OTL logfile created on: 2014-10-23 15:49:11 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bartek\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 4,00 Gb Total Physical Memory | 1,45 Gb Available Physical Memory | 36,37% Memory free 8,00 Gb Paging File | 4,25 Gb Available in Paging File | 53,13% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 29,29 Gb Total Space | 4,88 Gb Free Space | 16,67% Space Free | Partition Type: NTFS Drive D: | 119,75 Gb Total Space | 34,08 Gb Free Space | 28,46% Space Free | Partition Type: NTFS Computer Name: BARTEK-PC | User Name: Bartek | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2014-10-23 15:13:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bartek\Desktop\OTL.exe PRC - [2014-10-23 10:55:13 | 000,098,544 | ---- | M] () -- C:\Program Files (x86)\AdvanceElite\bin\AdvanceElite.BrowserAdapter.exe PRC - [2014-10-23 10:53:51 | 000,098,552 | ---- | M] () -- C:\Program Files (x86)\Framed Display\bin\FramedDisplay.BrowserAdapter.exe PRC - [2014-10-23 10:13:30 | 000,524,024 | ---- | M] () -- C:\Program Files (x86)\Framed Display\updateFramedDisplay.exe PRC - [2014-10-23 10:12:21 | 000,523,504 | ---- | M] () -- C:\Program Files (x86)\AdvanceElite\bin\utilAdvanceElite.exe PRC - [2014-10-23 10:12:14 | 000,524,024 | ---- | M] () -- C:\Program Files (x86)\Framed Display\bin\utilFramedDisplay.exe PRC - [2014-10-23 02:23:48 | 001,649,904 | ---- | M] () -- C:\Program Files (x86)\AdvanceElite\bin\AdvanceElite.BOASHelper.exe PRC - [2014-10-23 02:12:26 | 001,649,912 | ---- | M] () -- C:\Program Files (x86)\Framed Display\bin\FramedDisplay.BOASHelper.exe PRC - [2014-10-22 18:53:32 | 000,524,016 | ---- | M] () -- C:\Program Files (x86)\AdvanceElite\updateAdvanceElite.exe PRC - [2014-10-16 06:58:04 | 000,499,832 | ---- | M] () -- C:\Program Files (x86)\Opera\25.0.1614.50\opera_crashreporter.exe PRC - [2014-10-16 06:58:03 | 050,071,160 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\25.0.1614.50\opera.exe PRC - [2014-10-03 20:18:55 | 004,085,896 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe PRC - [2014-10-03 15:07:37 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2014-09-24 07:20:46 | 000,705,416 | ---- | M] (Cherished Technololgy LIMITED) -- C:\ProgramData\IePluginServices\PluginService.exe PRC - [2014-07-01 15:14:02 | 000,242,728 | ---- | M] (Foxit Corporation) -- C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe PRC - [2010-04-16 03:37:22 | 001,810,432 | ---- | M] (Ovislink Corp.) -- C:\Program Files (x86)\Ovislink\Common\AirLiveUI.exe PRC - [2009-12-15 23:49:00 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\Ovislink\Common\RaRegistry.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2014-10-23 10:55:13 | 000,098,544 | ---- | M] () -- C:\Program Files (x86)\AdvanceElite\bin\AdvanceElite.BrowserAdapter.exe MOD - [2014-10-23 10:53:51 | 000,098,552 | ---- | M] () -- C:\Program Files (x86)\Framed Display\bin\FramedDisplay.BrowserAdapter.exe MOD - [2014-10-23 02:23:48 | 001,649,904 | ---- | M] () -- C:\Program Files (x86)\AdvanceElite\bin\AdvanceElite.BOASHelper.exe MOD - [2014-10-23 02:12:26 | 001,649,912 | ---- | M] () -- C:\Program Files (x86)\Framed Display\bin\FramedDisplay.BOASHelper.exe MOD - [2014-10-16 06:58:04 | 009,218,680 | ---- | M] () -- C:\Program Files (x86)\Opera\25.0.1614.50\pdf.dll MOD - [2014-10-16 06:58:04 | 000,499,832 | ---- | M] () -- C:\Program Files (x86)\Opera\25.0.1614.50\opera_crashreporter.exe MOD - [2014-10-16 06:58:01 | 001,310,328 | ---- | M] () -- C:\Program Files (x86)\Opera\25.0.1614.50\libGLESv2.dll MOD - [2014-10-16 06:58:01 | 000,219,256 | ---- | M] () -- C:\Program Files (x86)\Opera\25.0.1614.50\libEGL.dll MOD - [2014-10-16 06:58:00 | 000,991,864 | ---- | M] () -- C:\Program Files (x86)\Opera\25.0.1614.50\ffmpegsumo.dll MOD - [2014-10-03 15:07:40 | 019,329,904 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll MOD - [2014-10-03 15:07:38 | 000,301,152 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\aswProperty.dll MOD - [2013-12-29 14:05:53 | 016,242,056 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll MOD - [2009-12-10 12:16:08 | 000,918,816 | ---- | M] () -- C:\Program Files (x86)\Ovislink\Common\RaWLAPI.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2014-10-03 15:07:37 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV:[b]64bit:[/b] - [2013-12-06 22:52:10 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:[b]64bit:[/b] - [2013-12-06 17:06:06 | 000,344,064 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:[b]64bit:[/b] - [2010-12-28 10:00:34 | 001,296,728 | ---- | M] (www.BitComet.com) [On_Demand | Stopped] -- C:\Program Files\BitComet\tools\BitCometService.exe -- (BITCOMET_HELPER_SERVICE) SRV:[b]64bit:[/b] - [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2014-10-23 10:13:30 | 000,524,024 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Framed Display\updateFramedDisplay.exe -- (Update Framed Display) SRV - [2014-10-23 10:12:21 | 000,523,504 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\AdvanceElite\bin\utilAdvanceElite.exe -- (Util AdvanceElite) SRV - [2014-10-23 10:12:14 | 000,524,024 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Framed Display\bin\utilFramedDisplay.exe -- (Util Framed Display) SRV - [2014-10-22 18:53:32 | 000,524,016 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\AdvanceElite\updateAdvanceElite.exe -- (Update AdvanceElite) SRV - [2014-09-24 07:20:46 | 000,705,416 | ---- | M] (Cherished Technololgy LIMITED) [Auto | Running] -- C:\ProgramData\IePluginServices\PluginService.exe -- (IePluginServices) SRV - [2014-07-01 15:14:02 | 000,242,728 | ---- | M] (Foxit Corporation) [Auto | Running] -- C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe -- (FoxitCloudUpdateService) SRV - [2013-11-26 07:06:38 | 000,569,768 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012-07-09 01:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009-12-15 23:49:12 | 000,212,256 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Ovislink\Common\RaRegistry64.exe -- (RalinkRegistryWriter64) SRV - [2009-12-15 23:49:00 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Ovislink\Common\RaRegistry.exe -- (RalinkRegistryWriter) SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard) DRV:[b]64bit:[/b] - [2014-10-22 22:33:44 | 000,048,792 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{a6762132-8e80-4305-b1ba-2bec91757ac2}Gw64.sys -- ({a6762132-8e80-4305-b1ba-2bec91757ac2}Gw64) DRV:[b]64bit:[/b] - [2014-10-22 22:33:42 | 000,048,784 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{f5d136d7-adc2-4c84-85b2-e564334ab0bc}Gw64.sys -- ({f5d136d7-adc2-4c84-85b2-e564334ab0bc}Gw64) DRV:[b]64bit:[/b] - [2014-10-22 01:31:18 | 000,048,784 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{dc592624-f532-4311-9fc7-6920126fc404}Gw64.sys -- ({dc592624-f532-4311-9fc7-6920126fc404}Gw64) DRV:[b]64bit:[/b] - [2014-10-21 12:00:46 | 000,048,784 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{733fb217-c049-41ba-9504-3f2045e61977}Gw64.sys -- ({733fb217-c049-41ba-9504-3f2045e61977}Gw64) DRV:[b]64bit:[/b] - [2014-10-20 22:09:44 | 000,048,784 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{4530e639-76ab-4435-889d-a5e81ae090a4}Gw64.sys -- ({4530e639-76ab-4435-889d-a5e81ae090a4}Gw64) DRV:[b]64bit:[/b] - [2014-10-20 01:04:20 | 000,048,784 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{67f29abb-07b3-41f5-94cd-f819d7c1fc76}Gw64.sys -- ({67f29abb-07b3-41f5-94cd-f819d7c1fc76}Gw64) DRV:[b]64bit:[/b] - [2014-10-19 11:09:54 | 000,048,784 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{6c84eb28-66c4-4e3d-8a5a-46ab94f0575a}Gw64.sys -- ({6c84eb28-66c4-4e3d-8a5a-46ab94f0575a}Gw64) DRV:[b]64bit:[/b] - [2014-10-18 21:17:06 | 000,048,784 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{fce396ae-d8d1-4789-946e-2106fbe4292b}Gw64.sys -- ({fce396ae-d8d1-4789-946e-2106fbe4292b}Gw64) DRV:[b]64bit:[/b] - [2014-10-18 00:12:08 | 000,048,784 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{3fa44d1f-c300-4673-a8c1-5ba05468b4bd}Gw64.sys -- ({3fa44d1f-c300-4673-a8c1-5ba05468b4bd}Gw64) DRV:[b]64bit:[/b] - [2014-10-17 10:07:52 | 000,048,784 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{02bbe9df-d3b0-43f4-8dcb-e24500d3308f}Gw64.sys -- ({02bbe9df-d3b0-43f4-8dcb-e24500d3308f}Gw64) DRV:[b]64bit:[/b] - [2014-10-17 03:02:24 | 000,048,784 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{5d78e0ee-ca60-46a4-9492-4f24429cc925}Gw64.sys -- ({5d78e0ee-ca60-46a4-9492-4f24429cc925}Gw64) DRV:[b]64bit:[/b] - [2014-10-16 06:24:50 | 000,048,784 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{949aba83-1d7f-4d0b-b0ba-203450825231}Gw64.sys -- ({949aba83-1d7f-4d0b-b0ba-203450825231}Gw64) DRV:[b]64bit:[/b] - [2014-10-15 15:29:54 | 000,048,784 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{46a147d8-5171-42d8-b8a8-6a187525781d}Gw64.sys -- ({46a147d8-5171-42d8-b8a8-6a187525781d}Gw64) DRV:[b]64bit:[/b] - [2014-10-15 04:46:50 | 000,048,784 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{00aec75d-051f-41a9-9837-e94ac4f56303}Gw64.sys -- ({00aec75d-051f-41a9-9837-e94ac4f56303}Gw64) DRV:[b]64bit:[/b] - [2014-10-14 22:09:42 | 000,048,784 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{4096aedf-3f28-4c8e-aebe-00255138fa8a}Gw64.sys -- ({4096aedf-3f28-4c8e-aebe-00255138fa8a}Gw64) DRV:[b]64bit:[/b] - [2014-10-13 12:52:06 | 000,048,784 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{1de2a23f-1c23-4ea1-8ef4-79bc5c5cea78}Gw64.sys -- ({1de2a23f-1c23-4ea1-8ef4-79bc5c5cea78}Gw64) DRV:[b]64bit:[/b] - [2014-10-13 03:05:34 | 000,048,784 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{3b808196-ff63-49ee-b33b-efdf51723eca}Gw64.sys -- ({3b808196-ff63-49ee-b33b-efdf51723eca}Gw64) DRV:[b]64bit:[/b] - [2014-10-13 03:05:26 | 000,048,792 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{7012eec1-4f37-42d4-a2cd-26727494d248}Gw64.sys -- ({7012eec1-4f37-42d4-a2cd-26727494d248}Gw64) DRV:[b]64bit:[/b] - [2014-10-03 20:18:48 | 000,427,360 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP) DRV:[b]64bit:[/b] - [2014-10-03 15:07:44 | 001,041,168 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:[b]64bit:[/b] - [2014-10-03 15:07:44 | 000,224,896 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm) DRV:[b]64bit:[/b] - [2014-10-03 15:07:44 | 000,092,008 | ---- | M] (AVAST Software) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\aswStm.sys -- (aswStm) DRV:[b]64bit:[/b] - [2014-10-03 15:07:44 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:[b]64bit:[/b] - [2014-10-03 15:07:44 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt) DRV:[b]64bit:[/b] - [2014-10-03 15:07:44 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid) DRV:[b]64bit:[/b] - [2014-10-03 15:07:43 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr) DRV:[b]64bit:[/b] - [2013-12-06 23:52:14 | 013,207,552 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:[b]64bit:[/b] - [2013-12-06 22:21:44 | 000,626,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:[b]64bit:[/b] - [2013-09-24 16:53:50 | 000,094,208 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:[b]64bit:[/b] - [2012-07-03 12:50:00 | 000,036,352 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandnetmodem64.sys -- (ANDNetModem) DRV:[b]64bit:[/b] - [2012-07-03 12:50:00 | 000,029,184 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandnetdiag64.sys -- (AndNetDiag) DRV:[b]64bit:[/b] - [2010-11-21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:[b]64bit:[/b] - [2010-11-21 05:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2010-11-21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2010-11-21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:[b]64bit:[/b] - [2010-11-21 05:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2010-04-08 12:14:50 | 000,446,304 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr6164.sys -- (rt61x64) DRV:[b]64bit:[/b] - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009-07-14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-page.com/?type=hp&ts=1413218903&from=cor&uid=ST3160815A_9RA8BQE2XXXX9RA8BQE2 IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=ds&ts=1413218903&from=cor&uid=ST3160815A_9RA8BQE2XXXX9RA8BQE2&q={searchTerms} IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=ds&ts=1413218903&from=cor&uid=ST3160815A_9RA8BQE2XXXX9RA8BQE2&q={searchTerms} IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.wp.pl/?src01=dp120141013 IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://www.sweet-page.com/web/?type=ds&ts=1413218903&from=cor&uid=ST3160815A_9RA8BQE2XXXX9RA8BQE2&q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-page.com/?type=hp&ts=1413218903&from=cor&uid=ST3160815A_9RA8BQE2XXXX9RA8BQE2 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=ds&ts=1413218903&from=cor&uid=ST3160815A_9RA8BQE2XXXX9RA8BQE2&q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=ds&ts=1413218903&from=cor&uid=ST3160815A_9RA8BQE2XXXX9RA8BQE2&q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.wp.pl/?src01=dp120141013 IE - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://www.sweet-page.com/web/?type=ds&ts=1413218903&from=cor&uid=ST3160815A_9RA8BQE2XXXX9RA8BQE2&q={searchTerms} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-892155775-1604218965-3713751438-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-page.com/?type=hp&ts=1413218903&from=cor&uid=ST3160815A_9RA8BQE2XXXX9RA8BQE2 IE - HKU\S-1-5-21-892155775-1604218965-3713751438-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKU\S-1-5-21-892155775-1604218965-3713751438-1000\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86} IE - HKU\S-1-5-21-892155775-1604218965-3713751438-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-892155775-1604218965-3713751438-1000\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://www.sweet-page.com/web/?type=ds&ts=1413218903&from=cor&uid=ST3160815A_9RA8BQE2XXXX9RA8BQE2&q={searchTerms} IE - HKU\S-1-5-21-892155775-1604218965-3713751438-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-10-03 15:07:46 | 000,000,000 | ---D | M] [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: (Enabled) CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\pdf.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll CHR - Extension: No name found = C:\Users\Bartek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\ CHR - Extension: No name found = C:\Users\Bartek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: No name found = C:\Users\Bartek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: No name found = C:\Users\Bartek\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: No name found = C:\Users\Bartek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gagcbogmgkaogoadfcoicjdojbmkegao\1.0.1_0\ CHR - Extension: No name found = C:\Users\Bartek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.0.2204.148_0\ CHR - Extension: No name found = C:\Users\Bartek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\ CHR - Extension: No name found = C:\Users\Bartek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ CHR - Extension: No name found = C:\Users\Bartek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkbbmldjcnhopjhpifcocnmkooiadpbb\1.0.1_0\ O1 HOSTS File: ([2009-06-10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:[b]64bit:[/b] - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2 - BHO: (Framed Display) - {05b5ef3f-4c6a-426e-b77e-48ebb3e721f1} - C:\Program Files (x86)\Framed Display\FramedDisplaybho.dll (Framed Display) O2 - BHO: (IETabPage Class) - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited) O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet) O2 - BHO: (AdvanceElite) - {3b2cb4c8-72ab-4b25-8fa1-219b36a60bed} - C:\Program Files (x86)\AdvanceElite\AdvanceElitebho.dll (AdvanceElite) O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found. O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O8:[b]64bit:[/b] - Extra context menu item: &P&obierz &za pomocą BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O8:[b]64bit:[/b] - Extra context menu item: Pobierz wszystko za pomocą BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O8 - Extra context menu item: &P&obierz &za pomocą BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O8 - Extra context menu item: Pobierz wszystko za pomocą BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet) O13[b]64bit:[/b] - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 79.139.112.1 91.123.160.5 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E4AB9E73-ABBE-4427-BADC-0D2CAC3FB015}: DhcpNameServer = 79.139.112.1 91.123.160.5 O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2014-10-19 10:57:37 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2010-11-14 18:57:51 | 000,000,000 | RHSD | M] - D:\Autorun.inf -- [ NTFS ] O33 - MountPoints2\{205b39b1-aea2-11e3-b6c2-001fd0520f16}\Shell - "" = AutoRun O33 - MountPoints2\{205b39b1-aea2-11e3-b6c2-001fd0520f16}\Shell\AutoRun\command - "" = G:\LGAutoRun.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LGAutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2014-10-23 15:45:13 | 000,000,000 | ---D | C] -- C:\FRST [2014-10-23 15:13:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Bartek\Desktop\OTL.exe [2014-10-23 15:12:47 | 002,112,000 | ---- | C] (Farbar) -- C:\Users\Bartek\Desktop\FRST64.exe [2014-10-23 10:14:34 | 000,048,792 | ---- | C] (StdLib) -- C:\Windows\SysNative\drivers\{a6762132-8e80-4305-b1ba-2bec91757ac2}Gw64.sys [2014-10-23 10:14:24 | 000,048,784 | ---- | C] (StdLib) -- C:\Windows\SysNative\drivers\{f5d136d7-adc2-4c84-85b2-e564334ab0bc}Gw64.sys [2014-10-22 12:02:55 | 000,048,784 | ---- | C] (StdLib) -- C:\Windows\SysNative\drivers\{dc592624-f532-4311-9fc7-6920126fc404}Gw64.sys [2014-10-21 21:43:46 | 000,048,784 | ---- | C] (StdLib) -- C:\Windows\SysNative\drivers\{733fb217-c049-41ba-9504-3f2045e61977}Gw64.sys [2014-10-21 21:37:41 | 000,000,000 | ---D | C] -- C:\ProgramData\374311380 [2014-10-21 08:12:44 | 000,048,784 | ---- | C] (StdLib) -- C:\Windows\SysNative\drivers\{4530e639-76ab-4435-889d-a5e81ae090a4}Gw64.sys [2014-10-20 17:02:20 | 000,048,784 | ---- | C] (StdLib) -- C:\Windows\SysNative\drivers\{67f29abb-07b3-41f5-94cd-f819d7c1fc76}Gw64.sys [2014-10-19 22:01:30 | 000,048,784 | ---- | C] (StdLib) -- C:\Windows\SysNative\drivers\{6c84eb28-66c4-4e3d-8a5a-46ab94f0575a}Gw64.sys [2014-10-19 10:57:04 | 000,000,000 | ---D | C] -- C:\Users\Bartek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter [2014-10-19 10:57:03 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2014-10-19 10:56:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard [2014-10-19 10:47:03 | 000,048,784 | ---- | C] (StdLib) -- C:\Windows\SysNative\drivers\{fce396ae-d8d1-4789-946e-2106fbe4292b}Gw64.sys [2014-10-18 10:58:13 | 000,000,000 | ---D | C] -- C:\Users\Bartek\Desktop\New folder (2) [2014-10-18 10:23:54 | 000,048,784 | ---- | C] (StdLib) -- C:\Windows\SysNative\drivers\{3fa44d1f-c300-4673-a8c1-5ba05468b4bd}Gw64.sys [2014-10-17 19:34:52 | 000,048,784 | ---- | C] (StdLib) -- C:\Windows\SysNative\drivers\{02bbe9df-d3b0-43f4-8dcb-e24500d3308f}Gw64.sys [2014-10-17 13:26:30 | 000,048,784 | ---- | C] (StdLib) -- C:\Windows\SysNative\drivers\{5d78e0ee-ca60-46a4-9492-4f24429cc925}Gw64.sys [2014-10-16 15:43:23 | 000,048,784 | ---- | C] (StdLib) -- C:\Windows\SysNative\drivers\{949aba83-1d7f-4d0b-b0ba-203450825231}Gw64.sys [2014-10-16 06:52:57 | 000,048,784 | ---- | C] (StdLib) -- C:\Windows\SysNative\drivers\{46a147d8-5171-42d8-b8a8-6a187525781d}Gw64.sys [2014-10-15 19:56:27 | 000,000,000 | ---D | C] -- C:\Users\Bartek\Desktop\New folder [2014-10-15 14:30:12 | 000,048,784 | ---- | C] (StdLib) -- C:\Windows\SysNative\drivers\{00aec75d-051f-41a9-9837-e94ac4f56303}Gw64.sys [2014-10-15 08:10:48 | 000,048,784 | ---- | C] (StdLib) -- C:\Windows\SysNative\drivers\{4096aedf-3f28-4c8e-aebe-00255138fa8a}Gw64.sys [2014-10-14 12:14:36 | 000,048,784 | ---- | C] (StdLib) -- C:\Windows\SysNative\drivers\{1de2a23f-1c23-4ea1-8ef4-79bc5c5cea78}Gw64.sys [2014-10-13 19:57:35 | 000,048,792 | ---- | C] (StdLib) -- C:\Windows\SysNative\drivers\{7012eec1-4f37-42d4-a2cd-26727494d248}Gw64.sys [2014-10-13 19:57:31 | 000,048,784 | ---- | C] (StdLib) -- C:\Windows\SysNative\drivers\{3b808196-ff63-49ee-b33b-efdf51723eca}Gw64.sys [2014-10-13 19:28:18 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\sun [2014-10-13 18:52:55 | 000,000,000 | ---D | C] -- C:\Users\Bartek\AppData\Roaming\SupTab [2014-10-13 18:52:54 | 000,000,000 | ---D | C] -- C:\ProgramData\IePluginServices [2014-10-13 18:52:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SupTab [2014-10-13 18:49:36 | 000,000,000 | ---D | C] -- C:\Users\Bartek\Documents\Optimizer Pro [2014-10-13 18:48:27 | 000,000,000 | ---D | C] -- C:\Users\Bartek\AppData\Roaming\sweet-page [2014-10-13 18:48:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AdvanceElite [2014-10-13 18:47:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Framed Display [2014-10-13 18:46:53 | 000,000,000 | ---D | C] -- C:\Users\Bartek\AppData\Roaming\Systweak [2014-10-13 18:44:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Optimizer Pro [2014-10-03 20:15:35 | 000,000,000 | ---D | C] -- C:\Users\Bartek\AppData\Roaming\DropboxMaster [2014-10-03 20:15:15 | 000,000,000 | ---D | C] -- C:\Users\Bartek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox [2014-10-03 20:14:31 | 000,000,000 | ---D | C] -- C:\Users\Bartek\AppData\Roaming\Dropbox [2014-10-03 20:08:25 | 000,000,000 | ---D | C] -- C:\Users\Bartek\AppData\Roaming\AVAST Software [2014-10-03 15:07:59 | 000,092,008 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswStm.sys [2014-10-03 15:07:41 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2014-10-23 15:22:12 | 000,380,416 | ---- | M] () -- C:\Users\Bartek\Desktop\0o8gtfvh.exe [2014-10-23 15:13:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bartek\Desktop\OTL.exe [2014-10-23 15:13:32 | 002,112,000 | ---- | M] (Farbar) -- C:\Users\Bartek\Desktop\FRST64.exe [2014-10-23 15:00:00 | 000,001,048 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2014-10-23 12:00:00 | 000,001,044 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2014-10-23 10:06:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2014-10-23 10:06:28 | 3220,873,216 | -HS- | M] () -- C:\hiberfil.sys [2014-10-22 22:33:44 | 000,048,792 | ---- | M] (StdLib) -- C:\Windows\SysNative\drivers\{a6762132-8e80-4305-b1ba-2bec91757ac2}Gw64.sys [2014-10-22 22:33:42 | 000,048,784 | ---- | M] (StdLib) -- C:\Windows\SysNative\drivers\{f5d136d7-adc2-4c84-85b2-e564334ab0bc}Gw64.sys [2014-10-22 01:31:18 | 000,048,784 | ---- | M] (StdLib) -- C:\Windows\SysNative\drivers\{dc592624-f532-4311-9fc7-6920126fc404}Gw64.sys [2014-10-21 22:44:15 | 328,898,848 | ---- | M] () -- C:\Users\Bartek\Desktop\Prawo Cywilne.rar [2014-10-21 12:00:46 | 000,048,784 | ---- | M] (StdLib) -- C:\Windows\SysNative\drivers\{733fb217-c049-41ba-9504-3f2045e61977}Gw64.sys [2014-10-20 22:09:44 | 000,048,784 | ---- | M] (StdLib) -- C:\Windows\SysNative\drivers\{4530e639-76ab-4435-889d-a5e81ae090a4}Gw64.sys [2014-10-20 01:04:20 | 000,048,784 | ---- | M] (StdLib) -- C:\Windows\SysNative\drivers\{67f29abb-07b3-41f5-94cd-f819d7c1fc76}Gw64.sys [2014-10-19 11:09:54 | 000,048,784 | ---- | M] (StdLib) -- C:\Windows\SysNative\drivers\{6c84eb28-66c4-4e3d-8a5a-46ab94f0575a}Gw64.sys [2014-10-19 10:57:37 | 000,000,000 | ---- | M] () -- C:\autoexec.bat [2014-10-18 21:17:06 | 000,048,784 | ---- | M] (StdLib) -- C:\Windows\SysNative\drivers\{fce396ae-d8d1-4789-946e-2106fbe4292b}Gw64.sys [2014-10-18 00:12:08 | 000,048,784 | ---- | M] (StdLib) -- C:\Windows\SysNative\drivers\{3fa44d1f-c300-4673-a8c1-5ba05468b4bd}Gw64.sys [2014-10-17 10:07:52 | 000,048,784 | ---- | M] (StdLib) -- C:\Windows\SysNative\drivers\{02bbe9df-d3b0-43f4-8dcb-e24500d3308f}Gw64.sys [2014-10-17 03:02:24 | 000,048,784 | ---- | M] (StdLib) -- C:\Windows\SysNative\drivers\{5d78e0ee-ca60-46a4-9492-4f24429cc925}Gw64.sys [2014-10-16 06:24:50 | 000,048,784 | ---- | M] (StdLib) -- C:\Windows\SysNative\drivers\{949aba83-1d7f-4d0b-b0ba-203450825231}Gw64.sys [2014-10-15 15:29:54 | 000,048,784 | ---- | M] (StdLib) -- C:\Windows\SysNative\drivers\{46a147d8-5171-42d8-b8a8-6a187525781d}Gw64.sys [2014-10-15 08:08:54 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2014-10-15 04:46:50 | 000,048,784 | ---- | M] (StdLib) -- C:\Windows\SysNative\drivers\{00aec75d-051f-41a9-9837-e94ac4f56303}Gw64.sys [2014-10-14 22:09:42 | 000,048,784 | ---- | M] (StdLib) -- C:\Windows\SysNative\drivers\{4096aedf-3f28-4c8e-aebe-00255138fa8a}Gw64.sys [2014-10-14 12:03:35 | 000,292,904 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2014-10-13 21:10:17 | 000,049,666 | ---- | M] () -- C:\Users\Bartek\Documents\1.odt [2014-10-13 18:48:23 | 000,002,467 | ---- | M] () -- C:\Users\Bartek\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2014-10-13 18:48:23 | 000,001,625 | ---- | M] () -- C:\Users\Bartek\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2014-10-13 12:52:06 | 000,048,784 | ---- | M] (StdLib) -- C:\Windows\SysNative\drivers\{1de2a23f-1c23-4ea1-8ef4-79bc5c5cea78}Gw64.sys [2014-10-13 03:05:34 | 000,048,784 | ---- | M] (StdLib) -- C:\Windows\SysNative\drivers\{3b808196-ff63-49ee-b33b-efdf51723eca}Gw64.sys [2014-10-13 03:05:26 | 000,048,792 | ---- | M] (StdLib) -- C:\Windows\SysNative\drivers\{7012eec1-4f37-42d4-a2cd-26727494d248}Gw64.sys [2014-10-03 20:18:48 | 000,427,360 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsp.sys [2014-10-03 20:00:45 | 066,820,434 | ---- | M] () -- C:\Users\Bartek\Desktop\Urlich Ernst, Anna Rachwał, Fryderyk Zoll - Prawo cywilne. Część ogólna.pdf [2014-10-03 15:07:44 | 001,041,168 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys [2014-10-03 15:07:44 | 000,307,344 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2014-10-03 15:07:44 | 000,224,896 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys [2014-10-03 15:07:44 | 000,092,008 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswStm.sys [2014-10-03 15:07:44 | 000,079,184 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys [2014-10-03 15:07:44 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys [2014-10-03 15:07:44 | 000,029,208 | ---- | M] () -- C:\Windows\SysNative\drivers\aswHwid.sys [2014-10-03 15:07:43 | 000,093,568 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys [2014-10-03 15:07:41 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr [2014-10-03 14:56:13 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2014-09-23 16:19:13 | 000,128,884 | ---- | M] () -- C:\Users\Bartek\Desktop\prawo_stac_2014-2015-zima.pdf [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2014-10-23 15:22:10 | 000,380,416 | ---- | C] () -- C:\Users\Bartek\Desktop\0o8gtfvh.exe [2014-10-21 22:56:18 | 066,820,434 | ---- | C] () -- C:\Users\Bartek\Desktop\Urlich Ernst, Anna Rachwał, Fryderyk Zoll - Prawo cywilne. Część ogólna.pdf [2014-10-21 21:50:47 | 328,898,848 | ---- | C] () -- C:\Users\Bartek\Desktop\Prawo Cywilne.rar [2014-10-19 10:57:37 | 000,000,000 | ---- | C] () -- C:\autoexec.bat [2014-10-15 08:08:53 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2014-10-13 20:54:34 | 000,049,666 | ---- | C] () -- C:\Users\Bartek\Documents\1.odt [2014-10-13 18:46:50 | 000,020,296 | ---- | C] () -- C:\Windows\SysNative\roboot64.exe [2014-10-03 15:07:56 | 000,029,208 | ---- | C] () -- C:\Windows\SysNative\drivers\aswHwid.sys [2014-09-23 16:19:12 | 000,128,884 | ---- | C] () -- C:\Users\Bartek\Desktop\prawo_stac_2014-2015-zima.pdf [2013-12-29 13:31:37 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2013-12-29 13:24:56 | 000,749,404 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013-12-06 23:38:38 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe [2013-12-06 23:38:38 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe [2013-12-06 22:39:24 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2013-12-06 22:39:24 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2013-12-06 17:44:26 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [color=#E56717]========== ZeroAccess Check ==========[/color] [2009-07-14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2010-11-21 05:23:55 | 014,174,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2010-11-21 05:24:02 | 012,872,192 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] [color=#E56717]========== LOP Check ==========[/color] [2014-10-22 19:35:29 | 000,000,000 | ---D | M] -- C:\Users\Bartek\AppData\Roaming\AIMP3 [2014-10-03 20:08:25 | 000,000,000 | ---D | M] -- C:\Users\Bartek\AppData\Roaming\AVAST Software [2014-10-04 07:42:50 | 000,000,000 | ---D | M] -- C:\Users\Bartek\AppData\Roaming\BitComet [2013-12-29 21:38:07 | 000,000,000 | ---D | M] -- C:\Users\Bartek\AppData\Roaming\Canneverbe Limited [2014-10-03 20:15:50 | 000,000,000 | ---D | M] -- C:\Users\Bartek\AppData\Roaming\Dropbox [2014-10-03 20:15:50 | 000,000,000 | ---D | M] -- C:\Users\Bartek\AppData\Roaming\DropboxMaster [2014-08-14 21:00:33 | 000,000,000 | ---D | M] -- C:\Users\Bartek\AppData\Roaming\EurekaLog [2014-03-11 22:23:12 | 000,000,000 | ---D | M] -- C:\Users\Bartek\AppData\Roaming\Foxit Software [2014-10-22 18:23:54 | 000,000,000 | ---D | M] -- C:\Users\Bartek\AppData\Roaming\GG [2014-07-27 19:58:32 | 000,000,000 | ---D | M] -- C:\Users\Bartek\AppData\Roaming\MPC-HC [2013-12-29 20:55:58 | 000,000,000 | ---D | M] -- C:\Users\Bartek\AppData\Roaming\NapiProjekt [2013-12-31 01:43:05 | 000,000,000 | ---D | M] -- C:\Users\Bartek\AppData\Roaming\OpenOffice [2013-12-29 13:36:55 | 000,000,000 | ---D | M] -- C:\Users\Bartek\AppData\Roaming\Opera Software [2014-02-23 00:04:59 | 000,000,000 | ---D | M] -- C:\Users\Bartek\AppData\Roaming\Origin [2014-10-13 18:52:55 | 000,000,000 | ---D | M] -- C:\Users\Bartek\AppData\Roaming\SupTab [2014-10-13 18:48:27 | 000,000,000 | ---D | M] -- C:\Users\Bartek\AppData\Roaming\sweet-page [2014-10-21 21:39:39 | 000,000,000 | ---D | M] -- C:\Users\Bartek\AppData\Roaming\Systweak [color=#E56717]========== Purity Check ==========[/color] < End of report >