OTL logfile created on: 2013-11-22 22:07:59 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Marcin\Downloads Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,93 Gb Total Physical Memory | 1,78 Gb Available Physical Memory | 60,66% Memory free 6,06 Gb Paging File | 4,99 Gb Available in Paging File | 82,37% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 288,08 Gb Total Space | 107,64 Gb Free Space | 37,36% Space Free | Partition Type: NTFS Drive D: | 49,26 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: MARCIN-PC | User Name: Marcin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2013-11-22 22:06:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Marcin\Downloads\OTL.exe PRC - [2013-11-18 15:32:40 | 003,780,064 | ---- | M] () -- C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe PRC - [2013-11-04 08:15:54 | 003,568,312 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe PRC - [2013-11-04 08:15:54 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe PRC - [2013-07-23 01:46:22 | 000,193,696 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.2.241.0\BBSvc.EXE PRC - [2013-05-10 08:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012-12-19 12:05:16 | 000,008,704 | ---- | M] (Freemake) -- C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe PRC - [2011-08-18 14:47:48 | 000,819,976 | ---- | M] (ABBYY) -- C:\Program Files\ABBYY FineReader 11\NetworkLicenseServer.exe PRC - [2010-07-02 09:22:17 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Marcin\AppData\Local\Temp\RtkBtMnt.exe PRC - [2009-06-23 16:45:50 | 000,723,488 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe PRC - [2009-06-23 16:45:50 | 000,703,008 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe PRC - [2009-06-23 16:45:48 | 000,453,152 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe PRC - [2009-06-16 12:33:26 | 001,131,016 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe PRC - [2009-05-14 22:03:30 | 000,305,448 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe PRC - [2009-05-13 18:39:42 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe PRC - [2009-05-05 11:12:20 | 000,206,120 | ---- | M] (CyberLink) -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe PRC - [2009-05-05 11:12:08 | 000,156,968 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe PRC - [2009-05-04 13:43:14 | 000,173,288 | ---- | M] (Acer Corp.) -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe PRC - [2009-04-14 16:48:50 | 000,075,048 | ---- | M] () -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe PRC - [2009-04-11 07:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE PRC - [2009-04-11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008-07-29 18:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe PRC - [2008-05-09 06:30:00 | 000,369,152 | ---- | M] (Infra-Azure Labs) -- C:\Program Files\Lunabar\Lunabar.exe PRC - [2008-02-28 11:59:18 | 000,074,408 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark X1100 Series\LXBKbmgr.exe PRC - [2008-02-28 11:57:36 | 000,058,024 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark X1100 Series\LXBKbmon.exe PRC - [2008-02-19 09:12:18 | 000,537,256 | ---- | M] ( ) -- C:\Windows\System32\lxbkcoms.exe PRC - [2008-01-17 13:13:06 | 016,691,142 | ---- | M] (Firetrust Ltd) -- C:\Program Files\FireTrust\MailWasher Free\MailWasher.exe PRC - [2007-08-11 14:50:00 | 000,331,264 | ---- | M] () -- C:\Program Files\NetMeter\NetMeter.exe PRC - [2003-06-12 01:42:18 | 000,114,688 | ---- | M] () -- C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2013-11-18 15:32:40 | 003,780,064 | ---- | M] () -- C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe MOD - [2013-11-14 12:29:31 | 000,399,312 | ---- | M] () -- C:\Users\Marcin\AppData\Local\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll MOD - [2013-11-14 12:29:29 | 004,055,504 | ---- | M] () -- C:\Users\Marcin\AppData\Local\Google\Chrome\Application\31.0.1650.57\pdf.dll MOD - [2013-11-14 12:28:34 | 001,619,408 | ---- | M] () -- C:\Users\Marcin\AppData\Local\Google\Chrome\Application\31.0.1650.57\ffmpegsumo.dll MOD - [2013-10-21 11:08:35 | 019,336,120 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\libcef.dll MOD - [2009-05-05 11:12:24 | 000,873,768 | ---- | M] () -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMediaLibrary.dll MOD - [2009-05-05 11:12:16 | 000,013,096 | ---- | M] () -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvcPS.dll MOD - [2008-07-29 18:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe MOD - [2007-08-11 14:50:00 | 000,331,264 | ---- | M] () -- C:\Program Files\NetMeter\NetMeter.exe MOD - [2005-01-12 17:22:30 | 000,608,768 | ---- | M] () -- C:\Program Files\FireTrust\MailWasher Free\MailAnalysis.dll MOD - [2003-06-12 01:42:18 | 000,114,688 | ---- | M] () -- C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe MOD - [2003-06-07 06:30:08 | 000,057,344 | ---- | M] () -- C:\Program Files\Launch Manager\PowerUtl.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV - [2013-11-22 08:56:45 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013-11-18 15:32:40 | 003,780,064 | ---- | M] () [Auto | Running] -- C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe -- (BitGuard) SRV - [2013-11-04 08:15:54 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV - [2013-07-23 01:46:22 | 000,240,288 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\7.2.241.0\SeaPort.EXE -- (BBUpdate) SRV - [2013-07-23 01:46:22 | 000,193,696 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\7.2.241.0\BBSvc.EXE -- (BBSvc) SRV - [2013-05-10 08:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012-12-19 12:05:16 | 000,008,704 | ---- | M] (Freemake) [Auto | Running] -- C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe -- (FreemakeVideoCapture) SRV - [2012-10-11 02:05:59 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2011-08-18 14:47:48 | 000,819,976 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files\ABBYY FineReader 11\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Professional.11.0) SRV - [2009-06-23 16:45:50 | 000,723,488 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc) SRV - [2009-05-14 22:03:30 | 000,305,448 | ---- | M] () [Auto | Running] -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService) SRV - [2009-04-14 16:48:50 | 000,075,048 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService) SRV - [2008-02-19 09:12:18 | 000,537,256 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxbkcoms.exe -- (lxbk_device) SRV - [2008-01-21 03:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2013-11-06 20:16:14 | 000,403,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswsp.sys -- (aswSP) DRV - [2013-11-04 08:15:58 | 000,774,392 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2013-11-04 08:15:58 | 000,070,384 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2013-11-04 08:15:58 | 000,057,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2013-11-04 08:15:58 | 000,054,832 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2013-11-04 08:15:58 | 000,035,656 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2013-10-21 11:08:37 | 000,178,304 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm) DRV - [2013-10-21 11:08:37 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt) DRV - [2011-02-11 22:23:34 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF) DRV - [2010-02-24 11:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11) DRV - [2009-06-23 07:53:18 | 001,181,184 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2009-01-19 09:15:06 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbser2.sys -- (NWUSBPort2) DRV - [2009-01-19 09:15:06 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbser.sys -- (NWUSBPort) DRV - [2009-01-19 09:15:06 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbmdm.sys -- (NWUSBModem) DRV - [2009-01-15 04:03:14 | 000,049,664 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C60x86.sys -- (L1C) DRV - [2008-12-04 17:34:34 | 000,059,952 | ---- | M] (Egis Incorporated.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV - [2008-12-04 17:34:34 | 000,019,504 | ---- | M] (Egis Incorporated.) [File_System | System | Running] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV - [2008-12-04 17:34:34 | 000,016,432 | ---- | M] (Egis Incorporated.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV - [2008-10-01 04:50:50 | 000,010,504 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\GridVista\DPMemGridVista.sys -- (DPMemGridVista) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0415&m=aspire_5732z&r=2v250710a215l0324zr55t47i2x37o IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/solidyoutube/{6734B413-C541-404B-8663-CAB8DBE37335} IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1656446002-2390576646-1956056198-1000\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.delta-search.com/?babsrc=HP_ss&mntrId=3A5E002622240831&affID=119535&tsp=5032 IE - HKU\S-1-5-21-1656446002-2390576646-1956056198-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0415&m=aspire_5732z&r=2v250710a215l0324zr55t47i2x37o IE - HKU\S-1-5-21-1656446002-2390576646-1956056198-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie IE - HKU\S-1-5-21-1656446002-2390576646-1956056198-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data] IE - HKU\S-1-5-21-1656446002-2390576646-1956056198-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie IE - HKU\S-1-5-21-1656446002-2390576646-1956056198-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKU\S-1-5-21-1656446002-2390576646-1956056198-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://global.acer.com [binary data] IE - HKU\S-1-5-21-1656446002-2390576646-1956056198-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-search.com/?babsrc=HP_ss&mntrId=3A5E002622240831&affID=119535&tsp=5032 IE - HKU\S-1-5-21-1656446002-2390576646-1956056198-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-1656446002-2390576646-1956056198-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKU\S-1-5-21-1656446002-2390576646-1956056198-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKU\S-1-5-21-1656446002-2390576646-1956056198-1000\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\Solid YouTube Downloader and Converter DB Toolbar\tbhelper.dll () IE - HKU\S-1-5-21-1656446002-2390576646-1956056198-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-1656446002-2390576646-1956056198-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKU\S-1-5-21-1656446002-2390576646-1956056198-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1656446002-2390576646-1956056198-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=3A5E002622240831&affID=119535&tsp=5032 IE - HKU\S-1-5-21-1656446002-2390576646-1956056198-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_pl IE - HKU\S-1-5-21-1656446002-2390576646-1956056198-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7ACAW_pl&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-1656446002-2390576646-1956056198-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=M1lbYMcojdSMIvfeloBOjXQ2K4E?q={searchTerms} IE - HKU\S-1-5-21-1656446002-2390576646-1956056198-1000\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = http://www.bigseekpro.com/search/browser/solidyoutube/{6734B413-C541-404B-8663-CAB8DBE37335}?q={searchTerms} IE - HKU\S-1-5-21-1656446002-2390576646-1956056198-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - prefs.js..browser.startup.homepage: "http://www.delta-search.com/?babsrc=HP_ss&mntrId=3A5E002622240831&affID=119535&tsp=5032" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_152.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/Photosynth,version=2.0: C:\Program Files\Photosynth\npPhotosynthMozilla.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Marcin\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Marcin\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2013-11-04 08:15:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmdownloader@gmail.com: C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com\ [2012-12-23 18:04:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ytfmdownloader@gmail.com: C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com\ [2012-12-23 18:04:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2012-12-23 18:16:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ [2013-03-23 07:34:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013-03-17 14:25:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-10-22 17:52:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marcin\AppData\Roaming\mozilla\Extensions [2013-10-11 17:27:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marcin\AppData\Roaming\mozilla\Firefox\Profiles\z8lxpcz6.default\extensions [2013-10-11 17:27:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marcin\AppData\Roaming\mozilla\Firefox\Profiles\z8lxpcz6.default\extensions\ffxtlbr@babylon.com [2013-10-11 17:27:34 | 000,000,000 | ---D | M] (Delta Toolbar) -- C:\Users\Marcin\AppData\Roaming\mozilla\Firefox\Profiles\z8lxpcz6.default\extensions\ffxtlbr@delta.com [2013-03-01 08:10:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012-10-31 07:10:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013-04-23 18:06:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\extensions [2013-04-23 18:07:26 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\updated\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013-04-23 18:06:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\updated\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013-03-17 14:25:31 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2013-03-17 14:25:18 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2013-03-17 14:25:18 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}, CHR - homepage: http://www.delta-search.com/?babsrc=HP_ss&mntrId=3A5E002622240831&affID=119535&tsp=5032 CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Marcin\AppData\Local\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Marcin\AppData\Local\Google\Chrome\Application\31.0.1650.57\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Marcin\AppData\Local\Google\Chrome\Application\31.0.1650.57\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: (Enabled) = C:\Program Files\Photosynth\npPhotosynthMozilla.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: YouTube = C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Szukaj w Google = C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Freemake Video Downloader = C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh\1.0.0_0\ CHR - Extension: YouTube Video Downloader = C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpcddcfoblbgmnaklcpkbfajnfikinhn\1.1_0\ CHR - Extension: Yontoo = C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.2_0\ CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0\ CHR - Extension: Google Wallet = C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\ CHR - Extension: Gmail = C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2006-09-18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files\Delta\delta\1.8.24.6\bh\delta.dll (Delta-search.com) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Solid YouTube Downloader and Converter DB Toolbar\tbcore3.dll () O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC) O3 - HKLM\..\Toolbar: (Solid YouTube Downloader and Converter DB Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\Solid YouTube Downloader and Converter DB Toolbar\tbcore3.dll () O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files\Delta\delta\1.8.24.6\deltaTlbr.dll (Delta-search.com) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) O3 - HKU\S-1-5-21-1656446002-2390576646-1956056198-1000\..\Toolbar\WebBrowser: (Solid YouTube Downloader and Converter DB Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\Solid YouTube Downloader and Converter DB Toolbar\tbcore3.dll () O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software) O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software) O4 - HKLM..\Run: [Bonus.SSR.FR11] C:\Program Files\ABBYY FineReader 11\Bonus.ScreenshotReader.exe (ABBYY.) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [Lexmark X1100 Series] C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe (Lexmark International, Inc.) O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [lxbkbmgr.exe] C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe (Lexmark International, Inc.) O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-1656446002-2390576646-1956056198-1000..\Run: [C:\Program Files\NetMeter\NetMeter.exe] C:\Program Files\NetMeter\NetMeter.exe () O4 - HKU\S-1-5-21-1656446002-2390576646-1956056198-1000..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer) O4 - Startup: C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Lunabar Taskbar Icon.lnk = C:\Program Files\Lunabar\Lunabar.exe (Infra-Azure Labs) O4 - Startup: C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MailWasherFree.lnk = C:\Program Files\FireTrust\MailWasher Free\MailWasher.exe (Firetrust Ltd) O4 - Startup: C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MailWasherPro.lnk = C:\Program Files\FireTrust\MailWasher Free\MailWasher.exe (Firetrust Ltd) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Free YouTube Download - C:\Program Files\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to DVD Converter - C:\Users\Marcin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetodvdconverter.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm () O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-1656446002-2390576646-1956056198-1000\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKU\S-1-5-21-1656446002-2390576646-1956056198-1000\..Trusted Ranges: GD ([http] in Local intranet) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{36F2FB57-622A-47FC-966B-A405C81E5EB4}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C1931BBE-08B1-43E2-844C-4254CF51DAD0}: DhcpNameServer = 192.168.2.1 O20 - AppInit_DLLs: (c:\progra~2\bitguard\271832~1.68\{c16c1~1\bitguard.dll) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Marcin\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg O24 - Desktop BackupWallPaper: C:\Users\Marcin\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006-09-18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2003-07-12 12:32:48 | 000,000,043 | R--- | M] () - D:\Autorun.inf -- [ CDFS ] O33 - MountPoints2\{7a5afd41-74e9-11e0-bfb0-002622240831}\Shell - "" = AutoRun O33 - MountPoints2\{7a5afd41-74e9-11e0-bfb0-002622240831}\Shell\AutoRun\command - "" = E:\install.exe O33 - MountPoints2\{9663c26c-85e1-11df-843f-b7f8cdfc4aab}\Shell - "" = AutoRun O33 - MountPoints2\{9663c26c-85e1-11df-843f-b7f8cdfc4aab}\Shell\AutoRun\command - "" = D:\Welcome.exe -- [2003-07-16 20:37:24 | 000,385,536 | R--- | M] () O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013-11-21 12:05:14 | 000,000,000 | ---D | C] -- C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard [2013-11-13 06:10:20 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013-11-13 06:10:18 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013-11-13 06:10:18 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013-11-13 06:10:17 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013-11-13 06:10:17 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013-11-13 06:10:14 | 001,806,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013-11-13 06:10:14 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013-11-13 06:10:09 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013-11-13 05:51:11 | 000,596,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL [2013-11-04 08:06:00 | 000,000,000 | ---D | C] -- C:\Users\Marcin\AppData\Roaming\AVAST Software [2013-11-04 07:12:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\Extensions [2013-11-04 07:12:20 | 000,000,000 | ---D | C] -- C:\Windows\System32\searchplugins [2013-10-30 20:51:39 | 000,000,000 | ---D | C] -- C:\Users\Marcin\Desktop\Ćwiczenia od Masażysty [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013-11-22 22:15:54 | 000,001,062 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1656446002-2390576646-1956056198-1000UA.job [2013-11-22 22:09:53 | 000,672,390 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2013-11-22 22:09:53 | 000,596,246 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013-11-22 22:09:53 | 000,130,766 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2013-11-22 22:09:53 | 000,104,320 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013-11-22 22:03:53 | 000,001,032 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013-11-22 22:03:20 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013-11-22 22:03:18 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013-11-22 22:03:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013-11-22 22:03:02 | 3147,800,576 | -HS- | M] () -- C:\hiberfil.sys [2013-11-22 21:55:08 | 000,000,000 | ---- | M] () -- C:\Users\Marcin\defogger_reenable [2013-11-22 21:53:59 | 000,050,477 | ---- | M] () -- C:\Users\Marcin\Desktop\Defogger.exe [2013-11-22 21:53:05 | 000,001,036 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013-11-22 21:25:15 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013-11-22 16:15:00 | 000,001,010 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1656446002-2390576646-1956056198-1000Core.job [2013-11-22 08:56:45 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013-11-22 08:56:45 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013-11-21 16:31:20 | 000,013,030 | ---- | M] () -- C:\Users\Marcin\AppData\Roaming\PDOXUSRS.NET [2013-11-16 13:07:28 | 000,036,102 | ---- | M] () -- C:\Users\Marcin\Desktop\i.rtf [2013-11-07 06:37:24 | 000,050,688 | ---- | M] () -- C:\Users\Marcin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013-11-06 20:16:14 | 000,403,440 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswsp.sys [2013-11-04 08:15:58 | 000,774,392 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys [2013-11-04 08:15:58 | 000,070,384 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2013-11-04 08:15:58 | 000,057,672 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys [2013-11-04 08:15:58 | 000,054,832 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys [2013-11-04 08:15:58 | 000,035,656 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2013-11-04 08:15:57 | 000,269,216 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe [2013-11-04 08:15:57 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013-11-22 21:55:08 | 000,000,000 | ---- | C] () -- C:\Users\Marcin\defogger_reenable [2013-11-22 21:53:51 | 000,050,477 | ---- | C] () -- C:\Users\Marcin\Desktop\Defogger.exe [2013-11-22 21:15:33 | 3147,800,576 | -HS- | C] () -- C:\hiberfil.sys [2013-11-13 05:51:11 | 000,218,228 | ---- | C] () -- C:\Windows\System32\WFP.TMF [2013-03-05 10:25:32 | 000,178,304 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys [2013-03-05 10:25:31 | 000,049,944 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys [2012-01-26 10:23:22 | 000,013,030 | ---- | C] () -- C:\Users\Marcin\AppData\Roaming\PDOXUSRS.NET [2011-11-26 07:38:45 | 000,000,000 | ---- | C] () -- C:\Windows\longfile.INI [2010-11-21 15:57:53 | 000,481,024 | ---- | C] () -- C:\Program Files\game6.exe [2010-11-21 15:57:53 | 000,481,024 | ---- | C] () -- C:\Program Files\game4.exe [2010-11-21 15:57:53 | 000,424,704 | ---- | C] () -- C:\Program Files\game3.exe [2010-11-21 15:57:53 | 000,384,512 | ---- | C] () -- C:\Program Files\game1.exe [2010-11-21 15:57:53 | 000,000,616 | ---- | C] () -- C:\Program Files\game6.INI [2010-11-21 15:57:53 | 000,000,269 | ---- | C] () -- C:\Program Files\game5.INI [2010-11-21 15:57:53 | 000,000,269 | ---- | C] () -- C:\Program Files\game3.INI [2010-11-21 15:57:53 | 000,000,269 | ---- | C] () -- C:\Program Files\game2.INI [2010-11-21 15:57:52 | 000,424,704 | ---- | C] () -- C:\Program Files\game5.exe [2010-11-21 15:57:52 | 000,424,704 | ---- | C] () -- C:\Program Files\game2.exe [2010-11-21 15:57:52 | 000,000,630 | ---- | C] () -- C:\Program Files\game4.INI [2010-11-21 15:57:52 | 000,000,582 | ---- | C] () -- C:\Program Files\game1.INI [2010-08-04 12:09:52 | 000,000,000 | ---- | C] () -- C:\Users\Marcin\AppData\Roaming\wklnhst.dat [2010-07-29 19:36:34 | 000,050,688 | ---- | C] () -- C:\Users\Marcin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-07-08 16:01:59 | 000,007,052 | ---- | C] () -- C:\Users\Marcin\AppData\Local\d3d9caps.dat [color=#E56717]========== ZeroAccess Check ==========[/color] [2006-11-02 13:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012-06-08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009-04-11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009-04-11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [color=#E56717]========== LOP Check ==========[/color] [2009-08-19 16:30:14 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Acer GameZone Console [2009-08-19 16:30:14 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Acer GameZone Console [2010-07-02 15:03:28 | 000,000,000 | -HSD | M] -- C:\Users\Marcin\AppData\Roaming\.# [2009-08-19 16:30:14 | 000,000,000 | ---D | M] -- C:\Users\Marcin\AppData\Roaming\Acer GameZone Console [2013-11-04 08:06:00 | 000,000,000 | ---D | M] -- C:\Users\Marcin\AppData\Roaming\AVAST Software [2013-10-11 17:26:59 | 000,000,000 | ---D | M] -- C:\Users\Marcin\AppData\Roaming\BabSolution [2013-10-11 17:26:18 | 000,000,000 | ---D | M] -- C:\Users\Marcin\AppData\Roaming\Babylon [2013-10-11 17:27:25 | 000,000,000 | ---D | M] -- C:\Users\Marcin\AppData\Roaming\Delta [2011-10-03 15:16:36 | 000,000,000 | ---D | M] -- C:\Users\Marcin\AppData\Roaming\Dropbox [2013-03-23 07:33:49 | 000,000,000 | ---D | M] -- C:\Users\Marcin\AppData\Roaming\DVDVideoSoft [2012-10-06 13:58:13 | 000,000,000 | ---D | M] -- C:\Users\Marcin\AppData\Roaming\DVDVideoSoftIEHelpers [2010-11-07 19:14:41 | 000,000,000 | ---D | M] -- C:\Users\Marcin\AppData\Roaming\EA [2010-07-06 17:28:27 | 000,000,000 | ---D | M] -- C:\Users\Marcin\AppData\Roaming\eSobi [2011-06-20 18:06:24 | 000,000,000 | ---D | M] -- C:\Users\Marcin\AppData\Roaming\Gadu-Gadu 10 [2012-02-21 20:31:45 | 000,000,000 | ---D | M] -- C:\Users\Marcin\AppData\Roaming\GetRightToGo [2011-07-22 10:30:01 | 000,000,000 | ---D | M] -- C:\Users\Marcin\AppData\Roaming\GHISLER [2012-10-07 07:32:44 | 000,000,000 | ---D | M] -- C:\Users\Marcin\AppData\Roaming\ImTOO [2010-08-18 15:41:35 | 000,000,000 | ---D | M] -- C:\Users\Marcin\AppData\Roaming\InterVideo [2011-05-03 06:57:16 | 000,000,000 | ---D | M] -- C:\Users\Marcin\AppData\Roaming\iPlus [2010-07-13 15:36:35 | 000,000,000 | ---D | M] -- C:\Users\Marcin\AppData\Roaming\iWin [2012-12-30 14:02:04 | 000,000,000 | ---D | M] -- C:\Users\Marcin\AppData\Roaming\LogoMaker [2011-06-17 06:01:12 | 000,000,000 | ---D | M] -- C:\Users\Marcin\AppData\Roaming\MailWasherFree [2013-11-22 22:06:19 | 000,000,000 | ---D | M] -- C:\Users\Marcin\AppData\Roaming\MailWasherPro [2013-05-06 18:12:53 | 000,000,000 | ---D | M] -- C:\Users\Marcin\AppData\Roaming\NetMeter [2012-12-23 18:16:04 | 000,000,000 | ---D | M] -- C:\Users\Marcin\AppData\Roaming\OpenCandy [2010-08-09 12:51:07 | 000,000,000 | ---D | M] -- C:\Users\Marcin\AppData\Roaming\PlayFirst [2010-08-24 11:08:17 | 000,000,000 | ---D | M] -- C:\Users\Marcin\AppData\Roaming\PowerCinema [2013-09-11 15:33:19 | 000,000,000 | ---D | M] -- C:\Users\Marcin\AppData\Roaming\ProtectDISC [2010-07-04 20:16:49 | 000,000,000 | ---D | M] -- C:\Users\Marcin\AppData\Roaming\SoftDMA [2010-08-04 12:10:01 | 000,000,000 | ---D | M] -- C:\Users\Marcin\AppData\Roaming\Template [2012-12-23 18:08:06 | 000,000,000 | ---D | M] -- C:\Users\Marcin\AppData\Roaming\TuneUp Software [2011-09-18 14:03:04 | 000,000,000 | ---D | M] -- C:\Users\Marcin\AppData\Roaming\windows-dvd-maker [2012-10-04 18:50:00 | 000,000,000 | ---D | M] -- C:\Users\Marcin\AppData\Roaming\XMedia Recode [2012-01-29 14:36:16 | 000,000,000 | ---D | M] -- C:\Users\Marcin\AppData\Roaming\Youtube Downloader HD [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:DCAF903C @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:3064D21D @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:CDFF58FE @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:4F636E25 @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:131C0EE9 @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:BB24555F @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:B203B914 @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:ADE16379 @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:ABE89FFE @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:B623B5B8 @Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:9E22BBE8 @Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:814B9485 @Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:E1982A23 @Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:F7862839 @Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:41099CE9 @Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:CE0A077E @Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:8750DCE4 @Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:35759C73 @Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:798A3728 < End of report >