DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 11.0.9600.16518 Run by User at 17:51:21 on 2014-03-04 Microsoft Windows 7 Home Premium 6.1.7601.1.1250.48.1045.18.3582.2274 [GMT 1:00] . AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\atieclxx.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\ProgramData\IePluginService\PluginService.exe C:\Program Files (x86)\WinZipper\winzipersvc.exe C:\Windows\system32\taskhost.exe C:\ProgramData\WPM\wprotectmanager.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\ProgramData\Cyfrowy Polsat E3276\OnlineUpdate\ouc.exe C:\ProgramData\DatacardService\HWDeviceService64.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\System32\WUDFHost.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files (x86)\Cyfrowy Polsat E3276\Cyfrowy Polsat E3276.exe C:\Program Files (x86)\RedApp\redApp.exe C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Windows\system32\taskeng.exe C:\ProgramData\HP Photo Creations\Communicator.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.delta-homes.com/?type=hp&ts=1388682097&from=wpm0102&uid=WDCXWD5000AZRX-00A8LB0_WD-WCC1U469242392423 uSearch Page = hxxp://search.delta-homes.com/web/?utm_source=b&utm_medium=wpm0226&utm_campaign=installer&utm_content=ds&from=wpm0226&uid=WDCXWD5000AZRX-00A8LB0_WD-WCC1U469242392423&ts=1393436207&type=default&q={searchTerms} uDefault_Page_URL = hxxp://www.delta-homes.com/?type=hp&ts=1388682097&from=wpm0102&uid=WDCXWD5000AZRX-00A8LB0_WD-WCC1U469242392423 uDefault_Search_URL = hxxp://search.delta-homes.com/web/?utm_source=b&utm_medium=wpm0226&utm_campaign=installer&utm_content=ds&from=wpm0226&uid=WDCXWD5000AZRX-00A8LB0_WD-WCC1U469242392423&ts=1393436207&type=default&q={searchTerms} mStart Page = hxxp://www.delta-homes.com/?type=hp&ts=1388682097&from=wpm0102&uid=WDCXWD5000AZRX-00A8LB0_WD-WCC1U469242392423 mSearch Page = hxxp://search.delta-homes.com/web/?type=ds&ts=1388682097&from=wpm0102&uid=WDCXWD5000AZRX-00A8LB0_WD-WCC1U469242392423&q={searchTerms} mDefault_Page_URL = hxxp://www.delta-homes.com/?type=hp&ts=1388682097&from=wpm0102&uid=WDCXWD5000AZRX-00A8LB0_WD-WCC1U469242392423 mDefault_Search_URL = hxxp://search.delta-homes.com/web/?type=ds&ts=1388682097&from=wpm0102&uid=WDCXWD5000AZRX-00A8LB0_WD-WCC1U469242392423&q={searchTerms} mWinlogon: Userinit = userinit.exe BHO: IETabPage Class: {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO: searchgol Helper Object: {8F547BDD-FCD4-48F8-A06F-573D6F404A3C} - C:\Program Files (x86)\searchgol\searchgol\1.8.16.19\bh\searchgol.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: BatBrowse: {b67b3dbb-c1c9-49d2-b016-2748b0b5017e} - C:\Program Files (x86)\BatBrowse\BatBrowsebho.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll BHO: BonanzaDeals: {fe063412-bea4-4d76-8ed3-183be6220d17} - C:\Program Files (x86)\BonanzaDeals\BonanzaDealsIE.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll TB: searchgol Toolbar: {00078E95-3A4A-4137-8DE7-2824908D1C17} - C:\Program Files (x86)\searchgol\searchgol\1.8.16.19\searchgolTlbr.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 TCP: NameServer = 212.2.96.53 212.2.96.54 TCP: Interfaces\{569ACA45-62D1-4F7C-8C7F-5473E4B5B2C3} : DHCPNameServer = 192.168.0.1 TCP: Interfaces\{D2D5929E-D46B-4AC1-9AC2-52B49139B71B} : DHCPNameServer = 212.2.96.53 212.2.96.54 TCP: Interfaces\{E210FD01-FE85-4B1E-84BD-6F18F7A31F3B} : DHCPNameServer = 212.2.96.53 212.2.96.54 SSODL: WebCheck - mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-mStart Page = hxxp://www.delta-homes.com/?type=hp&ts=1388682097&from=wpm0102&uid=WDCXWD5000AZRX-00A8LB0_WD-WCC1U469242392423 x64-mSearch Page = hxxp://search.delta-homes.com/web/?type=ds&ts=1388682097&from=wpm0102&uid=WDCXWD5000AZRX-00A8LB0_WD-WCC1U469242392423&q={searchTerms} x64-mDefault_Page_URL = hxxp://www.delta-homes.com/?type=hp&ts=1388682097&from=wpm0102&uid=WDCXWD5000AZRX-00A8LB0_WD-WCC1U469242392423 x64-mDefault_Search_URL = hxxp://search.delta-homes.com/web/?type=ds&ts=1388682097&from=wpm0102&uid=WDCXWD5000AZRX-00A8LB0_WD-WCC1U469242392423&q={searchTerms} x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-SSODL: WebCheck - . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\xdrwn25k.default-1393941510522\ FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll FF - plugin: C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1209149.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll . ============= SERVICES / DRIVERS =============== . R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-10-7 65336] R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-10-7 204880] R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2013-10-7 22128] R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-10-7 1030952] R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-10-7 378944] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-4-7 202752] R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-10-7 33400] R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-10-7 80816] R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-10-7 46808] R2 HWDeviceService64.exe;HWDeviceService64.exe;C:\ProgramData\DatacardService\HWDeviceService64.exe [2011-3-14 346976] R2 IePluginService;IePlugin Service;C:\ProgramData\IePluginService\PluginService.exe -service --> C:\ProgramData\IePluginService\PluginService.exe -service [?] R2 winzipersvc;WinZiper service;C:\Program Files (x86)\WinZipper\winzipersvc.exe [2014-2-26 425104] R2 Wpm;Wpm Service;C:\ProgramData\WPM\wprotectmanager.exe -service --> C:\ProgramData\WPM\wprotectmanager.exe -service [?] R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.EXE [2013-12-16 247968] R3 ew_usbenumfilter;huawei_CompositeFilter;C:\Windows\System32\drivers\ew_usbenumfilter.sys [2013-10-16 14976] R3 huawei_cdcacm;huawei_cdcacm;C:\Windows\System32\drivers\ew_jucdcacm.sys [2013-10-16 105984] R3 huawei_cdcecm;huawei_cdcecm;C:\Windows\System32\drivers\ew_jucdcecm.sys [2013-10-16 76800] R3 huawei_enumerator;huawei_enumerator;C:\Windows\System32\drivers\ew_jubusenum.sys [2013-10-16 91648] R3 huawei_ext_ctrl;huawei_ext_ctrl;C:\Windows\System32\drivers\ew_juextctrl.sys [2013-10-16 30720] R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2013-10-7 110744] S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.EXE [2013-12-16 193696] S2 bonanzadealslive;UsA‚uga BonanzaDealsLive (bonanzadealslive);C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [2013-10-13 148976] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088] S2 Cyfrowy Polsat E3276. RunOuc;Cyfrowy Polsat E3276. OUC;C:\Program Files (x86)\Cyfrowy Polsat E3276\UpdateDog\ouc.exe [2013-10-16 650240] S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?] S3 bonanzadealslivem;UsA‚uga BonanzaDealsLive (bonanzadealslivem);C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [2013-10-13 148976] S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\System32\drivers\ew_hwusbdev.sys [2013-10-16 109568] S3 ewusbmbb;HUAWEI USB-WWAN miniport;C:\Windows\System32\drivers\ewusbwwan.sys [2013-10-16 452096] S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-2-12 111616] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232] S3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-10-7 1255736] . =============== File Associations =============== . ShellExec: Opera.exe: open="C:\Program Files (x86)\Opera\Launcher.exe" "%1" . =============== Created Last 30 ================ . 2014-03-04 14:42:26 -------- d-----w- C:\FRST 2014-03-04 14:10:28 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E13C7089-7C51-4320-ACFF-3C05A388914D}\offreg.dll 2014-03-04 13:13:51 10536864 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E13C7089-7C51-4320-ACFF-3C05A388914D}\mpengine.dll 2014-03-01 17:44:46 -------- d-----w- C:\Windows\SysWow64\Adobe 2014-03-01 16:14:23 -------- d-----w- C:\Users\User\AppData\Local\Apple Computer 2014-03-01 16:14:20 -------- d-----w- C:\ProgramData\Unity 2014-02-26 17:38:38 -------- d-----w- C:\Users\User\AppData\Roaming\WinZipper 2014-02-26 17:38:38 -------- d-----w- C:\Program Files (x86)\WinZipper 2014-02-26 17:37:36 -------- d-----w- C:\Users\User\AppData\Roaming\SupTab 2014-02-26 17:37:36 -------- d-----w- C:\ProgramData\IePluginService 2014-02-26 17:37:35 -------- d-----w- C:\Program Files (x86)\SupTab 2014-02-20 17:19:29 -------- d-----w- C:\Users\User\AppData\Roaming\Podatnik.info 2014-02-12 16:19:59 5768704 ----a-w- C:\Windows\System32\jscript9.dll 2014-02-12 16:19:59 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll 2014-02-12 15:31:07 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll 2014-02-12 15:31:07 2048 ----a-w- C:\Windows\System32\msxml3r.dll 2014-02-12 15:31:07 1882112 ----a-w- C:\Windows\System32\msxml3.dll 2014-02-12 15:31:07 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll . ==================== Find3M ==================== . 2014-03-01 15:15:59 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2014-03-01 15:15:59 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2014-02-26 17:38:38 773776 ----a-w- C:\Windows\SysWow64\msvcr100.dll 2014-02-26 17:38:38 421008 ----a-w- C:\Windows\SysWow64\msvcp100.dll 2014-02-06 11:30:46 2724864 ----a-w- C:\Windows\System32\mshtml.tlb 2014-02-06 11:30:12 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll 2014-02-06 11:07:39 66048 ----a-w- C:\Windows\System32\iesetup.dll 2014-02-06 11:06:47 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll 2014-02-06 10:49:03 139264 ----a-w- C:\Windows\System32\ieUnatt.exe 2014-02-06 10:48:45 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe 2014-02-06 10:48:11 708608 ----a-w- C:\Windows\System32\jscript9diag.dll 2014-02-06 10:20:26 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2014-02-06 10:01:36 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll 2014-02-06 10:00:46 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll 2014-02-06 09:50:32 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl 2014-02-06 09:47:22 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2014-02-06 09:46:27 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll 2014-02-06 09:24:52 2334208 ----a-w- C:\Windows\System32\wininet.dll 2014-02-06 09:09:30 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2014-02-06 08:41:35 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-12-24 23:09:41 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll 2013-12-24 22:48:32 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll 2013-12-21 09:53:45 548864 ----a-w- C:\Windows\System32\vbscript.dll 2013-12-21 08:56:47 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll 2013-12-18 05:13:56 270496 ------w- C:\Windows\System32\MpSigStub.exe . ============= FINISH: 17:51:46,18 ===============