OTL logfile created on: 8/1/2012 3:26:01 PM - Run 1? OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\corporate\Downloads? Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation? Internet Explorer (Version = 9.0.8112.16421)? Locale: 00000409 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd? ? 2.93 Gb Total Physical Memory | 2.48 Gb Available Physical Memory | 84.87% Memory free? 5.85 Gb Paging File | 5.45 Gb Available in Paging File | 93.10% Paging File free? Paging file location(s): ?:\pagefile.sys [binary data]? ? %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files? Drive C: | 280.80 Gb Total Space | 174.68 Gb Free Space | 62.21% Space Free | Partition Type: NTFS? Drive F: | 1.99 Gb Total Space | 1.48 Gb Free Space | 74.68% Space Free | Partition Type: FAT32? ? Computer Name: JASIEK-HP | User Name: jasiek | Logged in as Administrator.? Boot Mode: SafeMode with Networking | Scan Mode: Current user? Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days? ? [color=#E56717]========== Processes (SafeList) ==========[/color]? ? PRC - [2012/08/01 15:25:29 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\corporate\Downloads\OTL.exe? PRC - [2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe? PRC - [2009/11/25 04:57:20 | 000,627,976 | ---- | M] (DigitalPersona, Inc.) -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe? ? ? [color=#E56717]========== Modules (No Company Name) ==========[/color]? ? ? [color=#E56717]========== Win32 Services (SafeList) ==========[/color]? ? SRV - [2012/07/30 09:28:05 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)? SRV - [2012/07/23 10:11:54 | 000,246,112 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Internet w Cyfrowym Polsacie\UpdateDog\ouc.exe -- (Internet w Cyfrowym Polsacie. RunOuc)? SRV - [2012/06/15 00:17:46 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)? SRV - [2012/01/03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)? SRV - [2011/11/09 14:16:12 | 000,196,376 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)? SRV - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)? SRV - [2011/03/14 17:27:28 | 000,271,712 | ---- | M] () [Auto | Stopped] -- C:\ProgramData\DatacardService\HWDeviceService.exe -- (HWDeviceService.exe)? SRV - [2011/01/14 22:05:08 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)? SRV - [2010/12/21 07:38:22 | 000,350,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)? SRV - [2010/01/09 13:37:20 | 000,049,152 | ---- | M] (Panasonic System Networks Co., Ltd.) [Auto | Stopped] -- C:\Program Files\Panasonic\LocalCom\LMSRVNT.EXE -- (Panasonic Local Printer Service)? SRV - [2010/01/08 03:14:12 | 000,081,920 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- c:\Program Files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe -- (HPDayStarterService)? SRV - [2010/01/05 05:36:04 | 000,264,248 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe -- (hpHotkeyMonitor)? SRV - [2009/12/17 00:51:46 | 000,102,968 | ---- | M] (Hewlett-Packard) [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)? SRV - [2009/12/17 00:48:12 | 000,102,968 | ---- | M] (Hewlett-Packard) [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe -- (HP Power Assistant Service)? SRV - [2009/12/16 03:11:14 | 000,281,192 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)? SRV - [2009/12/14 20:47:46 | 001,639,728 | ---- | M] (Validity Sensors, Inc.) [Auto | Stopped] -- C:\Windows\System32\vcsFPService.exe -- (vcsFPService)? SRV - [2009/12/12 03:57:20 | 000,297,984 | ---- | M] (Hewlett-Packard) [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe -- (HPFSService)? SRV - [2009/12/11 02:03:52 | 000,251,448 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- c:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)? SRV - [2009/12/08 20:07:16 | 000,172,032 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)? SRV - [2009/12/04 14:22:40 | 000,506,472 | ---- | M] (ArcSoft, Inc.) [Auto | Stopped] -- C:\Windows\System32\uArcCapture.exe -- (uArcCapture)? SRV - [2009/12/03 22:30:42 | 000,229,461 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9fc8b38ddee9fbba\stacsv.exe -- (STacSV)? SRV - [2009/11/25 04:57:20 | 000,300,808 | ---- | M] (DigitalPersona, Inc.) [Auto | Stopped] -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe -- (DpHost)? SRV - [2009/11/19 01:17:36 | 000,036,864 | ---- | M] (Hewlett-Packard Development Company, L.P) [Disabled | Stopped] -- c:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe -- (HP ProtectTools Service)? SRV - [2009/11/18 00:39:16 | 000,362,040 | ---- | M] (Hewlett-Packard Ltd) [On_Demand | Stopped] -- C:\Windows\System32\flcdlock.exe -- (FLCDLOCK)? SRV - [2009/11/04 23:46:56 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)? SRV - [2009/11/04 23:46:54 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)? SRV - [2009/11/02 22:12:02 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Stopped] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)? SRV - [2009/09/28 19:42:50 | 000,109,056 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)? SRV - [2009/09/04 22:43:38 | 000,595,232 | ---- | M] (Broadcom Corporation.) [Auto | Stopped] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)? SRV - [2009/08/25 18:57:52 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)? SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)? SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)? SRV - [2009/03/03 12:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9fc8b38ddee9fbba\AEstSrv.exe -- (AESTFilters)? SRV - [2007/07/24 21:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Stopped] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)? SRV - [2004/02/26 09:15:58 | 000,069,632 | ---- | M] (Panasonic) [Auto | Stopped] -- C:\Program Files\Panasonic\TrapMonitor\Trapmnnt.exe -- (Panasonic Trap Monitor Service)? ? ? [color=#E56717]========== Driver Services (SafeList) ==========[/color]? ? DRV - [2012/07/23 10:11:54 | 000,353,280 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbwwan.sys -- (ewusbmbb)? DRV - [2012/07/23 10:11:54 | 000,194,816 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)? DRV - [2012/07/23 10:11:54 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)? DRV - [2012/07/23 10:11:54 | 000,090,368 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)? DRV - [2012/07/23 10:11:54 | 000,073,216 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)? DRV - [2012/07/23 10:11:54 | 000,011,136 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)? DRV - [2011/03/12 09:12:38 | 000,431,672 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)? DRV - [2009/12/22 23:37:28 | 000,073,344 | ---- | M] (Realtek Semiconductor Corp.) [2 MP Fixed] [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rtsuvc.sys -- (rtsuvc)? DRV - [2009/12/16 03:12:28 | 000,051,800 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\System32\drivers\SbAlg.sys -- (SbAlg)? DRV - [2009/12/16 03:12:16 | 000,013,256 | ---- | M] (McAfee, Inc.) [File_System | Boot | Running] -- C:\windows\System32\drivers\SbFsLock.sys -- (SbFsLock)? DRV - [2009/12/16 03:12:14 | 000,040,088 | ---- | M] (McAfee, Inc.) [Kernel | System | Stopped] -- C:\windows\System32\drivers\rsvlock.sys -- (RsvLock)? DRV - [2009/12/16 03:12:10 | 000,110,520 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\System32\drivers\SafeBoot.sys -- (SafeBoot)? DRV - [2009/12/09 00:15:20 | 005,092,864 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)? DRV - [2009/12/04 12:48:18 | 000,029,824 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ArcSoftVCapture.sys -- (ARCVCAM)? DRV - [2009/12/03 22:30:42 | 000,423,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)? DRV - [2009/11/18 14:25:04 | 000,100,352 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)? DRV - [2009/11/11 11:11:00 | 000,181,792 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)? DRV - [2009/11/02 22:11:56 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)? DRV - [2009/10/21 23:37:52 | 000,032,312 | ---- | M] (Hewlett-Packard Development Company L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DAMDrv.sys -- (DAMDrv)? DRV - [2009/10/05 19:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)? DRV - [2009/10/03 06:23:26 | 006,114,816 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32)? DRV - [2009/09/17 22:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)? DRV - [2009/07/16 23:16:50 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)? DRV - [2009/07/14 02:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)? DRV - [2009/07/14 02:14:49 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)? DRV - [2009/07/14 01:53:40 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST)? DRV - [2009/07/14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)? DRV - [2009/07/14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)? DRV - [2009/07/14 01:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)? DRV - [2009/07/08 23:48:38 | 000,025,656 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt)? DRV - [2009/07/08 23:48:22 | 000,033,848 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)? DRV - [2009/05/16 03:15:14 | 000,214,024 | ---- | M] (McAfee, Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)? DRV - [2009/05/16 03:15:14 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (MfeAVFK)? DRV - [2009/05/16 03:15:14 | 000,055,336 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfetdik.sys -- (mfetdik)? DRV - [2009/05/16 03:15:14 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (MfeBOPK)? DRV - [2009/05/16 03:15:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (MfeRKDK)? DRV - [2006/11/11 01:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)? ? ? [color=#E56717]========== Standard Registry (SafeList) ==========[/color]? ? ? [color=#E56717]========== Internet Explorer ==========[/color]? ? IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com? IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com? IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)? IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo0.dll (Conduit Ltd.)? IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}? IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://www.searchqu.com/web?src=ieb&appid=102&systemid=406&sr=0&q={searchTerms}? IE - HKLM\..\SearchScopes\{A66A710B-4096-4090-B9BE-461BEAB93A6F}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox? IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678? IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7? ? IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://msn.gazeta.pl/?ocid=OIE9HP? IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1? IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.pl/ [binary data]? IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?l=dis&o=102866&gct=hp? IE - HKCU\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)? IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found? IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo0.dll (Conduit Ltd.)? IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}? IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=100482&babsrc=SP_ss&mntrId=ca0b745e000000000000761a04f9baf5? IE - HKCU\..\SearchScopes\{13A2E81A-2F83-4E3A-A28C-417F25923D8A}: "URL" = http://szukaj.gazeta.pl/portalSearch.do?s.si(navigation).navigationEnabled=true&s.sm.query={searchTerms}? IE - HKCU\..\SearchScopes\{2DCFA9B9-8CE4-49C9-8B9B-81193A42273E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=STT&o=102866&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=5N&apn_dtid=YYYYYYYYPL&apn_uid=53654989-0d5b-4df9-9139-f909baa94b1f&apn_sauid=011B58A4-C0B3-471B-8389-194E6E7CC882? IE - HKCU\..\SearchScopes\{3B9EA0C1-0341-4464-A711-DD42E4B4DDE6}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC? IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://www.searchqu.com/web?src=ieb&appid=102&systemid=406&sr=0&q={searchTerms}? IE - HKCU\..\SearchScopes\{A66A710B-4096-4090-B9BE-461BEAB93A6F}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox? IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search/web?q={searchTerms}? IE - HKCU\..\SearchScopes\{AE3A84EF-28FD-41E9-88F5-66F590616C84}: "URL" = http://search.avg.com/route/?d=4dc4268c&v=6.103.18.1&i=26&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us? IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678? IE - HKCU\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7? IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0? IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ? ? [color=#E56717]========== FireFox ==========[/color]? ? FF - prefs.js..browser.search.defaultengine: "Ask.com"? FF - prefs.js..browser.search.defaultenginename: "Ask.com"? FF - prefs.js..browser.search.order.1: "Ask.com"? FF - prefs.js..browser.search.selectedEngine: "Ask.com"? FF - prefs.js..browser.startup.homepage: "http://www.searchqu.com/406"? FF - prefs.js..keyword.URL: "http://www.searchqu.com/web?src=ffb&appid=102&systemid=406&sr=0&q="? ? ? FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()? FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)? FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)? FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found? FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)? FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)? FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)? FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)? FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)? FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found? FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)? FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)? FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)? ? FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2010/02/02 12:56:34 | 000,000,000 | ---D | M]? FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/10/03 16:18:01 | 000,000,000 | ---D | M]? FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/21 10:03:57 | 000,000,000 | ---D | M]? FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/03 16:18:14 | 000,000,000 | ---D | M]? ? [2012/07/03 16:38:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jasiek\AppData\Roaming\mozilla\Extensions? [2012/07/24 11:28:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jasiek\AppData\Roaming\mozilla\Firefox\Profiles\ewy7hkxs.default\extensions? [2012/07/24 11:28:16 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\jasiek\AppData\Roaming\mozilla\Firefox\Profiles\ewy7hkxs.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}? [2011/11/15 15:19:18 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\jasiek\AppData\Roaming\mozilla\Firefox\Profiles\ewy7hkxs.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}? [2012/07/05 17:10:33 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Users\jasiek\AppData\Roaming\mozilla\Firefox\Profiles\ewy7hkxs.default\extensions\DTToolbar@toolbarnet.com? [2012/07/24 12:03:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jasiek\AppData\Roaming\mozilla\Firefox\Profiles\ewy7hkxs.default\extensions\ffxtlbr@babylon.com? [2012/01/03 16:27:44 | 000,002,333 | ---- | M] () -- C:\Users\jasiek\AppData\Roaming\Mozilla\Firefox\Profiles\ewy7hkxs.default\searchplugins\askcom.xml? [2011/03/12 09:12:43 | 000,002,059 | ---- | M] () -- C:\Users\jasiek\AppData\Roaming\Mozilla\Firefox\Profiles\ewy7hkxs.default\searchplugins\daemon-search.xml? [2012/06/21 10:03:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions? [2012/06/15 00:19:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll? [2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll? [2012/06/15 01:13:23 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml? [2012/06/15 01:13:23 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml? [2012/06/15 01:13:23 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml? [2012/06/15 01:13:23 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml? [2012/06/15 01:13:23 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml? [2012/06/15 01:13:23 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml? ? [color=#E56717]========== Chrome ==========[/color]? ? CHR - default_search_provider: DAEMON Search (Enabled)? CHR - default_search_provider: search_url = http://www.daemon-search.com/search?q={searchTerms}? CHR - default_search_provider: suggest_url = ? CHR - homepage: http://www.google.com? CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\14.0.835.202\pdf.dll? CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\14.0.835.202\gears.dll? CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\14.0.835.202\gcswf32.dll? CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll? CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll? CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll? CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll? CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll? CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.dll? CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll? CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32.dll? CHR - plugin: Default Plug-in (Enabled) = default_plugin? CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\jasiek\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\? ? O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts? O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)? O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)? O2 - BHO: (File Sanitizer for HP ProtectTools) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)? O2 - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)? O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)? O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()? O2 - BHO: (SearchCore for Browsers) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\BrowserConnection.dll (Bandoo Media, inc)? O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files\DealPly\DealPlyIE.dll (DealPly Technologies Ltd)? O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo0.dll (Conduit Ltd.)? O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)? O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.? O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()? O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)? O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()? O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo0.dll (Conduit Ltd.)? O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.? O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)? O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.? O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.? O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()? O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\prxtbuTo0.dll (Conduit Ltd.)? O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)? O4 - HKLM..\Run: [DataCardMonitor] C:\Program Files\blueconnect\DataCardMonitor.exe (Huawei Technologies Co., Ltd.)? O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe (Bandoo Media, inc)? O4 - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()? O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)? O4 - HKLM..\Run: [iPlusManager] C:\Program Files\iPlus\iPlusChecker.exe ()? O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)? O4 - HKLM..\Run: [Panasonic Device Manager for Multi-Function Station software] C:\Program Files\Panasonic\MFStation\PCCMFSDM.exe ( )? O4 - HKLM..\Run: [Panasonic Device Monitor Wakeup] C:\Program Files\Panasonic\Device Monitor\DMWakeup.exe (Panasonic System Networks Co., Ltd.)? O4 - HKLM..\Run: [Panasonic IP Address Checker for Multi-Function Station software] C:\Program Files\Panasonic\MFStation\PccChgIP.exe (Panasonic System Networks Co.,Ltd.)? O4 - HKLM..\Run: [Panasonic LPD Manager] C:\Program Files\Panasonic\MFStation\PCMFSMLM.exe (Panasonic System Networks Co.,Ltd.)? O4 - HKLM..\Run: [Panasonic PCFAX for Multi-Function Station software] C:\Program Files\Panasonic\MFStation\KmPcFax.exe (Panasonic System Networks Co.,Ltd.)? O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)? O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)? O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)? O4 - HKCU..\Run: [HW_OPENEYE_OUC_blueconnect] C:\Program Files\blueconnect\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.)? O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)? O4 - HKCU..\Run: [Trans] C:\Program Files\Trans\trans.exe ()? O4 - HKCU..\Run: [UpdateMyDrivers] C:\Program Files\SmartTweak Software\UpdateMyDrivers\UpdateMyDrivers.exe ()? O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)? O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5? O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3? O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()? O8 - Extra context menu item: Wyślij obraz do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()? O8 - Extra context menu item: Wyślij stronę do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()? O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()? O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()? O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)? O13 - gopher Prefix: missing? O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)? O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)? O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)? O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)? O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)? O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)? O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)? O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)? O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)? O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)? O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)? O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)? O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)? O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)? O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)? O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)? O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)? O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)? O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)? O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)? O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)? O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)? O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)? O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)? O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)? O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.179.1.63 62.179.1.62? O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{94254FB1-B003-4EA4-B1F9-8FDAAB3C2F08}: NameServer = 193.41.112.14 193.41.112.18? O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CE6FD002-4358-45CE-9441-C3BA850BA7C1}: DhcpNameServer = 62.179.1.63 62.179.1.62? O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE892609-E775-4239-B75E-DD7D3F36CAF4}: NameServer = 193.41.112.14 193.41.112.18? O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)? O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)? O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)? O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\SEARCH~1\datamngr.dll) - C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\datamngr.dll (Bandoo Media, inc)? O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\SEARCH~1\IEBHO.dll) - C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\IEBHO.dll (Bandoo Media, inc)? O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)? O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)? O20 - HKLM Winlogon: UserInit - (c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe) - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe (DigitalPersona, Inc.)? O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)? O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found? O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - DeviceNP.dll (Hewlett-Packard Limited)? O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.? O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)? O32 - HKLM CDRom: AutoRun - 1? O33 - MountPoints2\{14c90d6c-06c1-11e1-8440-002713a5a4e1}\Shell - "" = AutoRun? O33 - MountPoints2\{14c90d6c-06c1-11e1-8440-002713a5a4e1}\Shell\AutoRun\command - "" = E:\AutoRun.exe? O33 - MountPoints2\{14c90d70-06c1-11e1-8440-002713a5a4e1}\Shell - "" = AutoRun? O33 - MountPoints2\{14c90d70-06c1-11e1-8440-002713a5a4e1}\Shell\AutoRun\command - "" = E:\AutoRun.exe? O33 - MountPoints2\{383f0a0c-2106-11e1-ae2d-002713a5a4e1}\Shell - "" = AutoRun? O33 - MountPoints2\{383f0a0c-2106-11e1-ae2d-002713a5a4e1}\Shell\AutoRun\command - "" = E:\AutoRun.exe? O33 - MountPoints2\{45bfb412-018e-11e1-a984-002713a5a4e1}\Shell - "" = AutoRun? O33 - MountPoints2\{45bfb412-018e-11e1-a984-002713a5a4e1}\Shell\AutoRun\command - "" = E:\AutoRun.exe? O33 - MountPoints2\{45f0ea50-6e09-11e1-aee9-806e6f6e6963}\Shell - "" = AutoRun? O33 - MountPoints2\{45f0ea50-6e09-11e1-aee9-806e6f6e6963}\Shell\AutoRun\command - "" = J:\AutoRun.exe? O33 - MountPoints2\{5eb1d305-e5e8-11e0-be70-002713a5a4e1}\Shell - "" = AutoRun? O33 - MountPoints2\{5eb1d305-e5e8-11e0-be70-002713a5a4e1}\Shell\AutoRun\command - "" = E:\AutoRun.exe? O33 - MountPoints2\{7c9379b7-6710-11e1-ab6d-002713a5a4e1}\Shell - "" = AutoRun? O33 - MountPoints2\{7c9379b7-6710-11e1-ab6d-002713a5a4e1}\Shell\AutoRun\command - "" = E:\AutoRun.exe? O33 - MountPoints2\{84866ada-0d49-11e1-8feb-002713a5a4e1}\Shell - "" = AutoRun? O33 - MountPoints2\{84866ada-0d49-11e1-8feb-002713a5a4e1}\Shell\AutoRun\command - "" = E:\AutoRun.exe? O33 - MountPoints2\{94a0c958-27fb-11df-b6a3-806e6f6e6963}\Shell - "" = AutoRun? O33 - MountPoints2\{94a0c958-27fb-11df-b6a3-806e6f6e6963}\Shell\AutoRun\command - "" = G:\autorun\autorun.exe? O33 - MountPoints2\{a35b4370-b064-11e0-acb4-002713a5a4e1}\Shell - "" = AutoRun? O33 - MountPoints2\{a35b4370-b064-11e0-acb4-002713a5a4e1}\Shell\AutoRun\command - "" = E:\AutoRun.exe? O33 - MountPoints2\{acf14873-a228-11e0-953c-002713a5a4e1}\Shell - "" = AutoRun? O33 - MountPoints2\{acf14873-a228-11e0-953c-002713a5a4e1}\Shell\AutoRun\command - "" = E:\NokiaPCIA_Autorun.exe? O33 - MountPoints2\{bfa21b2d-1d9c-11e1-b1d9-002713a5a4e1}\Shell - "" = AutoRun? O33 - MountPoints2\{bfa21b2d-1d9c-11e1-b1d9-002713a5a4e1}\Shell\AutoRun\command - "" = E:\AutoRun.exe? O33 - MountPoints2\{bfa21b45-1d9c-11e1-b1d9-002713a5a4e1}\Shell - "" = AutoRun? O33 - MountPoints2\{bfa21b45-1d9c-11e1-b1d9-002713a5a4e1}\Shell\AutoRun\command - "" = E:\AutoRun.exe? O33 - MountPoints2\{bfa21b6f-1d9c-11e1-b1d9-002713a5a4e1}\Shell - "" = AutoRun? O33 - MountPoints2\{bfa21b6f-1d9c-11e1-b1d9-002713a5a4e1}\Shell\AutoRun\command - "" = E:\AutoRun.exe? O33 - MountPoints2\{d5f0e499-eb5b-11e0-a090-002713a5a4e1}\Shell - "" = AutoRun? O33 - MountPoints2\{d5f0e499-eb5b-11e0-a090-002713a5a4e1}\Shell\AutoRun\command - "" = E:\AutoRun.exe? O33 - MountPoints2\{e3110d48-edc5-11e0-ac0a-002713a5a4e1}\Shell - "" = AutoRun? O33 - MountPoints2\{e3110d48-edc5-11e0-ac0a-002713a5a4e1}\Shell\AutoRun\command - "" = E:\AutoRun.exe? O33 - MountPoints2\{eaca5fc0-4c79-11e0-9ae9-806e6f6e6963}\Shell - "" = AutoRun? O33 - MountPoints2\{eaca5fc0-4c79-11e0-9ae9-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.exe? O33 - MountPoints2\{f1cf2af7-0c7d-11e1-b812-002713a5a4e1}\Shell - "" = AutoRun? O33 - MountPoints2\{f1cf2af7-0c7d-11e1-b812-002713a5a4e1}\Shell\AutoRun\command - "" = E:\AutoRun.exe? O33 - MountPoints2\{f1cf2afb-0c7d-11e1-b812-002713a5a4e1}\Shell - "" = AutoRun? O33 - MountPoints2\{f1cf2afb-0c7d-11e1-b812-002713a5a4e1}\Shell\AutoRun\command - "" = E:\AutoRun.exe? O33 - MountPoints2\{f56e8883-e52f-11e0-894f-002713a5a4e1}\Shell - "" = AutoRun? O33 - MountPoints2\{f56e8883-e52f-11e0-894f-002713a5a4e1}\Shell\AutoRun\command - "" = E:\AutoRun.exe? O33 - MountPoints2\D\Shell - "" = AutoRun? O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\autorun.exe? O33 - MountPoints2\E\Shell - "" = AutoRun? O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe? O34 - HKLM BootExecute: (autocheck autochk *)? O35 - HKLM\..comfile [open] -- "%1" %*? O35 - HKLM\..exefile [open] -- "%1" %*? O37 - HKLM\...com [@ = comfile] -- "%1" %*? O37 - HKLM\...exe [@ = exefile] -- "%1" %*? O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)? O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)? O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)? ? [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]? ? [2012/07/24 10:25:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy? [2012/07/24 10:25:40 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy? [2012/07/23 10:22:23 | 000,000,000 | ---D | C] -- C:\ProgramData\RedApp? [2012/07/23 10:13:39 | 000,000,000 | ---D | C] -- C:\Program Files\RedApp? [2012/07/23 10:13:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet w Cyfrowym Polsacie? [2012/07/23 10:13:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Internet w Cyfrowym Polsacie? [2012/07/23 10:12:24 | 000,861,696 | ---- | C] (DiBcom SA) -- C:\windows\System32\drivers\mod7700.sys? [2012/07/23 10:12:24 | 000,353,280 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\windows\System32\drivers\ewusbwwan.sys? [2012/07/23 10:12:24 | 000,194,816 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\windows\System32\drivers\ewusbmdm.sys? [2012/07/23 10:12:24 | 000,181,760 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\windows\System32\drivers\ew_juwwanecm.sys? [2012/07/23 10:12:24 | 000,102,784 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\windows\System32\drivers\ew_hwusbdev.sys? [2012/07/23 10:12:24 | 000,090,368 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\windows\System32\drivers\ew_jucdcacm.sys? [2012/07/23 10:12:24 | 000,073,216 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\windows\System32\drivers\ew_jubusenum.sys? [2012/07/23 10:12:24 | 000,064,384 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\windows\System32\drivers\ew_jucdcecm.sys? [2012/07/23 10:12:24 | 000,026,624 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\windows\System32\drivers\ew_juextctrl.sys? [2012/07/23 10:12:24 | 000,025,856 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\windows\System32\drivers\ewdcsc.sys? [2012/07/23 10:12:24 | 000,019,200 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\windows\System32\drivers\ew_hwupgrade.sys? [2012/07/23 10:12:24 | 000,011,136 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\windows\System32\drivers\ew_usbenumfilter.sys? [2012/07/23 10:11:48 | 000,000,000 | ---D | C] -- C:\Program Files\Internet w Cyfrowym Polsacie? [2012/07/19 09:43:22 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe? [2012/07/19 09:43:22 | 000,070,344 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl? [2012/07/12 13:22:35 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb? [2012/07/12 13:22:34 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll? [2012/07/12 13:22:33 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe? [2012/07/12 13:22:33 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll? [2012/07/12 13:22:32 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll? [2012/07/12 13:22:32 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll? [2012/07/12 13:22:31 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl? [2012/07/12 13:22:00 | 002,344,448 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys? [2012/07/12 09:36:05 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ncrypt.dll? [2012/07/04 08:29:54 | 000,000,000 | -HSD | C] -- C:\found.000? [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]? ? [color=#E56717]========== Files - Modified Within 30 Days ==========[/color]? ? [2012/08/01 15:20:57 | 000,065,536 | ---- | M] () -- C:\windows\System32\Ikeext.etl? [2012/08/01 15:20:51 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat? [2012/08/01 15:20:49 | 2357,620,736 | -HS- | M] () -- C:\hiberfil.sys? [2012/08/01 15:17:00 | 000,001,036 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job? [2012/08/01 14:58:00 | 000,001,074 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3047411748-4076026608-1215055065-1005UA.job? [2012/08/01 14:58:00 | 000,001,022 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3047411748-4076026608-1215055065-1005Core.job? [2012/08/01 14:28:00 | 000,000,930 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job? [2012/08/01 09:22:45 | 000,001,032 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job? [2012/08/01 09:14:44 | 000,697,940 | ---- | M] () -- C:\windows\System32\perfh015.dat? [2012/08/01 09:14:44 | 000,616,036 | ---- | M] () -- C:\windows\System32\perfh009.dat? [2012/08/01 09:14:44 | 000,135,018 | ---- | M] () -- C:\windows\System32\perfc015.dat? [2012/08/01 09:14:44 | 000,106,416 | ---- | M] () -- C:\windows\System32\perfc009.dat? [2012/07/31 18:35:28 | 000,019,760 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0? [2012/07/31 18:35:28 | 000,019,760 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0? [2012/07/30 09:28:04 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe? [2012/07/30 09:28:04 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl? [2012/07/24 10:25:43 | 000,001,180 | ---- | M] () -- C:\Users\jasiek\Desktop\Spybot - Search & Destroy.lnk? [2012/07/23 10:13:01 | 000,001,169 | ---- | M] () -- C:\Users\Public\Desktop\Internet w Cyfrowym Polsacie.lnk? [2012/07/23 10:11:54 | 001,112,288 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\WdfCoInstaller01007.dll? [2012/07/23 10:11:54 | 001,112,288 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\drivers\WdfCoInstaller01007.dll? [2012/07/23 10:11:54 | 000,861,696 | ---- | M] (DiBcom SA) -- C:\windows\System32\drivers\mod7700.sys? [2012/07/23 10:11:54 | 000,353,280 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\windows\System32\drivers\ewusbwwan.sys? [2012/07/23 10:11:54 | 000,194,816 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\windows\System32\drivers\ewusbmdm.sys? [2012/07/23 10:11:54 | 000,181,760 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\windows\System32\drivers\ew_juwwanecm.sys? [2012/07/23 10:11:54 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\windows\System32\drivers\ew_hwusbdev.sys? [2012/07/23 10:11:54 | 000,090,368 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\windows\System32\drivers\ew_jucdcacm.sys? [2012/07/23 10:11:54 | 000,073,216 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\windows\System32\drivers\ew_jubusenum.sys? [2012/07/23 10:11:54 | 000,064,384 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\windows\System32\drivers\ew_jucdcecm.sys? [2012/07/23 10:11:54 | 000,026,624 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\windows\System32\drivers\ew_juextctrl.sys? [2012/07/23 10:11:54 | 000,025,856 | ---- | M] (Huawei Tech. Co., Ltd.) -- C:\windows\System32\drivers\ewdcsc.sys? [2012/07/23 10:11:54 | 000,019,200 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\windows\System32\drivers\ew_hwupgrade.sys? [2012/07/23 10:11:54 | 000,011,136 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\windows\System32\drivers\ew_usbenumfilter.sys? [2012/07/12 17:46:04 | 000,416,200 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT? [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]? ? [color=#E56717]========== Files Created - No Company Name ==========[/color]? ? [2012/07/24 10:25:43 | 000,001,180 | ---- | C] () -- C:\Users\jasiek\Desktop\Spybot - Search & Destroy.lnk? [2012/07/23 10:13:01 | 000,001,169 | ---- | C] () -- C:\Users\Public\Desktop\Internet w Cyfrowym Polsacie.lnk? [2012/07/19 09:43:22 | 000,000,930 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job? [2012/05/11 12:00:00 | 000,000,078 | ---- | C] () -- C:\windows\ricdb.ini? [2012/02/05 21:44:59 | 000,000,623 | ---- | C] () -- C:\windows\eReg.dat? [2011/11/16 17:01:10 | 000,196,608 | ---- | C] () -- C:\windows\System32\PDFSpooler.exe? [2011/11/03 12:11:54 | 000,000,042 | ---- | C] () -- C:\windows\iris.ini? [2011/11/03 12:11:50 | 000,023,040 | ---- | C] () -- C:\windows\System32\irisco32.dll? [2011/11/03 12:10:13 | 000,045,056 | ---- | C] () -- C:\windows\System32\AddMyNewPort.exe? [2011/11/03 12:10:13 | 000,040,960 | ---- | C] () -- C:\windows\System32\AddMyMonitor.exe? [2011/11/03 12:06:29 | 000,000,257 | ---- | C] () -- C:\windows\PanaFLB881.ini? [2011/07/17 13:07:30 | 000,000,000 | ---- | C] () -- C:\Users\jasiek\AppData\Local\{777BAB79-0EC7-4B33-9C90-92E4743781F1}? [2011/06/10 10:04:41 | 000,000,000 | ---- | C] () -- C:\Users\jasiek\AppData\Local\{14FA9E5C-619A-46C3-908B-6EBC1D659240}? [2011/05/20 01:21:29 | 000,000,000 | ---- | C] () -- C:\Users\jasiek\AppData\Local\{BA9EF243-4750-4D8A-B698-10AFC62A3059}? [2011/04/15 13:49:14 | 000,122,884 | ---- | C] () -- C:\windows\UnGins.exe? [2011/03/12 09:55:37 | 000,021,840 | ---- | C] () -- C:\windows\System32\SIntfNT.dll? [2011/03/12 09:55:37 | 000,017,212 | ---- | C] () -- C:\windows\System32\SIntf32.dll? [2011/03/12 09:55:37 | 000,012,067 | ---- | C] () -- C:\windows\System32\SIntf16.dll? [2011/01/23 16:52:07 | 000,165,376 | ---- | C] () -- C:\windows\System32\unrar.dll? [2011/01/23 16:52:06 | 000,000,038 | ---- | C] () -- C:\windows\avisplitter.ini? [2011/01/23 16:52:05 | 000,183,808 | ---- | C] () -- C:\windows\System32\xvidvfw.dll? [2011/01/23 16:52:04 | 000,080,896 | ---- | C] () -- C:\windows\System32\ff_vfw.dll? [2011/01/18 21:38:58 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat? [2011/01/14 20:11:00 | 000,810,496 | ---- | C] () -- C:\windows\System32\xvidcore.dll? [2011/01/14 20:11:00 | 000,258,048 | ---- | C] () -- C:\windows\System32\libFLAC.dll? [2011/01/08 22:47:49 | 000,000,848 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys? ? [color=#E56717]========== LOP Check ==========[/color]? ? [2011/02/20 17:34:49 | 000,000,000 | ---D | M] -- C:\Users\jasiek\AppData\Roaming\AVG10? [2011/09/28 17:09:35 | 000,000,000 | ---D | M] -- C:\Users\jasiek\AppData\Roaming\blueconnect? [2011/03/12 09:53:20 | 000,000,000 | ---D | M] -- C:\Users\jasiek\AppData\Roaming\DAEMON Tools Lite? [2011/01/05 21:01:03 | 000,000,000 | ---D | M] -- C:\Users\jasiek\AppData\Roaming\DigitalPersona? [2011/10/24 16:45:59 | 000,000,000 | ---D | M] -- C:\Users\jasiek\AppData\Roaming\EurekaLog? [2011/11/11 19:06:29 | 000,000,000 | ---D | M] -- C:\Users\jasiek\AppData\Roaming\Gadu-Gadu 10? [2011/11/03 20:07:02 | 000,000,000 | ---D | M] -- C:\Users\jasiek\AppData\Roaming\Panasonic? [2012/01/31 21:30:22 | 000,000,000 | ---D | M] -- C:\Users\jasiek\AppData\Roaming\RST? [2011/05/04 22:45:26 | 000,000,000 | ---D | M] -- C:\Users\jasiek\AppData\Roaming\Sports Interactive? [2011/02/20 17:20:57 | 000,000,000 | ---D | M] -- C:\Users\jasiek\AppData\Roaming\translateclient? [2012/07/30 09:54:02 | 000,000,000 | ---D | M] -- C:\Users\jasiek\AppData\Roaming\uTorrent? [2012/07/03 09:22:05 | 000,032,604 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT? ? [color=#E56717]========== Purity Check ==========[/color]? ? ? ? < End of report >?