OTL logfile created on: 5/14/2012 12:48:59 PM - Run 2 OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\Biuro\Downloads Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1.96 Gb Total Physical Memory | 0.63 Gb Available Physical Memory | 31.97% Memory free 3.92 Gb Paging File | 2.36 Gb Available in Paging File | 60.08% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 69.69 Gb Total Space | 5.19 Gb Free Space | 7.44% Space Free | Partition Type: NTFS Drive D: | 148.10 Gb Total Space | 15.47 Gb Free Space | 10.45% Space Free | Partition Type: NTFS Computer Name: BIURO-KOMPUTER | User Name: Biuro | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - File not found -- PRC - [2012/05/14 12:46:51 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Biuro\Downloads\OTL (1).exe PRC - [2012/05/14 12:45:13 | 000,781,383 | ---- | M] () -- C:\Users\Biuro\Downloads\RSIT (2).exe PRC - [2012/05/08 10:36:29 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2012/05/08 10:36:25 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2012/05/08 10:36:24 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2012/05/08 10:36:24 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011/10/01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011/10/01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011/07/16 06:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011/04/22 14:21:10 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe PRC - [2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010/02/28 02:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE PRC - [2010/01/19 11:34:48 | 002,201,192 | ---- | M] (SEC) -- C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe PRC - [2009/12/17 07:10:54 | 003,750,400 | ---- | M] (SafeNet Inc.) -- C:\Windows\System32\hasplms.exe PRC - [2009/11/04 06:11:48 | 000,835,072 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe PRC - [2009/10/26 13:53:14 | 000,091,136 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe PRC - [2009/10/20 11:13:00 | 000,079,360 | ---- | M] (DoctorSoft) -- C:\Program Files\AnyPC Client\APLanMgrC.exe PRC - [2009/10/13 12:03:04 | 000,716,800 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe PRC - [2009/08/13 21:58:10 | 000,044,312 | ---- | M] () -- C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe PRC - [2009/07/20 10:04:16 | 000,241,664 | ---- | M] () -- C:\Program Files\blueconnect\AssistantServices.exe PRC - [2009/07/14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009/04/30 11:23:26 | 000,090,112 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe PRC - [2007/12/18 00:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE PRC - [2007/01/12 00:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012/05/14 12:45:13 | 000,781,383 | ---- | M] () -- C:\Users\Biuro\Downloads\RSIT (2).exe MOD - [2012/04/28 04:07:01 | 000,444,400 | ---- | M] () -- C:\Users\Biuro\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll MOD - [2012/04/28 04:06:59 | 003,915,248 | ---- | M] () -- C:\Users\Biuro\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll MOD - [2012/04/28 04:05:34 | 000,122,880 | ---- | M] () -- C:\Users\Biuro\AppData\Local\Google\Chrome\Application\18.0.1025.168\avutil-51.dll MOD - [2012/04/28 04:05:33 | 000,220,672 | ---- | M] () -- C:\Users\Biuro\AppData\Local\Google\Chrome\Application\18.0.1025.168\avformat-53.dll MOD - [2012/04/28 04:05:32 | 001,747,456 | ---- | M] () -- C:\Users\Biuro\AppData\Local\Google\Chrome\Application\18.0.1025.168\avcodec-53.dll MOD - [2012/04/28 03:09:18 | 008,743,584 | ---- | M] () -- C:\Users\Biuro\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll MOD - [2012/04/28 03:09:18 | 008,743,584 | ---- | M] () -- C:\Users\Biuro\AppData\Local\Google\Chrome\APPLIC~1\180102~1.168\gcswf32.dll MOD - [2010/02/28 02:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE MOD - [2006/08/12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SBSDWSCService) SRV - [2012/05/08 10:36:29 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012/05/08 10:36:24 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012/04/21 14:21:05 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011/10/01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011/10/01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011/04/22 14:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2010/06/14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2010/06/05 19:38:00 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2009/12/17 07:10:54 | 003,750,400 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\Windows\System32\hasplms.exe -- (hasplms) SRV - [2009/08/13 21:58:10 | 000,044,312 | ---- | M] () [Auto | Running] -- C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe -- (OberonGameConsoleService) SRV - [2009/07/20 10:04:16 | 000,241,664 | ---- | M] () [Auto | Running] -- C:\Program Files\blueconnect\AssistantServices.exe -- (UI Assistant Service) SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009/04/30 11:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service) SRV - [2007/12/18 00:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01) SRV - [2007/05/31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007/05/31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2007/01/12 00:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2012/05/08 10:36:30 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012/05/08 10:36:30 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011/10/19 17:56:50 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011/10/01 09:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol) DRV - [2011/10/01 09:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir) DRV - [2011/10/01 09:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay) DRV - [2011/10/01 09:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs) DRV - [2011/08/17 11:03:50 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc) DRV - [2011/08/17 10:56:30 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2011/08/17 10:56:26 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2011/08/17 10:56:22 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2011/08/02 17:38:44 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl) DRV - [2011/01/14 19:21:34 | 000,218,176 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2010/11/23 18:10:44 | 001,249,792 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2010/07/16 09:42:36 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\Haspnt.sys -- (Haspnt) DRV - [2010/06/17 16:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010/02/26 14:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2010/02/26 14:21:22 | 000,137,344 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu) DRV - [2010/01/08 03:09:14 | 000,126,976 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R) DRV - [2009/12/17 07:11:00 | 000,356,864 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aksfridge.sys -- (aksfridge) DRV - [2009/12/17 07:10:54 | 000,238,208 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\akshasp.sys -- (akshasp) DRV - [2009/12/17 07:10:52 | 000,588,800 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (Hardlock) DRV - [2009/12/17 07:10:50 | 000,016,384 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\aksusb.sys -- (aksusb) DRV - [2009/12/17 07:10:48 | 000,046,336 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\akshhl.sys -- (akshhl) DRV - [2009/09/28 11:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7) DRV - [2009/07/14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009/07/14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009/05/22 09:08:22 | 000,022,528 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot | Unknown] -- C:\Windows\System32\drivers\BMLoad.sys -- (BMLoad) DRV - [2009/05/22 09:08:22 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Stopped] -- C:\windows\System32\drivers\tcpipBM.sys -- (tcpipBM) DRV - [2009/05/22 09:04:04 | 000,105,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - [2009/05/22 09:04:04 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - [2009/05/22 09:04:04 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - [2009/05/22 09:04:04 | 000,009,728 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter) DRV - [2008/10/21 09:22:48 | 000,114,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mdm.sys -- (s0017mdm) DRV - [2008/10/21 09:22:48 | 000,109,736 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017unic.sys -- (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM) DRV - [2008/10/21 09:22:48 | 000,108,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mgmt.sys -- (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM) DRV - [2008/10/21 09:22:48 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017obex.sys -- (s0017obex) DRV - [2008/10/21 09:22:48 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017bus.sys -- (s0017bus) Sony Ericsson Device 0017 driver (WDM) DRV - [2008/10/21 09:22:48 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017nd5.sys -- (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS) DRV - [2008/10/21 09:22:48 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mdfl.sys -- (s0017mdfl) DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-1624614489-1438924107-3198493719-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn IE - HKU\S-1-5-21-1624614489-1438924107-3198493719-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn IE - HKU\S-1-5-21-1624614489-1438924107-3198493719-1001\..\SearchScopes,DefaultScope = {17730039-8DC2-4D1B-A1FC-AA5BD751A434} IE - HKU\S-1-5-21-1624614489-1438924107-3198493719-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1624614489-1438924107-3198493719-1001\..\SearchScopes\{17730039-8DC2-4D1B-A1FC-AA5BD751A434}: "URL" = http://searchya.com/?chnl=tst-215&s=1&cr=1219868274&cd=2XzutAtN2Y1L1Qzu0FyCyB0B0C0BtDtAyByE0BtC0A0CtDyCtN0D0TzutBtDtCtBtDyEtDyD&q={searchTerms} IE - HKU\S-1-5-21-1624614489-1438924107-3198493719-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1624614489-1438924107-3198493719-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421; [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.8 FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19.1 FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:5.0.1 FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {53A03D43-5363-4669-8190-99061B2DEBA5}:1.4.2 FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.1 FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2 FF - prefs.js..extensions.enabledItems: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB}:0.9.5 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42 FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Biuro\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Biuro\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Biuro\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Biuro\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\blueconnect\addon [2010/06/03 22:12:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010/08/07 15:57:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/21 14:26:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/14 12:40:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010/08/07 15:57:24 | 000,000,000 | ---D | M] [2010/06/19 19:47:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Biuro\AppData\Roaming\mozilla\Extensions [2010/06/19 19:47:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Biuro\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2012/05/05 23:19:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Biuro\AppData\Roaming\mozilla\Firefox\Profiles\ksb8sm0n.default\extensions [2011/12/04 11:24:08 | 000,000,000 | ---D | M] (TabGroups Manager) -- C:\Users\Biuro\AppData\Roaming\mozilla\Firefox\Profiles\ksb8sm0n.default\extensions\{ca526f8b-9e0a-4756-9077-19d6f3e64ea8} [2011/01/11 12:27:45 | 000,000,000 | ---D | M] (Download Manager Tweak) -- C:\Users\Biuro\AppData\Roaming\mozilla\Firefox\Profiles\ksb8sm0n.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB} [2011/01/11 12:27:48 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Biuro\AppData\Roaming\mozilla\Firefox\Profiles\ksb8sm0n.default\extensions\de-DE@dictionaries.addons.mozilla.org [2011/01/11 12:27:49 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\Biuro\AppData\Roaming\mozilla\Firefox\Profiles\ksb8sm0n.default\extensions\en-GB@dictionaries.addons.mozilla.org [2010/10/13 13:58:16 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Users\Biuro\AppData\Roaming\mozilla\Firefox\Profiles\ksb8sm0n.default\extensions\en-US@dictionaries.addons.mozilla.org [2010/10/03 19:13:10 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\Biuro\AppData\Roaming\mozilla\Firefox\Profiles\ksb8sm0n.default\extensions\vshare@toolbar [2011/11/11 15:51:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011/11/08 22:50:37 | 000,512,595 | ---- | M] () (No name found) -- C:\USERS\BIURO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KSB8SM0N.DEFAULT\EXTENSIONS\{1280606B-2510-4FE0-97EF-9B5A22EAFE30}.XPI [2012/04/30 13:55:46 | 000,336,242 | ---- | M] () (No name found) -- C:\USERS\BIURO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KSB8SM0N.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI [2012/04/04 12:36:36 | 000,399,561 | ---- | M] () (No name found) -- C:\USERS\BIURO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KSB8SM0N.DEFAULT\EXTENSIONS\{53A03D43-5363-4669-8190-99061B2DEBA5}.XPI [2011/03/25 23:00:17 | 000,242,709 | ---- | M] () (No name found) -- C:\USERS\BIURO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KSB8SM0N.DEFAULT\EXTENSIONS\{582195F5-92E7-40A0-A127-DB71295901D7}.XPI [2012/01/09 22:56:21 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\BIURO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KSB8SM0N.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2012/03/25 22:11:04 | 000,686,225 | ---- | M] () (No name found) -- C:\USERS\BIURO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KSB8SM0N.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI [2012/02/13 19:08:00 | 000,709,293 | ---- | M] () (No name found) -- C:\USERS\BIURO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KSB8SM0N.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI [2012/04/02 11:28:13 | 000,685,019 | ---- | M] () (No name found) -- C:\USERS\BIURO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KSB8SM0N.DEFAULT\EXTENSIONS\{EF4E370E-D9F0-4E00-B93E-A4F274CFDD5A}.XPI [2012/03/21 14:26:04 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012/02/20 14:57:23 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2012/02/20 14:57:23 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2012/02/20 14:57:23 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2012/02/20 14:57:23 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2012/02/20 14:57:23 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2012/02/20 14:57:23 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Biuro\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Biuro\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Biuro\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Biuro\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Biuro\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll O1 HOSTS File: ([2011/04/07 20:21:40 | 000,000,867 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKU\S-1-5-21-1624614489-1438924107-3198493719-1001..\Run: [] File not found O4 - HKU\S-1-5-21-1624614489-1438924107-3198493719-1001..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Wyślij &do programu OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 File not found O9 - Extra Button: @C:\windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.10 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{17B97B7D-C4A2-42A9-B04B-20C79D794D96}: DhcpNameServer = 213.158.199.1 213.158.199.5 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{37E72176-4A42-432A-BED0-ACEFBA4EB236}: DhcpNameServer = 192.168.1.10 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6E06EB22-4211-4168-B1B3-6D73654F5E32}: DhcpNameServer = 217.116.100.65 79.163.127.70 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8A928FE0-4657-4DB8-A158-C0892B20622E}: DhcpNameServer = 213.158.199.1 213.158.199.5 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EAD1D201-0538-40EA-9D72-21D5F2D9D848}: DhcpNameServer = 213.158.199.1 213.158.199.5 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O29 - HKLM SecurityProviders - (IptulqiLbozb.dll) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{3a79cfe4-a1f1-11df-9adf-fcf13e2f31bf}\Shell - "" = AutoRun O33 - MountPoints2\{3a79cfe4-a1f1-11df-9adf-fcf13e2f31bf}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O33 - MountPoints2\{650be753-722a-11df-b8a9-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{650be753-722a-11df-b8a9-806e6f6e6963}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O33 - MountPoints2\{72d27e4b-6f4b-11df-9e76-002454648da2}\Shell - "" = AutoRun O33 - MountPoints2\{72d27e4b-6f4b-11df-9e76-002454648da2}\Shell\AutoRun\command - "" = F:\Install.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012/05/14 12:45:25 | 000,000,000 | ---D | C] -- C:\rsit [2012/05/14 11:53:44 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro [2012/05/14 11:36:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012/05/14 11:36:05 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012/05/14 11:00:15 | 000,000,000 | ---D | C] -- C:\Users\Biuro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome [2012/05/14 10:57:44 | 000,000,000 | ---D | C] -- C:\Users\Biuro\AppData\Local\Deployment [2012/05/11 14:42:01 | 000,000,000 | ---D | C] -- C:\Users\Biuro\Desktop\protokoły [2012/05/11 10:48:21 | 000,000,000 | ---D | C] -- C:\Users\Biuro\AppData\Local\{056C00F9-AC56-421E-AB44-911FAD8C982F} [2012/05/10 10:19:27 | 003,958,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntkrnlpa.exe [2012/05/10 10:19:27 | 003,902,320 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntoskrnl.exe [2012/05/10 10:19:25 | 002,342,400 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys [2012/05/10 10:19:24 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10warp.dll [2012/05/10 10:19:24 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DWrite.dll [2012/05/10 10:19:24 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d2d1.dll [2012/05/10 10:19:24 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10_1core.dll [2012/05/10 10:19:23 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10_1.dll [2012/05/09 12:43:44 | 000,000,000 | ---D | C] -- C:\Users\Biuro\AppData\Local\{16041D86-71E1-4DD4-BAB1-0B275C3D187B} [2012/04/29 15:29:47 | 000,000,000 | ---D | C] -- C:\Users\Biuro\DoctorWeb [2010/08/15 23:13:17 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe27CC.dll [2 C:\Users\Biuro\Desktop\*.tmp files -> C:\Users\Biuro\Desktop\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012/05/14 12:49:39 | 000,014,736 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/05/14 12:49:39 | 000,014,736 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/05/14 12:42:10 | 000,001,030 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2012/05/14 12:41:56 | 000,000,312 | ---- | M] () -- C:\windows\tasks\Mnvli.job [2012/05/14 12:41:47 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012/05/14 12:41:39 | 1579,634,688 | -HS- | M] () -- C:\hiberfil.sys [2012/05/14 12:27:00 | 000,001,034 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2012/05/14 12:10:01 | 000,001,058 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1624614489-1438924107-3198493719-1001UA.job [2012/05/14 12:09:00 | 000,000,930 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2012/05/14 11:00:46 | 000,002,363 | ---- | M] () -- C:\Users\Biuro\Desktop\Google Chrome.lnk [2012/05/12 15:10:01 | 000,001,006 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1624614489-1438924107-3198493719-1001Core.job [2012/05/11 14:44:00 | 003,311,950 | ---- | M] () -- C:\windows\System32\perfh015.dat [2012/05/11 14:44:00 | 001,535,544 | ---- | M] () -- C:\windows\System32\perfh009.dat [2012/05/11 14:44:00 | 001,045,574 | ---- | M] () -- C:\windows\System32\perfc015.dat [2012/05/11 14:44:00 | 000,985,922 | ---- | M] () -- C:\windows\System32\perfc009.dat [2012/05/11 13:43:07 | 000,385,320 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT [2012/05/08 10:36:30 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\avipbb.sys [2012/05/08 10:36:30 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\avgntflt.sys [2012/04/21 14:21:05 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe [2012/04/21 14:21:05 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl [2 C:\Users\Biuro\Desktop\*.tmp files -> C:\Users\Biuro\Desktop\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012/05/14 11:00:18 | 000,002,363 | ---- | C] () -- C:\Users\Biuro\Desktop\Google Chrome.lnk [2012/04/05 11:47:36 | 001,220,608 | ---- | C] () -- C:\windows\System32\pdf2bmp.dll [2012/04/05 11:47:26 | 000,098,304 | ---- | C] () -- C:\windows\System32\DVM.dll [2012/04/05 11:47:26 | 000,053,248 | ---- | C] () -- C:\windows\System32\RegisterExe.exe [2012/04/03 12:06:42 | 000,147,456 | RHS- | C] () -- C:\windows\System32\fr-FRQ.dll [2012/02/04 23:44:36 | 000,075,776 | ---- | C] () -- C:\windows\cadkasdeinst01e.exe [2011/12/14 11:56:03 | 000,905,290 | R--- | C] () -- C:\windows\System32\libmmd.dll [2011/06/19 19:22:23 | 000,007,605 | ---- | C] () -- C:\Users\Biuro\AppData\Local\Resmon.ResmonCfg [2011/02/15 13:53:31 | 000,000,300 | ---- | C] () -- C:\Users\Biuro\AppData\Roaming\wklnhst.dat [2010/09/19 16:10:50 | 000,111,932 | ---- | C] () -- C:\windows\System32\EPPICPrinterDB.dat [2010/09/19 16:10:50 | 000,001,146 | ---- | C] () -- C:\windows\System32\EPPICPresetData_DU.dat [2010/09/19 16:10:50 | 000,001,136 | ---- | C] () -- C:\windows\System32\EPPICPresetData_ES.dat [2010/09/19 16:10:50 | 000,001,129 | ---- | C] () -- C:\windows\System32\EPPICPresetData_CF.dat [2010/09/19 16:10:50 | 000,001,120 | ---- | C] () -- C:\windows\System32\EPPICPresetData_IT.dat [2010/09/19 16:10:50 | 000,001,107 | ---- | C] () -- C:\windows\System32\EPPICPresetData_GE.dat [2010/09/19 16:10:50 | 000,001,104 | ---- | C] () -- C:\windows\System32\EPPICPresetData_EN.dat [2010/09/19 16:10:50 | 000,000,097 | ---- | C] () -- C:\windows\System32\PICSDK.ini [2010/09/19 16:10:49 | 000,031,053 | ---- | C] () -- C:\windows\System32\EPPICPattern131.dat [2010/09/19 16:10:49 | 000,027,417 | ---- | C] () -- C:\windows\System32\EPPICPattern121.dat [2010/09/19 16:10:49 | 000,026,154 | ---- | C] () -- C:\windows\System32\EPPICPattern1.dat [2010/09/19 16:10:49 | 000,024,903 | ---- | C] () -- C:\windows\System32\EPPICPattern3.dat [2010/09/19 16:10:49 | 000,021,390 | ---- | C] () -- C:\windows\System32\EPPICPattern5.dat [2010/09/19 16:10:49 | 000,020,148 | ---- | C] () -- C:\windows\System32\EPPICPattern2.dat [2010/09/19 16:10:49 | 000,011,811 | ---- | C] () -- C:\windows\System32\EPPICPattern4.dat [2010/09/19 16:10:49 | 000,004,943 | ---- | C] () -- C:\windows\System32\EPPICPattern6.dat [2010/09/19 16:10:49 | 000,001,139 | ---- | C] () -- C:\windows\System32\EPPICPresetData_PT.dat [2010/09/19 16:10:49 | 000,001,139 | ---- | C] () -- C:\windows\System32\EPPICPresetData_BP.dat [2010/09/19 16:10:49 | 000,001,129 | ---- | C] () -- C:\windows\System32\EPPICPresetData_FR.dat [2010/07/16 09:42:36 | 000,000,383 | ---- | C] () -- C:\windows\System32\haspdos.sys [2010/06/07 10:35:24 | 000,005,120 | ---- | C] () -- C:\Users\Biuro\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/06/04 10:56:42 | 000,178,176 | ---- | C] () -- C:\windows\System32\unrar.dll [2010/06/03 21:46:23 | 000,000,002 | ---- | C] () -- C:\windows\HotFixList.ini [2010/06/03 21:28:58 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe [color=#E56717]========== LOP Check ==========[/color] [2010/11/28 17:55:39 | 000,000,000 | ---D | M] -- C:\Users\Biuro\AppData\Roaming\autobingooo [2012/04/01 20:39:34 | 000,000,000 | ---D | M] -- C:\Users\Biuro\AppData\Roaming\BESTplayer [2012/02/05 21:38:09 | 000,000,000 | ---D | M] -- C:\Users\Biuro\AppData\Roaming\Blackberry Desktop [2012/02/04 23:44:49 | 000,000,000 | ---D | M] -- C:\Users\Biuro\AppData\Roaming\CAD-KAS [2012/02/23 22:19:35 | 000,000,000 | ---D | M] -- C:\Users\Biuro\AppData\Roaming\CadStudio [2011/01/14 19:25:05 | 000,000,000 | ---D | M] -- C:\Users\Biuro\AppData\Roaming\DAEMON Tools Lite [2011/02/23 14:21:45 | 000,000,000 | ---D | M] -- C:\Users\Biuro\AppData\Roaming\DiskAid [2011/12/16 13:13:21 | 000,000,000 | ---D | M] -- C:\Users\Biuro\AppData\Roaming\Downloaded Installations [2012/02/08 10:11:08 | 000,000,000 | ---D | M] -- C:\Users\Biuro\AppData\Roaming\Ekjyk [2010/11/29 14:01:33 | 000,000,000 | ---D | M] -- C:\Users\Biuro\AppData\Roaming\enchant [2011/12/14 13:14:07 | 000,000,000 | ---D | M] -- C:\Users\Biuro\AppData\Roaming\Legalis [2011/11/12 21:33:46 | 000,000,000 | ---D | M] -- C:\Users\Biuro\AppData\Roaming\NapiProjekt [2010/08/07 16:06:21 | 000,000,000 | ---D | M] -- C:\Users\Biuro\AppData\Roaming\Nokia [2010/08/07 16:06:24 | 000,000,000 | ---D | M] -- C:\Users\Biuro\AppData\Roaming\Nokia Ovi Suite [2010/06/06 12:05:28 | 000,000,000 | ---D | M] -- C:\Users\Biuro\AppData\Roaming\Opera [2010/08/07 16:03:49 | 000,000,000 | ---D | M] -- C:\Users\Biuro\AppData\Roaming\PC Suite [2010/06/03 22:12:18 | 000,000,000 | ---D | M] -- C:\Users\Biuro\AppData\Roaming\Program Files [2011/12/12 00:11:58 | 000,000,000 | ---D | M] -- C:\Users\Biuro\AppData\Roaming\redsn0w [2012/01/15 18:07:36 | 000,000,000 | ---D | M] -- C:\Users\Biuro\AppData\Roaming\Research In Motion [2011/12/28 21:56:34 | 000,000,000 | ---D | M] -- C:\Users\Biuro\AppData\Roaming\RST [2012/05/14 12:40:13 | 000,000,000 | ---D | M] -- C:\Users\Biuro\AppData\Roaming\SoftGrid Client [2012/04/05 11:47:43 | 000,000,000 | ---D | M] -- C:\Users\Biuro\AppData\Roaming\Softinterface, Inc [2012/04/05 11:44:09 | 000,000,000 | ---D | M] -- C:\Users\Biuro\AppData\Roaming\SumatraPDF [2011/02/15 13:53:37 | 000,000,000 | ---D | M] -- C:\Users\Biuro\AppData\Roaming\Template [2011/02/16 15:59:35 | 000,000,000 | ---D | M] -- C:\Users\Biuro\AppData\Roaming\Thinstall [2010/06/19 19:47:54 | 000,000,000 | ---D | M] -- C:\Users\Biuro\AppData\Roaming\TomTom [2011/02/14 12:01:40 | 000,000,000 | ---D | M] -- C:\Users\Biuro\AppData\Roaming\TP [2012/05/14 12:40:23 | 000,000,000 | ---D | M] -- C:\Users\Biuro\AppData\Roaming\uTorrent [2011/01/06 12:22:30 | 000,000,000 | ---D | M] -- C:\Users\Biuro\AppData\Roaming\VOWSoft [2011/12/27 22:08:16 | 000,000,000 | ---D | M] -- C:\Users\Biuro\AppData\Roaming\Windows Live Writer [2010/07/16 09:42:01 | 000,000,000 | ---D | M] -- C:\Users\Biuro\AppData\Roaming\WKPolska [2012/02/07 21:28:26 | 000,000,000 | ---D | M] -- C:\Users\Biuro\AppData\Roaming\Wyym [2011/03/08 11:19:30 | 000,000,000 | ---D | M] -- C:\Users\Biuro\AppData\Roaming\{90140011-0062-0415-0000-0000000FF1CE} [2012/05/14 12:41:56 | 000,000,312 | ---- | M] () -- C:\windows\Tasks\Mnvli.job [2011/11/09 21:57:48 | 000,032,604 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] < End of report >