Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-01-2015 01 Ran by ANDRZEJ (administrator) on DANIEL on 17-01-2015 20:23:45 Running from C:\Users\ANDRZEJ\AppData\Local\Opera\Opera\temporary_downloads Loaded Profiles: ANDRZEJ (Available profiles: ANDRZEJ & UpdatusUser) Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Polski (Polska) Internet Explorer Version 10 (Default browser: Chrome) Boot Mode: Safe Mode (with Networking) Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Opera Software) C:\Program Files\Opera\opera.exe (Microsoft Corporation) C:\windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NortonOnlineBackupReminder] => C:\Program Files\Symantec\Norton Online Backup\Activation\NobuActivation.exe [600936 2009-06-29] (Symantec Corporation) HKLM\...\Run: [CanonMyPrinter] => C:\STERONIK IP4000\BJMyPrt.exe [2508104 2009-11-02] (CANON INC.) HKLM\...\Run: [Easy-PrintToolBox] => C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [398944 2006-10-17] (CANON INC.) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [248040 2010-02-18] (Sun Microsystems, Inc.) HKLM\...\Run: [ArcSoft Connection Service] => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.) HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard) HKLM\...\Run: [Nikon Message Center 2] => C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe [619008 2010-05-25] (Nikon Corporation) HKLM\...\Run: [WinampAgent] => C:\Program Files\Winamp\winampa.exe [85600 2013-11-20] (Nullsoft, Inc.) HKLM\...\Run: [hpqSRMon] => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [150016 2008-08-20] (Hewlett-Packard) HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2012-03-27] (Adobe Systems Incorporated) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.) HKLM\...\Run: [QuickTime Task] => C:\FUJI FILM\QTTask.exe [421888 2012-10-25] (Apple Inc.) HKLM\...\Run: [Nvtmru] => C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1012000 2013-05-16] (NVIDIA Corporation) HKLM\...\Run: [AVMENU] => C:\Program Files\Arcabit\ArcaVir\AVMenu.exe [430784 2014-12-19] (Arcabit) HKLM\...\Run: [ARCACLEAN] => C:\Program Files\Arcabit\ArcaVir\ArcaClean.exe [59984 2014-08-27] (ArcaBit) HKU\S-1-5-21-4226905553-3761765020-3972141223-1001\...\Run: [AQQ] => C:\Program Files\WapSter\WapSter AQQ\AQQ.exe [10833408 2012-10-08] () HKU\S-1-5-21-4226905553-3761765020-3972141223-1001\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2008-06-09] (Hewlett-Packard Company) HKU\S-1-5-21-4226905553-3761765020-3972141223-1001\...\Run: [HPADVISOR] => C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-30] (Hewlett-Packard) HKU\S-1-5-21-4226905553-3761765020-3972141223-1001\...\Run: [ALLUpdate] => C:\Program Files\ALLPlayer\ALLUpdate.exe [1379840 2011-08-16] () HKU\S-1-5-21-4226905553-3761765020-3972141223-1001\...\Run: [SpeedUpMyComputer] => C:\Program Files\SmartTweak\SpeedUpMyComputer\SpeedUpMyComputer.exe /ot /as HKU\S-1-5-21-4226905553-3761765020-3972141223-1001\...\MountPoints2: {52d45116-f6f3-11df-9f14-40618635751f} - K:\LaunchU3.exe -a HKU\S-1-5-21-4226905553-3761765020-3972141223-1001\...\MountPoints2: {a6081baa-7c3b-11e2-8c87-40618635751f} - M:\autoplay.exe HKU\S-1-5-21-4226905553-3761765020-3972141223-1001\...\MountPoints2: {aac9ab91-f246-11df-80af-40618635751f} - K:\ICM_ML.exe HKU\S-1-5-21-4226905553-3761765020-3972141223-1001\...\Winlogon: [Shell] C:\Windows\explorer.exe [2616320 2010-11-20] (Microsoft Corporation) <==== ATTENTION HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-03-21] (Microsoft Corporation) AppInit_DLLs: C:\PROGRA~1\SupTab\SEARCH~1.DLL => C:\PROGRA~1\SupTab\SEARCH~1.DLL File Not Found Startup: C:\Users\ANDRZEJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk ShortcutTarget: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton 360\Engine\5.2.2.3\buShell.dll (Symantec Corporation) ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton 360\Engine\5.2.2.3\buShell.dll (Symantec Corporation) ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton 360\Engine\5.2.2.3\buShell.dll (Symantec Corporation) CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?type=hp&ts=1418834392&from=wpm12173&uid=ST3500418AS_9VMA20TW HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=ds&ts=1405151008&from=ild&uid=ST3500418AS_9VMA20TW&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?type=hp&ts=1418834392&from=wpm12173&uid=ST3500418AS_9VMA20TW HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1405151008&from=ild&uid=ST3500418AS_9VMA20TW&q={searchTerms} HKU\S-1-5-21-4226905553-3761765020-3972141223-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?type=hp&ts=1418834392&from=wpm12173&uid=ST3500418AS_9VMA20TW HKU\S-1-5-21-4226905553-3761765020-3972141223-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?type=hp&ts=1418834392&from=wpm12173&uid=ST3500418AS_9VMA20TW HKU\S-1-5-21-4226905553-3761765020-3972141223-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.delta-homes.com/web/?type=ds&ts=1418834392&from=wpm12173&uid=ST3500418AS_9VMA20TW&q={searchTerms} HKU\S-1-5-21-4226905553-3761765020-3972141223-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.delta-homes.com/web/?type=ds&ts=1418834392&from=wpm12173&uid=ST3500418AS_9VMA20TW&q={searchTerms} URLSearchHook: HKU\S-1-5-21-4226905553-3761765020-3972141223-1001 - UsProvider Class - {539F76FD-084E-4858-86D5-62F02F54AE86} - C:\Program Files\Minibar\Minibar.dll (KangoExtensions) SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1405151008&from=ild&uid=ST3500418AS_9VMA20TW&q={searchTerms} SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {18713444-E238-4E6B-B2C7-E80554DCB0CD} URL = http://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1405151008&from=ild&uid=ST3500418AS_9VMA20TW&q={searchTerms} SearchScopes: HKU\S-1-5-21-4226905553-3761765020-3972141223-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.delta-homes.com/web/?type=ds&ts=1418834392&from=wpm12173&uid=ST3500418AS_9VMA20TW&q={searchTerms} SearchScopes: HKU\S-1-5-21-4226905553-3761765020-3972141223-1001 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.delta-search.com/?q={searchTerms}&affID=119357&tt=300513_new&babsrc=SP_ss&mntrId=E44840618635751F SearchScopes: HKU\S-1-5-21-4226905553-3761765020-3972141223-1001 -> {18713444-E238-4E6B-B2C7-E80554DCB0CD} URL = http://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-4226905553-3761765020-3972141223-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.delta-homes.com/web/?type=ds&ts=1418834392&from=wpm12173&uid=ST3500418AS_9VMA20TW&q={searchTerms} SearchScopes: HKU\S-1-5-21-4226905553-3761765020-3972141223-1001 -> {8961C830-6607-4568-A11D-2DC1B1ED1490} URL = http://startsear.ch/?aff=2&src=sp&cf=4c8071e5-6ed5-11e1-a66c-40618635751f&q={searchTerms} SearchScopes: HKU\S-1-5-21-4226905553-3761765020-3972141223-1001 -> {90C99298-F9A8-4D27-A999-4704F12A8027} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=302398&p={searchTerms} BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files\SupTab\SupTab.dll No File BHO: Symantec NCO BHO -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton 360\Engine\5.2.2.3\coIEPlg.dll (Symantec Corporation) BHO: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton 360\Engine\5.2.2.3\IPS\IPSBHO.DLL (Symantec Corporation) BHO: IE5BarLauncherBHO Class -> {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} -> C:\Program Files\StartSearch plugin\ssBarLcher.dll (StartSearch Inc.) BHO: Pomocnik rejestracji usługi Windows Live -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: MinibarBHO -> {AA74D58F-ACD0-450D-A85E-6C04B171C044} -> C:\Program Files\Minibar\Minibar.dll (KangoExtensions) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO: IplexToALLPlayer -> {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} -> C:\Program Files\ALLPlayer\Iplex\IplexToALLPlayer.dll (ALLCinema Ltd.) Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.2.2.3\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM - StartSearchToolBar - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\StartSearch plugin\ssBarLcher.dll (StartSearch Inc.) Toolbar: HKU\S-1-5-21-4226905553-3761765020-3972141223-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File Toolbar: HKU\S-1-5-21-4226905553-3761765020-3972141223-1001 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.2.2.3\coIEPlg.dll (Symantec Corporation) Toolbar: HKU\S-1-5-21-4226905553-3761765020-3972141223-1001 -> StartSearchToolBar - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\StartSearch plugin\ssBarLcher.dll (StartSearch Inc.) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} https://www.bph.pl/pi/components/bph/SignActivX.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\ANDRZEJ\AppData\Roaming\Mozilla\Firefox\Profiles\it22xbtg.default FF NewTab: hxxp://www.delta-homes.com/newtab/?type=nt&ts=1418834392&from=wpm12173&uid=ST3500418AS_9VMA20TW FF DefaultSearchEngine: delta-homes FF DefaultSearchUrl: hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=15627 FF SelectedSearchEngine: delta-homes FF Homepage: hxxp://www.delta-homes.com/?type=hp&ts=1418834392&from=wpm12173&uid=ST3500418AS_9VMA20TW FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_257.dll () FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npnul32.dll (mozilla.org) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll (LiveVDO ) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.) FF SearchPlugin: C:\Users\ANDRZEJ\AppData\Roaming\Mozilla\Firefox\Profiles\it22xbtg.default\searchplugins\babylon.xml FF SearchPlugin: C:\Users\ANDRZEJ\AppData\Roaming\Mozilla\Firefox\Profiles\it22xbtg.default\searchplugins\delta.xml FF SearchPlugin: C:\Users\ANDRZEJ\AppData\Roaming\Mozilla\Firefox\Profiles\it22xbtg.default\searchplugins\startsear.xml FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\delta-homes.xml FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\omiga-plus.xml FF Extension: cacaoweb - C:\Users\ANDRZEJ\AppData\Roaming\Mozilla\Firefox\Profiles\it22xbtg.default\Extensions\cacaoweb@cacaoweb.org [2012-01-19] FF Extension: Security Protection - C:\Users\ANDRZEJ\AppData\Roaming\Mozilla\Firefox\Profiles\it22xbtg.default\Extensions\detgdp@gmail.com [2014-12-17] FF Extension: Fast Start - C:\Users\ANDRZEJ\AppData\Roaming\Mozilla\Firefox\Profiles\it22xbtg.default\Extensions\faststartff@gmail.com [2014-07-12] FF Extension: No Name - C:\Users\ANDRZEJ\AppData\Roaming\Mozilla\Firefox\Profiles\it22xbtg.default\Extensions\ffxtlbr@babylon.com [2013-06-01] FF Extension: Illimitux - C:\Users\ANDRZEJ\AppData\Roaming\Mozilla\Firefox\Profiles\it22xbtg.default\Extensions\illimitux@illimitux.net [2012-01-15] FF Extension: Iplex to ALLPlayer - C:\Users\ANDRZEJ\AppData\Roaming\Mozilla\Firefox\Profiles\it22xbtg.default\Extensions\IplextoALL@ALLPlayer.org [2011-09-28] FF Extension: BPH Sign Plugin - C:\Users\ANDRZEJ\AppData\Roaming\Mozilla\Firefox\Profiles\it22xbtg.default\Extensions\SignPlugin@bph.pl [2010-05-31] FF Extension: No Name - C:\Users\ANDRZEJ\AppData\Roaming\Mozilla\Firefox\Profiles\it22xbtg.default\Extensions\SignPlugin@bph.pl-trash [2010-05-31] FF Extension: No Name - C:\Users\ANDRZEJ\AppData\Roaming\Mozilla\Firefox\Profiles\it22xbtg.default\Extensions\{4D6A6C8E-1EB2-46e1-8CAA-40DAFDE3ED93} [2014-10-21] FF Extension: AppsHat - C:\Users\ANDRZEJ\AppData\Roaming\Mozilla\Firefox\Profiles\it22xbtg.default\Extensions\{97A78363-B868-4B48-AC91-A783A31215AF} [2013-09-04] FF Extension: Modify Headers - C:\Users\ANDRZEJ\AppData\Roaming\Mozilla\Firefox\Profiles\it22xbtg.default\Extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe} [2011-12-11] FF Extension: Adblock Plus - C:\Users\ANDRZEJ\AppData\Roaming\Mozilla\Firefox\Profiles\it22xbtg.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2011-03-04] FF Extension: ArcaBit Ext. - C:\Program Files\Mozilla Firefox\extensions\arcabit@www.arcabit.pl [2013-05-07] FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn FF Extension: Symantec IPS - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn [2011-09-24] FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_13_2 FF Extension: No Name - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_13_2 [2015-01-17] FF HKLM\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\ANDRZEJ\AppData\Roaming\Mozilla\Firefox\Profiles\it22xbtg.default\extensions\faststartff@gmail.com FF HKLM\...\Firefox\Extensions: [detgdp@gmail.com] - C:\Users\ANDRZEJ\AppData\Roaming\Mozilla\Firefox\Profiles\it22xbtg.default\extensions\detgdp@gmail.com Chrome: ======= CHR HomePage: Default -> hxxp://www.delta-homes.com/?type=hp&ts=1418834392&from=wpm12173&uid=ST3500418AS_9VMA20TW CHR StartupUrls: Default -> "hxxp://www.delta-homes.com/?type=hp&ts=1418834392&from=wpm12173&uid=ST3500418AS_9VMA20TW" CHR DefaultSearchKeyword: Default -> delta-homes CHR DefaultSuggestURL: Default -> CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll () CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll No File CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\pdf.dll () CHR Plugin: (LiveVDO plug-in) - C:\Users\ANDRZEJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbiamblgmkgbcgbcgejjgebalncpmhnp\1.3_0\chvsharetvplg.dll (LiveVDO ) CHR Plugin: (LiveVDO plug-in) - C:\Program Files\Mozilla Firefox\plugins\npvsharetvplg.dll (LiveVDO ) CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Java Deployment Toolkit 6.0.200.2) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.) CHR Plugin: (Java(TM) Platform SE 6 U20) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.) CHR Plugin: (Winamp Application Detector) - C:\Program Files\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File CHR Profile: C:\Users\ANDRZEJ\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (YouTube) - C:\Users\ANDRZEJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-10-31] CHR Extension: (Szukaj w Google) - C:\Users\ANDRZEJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-31] CHR Extension: (Google Wallet) - C:\Users\ANDRZEJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22] CHR Extension: (Security Protection) - C:\Users\ANDRZEJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh [2014-12-17] CHR Extension: (LiveVDO plugin) - C:\Users\ANDRZEJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbiamblgmkgbcgbcgejjgebalncpmhnp [2012-10-31] CHR Extension: (Quick start) - C:\Users\ANDRZEJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma [2014-07-12] CHR Extension: (Gmail) - C:\Users\ANDRZEJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-10-31] CHR HKLM\...\Chrome\Extension: [bpeeepmahhfjiediknjejcmcfmjcjdck] - C:\Program Files\Google\Chrome\User Data\Default\Extensions\serach.crx [Not Found] CHR HKLM\...\Chrome\Extension: [dhkplhfnhceodhffomolpfigojocbpcb] - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonChrome.crx [Not Found] CHR HKLM\...\Chrome\Extension: [dkdkpmmkgdbglmfmmmmehbkmnkopingb] - C:\Program Files\Google\Chrome\User Data\Default\Extensions\v9-toolbar.crx [Not Found] CHR HKLM\...\Chrome\Extension: [noajmlkipclmeolfcnflkjhijkigpfjh] - C:\Users\ANDRZEJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh.crx [2014-12-17] CHR HKLM\...\Chrome\Extension: [pbiamblgmkgbcgbcgejjgebalncpmhnp] - C:\Program Files\StartSearch plugin\vshareplg.crx [2011-10-27] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 ABConfSV; C:\Program Files\Arcabit\common\arcaconfsv.exe [142384 2014-08-27] (Arcabit) S2 ABMainSV; C:\Program Files\Arcabit\arcavir\arcamainsv.exe [167104 2014-11-25] (Arcabit) S2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) S2 ArcaRemoteService; C:\Program Files\Arcabit\arcaagent\arcaremotesvc.exe [579104 2014-11-26] (Arcabit) S2 AVBackup; C:\Program Files\Arcabit\arcatools\arcabackup\arcabackupservice.exe [187704 2014-08-27] (Arcabit) S2 AVTasks2; C:\Program Files\Arcabit\common\arcatasksservice.exe [130024 2014-08-27] (ArcaBit) S2 AVUpdate; C:\Program Files\Arcabit\arcaupdate\update.exe [212424 2014-12-29] (Arcabit) S2 HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [125440 2009-09-24] (Hewlett-Packard) [File not signed] S3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed] S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] S2 iSafeService; C:\Program Files\Elex-tech\YAC\iSafeSvc.exe [120128 2015-01-15] (Elex do Brasil Participações Ltda) S2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2008-06-09] (Hewlett-Packard Company) [File not signed] S2 N360; C:\Program Files\Norton 360\Engine\5.2.2.3\ccSvcHst.exe [130008 2011-04-17] (Symantec Corporation) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) S2 winzipersvc; C:\Program Files\WinZipper\winzipersvc.exe [425136 2014-11-26] (Taiwan Shui Mu Chih Ching Technology Limited.) <==== ATTENTION S2 wpennybeed; C:\ProgramData\pennybee\wpennybeed.exe [240128 2014-06-24] (Penny Bee Agent) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 ABFLT; C:\Program Files\Arcabit\ArcaVir\ABFLT.sys [66800 2014-08-27] (ArcaBit) S3 ABndis; C:\Windows\System32\DRIVERS\abndis.sys [41712 2014-08-27] (ArcaBit) R3 ABndisMP; C:\Windows\System32\DRIVERS\abndis.sys [41712 2014-08-27] (ArcaBit) R1 arcawfp; C:\Windows\System32\drivers\arcawfp.sys [54840 2015-01-17] (NetFilterSDK.com) S1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20111123.001\BHDrvx86.sys [819320 2011-11-14] (Symantec Corporation) S1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [374392 2011-11-09] (Symantec Corporation) S3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106104 2011-11-09] (Symantec Corporation) S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.) S1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20111210.001\IDSvix86.sys [368248 2011-09-23] (Symantec Corporation) S1 iSafeKrnl; C:\Program Files\Elex-tech\YAC\iSafeKrnl.sys [215336 2015-01-15] (Elex do Brasil Participações Ltda) S3 iSafeKrnlBoot; C:\Windows\System32\DRIVERS\iSafeKrnlBoot.sys [40744 2015-01-15] (Elex do Brasil Participações Ltda) R1 iSafeKrnlKit; C:\Program Files\Elex-tech\YAC\iSafeKrnlKit.sys [83112 2015-01-15] (Elex do Brasil Participações Ltda) S1 iSafeKrnlMon; C:\Program Files\Elex-tech\YAC\iSafeKrnlMon.sys [34856 2015-01-15] (Elex do Brasil Participações Ltda) S1 iSafeKrnlR3; C:\Program Files\Elex-tech\YAC\iSafeKrnlR3.sys [63400 2015-01-15] (Elex do Brasil Participações Ltda) R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [44712 2015-01-03] (Elex do Brasil Participações Ltda) S3 MfeAVFK; C:\Windows\System32\drivers\MfeAVFK.sys [79816 2009-05-16] (McAfee, Inc.) S3 MfeBOPK; C:\Windows\System32\drivers\MfeBOPK.sys [35272 2009-05-16] (McAfee, Inc.) S1 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [214024 2009-05-16] (McAfee, Inc.) S3 MfeRKDK; C:\Windows\System32\drivers\MfeRKDK.sys [34248 2009-05-16] (McAfee, Inc.) R1 mfetdik; C:\Windows\System32\drivers\mfetdik.sys [55336 2009-05-16] (McAfee, Inc.) S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20111212.034\NAVENG.SYS [86136 2011-09-23] (Symantec Corporation) S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20111212.034\NAVEX15.SYS [1576312 2011-09-23] (Symantec Corporation) S1 SCDEmu; C:\Windows\system32\Drivers\SCDEmu.sys [59388 2010-04-12] (PowerISO Computing, Inc.) [File not signed] S3 SRTSP; C:\Windows\System32\Drivers\N360\0502020.003\SRTSP.SYS [516216 2011-03-31] (Symantec Corporation) S1 SRTSPX; C:\Windows\system32\drivers\N360\0502020.003\SRTSPX.SYS [50168 2011-03-31] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\N360\0502020.003\SYMDS.SYS [340088 2011-01-27] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\N360\0502020.003\SYMEFA.SYS [744568 2011-03-15] (Symantec Corporation) S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [126584 2011-09-24] (Symantec Corporation) S1 SymIRON; C:\Windows\system32\drivers\N360\0502020.003\Ironx86.SYS [136312 2011-01-27] (Symantec Corporation) S1 SymNetS; C:\Windows\System32\Drivers\N360\0502020.003\SYMNETS.SYS [299640 2011-04-21] (Symantec Corporation) R1 {ed7eb956-75ed-460d-8f69-29a93b07afd1}w; C:\Windows\System32\drivers\{ed7eb956-75ed-460d-8f69-29a93b07afd1}w.sys [52928 2014-07-10] (StdLib) S3 ABWFP; \??\C:\Program Files\Arcabit\ArcaVir\ABWFP.sys [X] S3 cpuz136; \??\C:\Users\ANDRZEJ\AppData\Local\Temp\cpuz136\cpuz136_x32.sys [X] S1 {c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw; system32\drivers\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-17 20:21 - 2015-01-17 20:23 - 00000000 ____D () C:\FRST 2015-01-17 19:54 - 2015-01-17 19:54 - 00000000 _____ () C:\Users\ANDRZEJ\AppData\Local\{64604030-4BB8-48AA-8E7F-0A73AFB78E20} 2015-01-16 18:27 - 2015-01-16 18:27 - 00000000 ____D () C:\Windows\system32\%LOCALAPPDATA% 2015-01-16 18:22 - 2015-01-16 18:22 - 00000000 ____D () C:\Users\ANDRZEJ\AppData\Roaming\Elex-tech 2015-01-16 18:22 - 2015-01-16 18:22 - 00000000 ____D () C:\Program Files\Elex-tech 2015-01-16 18:22 - 2015-01-15 07:51 - 00040744 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeKrnlBoot.sys 2015-01-16 18:22 - 2015-01-03 09:56 - 00044712 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeNetFilter.sys 2015-01-15 16:38 - 2015-01-15 16:38 - 00000067 _____ () C:\Windows\wininit.ini 2014-12-31 20:19 - 2014-12-31 20:19 - 00324112 _____ (Dropbox, Inc.) C:\Users\ANDRZEJ\Downloads\DropboxInstaller (1).exe 2014-12-29 15:02 - 2014-12-29 15:02 - 00000000 ____D () C:\Users\ANDRZEJ\AppData\Roaming\eCyber 2014-12-24 14:39 - 2014-12-24 14:39 - 00000000 ____D () C:\Users\ANDRZEJ\AppData\Local\NuGet 2014-12-24 14:33 - 2014-12-24 14:33 - 00000000 ____D () C:\Users\ANDRZEJ\AppData\Roaming\NuGet 2014-12-24 14:32 - 2014-12-24 14:43 - 00000000 ____D () C:\Users\ANDRZEJ\Documents\OCTGN 2014-12-24 14:32 - 2014-12-24 14:32 - 00000000 ____D () C:\Users\ANDRZEJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OCTGN 2014-12-24 14:32 - 2014-12-24 14:32 - 00000000 ____D () C:\ProgramData\IsolatedStorage 2014-12-20 12:22 - 2014-12-20 12:22 - 00000000 ____D () C:\Users\ANDRZEJ\Downloads\ChomikBox 2014-12-20 12:20 - 2014-12-29 14:18 - 00000000 ____D () C:\Users\ANDRZEJ\.gstreamer-0.10 2014-12-20 12:19 - 2014-12-29 14:18 - 00000000 ____D () C:\Users\ANDRZEJ\AppData\Local\ChomikBox 2014-12-20 12:19 - 2014-12-20 12:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Chomikuj.pl 2014-12-20 12:19 - 2014-12-20 12:19 - 00000000 ____D () C:\Program Files\ChomikBox ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-17 20:07 - 2010-12-12 12:12 - 00065536 _____ () C:\Windows\system32\Ikeext.etl 2015-01-17 20:06 - 2014-12-17 17:42 - 00000000 ____D () C:\Program Files\WinZipper 2015-01-17 20:06 - 2013-06-01 00:20 - 00000332 _____ () C:\Windows\Tasks\Lyrmix Update.job 2015-01-17 20:06 - 2010-08-09 16:58 - 00001032 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-01-17 20:06 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-01-17 20:06 - 2009-07-14 05:39 - 00178484 _____ () C:\Windows\setupact.log 2015-01-17 20:05 - 2010-05-16 11:14 - 00000000 ____D () C:\ProgramData\NVIDIA 2015-01-17 19:56 - 2014-08-27 12:27 - 00054840 _____ (NetFilterSDK.com) C:\Windows\system32\Drivers\arcawfp.sys 2015-01-17 19:54 - 2011-04-16 14:49 - 00000000 ____D () C:\Users\ANDRZEJ\AppData\Roaming\Winamp 2015-01-16 18:25 - 2010-02-24 06:35 - 00135042 _____ () C:\Windows\PFRO.log 2015-01-16 18:23 - 2014-07-13 14:47 - 00000894 _____ () C:\Windows\Tasks\pennybee Runner.job 2015-01-16 18:21 - 2010-08-09 16:58 - 00001036 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-01-16 18:15 - 2012-04-03 11:09 - 00000930 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-01-16 18:15 - 2010-02-24 06:37 - 01807666 _____ () C:\Windows\WindowsUpdate.log 2015-01-16 16:46 - 2009-07-14 05:34 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-01-16 16:46 - 2009-07-14 05:34 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-01-16 16:38 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\tracing 2015-01-16 16:37 - 2009-07-14 05:53 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-01-15 19:06 - 2013-12-12 14:15 - 00000000 ____D () C:\Users\ANDRZEJ\AppData\Local\Battle.net 2015-01-15 15:07 - 2014-12-17 17:42 - 00000000 ____D () C:\Users\ANDRZEJ\AppData\Roaming\WinZipper 2015-01-14 18:01 - 2012-04-03 11:09 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-01-14 18:01 - 2011-05-15 11:54 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2015-01-14 17:30 - 2014-11-26 16:45 - 00000000 ____D () C:\Program Files\Heroes of the Storm 2015-01-14 14:40 - 2010-12-14 12:45 - 00000000 ____D () C:\Users\ANDRZEJ\AppData\Local\CrashDumps 2014-12-31 20:25 - 2014-11-15 15:38 - 00000000 ___RD () C:\Users\ANDRZEJ\Dropbox 2014-12-31 20:22 - 2014-11-15 15:37 - 00000000 ____D () C:\Users\ANDRZEJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-12-31 20:22 - 2014-11-15 15:36 - 00000000 ____D () C:\Users\ANDRZEJ\AppData\Roaming\Dropbox 2014-12-27 16:12 - 2010-05-16 13:06 - 00000000 ___RD () C:\Users\ANDRZEJ\Desktop\PROGRAMY 2014-12-27 16:08 - 2011-12-17 20:04 - 00000000 ____D () C:\Users\ANDRZEJ\AppData\Roaming\TS3Client 2014-12-27 14:54 - 2011-05-27 17:05 - 00000000 ____D () C:\Users\ANDRZEJ\AppData\Roaming\Mumble 2014-12-22 12:55 - 2014-07-12 08:44 - 00000000 ____D () C:\Program Files\SupTab 2014-12-20 12:20 - 2010-05-16 11:03 - 00000000 ____D () C:\Users\ANDRZEJ 2014-12-19 12:43 - 2013-05-07 10:54 - 00000000 ____D () C:\ProgramData\ArcaBit ==================== Files in the root of some directories ======= 2010-12-12 10:30 - 2010-12-12 10:30 - 0000175 _____ () C:\Users\ANDRZEJ\AppData\Roaming\dgfdgsdf.bat 2010-12-31 15:33 - 2011-04-16 14:03 - 0000000 _____ () C:\Users\ANDRZEJ\AppData\Roaming\Flags 2010-12-31 15:33 - 2011-04-16 14:03 - 0000000 _____ () C:\Users\ANDRZEJ\AppData\Roaming\Flange Saw 2010-12-31 15:33 - 2011-04-16 14:03 - 0000000 _____ () C:\Users\ANDRZEJ\AppData\Roaming\Flanger 2014-07-01 09:13 - 2014-07-04 09:47 - 0895047 _____ () C:\Users\ANDRZEJ\AppData\Local\10040004_loger_01_07_10_12_32_923024320.txt 2014-07-04 09:39 - 2014-07-04 19:58 - 0433957 _____ () C:\Users\ANDRZEJ\AppData\Local\10040004_loger_03_07_10_17_42_1195240909.txt 2014-07-04 09:47 - 2014-07-05 21:28 - 6414647 _____ () C:\Users\ANDRZEJ\AppData\Local\10040004_loger_04_07_10_38_54_1716556898.txt 2014-07-05 09:28 - 2014-07-06 20:04 - 0645583 _____ () C:\Users\ANDRZEJ\AppData\Local\10040004_loger_05_07_10_22_50_1255895841.txt 2014-07-06 10:27 - 2014-07-07 20:03 - 8922768 _____ () C:\Users\ANDRZEJ\AppData\Local\10040004_loger_06_07_11_19_54_2011963285.txt 2014-07-07 10:14 - 2014-07-13 14:42 - 1267148 _____ () C:\Users\ANDRZEJ\AppData\Local\10040004_loger_07_07_11_05_30_-1742903421.txt 2014-06-25 17:04 - 2014-06-27 20:14 - 10528998 _____ () C:\Users\ANDRZEJ\AppData\Local\10040004_loger_25_06_17_55_24_-1070862146.txt 2014-06-27 09:03 - 2014-06-28 20:02 - 9770083 _____ () C:\Users\ANDRZEJ\AppData\Local\10040004_loger_27_06_10_00_51_-325109916.txt 2014-06-28 09:44 - 2014-06-29 20:04 - 9939202 _____ () C:\Users\ANDRZEJ\AppData\Local\10040004_loger_28_06_10_36_21_203937282.txt 2014-06-29 09:02 - 2014-07-01 20:23 - 1119961 _____ () C:\Users\ANDRZEJ\AppData\Local\10040004_loger_29_06_09_52_12_208156280.txt 2010-10-22 10:42 - 2010-10-22 10:42 - 0000003 _____ () C:\Users\ANDRZEJ\AppData\Local\update.txt 2014-11-02 21:36 - 2014-11-02 21:36 - 0000000 _____ () C:\Users\ANDRZEJ\AppData\Local\{0065DFE9-AB3E-463A-85D1-609427E66C76} 2015-01-17 19:54 - 2015-01-17 19:54 - 0000000 _____ () C:\Users\ANDRZEJ\AppData\Local\{64604030-4BB8-48AA-8E7F-0A73AFB78E20} 2014-10-14 20:54 - 2014-10-14 20:54 - 0000000 _____ () C:\Users\ANDRZEJ\AppData\Local\{75B3666A-9804-48EA-A024-0EA400E9FFD9} 2014-11-15 00:51 - 2014-11-15 00:51 - 0000000 _____ () C:\Users\ANDRZEJ\AppData\Local\{827EFAC7-595B-4CC4-86FB-DFC64D3151B4} 2011-04-16 14:03 - 2011-04-16 14:03 - 0000000 _____ () C:\ProgramData\Effects 2010-08-28 16:07 - 2010-08-28 16:07 - 0000008 __RSH () C:\ProgramData\F563250904.sys 2011-04-16 14:03 - 2011-04-16 14:03 - 0000000 _____ () C:\ProgramData\Filters 2011-04-16 14:03 - 2011-04-16 14:03 - 0000000 _____ () C:\ProgramData\Flange Saw 2010-09-16 14:23 - 2011-04-19 19:33 - 0001951 _____ () C:\ProgramData\hpzinstall.log 2010-08-28 16:07 - 2013-12-02 12:42 - 0005852 ___SH () C:\ProgramData\KGyGaAvL.sys 2010-12-31 15:33 - 2011-04-16 14:03 - 0000000 ____H () C:\ProgramData\PKP_DLes.DAT 2010-12-31 15:33 - 2011-04-16 14:03 - 0000000 ____H () C:\ProgramData\PKP_DLet.DAT 2010-12-31 15:33 - 2011-04-16 14:03 - 0000000 ____H () C:\ProgramData\PKP_DLev.DAT ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-29 17:36 ==================== End Of Log ============================