-13 06:10 - 2013-10-13 10:26 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2013-11-13 06:10 - 2013-10-13 10:25 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-11-13 06:10 - 2013-10-13 10:20 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-11-13 05:51 - 2013-10-11 03:08 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL 2013-11-13 05:51 - 2013-10-11 03:07 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL 2013-11-13 05:51 - 2013-10-11 01:39 - 00218228 _____ C:\Windows\system32\WFP.TMF 2013-11-13 05:51 - 2013-10-03 13:45 - 00993792 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2013-11-13 05:51 - 2013-10-03 13:45 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2013-11-12 05:36 - 2013-11-12 05:37 - 24642655 _____ C:\Users\Marcin\Downloads\NA POŁUDNIE.pptx 2013-11-10 06:45 - 2013-11-10 06:46 - 11083014 _____ C:\Users\Marcin\Downloads\polska_zachod.pptx 2013-11-07 12:33 - 2013-11-07 12:36 - 20651511 _____ C:\Users\Marcin\Downloads\gory z podpisami.pptx 2013-11-04 08:06 - 2013-11-04 08:06 - 00000000 ____D C:\Users\Marcin\AppData\Roaming\AVAST Software 2013-11-04 07:12 - 2013-11-04 07:12 - 00000000 ____D C:\Windows\system32\searchplugins 2013-11-04 07:12 - 2013-11-04 07:12 - 00000000 ____D C:\Windows\system32\Extensions 2013-10-30 20:51 - 2013-10-30 20:51 - 00000000 ____D C:\Users\Marcin\Desktop\Ćwiczenia od Masażysty ==================== One Month Modified Files and Folders ======= 2013-11-22 23:01 - 2013-11-22 22:42 - 00025064 _____ C:\Users\Marcin\Downloads\FRST.txt 2013-11-22 22:52 - 2011-05-17 04:58 - 00001036 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-11-22 22:42 - 2013-11-22 22:42 - 00000000 ____D C:\FRST 2013-11-22 22:41 - 2013-11-22 22:41 - 01091001 _____ (Farbar) C:\Users\Marcin\Downloads\FRST.exe 2013-11-22 22:38 - 2013-11-22 22:38 - 00067632 _____ C:\Users\Marcin\Downloads\Extras.Txt 2013-11-22 22:34 - 2013-11-22 22:34 - 00094272 _____ C:\Users\Marcin\Downloads\OTL.Txt 2013-11-22 22:25 - 2013-03-07 14:21 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-11-22 22:15 - 2010-08-04 17:47 - 00001062 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1656446002-2390576646-1956056198-1000UA.job 2013-11-22 22:09 - 2008-01-21 07:21 - 01495500 _____ C:\Windows\system32\PerfStringBackup.INI 2013-11-22 22:09 - 2008-01-21 07:20 - 00672390 _____ C:\Windows\system32\perfh015.dat 2013-11-22 22:09 - 2008-01-21 07:20 - 00130766 _____ C:\Windows\system32\perfc015.dat 2013-11-22 22:08 - 2010-07-02 14:58 - 01176241 _____ C:\Windows\WindowsUpdate.log 2013-11-22 22:06 - 2013-11-22 22:06 - 00602112 _____ (OldTimer Tools) C:\Users\Marcin\Downloads\OTL.exe 2013-11-22 22:06 - 2011-06-17 05:33 - 00000000 ____D C:\Users\Marcin\AppData\Roaming\MailWasherPro 2013-11-22 22:03 - 2011-05-17 04:58 - 00001032 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-11-22 22:03 - 2006-11-02 13:58 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-11-22 22:03 - 2006-11-02 13:45 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2013-11-22 22:03 - 2006-11-02 13:45 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2013-11-22 22:02 - 2006-11-02 13:58 - 00032578 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-11-22 21:57 - 2013-11-22 21:57 - 00000474 _____ C:\Users\Marcin\Desktop\defogger_disable.log 2013-11-22 21:56 - 2013-11-22 21:56 - 00050477 _____ C:\Users\Marcin\Downloads\Defogger (1).exe 2013-11-22 21:55 - 2013-11-22 21:55 - 00000474 _____ C:\Users\Marcin\Downloads\defogger_disable.log 2013-11-22 21:55 - 2013-11-22 21:55 - 00000000 _____ C:\Users\Marcin\defogger_reenable 2013-11-22 21:55 - 2010-07-02 09:18 - 00000000 ____D C:\Users\Marcin 2013-11-22 21:53 - 2013-11-22 21:53 - 00050477 _____ C:\Users\Marcin\Desktop\Defogger.exe 2013-11-22 16:15 - 2010-08-04 17:47 - 00001010 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1656446002-2390576646-1956056198-1000Core.job 2013-11-22 08:57 - 2010-10-14 13:11 - 00000000 ____D C:\Users\Marcin\AppData\Local\Adobe 2013-11-22 08:56 - 2012-12-21 21:05 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2013-11-22 08:56 - 2011-09-09 05:33 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2013-11-22 07:57 - 2011-04-30 11:05 - 00000000 ___RD C:\Users\Marcin\Documents\Moje dokumenty 2013-11-21 16:31 - 2012-01-26 10:23 - 00013030 _____ C:\Users\Marcin\AppData\Roaming\PDOXUSRS.NET 2013-11-21 12:05 - 2013-11-21 12:05 - 00000000 ____D C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard 2013-11-21 12:04 - 2013-10-11 17:27 - 00000000 ____D C:\ProgramData\BitGuard 2013-11-15 17:14 - 2013-09-13 05:15 - 00028534 _____ C:\Windows\PFRO.log 2013-11-15 16:44 - 2012-01-26 09:45 - 00000000 ____D C:\Astro123 2013-11-13 07:01 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\rescache 2013-11-13 06:39 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\pl-PL 2013-11-13 06:10 - 2009-08-19 16:13 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-11-13 06:06 - 2013-07-12 17:44 - 00000000 ____D C:\Windows\system32\MRT 2013-11-13 05:59 - 2006-11-02 11:24 - 80340640 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2013-11-12 05:37 - 2013-11-12 05:36 - 24642655 _____ C:\Users\Marcin\Downloads\NA POŁUDNIE.pptx 2013-11-10 06:46 - 2013-11-10 06:45 - 11083014 _____ C:\Users\Marcin\Downloads\polska_zachod.pptx 2013-11-07 12:36 - 2013-11-07 12:33 - 20651511 _____ C:\Users\Marcin\Downloads\gory z podpisami.pptx 2013-11-07 06:37 - 2010-07-29 19:36 - 00050688 _____ C:\Users\Marcin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-11-07 01:12 - 2006-11-02 13:49 - 00134552 _____ C:\Windows\setupact.log 2013-11-06 20:16 - 2010-08-04 19:38 - 00403440 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2013-11-04 08:15 - 2011-05-23 04:47 - 00774392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2013-11-04 08:15 - 2010-08-04 19:38 - 00070384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2013-11-04 08:15 - 2010-08-04 19:38 - 00057672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys 2013-11-04 08:15 - 2010-08-04 19:38 - 00054832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys 2013-11-04 08:15 - 2010-08-04 19:38 - 00035656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys 2013-11-04 08:15 - 2010-08-04 19:36 - 00269216 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2013-11-04 08:15 - 2010-08-04 19:36 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2013-11-04 08:06 - 2013-11-04 08:06 - 00000000 ____D C:\Users\Marcin\AppData\Roaming\AVAST Software 2013-11-04 07:12 - 2013-11-04 07:12 - 00000000 ____D C:\Windows\system32\searchplugins 2013-11-04 07:12 - 2013-11-04 07:12 - 00000000 ____D C:\Windows\system32\Extensions 2013-10-30 20:51 - 2013-10-30 20:51 - 00000000 ____D C:\Users\Marcin\Desktop\Ćwiczenia od Masażysty Some content of TEMP: ==================== C:\Users\Marcin\AppData\Local\Temp\rtdrvmon.exe C:\Users\Marcin\AppData\Local\Temp\RtkBtMnt.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-11-22 22:09 ==================== End Of Log ============================